Extract tokens from FreeOTP backup
Project description
FreeOTP tokens extractor
Backing up FreeOTP
Using adb, create a backup of the app using the following command:
adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp
org.fedorahosted.freeotp is the app ID for FreeOTP.
This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.
Manually extracting the backup
The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.
It's available on the AUR as android-backup-extractor-git.
Use it like so (this command will ask you for the password you just set to decrypt it):
abe unpack freeotp-backup.ab freeotp-backup.tar
Then extract the generated tar file:
$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml
We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml
.
Extract tokens
First, download freeotp_extractor.pyz
(or install it from PyPi with pip
), then you can run ./freeotp_extractor.pyz -h
:
usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input
Extract token from FreeOTP
positional arguments:
input File containing XML with tokens (usually 'tokens.xml')
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-o OUTPUT, --output OUTPUT
Give the output file for save tokens
-q {term,svg,eps}, --qrcode {term,svg,eps}
Use a JSON input to recreate QRcode for each issuer.
Use 'term' to display directly to the terminal, 'svg'
and 'eps' output the qrcode into a file
To just output tokens in the termnal :
./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml
It will output something like :
Dropbox:example@gmail.com: BQ4F6XX3QOFEXQY5SNFPJZW3
gitlab.com:example@gmail.com: 4FBTY2GE3VK7BMFBFOE3X7CR
Google:example@gmail.com: RK6MVRZCQXFBUMGBKZBF5CAA
Or you can pass a output
parameter to save it into a file :
./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml
tokens.json
:
{
"Dropbox:example@gmail.com":{
"secret":"BQ4F6XX3QOFEXQY5SNFPJZW3",
"issuer":"Dropbox"
},
"gitlab.com:example@gmail.com":{
"secret":"4FBTY2GE3VK7BMFBFOE3X7CR",
"issuer":"Gitlab"
},
"Google:example@gmail.com":{
"secret":"RK6MVRZCQXFBUMGBKZBF5CAA",
"issuer":"Google"
}
}
Recreate QRcode
With the JSON file (i.e.: tokens.json
) you can recreate QRcode to scan from an application.
To output it directly to the terminal :
./freeotp_extractor.pyz tokens.json -q term
Or if you wan to save it into files :
mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for freeotp_extractor-0.3.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4f43409055e270cda1e75890012fb8b6bbad7235f53b68ef06c3b5ee5bcb5ecb |
|
MD5 | 751a3df0290c9a8d74429f941b7ba508 |
|
BLAKE2b-256 | c5b7fe9e0a853097d40096daa4412ec79f3471a918bb2eefbe0350ed5dde346a |