Extract tokens from FreeOTP backup

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Oprax from gravatar.com Oprax

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Oprax
Classifiers
Report project as malware

Project description

FreeOTP tokens extractor

pipeline status PyPI - License PyPI PyPI - Python Version Code style: black

Backing up FreeOTP

Using adb, create a backup of the app using the following command:

adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp

org.fedorahosted.freeotp is the app ID for FreeOTP.

This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.

Manually extracting the backup

The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.

It's available on the AUR as android-backup-extractor-git.

Use it like so (this command will ask you for the password you just set to decrypt it):

abe unpack freeotp-backup.ab freeotp-backup.tar

Then extract the generated tar file:

$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml

We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml.

Extract tokens

First, download freeotp_extractor.pyz (or install it from PyPi with pip), then you can run ./freeotp_extractor.pyz -h :

usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input

Extract token from FreeOTP

positional arguments:
  input                 File containing XML with tokens (usually 'tokens.xml')

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -o OUTPUT, --output OUTPUT
                        Give the output file for save tokens
  -q {term,svg,eps}, --qrcode {term,svg,eps}
                        Use a JSON input to recreate QRcode for each issuer.
                        Use 'term' to display directly to the terminal, 'svg'
                        and 'eps' output the qrcode into a file

To just output tokens in the termnal :

./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml

It will output something like :

Dropbox:example@gmail.com: BQ4F6XX3QOFEXQY5SNFPJZW3
gitlab.com:example@gmail.com: 4FBTY2GE3VK7BMFBFOE3X7CR
Google:example@gmail.com: RK6MVRZCQXFBUMGBKZBF5CAA

Or you can pass a output parameter to save it into a file :

./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml

tokens.json:

{
  "Dropbox:example@gmail.com":{
    "secret":"BQ4F6XX3QOFEXQY5SNFPJZW3",
    "issuer":"Dropbox"
  },
  "gitlab.com:example@gmail.com":{
    "secret":"4FBTY2GE3VK7BMFBFOE3X7CR",
    "issuer":"Gitlab"
  },
  "Google:example@gmail.com":{
    "secret":"RK6MVRZCQXFBUMGBKZBF5CAA",
    "issuer":"Google"
  }
}

Recreate QRcode

With the JSON file (i.e.: tokens.json) you can recreate QRcode to scan from an application. To output it directly to the terminal :

./freeotp_extractor.pyz tokens.json -q term

Or if you wan to save it into files :

mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Oprax from gravatar.com Oprax

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Oprax
Classifiers

Release history Release notifications | RSS feed

This version

0.3.1

0.3.0

0.2.2

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

freeotp-extractor-0.3.1.tar.gz (4.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

freeotp_extractor-0.3.1-py3-none-any.whl (5.7 kB view details)

Uploaded Python 3

File details

Details for the file freeotp-extractor-0.3.1.tar.gz.

File metadata

  • Download URL: freeotp-extractor-0.3.1.tar.gz
  • Upload date:
  • Size: 4.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.0

File hashes

Hashes for freeotp-extractor-0.3.1.tar.gz
Algorithm Hash digest
SHA256 63618dac5ea17753e8bd4f93a80bd265e9c2e44f01284dcc66f165916e90ba2e
MD5 0659830842d9cbf8e903ea7b59b1d713
BLAKE2b-256 5251d3e746ad995314341747cbd19e9d6d8e1969684a07024ca04c7605c69118

See more details on using hashes here.

File details

Details for the file freeotp_extractor-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: freeotp_extractor-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 5.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.0

File hashes

Hashes for freeotp_extractor-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 4f43409055e270cda1e75890012fb8b6bbad7235f53b68ef06c3b5ee5bcb5ecb
MD5 751a3df0290c9a8d74429f941b7ba508
BLAKE2b-256 c5b7fe9e0a853097d40096daa4412ec79f3471a918bb2eefbe0350ed5dde346a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page