openT2OTP - Open source TOTP Programmable Hardware Tokens

The open-source firmware core behind Token2's programmable TOTP hardware token.

openT2OTP is the actual device-side code that turns a Token2 programmable token into a working TOTP authenticator — the same core that runs on our hardware, now published so anyone can read it. It implements the token's NFC provisioning protocol, seed handling, and one-time-code generation (HMAC-based TOTP, SHA-1 and SHA-256), and it is written in portable C with a small, clearly defined hardware abstraction layer.


Why we opened it

A security token asks you to trust what it does with your secret. The most honest answer to "why should I trust it?" is: read the code. By publishing the firmware core, we let customers, researchers, and integrators verify exactly how seeds are written, how they are (and are not) exposed, and how codes are computed — rather than taking our word for it.


What's in the repository
  • The C firmware core: SM4 cipher, TOTP (SHA-1 + SHA-256), segment-LCD rendering, and the NFC provisioning protocol.
  • A full test suite with published cryptographic test vectors (SM4 KAT, RFC 6238 TOTP vectors).
  • A hardware reference: connectivity schematic, netlist, a suggested component placement fitted to the enclosure, mechanical board outline, and a suggested bill of materials.
  • Documentation of the wire protocol, the security model, and how to port the core to your own MCU.


Honest scope

We would rather under-claim than over-claim. A few things worth stating plainly:

  • What's open source is the firmware core. The hardware files are a documented reference and starting point, not a turnkey, fully-routed production board.
  • The published bill of materials lists mainstream, buy-anywhere example parts; our exact production components are not published.
  • TOTP is a shared-secret scheme. It is not phishing-resistant — a code entered on a fake site can be relayed. For phishing-resistant authentication, use a FIDO2 security key. openT2OTP is for the many systems that still rely on TOTP.
  • The real security of any token built on this depends on its hardware choices (for example, storing the seed in a secure element versus plain flash).

Build on it

openT2OTP is released under permissive licenses (MIT for the firmware, CERN-OHL-P for the hardware reference), so you can study it, port it, and ship products based on it. Devices that run the core may display the "Runs on openT2OTP" badge.


View openT2OTP on GitHub







Also available: programmable cards

The same openT2OTP firmware core also runs on our programmable TOTP cards — the credit-card-format version of the token. From the code's point of view they are identical: the same provisioning protocol, the same seed handling, the same one-time-code generation. If you have read and trust the firmware here, it is the very same firmware on the card.

The hardware, however, is a different story. A card packs the electronics into ISO-7810 thickness using laminated inner layers, thermally bonded assembly, and custom ultra-thin flat batteries — construction that requires specialised industrial equipment. Unlike the keyfob reference in this repository, a card is not something you can assemble yourself, and we don't publish it as a DIY design because it genuinely isn't one. The open source here is the firmware; the card hardware is ours to manufacture.





Classic (non-programmable) tokens and cards

Our classic tokens and cards run the same TOTP core, but the seed is programmed once at the factory and the shipped hardware omits NFC - so there's no wireless interface to re-provision or attack. Same codes, smaller surface. One of them, the C202, was independently assessed by CertX, a Swiss-accredited certification body, who verified it correctly implements RFC 6238. The card form factor runs the same firmware, the conformance applies to it as well. That's an algorithm-conformance check — the maths is right — not a security audit, and it's the same correctness you can verify against the RFC 6238 vectors in this repository.



updated: 02/07/2026 07:54