Token2 NFC Burner for Molto 0.1 - Windows App

How to burn a TOTP profile onto Token2 Molto-1 hardware token using Windows Token2 NFC Burner for Molto 0.1.2 beta

Step1. Download and launch the app. It is a zip file with an exe inside to launch – no installation needed, just make sure the files inside the zip file are extracted into the same directory.

download Windows TOKEN2NFCBurnerMolto0.1.2B

Step2. In the “NFC Reader” section, select the NFC reader and click on Connect. A message box should pop up with a “Successful operation” message.

 Step3. Turn off the Molto-1 device if powered on, then long-press the power button (for about 5-7 seconds). This should enable “Programming mode” on the device.

Step4. Place the device on the NFC Reader pad. The serial number of the device should appear in the status section.

Step5. Before burning the seed, you may need to configure the profile settings. The profile settings can be set in the TOTP Profile configuration section. By default, the Profile #0 is set as SHA1, 30 seconds and with the profile name “Token2”. Other 9 profiles are not configured, and if you want to utilize them, you must set the profile settings as shown in the example below:

---

Example 1. Setting TOTP Profile #3 as 60 seconds, SHA256 and 8 digits with a profile name of “Test”

a) Select the profile number in the “Profile” section

b) Enter “Test” in the Name field and click on “Set Profile Name”

c) Configure the TOTP Settings in the section below the profile name and click on “apply config” button

Please note that by default the clock of each TOTP profile is synced with your PC’s system time. If you want to manually change the time, uncheck the “clock update” checkbox. If you do not wish to change the time setting on the profile, check “no time sync” checkbox before clicking on “apply config”.

---

Burning the seeds

Once you have configured the TOTP profile settings (time offset, algorithm etc.) you can burn the seed. Make sure the device is in programming mode (If not, turn off the Molto-1 device if powered on, then long-press the power button for about 5-7 seconds - this should enable “Programming mode” on the device). 

• Enter the seed (in base32 format) or click on "random" button to generate a random seed.
• Then, place the token onto the NFC module and wait for its serial number to appear. 
• Click on "Burn seed" button. A log entry with the serial number and "Successful operation" text will be logged in the log window.

---

Advanced settings

The NFC Burner app also allows configuring advanced parameters as described below. Kindly note that these settings are global (i.e. not per TOTP profile).

QR Code operations
Starting from version 0.1.2 β, you can extract the base32 secrets from an image containing a QR code. You can scan the QR shown on the screen (the app will minimize itself, take a screenshot and then look for a QR code containing the TOTP seed) or decode from an image file. Only one QR code should be present at a time.

Customer Key
You can change the customer key of your Molto-1 device to make sure nobody else can change the settings of your TOTP profiles. The app should have the correct customer key entered in the system configuration to allow to perform TOTP Profile configuration changes and burning the seeds. To prevent brute-force attacks, the system will perform a factory reset after 200 unsuccessful attempts. Please note that currently, the key is only accepted if set as a hex string.

You can generate a random hex key using the button below
random hex

After changing the key, make sure you also update the configuration by entering the new seed in System Configuration -> Configure Customer Key

Standby time

The display of the hardware token automatically turns off after a certain period of time. You can change this period in the “Standby time” section. Just choose one of the 4 options and click on “change standby time”.

Factory reset

If for some reason, you want to clean all profiles or in case you forgot the customer key and want to set a new one, you can use the factory reset button. Kindly note that this operation will not only delete all TOTP seeds but also clear the configuration, including the time settings and the default profile settings.

After the reset, you can access the device using the default customer key, which can be set using the "default key" button

PIN Code (Molto-1-i devices only)
An additional tool located in the same folder, PIN-Changer.exe allows managing PIN code protection of the device.

You can set the PIN of 6 digits for the OTP device by entering a 6 digits PIN and ‘Apply PIN Change’ button  (No PIN is set by default). If the PIN fails for more than a predetermined number of times, the device will be reset. To remove the PIN, leave the PIN field empty and press "Apply PIN Change" button again.  For both setting and removing the PIN code, it is also necessary to complete the PIN set operation by pressing the 0 key on the OTP token when it prompts.