Last active
January 25, 2024 20:23
-
-
Save plambrechtsen/f712cedf9ead5015314170600be59fe5 to your computer and use it in GitHub Desktop.
Create random Base32 TOTP Token and burn it to a NFC Token2 Token and upload the CSV to Azure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Time step of the OTP. 1=30s, 2=60s | |
$TimeStep = 2 | |
$AzureTime = $TimeStep * 30 | |
# Sleep timeout. 1=15s, 2=30s, 3=60s, 4=120s | |
$ScreenTimeout = 3 | |
# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples | |
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create() | |
[Byte[]]$x=1 | |
for($r=''; $r.length -lt 32){$RNG.GetBytes($x); if([char]$x[0] -clike '[2-7A-Z]'){$r+=[char]$x[0]}} | |
# Remove the output file if it exists | |
Remove-Item .\output.txt -ErrorAction Ignore | |
# Token 2 command line tool from https://www.token2.com/site/page/tools-for-programmable-tokens -> Windows Command-line tool | |
& .\token2-config.exe -s $r -t 0 -e $TimeStep -a 1 -p $ScreenTimeout -r output.txt | |
if ($? -eq $True) { | |
$Output = Get-Content .\output.txt | |
$OutputSplit = $Output -split "," | |
$SN = $OutputSplit[0] | |
Remove-Item .\$SN.csv -ErrorAction Ignore | |
Add-Content .\$SN.csv "upn,serial number,secret key,time interval,manufacturer,model" | |
Add-Content .\$SN.csv "First.Last@contoso.onmicrosoft.com,$Output,$AzureTime,Token2,C301i" | |
# Start Notepad to update the UPN/EMail Logon on the Token before uploading | |
& notepad.exe .\$SN.csv | |
# Open Azure Hardware Token site | |
Start-Process "https://portal.azure.com/#view/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/~/HardwareTokens" | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Time step of the OTP. 1=30s, 2=60s | |
#$TimeStep = 2 | |
$AzureTime = "30" | |
$Title = "TOTP" | |
$Profile = "0" | |
# Screen timeout. 0=15s, 1=30s, 2=60s, 3=120s | |
$ScreenTimeout = 2 | |
# Create 32 Bit Base32 string - From support.yubico.com/hc/en-us/articles/360015668699-Generating-Base32-string-examples | |
$RNG = [Security.Cryptography.RandomNumberGenerator]::Create() | |
[Byte[]]$x=1 | |
for($r=''; $r.length -lt 32){$RNG.GetBytes($x); if([char]$x[0] -clike '[2-7A-Z]'){$r+=[char]$x[0]}} | |
# Remove the output file if it exists | |
Remove-Item .\output.txt -ErrorAction Ignore | |
# Token 2 command line tool from https://www.token2.com/site/page/tools-for-programmable-tokens -> Windows Command-line tool | |
& .\molto2-config.exe --profile $Profile --title $Title --seedbase32 $r --display_timeout $ScreenTimeout > output.txt | |
if ($? -eq $True) { | |
$Output = Get-Content .\output.txt | |
$GetSerialNumber = $Output | Select-String -Pattern "device serial number: (\d+)" | |
$SN = $GetSerialNumber.matches.groups[1].value | |
Remove-Item .\$SN.csv -ErrorAction Ignore | |
Add-Content .\$SN.csv "upn,serial number,secret key,time interval,manufacturer,model" | |
Add-Content .\$SN.csv "First.Last@contoso.onmicrosoft.com,$SN,$r,$AzureTime,Token2,Molto2" | |
# Start Notepad to update the UPN/EMail Logon on the Token before uploading | |
& notepad.exe .\$SN.csv | |
# Open Azure Hardware Token site | |
Start-Process "https://portal.azure.com/#view/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/~/HardwareTokens" | |
} else { | |
Write-Output "Call to molto2-config.exe failed" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment