TOTP tokens on my wrist with the smartest dumb watch
A modified Casio F-91W watch now features a programmable ARM Cortex M0+ board, enabling two-factor authentication and customizable watchfaces, enhancing functionality while maintaining the original design.
Read original article
The article discusses a modification of the classic Casio F-91W watch using a new logic board from Sensor Watch, which replaces the original quartz movement with an ARM Cortex M0+ powered board. This upgrade allows for programmable features while retaining the original LCD display and buttons. The author successfully configured two-factor authentication (2FA) tokens for Google and GitHub, enabling the display of one-time passwords (TOTP) directly on the watch. The process of adding TOTP secrets involves extracting them from QR codes and converting them into hexadecimal format to be included in the watchface's source code. The author also created a new ratemeter watchface for tracking rates, which is simple to implement and allows for real-time updates based on button presses. The article provides a detailed explanation of the coding process for both the TOTP watchface and the ratemeter, highlighting the ease of customization and the fun of hacking the device. The author encourages readers to explore the Sensor Watch project and consider getting their own modified watch, emphasizing the innovative potential of combining classic designs with modern technology.
Related
1/25-scale Cray C90 wristwatch
A 1/25-scale Cray C90 wristwatch project showcases a Cray J90 core simulation of Jupiter and its moons. Despite impracticality for timekeeping, it demonstrates hardware evolution and computational abilities in esoteric computing.
Porting Python to a $3 smartwatch [video]
A YouTube video reviews the M4 wristband smartwatch, noting limited features and performance issues. The creator disassembles a fitness tracker, demonstrating circuit board construction, soldering challenges, and project outcomes.
Goodwatch – A Ham Radio Wristwatch
The GoodWatch is a custom circuit board replacing Casio's calculator watches, supporting amateur radio bands, with a CC430F6147 chip, untuned antenna, POCSAG Receiver, Morse code time beep, and C programming. It lacks Phase Shift Keying and LoRa support but offers modulations customization.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.
Commodore 64 Fitness Watch (2022)
The C64 Fitness Watch is a smartwatch syncing fitness data with a Commodore 64. It uses an onboard BASIC interpreter, accelerometer, and IR transmitter for wireless data transfer. Developed by Nick Bild, it merges retro computing with modern wearables.
- Concerns about security and usability of TOTP (Time-based One-Time Password) on the watch, with some users questioning the practicality of entering secrets and the risk of theft.
- Appreciation for the watch's design and functionality, with users expressing enthusiasm for its retro appeal and potential for customization.
- Discussion on the technical aspects of implementing TOTP and the efficiency of the watch's display, with some users sharing their experiences and modifications.
- Suggestions for alternative authentication methods, such as FIDO2 hardware keys, due to perceived vulnerabilities in TOTP.
- Interest in the open-source nature of the project, with users noting the growing community and potential for further development.
14 commentsI wouldn't be comfortable entering my TOTP secret into a random web page. In Linux (Ubuntu here, probably other distributions as well) you might have the `base32` and `od` tools already installed (package 'coreutils').
Otherwise the project is awesome (just the watch is fugly :))
https://joeycastillo.github.io/Sensor-Watch-Documentation/wi...
it's really amazing how much efficiency they packed in this display. in normal use, these digits only need to display the numbers 0-5 [for the first digit, the clock only needs 0, 1, 2, but the chronometer goes up to 59:59.99], none of which need to distinguish between those segments. technically I guess the chronometer could have gone up to 69:59.99 without breaking anything though, but I guess "one hour" is sufficient? the numbers 8 and 9 also illuminate both the top and bottom segment, so it's only 7 that is an issue.
The F-91W is (I think?) the same form factor as the A158W[1], which is an absurdly good looking watch for the price. It goes with everything, stylish yet unobtrusive. I often wear it instead of more expensive watches. If you're concerned about the band snagging arm hairs, it's only done it maybe twice in a year, way fewer than other economy metal bands.
If you prefer a "smoky" alternative, the A168WGG[2] has a gunmetal gray tint to the band, the face is blacked out with clear letters, and the illuminator only lights up the letters. However, the A168 is just slightly larger than the A158, so I don't know if the internal modules fit the same (but larger means more room, so, probably?).
(while I'm nerding out on watches: my workhorse/black band watch is a GA-B2100-1AJF[3]. pretty stylish for a G-Shock, and you get a ton of features for a non-smartwatch. the bluetooth model (vs cheaper models) has more contrasting face colors/tones so it works with more outfits.)
[1] https://www.amazon.com/Casio-A158WA-1-Water-Resistant-Digita... [2] https://www.amazon.com/dp/B08195YQLQ/ [3] https://www.amazon.com/dp/B09YG8F41Y/
Not too long ago I implemented a new interface for defining the TOTP codes from within the source code. Unfortunately that work has invalidated the instructions in this article. It works like this now:
static totp_t credentials[] = {
CREDENTIAL(2F, "JBSWY3DPEHPK3PXP", SHA1, 30),
CREDENTIAL(AC, "JBSWY3DPEHPK3PXP", SHA1, 30),
};
I also added user calibration to the pulsometer in order to allow it to be used as an asthmometer. It has already helped save lives.
It's also got calibration and thermal compensation features which enhance the watch's accuracy to about 10 seconds per year.
It's got a growing community. A lot of people have showed up to hack on the firmware. Recently someone made an endless runner game for the watch:
https://github.com/joeycastillo/Sensor-Watch/pull/419
The maintainers are really nice people too.
If you're looking for a great open source project to sink some time into, this is it.
Makes me want to go back to the old casio
Related
1/25-scale Cray C90 wristwatch
A 1/25-scale Cray C90 wristwatch project showcases a Cray J90 core simulation of Jupiter and its moons. Despite impracticality for timekeeping, it demonstrates hardware evolution and computational abilities in esoteric computing.
Porting Python to a $3 smartwatch [video]
A YouTube video reviews the M4 wristband smartwatch, noting limited features and performance issues. The creator disassembles a fitness tracker, demonstrating circuit board construction, soldering challenges, and project outcomes.
Goodwatch – A Ham Radio Wristwatch
The GoodWatch is a custom circuit board replacing Casio's calculator watches, supporting amateur radio bands, with a CC430F6147 chip, untuned antenna, POCSAG Receiver, Morse code time beep, and C programming. It lacks Phase Shift Keying and LoRa support but offers modulations customization.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.
Commodore 64 Fitness Watch (2022)
The C64 Fitness Watch is a smartwatch syncing fitness data with a Commodore 64. It uses an onboard BASIC interpreter, accelerometer, and IR transmitter for wireless data transfer. Developed by Nick Bild, it merges retro computing with modern wearables.