SecureGen - Hardware TOTP Authenticator & Password Manager

Open-source security device on ESP32 T-Display. Physical 2FA codes + encrypted password vault + BLE keyboard. Works completely offline.

Why Hardware?

Verifiable Security

• Audit every line of code yourself
• No cloud = no remote attacks
• Physical isolation from internet threats

8-Layer Defense Architecture

1. ECDH Key Exchange - P-256 elliptic curve prevents MITM
2. Session Encryption - AES-128 BLE + AES-256 application layer
3. Dynamic API Endpoints - SHA-256 obfuscation blocks scanners
4. Header Obfuscation - Hides tech stack from attackers
5. Anti-Fingerprinting - Fake headers mislead reconnaissance
6. Honey Pot - Trap endpoints log intrusion attempts
7. Method Tunneling - Masks HTTP request patterns
8. Timing Protection - Random delays prevent side-channel attacks

Key Features

Security

• AES-256 encryption for data at rest
• Hardware-unique device keys from chip parameters
• LE Secure Connections for Bluetooth (MITM protection)
• PIN-protected startup and BLE transmission

Functionality

• TOTP codes (RFC 6238 compliant)
• Encrypted password manager
• BLE HID keyboard (wireless password typing)
• Web management interface (QR code scanning)
• Complete offline operation

Hardware

• ESP32 T-Display (~$15)
• 1.14" color display
• Battery powered
• Two-button navigation

Perfect For

✅ Privacy-conscious users wanting verifiable security ✅ Self-hosters building secure infrastructure ✅ Anyone tired of trusting closed-source apps ✅ Makers learning embedded security

Technical Highlights

• Memory-optimized BLE + WiFi coexistence
• iOS/Android adaptive BLE bonding
• Smart power management (light sleep, WiFi on-demand)
• Cross-platform keyboard layout support

License: MIT (fully open source) Cost: ~$15 hardware + free software