diff --git a/applications/u2f/u2f.c b/applications/u2f/u2f.c
index 051dca696..94fd9f2da 100644
--- a/applications/u2f/u2f.c
+++ b/applications/u2f/u2f.c
@@ -4,6 +4,7 @@
 #include "u2f_data.h"
 #include <furi_hal.h>
 #include <furi_hal_random.h>
+#include <littlefs/lfs_util.h> // for lfs_tobe32
 
 #include "toolbox/sha256.h"
 #include "toolbox/hmac_sha256.h"
@@ -256,6 +257,7 @@ static uint16_t u2f_authenticate(U2fData* U2F, uint8_t* buf) {
     uint8_t flags = 0;
     uint8_t hash[32];
     uint8_t signature[64];
+    uint32_t be_u2f_counter;
 
     if(u2f_data_check(false) == false) {
         U2F->ready = false;
@@ -275,11 +277,14 @@ static uint16_t u2f_authenticate(U2fData* U2F, uint8_t* buf) {
     }
     U2F->user_present = false;
 
+    // The 4 byte counter is represented in big endian
+    be_u2f_counter = lfs_tobe32(U2F->counter);
+
     // Generate hash
     sha256_start(&sha_ctx);
     sha256_update(&sha_ctx, req->app_id, 32);
     sha256_update(&sha_ctx, &flags, 1);
-    sha256_update(&sha_ctx, (uint8_t*)&(U2F->counter), 4);
+    sha256_update(&sha_ctx, (uint8_t*)&(be_u2f_counter), 4);
     sha256_update(&sha_ctx, req->challenge, 32);
     sha256_finish(&sha_ctx, hash);
 
@@ -309,7 +314,7 @@ static uint16_t u2f_authenticate(U2fData* U2F, uint8_t* buf) {
     uECC_sign(priv_key, hash, 32, signature, U2F->p_curve);
 
     resp->user_present = flags;
-    resp->counter = U2F->counter;
+    resp->counter = be_u2f_counter;
     uint8_t signature_len = u2f_der_encode_signature(resp->signature, signature);
     memcpy(resp->signature + signature_len, state_no_error, 2);