I'm all for 2-factor auth and Google Authenticator is a prime example to me, of allowing various logins to reside not only in one place but also on the one thing I already always carry around with me anyway - my smartphone. I'll be moving to FIDO Universal 2nd Factor (U2F) for stuff, which even helps to get rid of the manual labor associated with entering a passcode as well as being more secure against MITM attacks.
Anyway, back to corporate legacy land. I've recently been given an RSA SecurID's and I'm somewhat annoyed at the size of it and the manual labor associated with using it compared to the more modern alternatives I mention above. I'm aware that SecurID can be used as a smartphone app like the Google Authenticator, but that's not an option for me at the moment. In the perfect world, one could extract the serial no. and with the proper algorithm, write an Android app to mimic the hardware. From a security point of view, I can't readily see a difference between reading the numbers on a display on a custom piece of hardware vs. some generic phone. Some interesting info about the SecurID
here.
So I was just wondering, short of going
on the device, what am I going to find if I try taking one apart? Key-components? Tamper-proofing?