FIRST OTP based on M5StickC

Public Chat
Similar projects worth following
the first OTP based on M5StickC, with GMT RTC, up to 30 OTP records, configurable with the OXOTP app in the Playstore.

I had a Cpanel & I wanted to secure it with a 2FA-OTP but the phone was not secure because if destroyed, formatted, or hacked (because of wifi / 4G) I would lose access to all my services.

Searching for physical OTP on the internet and saw that the price was very expensive, so I decided to make one for myself.

I already had M5StickC, and I also had some experience in developing phone apps so I created the whole system with an Android app.

This is the first OTP based on M5StickC, with a cheap price the M5StickC is capable to get up to 30 record OTP.

A secure pin is set at the beginning of the config to maintain security, easy to set hard to hack.

Just flash the bin file, 

download the app

 to read more détails check


release V1.0

octet-stream - 846.66 kB - 12/07/2020 at 19:13


  • 1 × M5StickC

View project log

  • 1

    1. DOWNLOAD Flash Download Tool
    2. DOWNLOAD Last Release HERE
    3. Open Flash Download Tool

    Restart your M5StickC after the flash is finished and enjoy it

View all instructions

Enjoy this project?



Alexander wrote 01/11/2021 at 22:48 point

Saying that something "Can't be hacked" is a sure-fire way to get hackers to break your security. Might want to remove that claim, lol.

  Are you sure? yes | no

Mezghache Imad wrote 01/12/2021 at 19:01 point

Thanks, Alexander 

I love your request to remove the "Can't be hacked", 

I based my intuition on wifi security made for ESP32:
If ESP32 is hackable my code will be too, the hardware is not my fault, "no system is safe", but tested before that ESP32 is so secure in WIFI mode that all companies use it as IoT, so I don't expect that a hacker never tries it before, my code is open source and there is no backdoor, you can read it, it can be hacked one day (the hardware) in future when Espressif Systems will discontinue the support making the SDK obsolete like windows 7 at this moment.

in the end, ESP32 only runs one firmware at a time, if you compare it to a phone, it may have backdoors for each app that works in real-time in the system.

  Are you sure? yes | no

Larry Matter wrote 01/06/2021 at 23:39 point

You're welcome and thank you for the project!  I already have one co-worker very interested in it.  I would be happy to test/review any changes you make.  Best regards!

  Are you sure? yes | no

Larry Matter wrote 01/02/2021 at 18:14 point

I couldn't get my M5Stick to connect properly to Windows which is the only platform for the flash tool, so I cloned the source onto a Linux laptop and loaded via the Arduino IDE.  You'll have to include a bunch of libraries (for time.h, search for "timekeeper" in the library manager) and for the NVS code, I just copied it into the OXOTP source directory, but it eventually loaded.  

Then just connect to the OXOTP wifi ssid using the displayed key (can be hard to read) and you'll be able to use this for 2FA.  I successfully tested on Amazon AWS. 

Neat project!!

  Are you sure? yes | no

Mezghache Imad wrote 01/02/2021 at 19:14 point

<< THANKS Larry >>
Thanks for the feedback,

yes I confirm that M5StickC does not give a tool to flash it directly with BIN instead the company uses the ESP32 flash tool (the genuine tool that is given with ESP32) which is not compatible at all

I will add libraries, change the wifi password font, or give it a new way to print it on the screen.

I will contact M5Stack and see if they can help to give it more stability to flash bin files

Glad to know it's working with Amazon AWS without a problem.

If you have any other suggestions I would be happy to hear them.

big thanks !!!!!!!!!

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates