Extract tokens from FreeOTP backup
Project description
FreeOTP tokens extractor
Backing up FreeOTP
Using adb, create a backup of the app using the following command:
adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp
org.fedorahosted.freeotp is the app ID for FreeOTP.
This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.
Manually extracting the backup
The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.
It's available on the AUR as android-backup-extractor-git.
Use it like so (this command will ask you for the password you just set to decrypt it):
abe unpack freeotp-backup.ab freeotp-backup.tar
Then extract the generated tar file:
$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml
We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml
.
Extract tokens
First, download freeotp_extractor.pyz
(or install it from PyPi with pip
), then you can run ./freeotp_extractor.pyz -h
:
usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input
Extract token from FreeOTP
positional arguments:
input File containing XML with tokens (usually 'tokens.xml')
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-o OUTPUT, --output OUTPUT
Give the output file for save tokens
-q {term,svg,eps}, --qrcode {term,svg,eps}
Use a JSON input to recreate QRcode for each issuer.
Use 'term' to display directly to the terminal, 'svg'
and 'eps' output the qrcode into a file
To just output tokens in the termnal :
./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml
It will output something like :
Dropbox:example@gmail.com: BQ4F6XX3QOFEXQY5SNFPJZW3
gitlab.com:example@gmail.com: 4FBTY2GE3VK7BMFBFOE3X7CR
Google:example@gmail.com: RK6MVRZCQXFBUMGBKZBF5CAA
Or you can pass a output
parameter to save it into a file :
./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml
tokens.json
:
{
"Dropbox:example@gmail.com":{
"secret":"BQ4F6XX3QOFEXQY5SNFPJZW3",
"issuer":"Dropbox"
},
"gitlab.com:example@gmail.com":{
"secret":"4FBTY2GE3VK7BMFBFOE3X7CR",
"issuer":"Gitlab"
},
"Google:example@gmail.com":{
"secret":"RK6MVRZCQXFBUMGBKZBF5CAA",
"issuer":"Google"
}
}
Recreate QRcode
With the JSON file (i.e.: tokens.json
) you can recreate QRcode to scan from an application.
To output it directly to the terminal :
./freeotp_extractor.pyz tokens.json -q term
Or if you wan to save it into files :
mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for freeotp_extractor-0.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7db133045f057468d58367151037e6263776b6e4b275e8bfdaf1387437031ef6 |
|
MD5 | baeb6ec364e0437b672681a328dc8ddf |
|
BLAKE2b-256 | d81a3d82a719af4af237bc95825c59216b84d608ebdd126a4f84894289e9df43 |