Hacker rebuilds Casio F-91W watch to display 2fa login codes

Spread the love

Two-step authentication is secure, but opening your authentication app every time is a hassle. At least that’s what a creative hacker thought, who turned his classic Casio F-91W into a TOTP code generator.

An unknown hacker describes in a blog post how he managed to convert a Casio F-91W watch into a smart watch – or at least a watch that can generate 2fa codes. The hacker replaced the watch’s internal hardware, but left the original LCD and buttons. He also replaced the motherboard of the original watch with a Sensor Watch, a board made specifically for the classic and best-selling digital watch. The Sensor Watch contains a Microchip SAM L22 microcontroller based on an Arm Cortex M0+, and the sign can display ten digits on an LCD. There is also a UF2 bootloader on the Sensor Watch that can be programmed via USB Micro-B.

The hacker did the latter; he made a watch face for the watch that automatically generates Timed-based one-time passwords or TOTP codes, just like apps like Google Authenticator do. He had to convert the secret of a 2fa login to hexadecimal bytes and add it to the source code of his watch face. In addition, he made sure that he can switch between different set codes with one of the buttons on the watch. And don’t worry, he can also just read the time on the watch. For that, he can switch between different watch faces.

You might also like