Docs

Tools

Blog

Guides

Molto-2 USB Config tool

This version has been rewritten using Python with tkinter to create the GUI part. Some of the rarely used advanced functions are available only with the command-line tool or the legacy app (v0.4 or lower).



User Guide for USB Config app for Molto2

This user guide will help you understand how to use the USB Config - Molto2 application for configuring TOTP profiles on your Molto2 devices.



Getting Started

  1. Launching the Application: Launch the USB Config - Molto2 application by executing the "_USB-Config-Molto2.exe" file.
    Molto-2 USB Config tool
  2. Important! The app needs to create a couple of temporary files (especially if QR decode functionality is used), therefore the folder has to be writable by the current user and/or application.

  3. Device Connection: Ensure that your USB device is connected to your computer. It is recommended to connect the device directly; we have observed that using some USB hub devices may lead to unstable results. The serial number of the device has to appear on the 'Device' label frame.


TOTP Profile parameters


Molto-2 USB Config tool
Profile Number

  • Select the profile number from the dropdown list. Please note that older versions of Molto2 only support 50 profiles (from 0 to 49)

Label

  • Enter a label for the profile. This label will be shown as the name of the profile on the device display. 

    If no label is specified, only the profile number will be displayed for the profile. Kindly note that the label cannot exceed 12 characters.

Secret Key

  • Enter the secret key in base32 for the profile. In addition to entering the base32 value of the secret key, you can also choose to generate a random secret key value or read the secret from a TOTP-compliant QR code by using the 'Scan QR' button. Please note that when using the 'Scan QR' function, the application will attempt to fill other parameters such as the Label (the service name or issuer from the TOTP QR image will be used) as well as the digits and algorithm type based on the QR code content.

Algorithm

  • Choose the algorithm (SHA-1, SHA-256) for the profile. SHA-512 is currently not implemented and will be added at the later revisions of hardware.

Digits

  • Choose the number of digits (6 or 8) for the profile.

Time Offset

  • Select the time offset (30 seconds or 60 seconds) for the profile.

Save TOTP Profile

  • Click on the "provision TOTP profile" button to save the TOTP profile with the specified parameters to the device.

Device Configuration


Molto2 devices can be protected with a configuration password. This is implemented primarily to protect the device from replay attacks by setting the time in the future and grabbing the "future OTPs".




Password

  • Enter the password for the device. If the password has not been changed, you can leave the default value.

Change Password

  • Enter a new password and confirm it to change the device password. Do not forget to modify the value the password field accordingly if the password has been modified.

Lock/Unlock

  • Lock or unlock the device using the provided buttons.
    If a device is locked using this function, no OTP will be shown on the screen. A correct configuration password is required to unlock the screen.


Time Sync

  • Sync the time on all profiles using the "Sync Time" button. This may take a couple of minutes. If you need to change the time drift for an individual TOTP profile, you can do it using the command-line tool.
    The expected time drift is between 1 and 30 seconds per year (depending on ambient temperature), and a periodic sync of the system clock may be required (i.e., every 1 or 2 years, depending on the drift tolerance of the authentication system).

Factory Reset

  • Reset the device to factory settings, i.e.  clears all seeds, settings and titles and resets configuration password to default. After this is done, the configuration password has to be set back to default in "Password" field.  Warning: This action is irreversible!

Bulk importing seeds

  • Molto-2 USB Config tool supports importing multiple TOTP profiles from a special file. This may be useful when you already have the seeds and other parameters and want to quickly import it to your Molto2 device. For example, migrating TOTP profiles from your Google Authenticator app to Molto2 can be done by our Google Authenticator Migration Tools, or from Authy using Authy Migration script, using this format. The format of the file is as follows:

    Profile Seed (base32)                        Hash    Digits TimePeriod TimeSync AutoEnter  Title   
00      JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP      sha1      6      30      yes      yes        Token2

    To bulk provision, select the file using 'Browse' button and click on 'Import' button.

Advanced Configuration


Save Log

  • Check the "Save Log" checkbox to save the log. The log file will contain the serial number of the device, the selected profile number and the secret key value in base32. T

Log File Name

  • Enter the name of the log file.

Command-Line Tool

The command-line tool molto2-config.exe is included with this package for advanced configuration and functionality not available in the GUI. You can use this tool for tasks such as modifying time drift for individual TOTP profiles.


applies to Molto2 v2 or higher

Profile display modes

Please note that the QR display and the HID-related features (numeric keypad and "auto-enter" feature) are only available if the devices are in Mode1 (one TOTP profile per screen). The HID and QR functionalities are not available in Mode2 (5 TOTP profiles per screen).

Download

You can download the USB Config - Molto2 application and the command-line tool molto2-config.exe from the following links: