Skip to main content

Extract tokens from FreeOTP backup

Project description

FreeOTP tokens extractor

pipeline status PyPI - License PyPI PyPI - Python Version Code style: black

Backing up FreeOTP

Using adb, create a backup of the app using the following command:

adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp

org.fedorahosted.freeotp is the app ID for FreeOTP.

This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.

Manually extracting the backup

The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.

It's available on the AUR as android-backup-extractor-git.

Use it like so (this command will ask you for the password you just set to decrypt it):

abe unpack freeotp-backup.ab freeotp-backup.tar

Then extract the generated tar file:

$ tar xvf freeotp-backup.tar

We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml.

Extract tokens

First, download freeotp_extractor.pyz (or install it from PyPi with pip), then you can run ./freeotp_extractor.pyz -h :

usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input

Extract token from FreeOTP

positional arguments:
  input                 File containing XML with tokens (usually 'tokens.xml')

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -o OUTPUT, --output OUTPUT
                        Give the output file for save tokens
  -q {term,svg,eps}, --qrcode {term,svg,eps}
                        Use a JSON input to recreate QRcode for each issuer.
                        Use 'term' to display directly to the terminal, 'svg'
                        and 'eps' output the qrcode into a file

To just output tokens in the termnal :

./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml


Or you can pass a output parameter to save it into a file :

./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml



Recreate QRcode

With the JSON file (i.e.: tokens.json) you can recreate QRcode to scan from an application. To output it directly to the terminal :

./freeotp_extractor.pyz tokens.json -q term

Or if you wan to save it into files :

mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

freeotp-extractor-0.3.1.tar.gz (4.4 kB view hashes)

Uploaded source

Built Distribution

freeotp_extractor-0.3.1-py3-none-any.whl (5.7 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page