From 6953c96d7b5fc43a0a1140b3e8a46162e3c3f63a Mon Sep 17 00:00:00 2001
From: Siproqu <athena@quyllur.org>
Date: Tue, 24 Aug 2021 11:04:02 +0200
Subject: [PATCH 1/2] Add TOTP mismatch guide

---
 Help/TOTP-mismatch.md | 70 +++++++++++++++++++++++++++++++++++++++++++
 Help/index.md         | 13 ++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 Help/TOTP-mismatch.md
 create mode 100644 Help/index.md

diff --git a/Help/TOTP-mismatch.md b/Help/TOTP-mismatch.md
new file mode 100644
index 0000000..a264356
--- /dev/null
+++ b/Help/TOTP-mismatch.md
@@ -0,0 +1,70 @@
+---
+layout: default
+title: TOTP mismatch
+permalink: /TOTP-mismatch/
+nav_order: 1
+parent: Help
+---
+
+# TOTP mismatch
+
+There are two possibilities why your TOTP mismatches with that on your phone.
+
+1. The time on your laptop has drifted off and is no longer in sync with your phone.
+2. You have updated the firmware.
+3. Your firmware has been manipulated.
+
+## Dissolve the issue.
+
+### **1. Set the hardware clock to the current time.**
+
+Please note: If the date shown in the Heads menu is in the year 1970 your CMOS battery is dead. You have to replace it before your continue with this guide.
+
+> - To get the current time open [this site](https://time.is/GMT) on another device (JavaScript needs to be enabled to see the seconds continuously).
+>	*Do not change the time zone! Otherwise your TOTPs will mismatch again.*
+> - Boot your laptop.
+> - In the Heads menu go to: *Options* -> *TPM/TOTP/HTOP Options* -> *TOTP/HTOP does not match after refresh, troubleshoot* -> *Execute rescue shell*
+> - Select "Yes" on the newly opened window (you don't have to write down the commands shown there, they will be shown in the command line).
+> - Execute the following command. Replace HH:MM:SS with the time shown on the website (HH = hours, MM = minutes, SS = seconds).
+>	*It is recommended to enter the next full minute and execute the command the moment this minute is reached.
+>	E.g.: If it is 19:29:08, replace HH:MM:SS with 19:30:00 and press return the moment it gets half past 7.*
+>	`date -s HH:MM:SS && hwclock -w`
+> - Reboot your laptop with `reboot`.
+
+
+Your TOTP should match again with that on your phone.
+
+If the TOTP doesn't match after reboot consider those points:
+- Have you replaced HH:MM:SS with the time of the time zone GMT-0?
+  Other time zones than GMT-0 will generate TOTPs of the future or past because the alogrithm uses [Unix time](https://en.wikipedia.org/wiki/Unix_time)
+- Is the date and time shown in the Heads menu the one you have just entered?
+  If not, your CMOS battery is likely dead. Replace it and set the time again.
+- Could your phones time be off?
+
+If the TOTP still isn't matching consider the following.
+
+### **2. You have updated the firmware,**
+
+When Heads and the firmware get updated the TOTP will mismatch afterwards.
+
+If you have just forgot to reset the TOTP secret after the the update set a new TOTP secret.
+In the Heads menu go to *Options* -> *TPM/TOTP/HOTP Options* -> *Generate new TOTP/HTOP secret*.
+
+If you **haven't done anything** in this regard, the third cause is possible. 
+
+### **3. Your firmware has been manipulated.**
+
+**Please note: This possibility is the most unprobable. Make sure that you have followed thoroughly the steps in solution 1!**
+
+At this point you can assume you have been compromised.
+
+In general you can build Heads again on a trusted machine and flash it. Afterwards reinstall Qubes.
+
+**But** please consider that the malware might be hidden in some other firmware (battery, keyboard) which is not meassured by Heads.
+Buying a new laptop directly from the store, flash Heads and install Qubes on it is probably the safest option.
+
+References and further reading.
+---
+- [Why do I have to update my clock in Heads?](https://zeronet.now.im/1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:44:Setting+time+into+Heads+when+TOTP+code+is+bad)
+- How TOTP works: [RFC](https://tools.ietf.org/html/rfc6238) and [Wikipedia](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm)
+
diff --git a/Help/index.md b/Help/index.md
new file mode 100644
index 0000000..49436ce
--- /dev/null
+++ b/Help/index.md
@@ -0,0 +1,13 @@
+---
+layout: default
+title: Help
+permalink: /Help
+nav_order: 10
+has_children: yes
+has_toc: false
+---
+
+Help
+====
+
+* [TOTP mismatch](/TOTP-mismatch/)

From 176a24b675c2e22b94f560f96346ae6439e63225 Mon Sep 17 00:00:00 2001
From: Siproqu <athena@quyllur.org>
Date: Tue, 24 Aug 2021 11:10:32 +0200
Subject: [PATCH 2/2] Formatting

---
 Help/TOTP-mismatch.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/Help/TOTP-mismatch.md b/Help/TOTP-mismatch.md
index a264356..1a5b38b 100644
--- a/Help/TOTP-mismatch.md
+++ b/Help/TOTP-mismatch.md
@@ -8,7 +8,7 @@ parent: Help
 
 # TOTP mismatch
 
-There are two possibilities why your TOTP mismatches with that on your phone.
+There are three possibilities why your TOTP mismatches with that on your phone.
 
 1. The time on your laptop has drifted off and is no longer in sync with your phone.
 2. You have updated the firmware.
@@ -16,7 +16,7 @@ There are two possibilities why your TOTP mismatches with that on your phone.
 
 ## Dissolve the issue.
 
-### **1. Set the hardware clock to the current time.**
+### **1. Set the hardware clock to the current time**
 
 Please note: If the date shown in the Heads menu is in the year 1970 your CMOS battery is dead. You have to replace it before your continue with this guide.
 
@@ -26,8 +26,10 @@ Please note: If the date shown in the Heads menu is in the year 1970 your CMOS b
 > - In the Heads menu go to: *Options* -> *TPM/TOTP/HTOP Options* -> *TOTP/HTOP does not match after refresh, troubleshoot* -> *Execute rescue shell*
 > - Select "Yes" on the newly opened window (you don't have to write down the commands shown there, they will be shown in the command line).
 > - Execute the following command. Replace HH:MM:SS with the time shown on the website (HH = hours, MM = minutes, SS = seconds).
+>
 >	*It is recommended to enter the next full minute and execute the command the moment this minute is reached.
 >	E.g.: If it is 19:29:08, replace HH:MM:SS with 19:30:00 and press return the moment it gets half past 7.*
+>
 >	`date -s HH:MM:SS && hwclock -w`
 > - Reboot your laptop with `reboot`.
 
@@ -43,7 +45,7 @@ If the TOTP doesn't match after reboot consider those points:
 
 If the TOTP still isn't matching consider the following.
 
-### **2. You have updated the firmware,**
+### **2. You have updated the firmware**
 
 When Heads and the firmware get updated the TOTP will mismatch afterwards.
 
@@ -52,9 +54,11 @@ In the Heads menu go to *Options* -> *TPM/TOTP/HOTP Options* -> *Generate new TO
 
 If you **haven't done anything** in this regard, the third cause is possible. 
 
-### **3. Your firmware has been manipulated.**
+### **3. Your firmware has been manipulated**
 
-**Please note: This possibility is the most unprobable. Make sure that you have followed thoroughly the steps in solution 1!**
+<hr>
+**Please note:** This possibility is the most unprobable. Make sure that you have followed thoroughly the steps in solution 1!
+<hr>
 
 At this point you can assume you have been compromised.