Skip to main content

Extract tokens from FreeOTP backup

Project description

FreeOTP tokens extractor

pipeline status PyPI - License PyPI PyPI - Python Version Code style: black

Backing up FreeOTP

Using adb, create a backup of the app using the following command:

adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp

org.fedorahosted.freeotp is the app ID for FreeOTP.

This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.

Manually extracting the backup

The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.

It's available on the AUR as android-backup-extractor-git.

Use it like so (this command will ask you for the password you just set to decrypt it):

abe unpack freeotp-backup.ab freeotp-backup.tar

Then extract the generated tar file:

$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml

We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml.

Extract tokens

First, download freeotp_extractor.pyz (or install it from PyPi with pip), then you can run ./freeotp_extractor.pyz -h :

usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input

Extract token from FreeOTP

positional arguments:
  input                 File containing XML with tokens (usually 'tokens.xml')

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -o OUTPUT, --output OUTPUT
                        Give the output file for save tokens
  -q {term,svg,eps}, --qrcode {term,svg,eps}
                        Use a JSON input to recreate QRcode for each issuer.
                        Use 'term' to display directly to the terminal, 'svg'
                        and 'eps' output the qrcode into a file

To just output tokens in the termnal :

./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml

It will output something like :

Dropbox:example@gmail.com: BQ4F6XX3QOFEXQY5SNFPJZW3
gitlab.com:example@gmail.com: 4FBTY2GE3VK7BMFBFOE3X7CR
Google:example@gmail.com: RK6MVRZCQXFBUMGBKZBF5CAA

Or you can pass a output parameter to save it into a file :

./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml

tokens.json:

{
  "Dropbox:example@gmail.com":{
    "secret":"BQ4F6XX3QOFEXQY5SNFPJZW3",
    "issuer":"Dropbox"
  },
  "gitlab.com:example@gmail.com":{
    "secret":"4FBTY2GE3VK7BMFBFOE3X7CR",
    "issuer":"Gitlab"
  },
  "Google:example@gmail.com":{
    "secret":"RK6MVRZCQXFBUMGBKZBF5CAA",
    "issuer":"Google"
  }
}

Recreate QRcode

With the JSON file (i.e.: tokens.json) you can recreate QRcode to scan from an application. To output it directly to the terminal :

./freeotp_extractor.pyz tokens.json -q term

Or if you wan to save it into files :

mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

freeotp-extractor-0.3.1.tar.gz (4.4 kB view hashes)

Uploaded source

Built Distribution

freeotp_extractor-0.3.1-py3-none-any.whl (5.7 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page