What it is
The Molto2 / Molto2v2 is a standalone TOTP token. You load account seeds into numbered slots, and the device displays the current code for each — entirely offline. Unlike a phone authenticator, there's no OS to compromise and nothing syncing to a cloud; unlike a single-account token, it holds many. It programs over a smart-card (PC/SC) interface.
keyroost's Molto2 support was built by observing the device protocol and its public
reference tool — it is not a fork of any vendor software. The wire format, SM4-CBC
MAC, and config TLV are documented in the project's PROTOCOL.md.
Programming & bulk import
Load a single slot from an otpauth:// URI, or migrate a whole set of
accounts at once:
- Aegis export (plaintext or encrypted)
- 2FAS export
- a list of
otpauth://URIs
keyroost can also sync the device clock to the host — important, because TOTP depends on accurate time, and a drifted clock shows wrong codes.
The customer key
Writes to the Molto2 are authenticated with a device customer key — a secret that gates programming so that not just anyone with physical access can reprogram your token. Sensitive commands are wrapped in an SM4-CBC MAC keyed by it.
- keyroost can rotate the customer key to a value you control.
- Treat it like any other key secret: if you lose it you may be unable to reprogram the device without a factory reset.
- As with all secrets, provide it via the environment/stdin paths keyroost exposes — never on the command line, and the tool won't print it back.
Rotating the customer key or factory-resetting the token changes what it will accept and can wipe loaded slots. Make sure you can re-derive every seed before you do either. See resetting →
What keyroost does with the Molto2
Program a slot from an otpauth:// URI; bulk-import from Aegis / 2FAS /
an otpauth:// list; sync the host clock; rotate the customer key; and
factory-reset — over a pure-Rust protocol layer (SM4, SHA-1, APDU builders, MAC)
with no external crypto dependencies.