Archives
/
extract_otp_secret_keys
mirror of https://github.com/scito/extract_otp_secret_keys
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/pip/nuitka-2.2.1
master
macos_arm64_1
macos_arm64
bump_versions
cv2_mac_1
cv2_segfault_repro_1
cv2_1
v2.7.0
v2.6.1
v2.6.0
v2.5.1
v2.5.0
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.1b1
v2.3.0
v2.3.0b1
v2.2.0
v2.2.0b2
v2.2.0b1
v2.1.0
v2.1.0c2
v2.1.0c1
v2.1.0b5
v2.1.0b4
v2.1.0b3
v2.1.0b2
v2.1.0b1
v2.0.2
v2.0.1
v2.0.0
v2.0.0c3
v2.0.0c2
v2.0.0c1
v1.6.1
v1.6.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb4cee14da'
${ noResults }
extract_otp_secret_keys/README.md

3.9 KiB
Raw Blame History

Extract TOTP/HOTP secret keys from Google Authenticator

CI Status PyPI - Python Version GitHub Pipenv locked Python version License GitHub tag (latest SemVer)

Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app. The secret and otp values can be printed and exported to json or csv. The QR codes can be printed or saved as PNG images.

Usage

  1. Export the QR codes from "Google Authenticator" app

  2. Read QR codes with QR code reader

  3. Save the captured QR codes in a text file. Save each QR code on a new line. (The captured QR codes look like otpauth-migration://offline?data=...)

  4. Call this script with the file as input:

     python extract_otp_secret_keys.py -p example_export.txt

Dependencies

pip install -r requirements.txt

Known to work with

  • Python 3.10.6, protobuf 4.21.5, qrcode 7.3.1, and pillow 9.2

For protobuf versions 3.14.0 or similar or Python 3.6, use the extract_otp_secret_keys version 1.4.0.

Optional

For printing QR codes, the qrcode module is required, otherwise it can be omitted.

pip install qrcode[pil]

Technical background

The export QR code of "Google Authenticator" contains the URL otpauth-migration://offline?data=.... The data parameter is a base64 encoded proto3 message (Google Protocol Buffers).

Command for regeneration of Python code from proto3 message definition file (only necessary in case of changes of the proto3 message definition or new protobuf versions):

protoc --python_out=protobuf_generated_python google_auth.proto

The generated protobuf Python code was generated by protoc 21.5 (https://github.com/protocolbuffers/protobuf/releases/tag/v21.5).

References

Alternative installation methods

pipenv

You can you use Pipenv for running extract_otp_secret_keys.

pipenv install
pipenv shell
python extract_otp_secret_keys.py example_export.txt

Visual Studio Code Remote - Containers / VSCode devcontainer

You can you use VSCode devcontainer for running extract_otp_secret_keys.

Requirement: Docker

  1. Start VSCode
  2. Open extract_otp_secret_keys.code-workspace
  3. Open VSCode command palette (Ctrl-Shift-P)
  4. Type command "Remote-Containers: Reopen in Container"
  5. Open integrated bash terminal in VSCode
  6. Execute: python extract_otp_secret_keys.py example_export.txt

venv

Alternatively, you can use a python virtual env for the dependencies:

python -m venv venv
. venv/bin/activate
pip install -r requirements-dev.txt
pip install -r requirements.txt

The requirements*.txt files contain all the dependencies (also the optional ones). To leave the python virtual env just call deactivate.

devbox

Install devbox, which is a wrapper for nix. Then enter the environment with Python and the packages installed with:

devbox shell

Tests

PyTest

There are basic pytests, see test_extract_otp_secret_keys_pytest.py.

Run tests:

pytest

or

python -m pytest

unittest

There are basic unittests, see test_extract_otp_secret_keys_unittest.py.

Run tests:

python -m unittest