Skip to main content

Welcome to ZeroKeyUSB

ZeroKeyUSB arrives ready to use — fully offline, preloaded with stable firmware and tested hardware.
If you assembled or flashed your own unit, follow the same setup wizard after installation. When powered for the first time, the device will guide you through a one-time initialization process.

Step 1: Power on and initialization

Plug your device into any USB-C port on your computer, tablet, or phone.
ZeroKeyUSB is powered entirely by the USB connection — it has no internal battery.
On first power-up, ZeroKeyUSB automatically initializes:
  • The OLED display (128×32 pixels, monochrome)
  • The touch controller TS06 (five golden touch sensors)
  • The secure EEPROM (M24C64-WMN6TP)
  • Generates a new AES-128 initialization vector (IV) if none is found in EEPROM
  • Reads the hardware serial number from the SAMD21 unique ID registers
You will see the message:
First Startup
ZeroKey USB
Touch any golden dot
→ to continue

Step 2: Create your Master PIN

Use the five golden touch dots to navigate the setup screens:
  • Right → Continue
  • Left → Go back
  • Up / Down → Change digit
  • Center → Confirm
Choose a PIN between 4 and 16 digits.
This PIN acts directly as the AES-128 encryption key — all stored credentials are protected by it.
Your PIN is used to:
  • Derive the AES-128 key that encrypts all credentials
  • Create a unique signature stored in EEPROM (verified on each unlock)
  • Reject incorrect PIN entries but allow unlimited retries
ZeroKeyUSB never stores or transmits your PIN in plain text.

Step 3: Store your credentials

After unlocking, you’ll see the main screen with three fields:
🌐  site.com
👤  username
🔒  password
Each credential is divided into three encrypted EEPROM pages:
  • Site name (32 bytes)
  • Username (32 bytes)
  • Password (32 bytes)
ZeroKeyUSB can store up to 64 credentials in total.
Long fields automatically scroll on the OLED display.
When you select a site and press Center, ZeroKeyUSB acts as a USB keyboard and types:
  1. Your username (expanding automatically if it ends with @)
  2. A Tab key
  3. Your password
The firmware uses a US-QWERTY keyboard layout by default.
For non-US layouts, you may need to adjust special characters on the host system.

Step 4: (Optional) Add a 2FA secret

ZeroKeyUSB can generate Time-based One-Time Passwords (TOTP) completely offline.
You can import a Base32-encoded TOTP secret via the local web manager (see the TOTP documentation for details).
From the main screen, scroll down to “2FA” if a secret exists.
If the device displays REQTIME, it is requesting the current epoch time.
Send the host time once via the web manager — the value will be saved in EEPROM and reused until a new sync is performed.

Step 5: Backup and maintenance

From the Menu → Backup → Export, ZeroKeyUSB can send all credentials over the USB serial interface in CSV format.
Data is transmitted in plain text, so handle backups securely and keep them offline. You can later re-import them through the web manager’s restore option.
To wipe the device completely:
  • Enter Menu → ⚠️ Danger Zone → Factory Reset
  • All credentials, TOTP secrets, and the PIN signature will be erased
  • The device will restart in initial setup mode
    This action cannot be undone. Make sure you have a backup first.

Next steps

Hardware Overview

Understand the main components: SAMD21 MCU, M24C64-W EEPROM, and TS06 touch controller.

Security Core

Explore how AES-128 encryption, IV generation, and signature verification keep your data safe.

Display & Menu System

Learn how the interface, icons, and scrolling animations are implemented in firmware.

TOTP Module

See how offline time-based codes are calculated and stored securely.
ZeroKeyUSB works on any operating system that supports standard USB keyboards.
No drivers, extensions, or software installations are required.
I