Skip to main content

Decrypt Samsung Pass and Google Authenticator data

Project description

Vespera Unsealer

[!NOTE] Reclaim Your Digital Freedom. This project is designed to help users migrate digital assets from the Samsung ecosystem or Google Authenticator. Whether you want to break free from vendor lock-in, export "un-backupable" TOTP codes, or simply take true ownership of your private data, this tool is for you.

Note: As the original Unsealer project is under maintenance, I have archived the Unsealer repository and migrated the improved core code to this new repository (Vespera).

Oracipher icon

GitHub Release PyPI Version Python Versions License: MIT

Take back your digital credentials. Unsealer is a multi-module, open-source command-line utility designed to liberate your data from Samsung Pass (.spass) and Google Authenticator. It empowers you to securely decrypt and export sensitive information—including logins, identity details, addresses, and notes—into open, human-readable formats like CSV, TXT, or Markdown.

Whether you're migrating to a new password manager, creating a secure offline backup, or simply want true ownership of your digital life, Unsealer gives you back control.


[!DANGER] Security First: Read Before Use

This tool is a product of reverse engineering and is intended for personal data recovery and educational purposes only. It is NOT an official product of Samsung or Google.

  • USE AT YOUR OWN RISK. The author assumes no liability for data loss or security incidents.
  • HANDLE DECRYPTED DATA CAREFULLY. Decrypted data is stored in plain text. Store it in a secure location and avoid unnecessary sharing.
  • 100% OFFLINE & PRIVATE. Unsealer runs entirely on your local machine. It does not—and cannot—connect to the internet or transmit your data anywhere. You are encouraged to audit the source code to verify this.

Core Features

  • Samsung Module: Decrypt and export logins, identities, addresses, secure notes, and TOTP secrets.
  • Google Module: Parse otpauth-migration:// URIs or directly extract 2FA secrets from Google Authenticator export QR codes. (Note: If you have many accounts, Google may generate multiple QR codes; ensure you scan all of them).
  • Multiple Export Formats: Supports CSV (for spreadsheets), plain TXT (for readability), or structured Markdown (for reports).
  • Secure Interaction: Enforces interactive password prompts to prevent your master password from being saved in shell history.
  • Instant Preview: Quickly inspect backup contents directly in the terminal without writing files to disk.
  • Cross-Platform Support: Fully compatible with Windows, macOS, and Linux. Binaries are available, or run via Python 3.7+.

Data Preparation

1. Obtain Samsung .spass File

You can obtain a backup in two ways:

Smart Switch
  • Method A: Smart Switch (Desktop) The .spass file is created via the Samsung Smart Switch desktop app.

    1. Connect your phone to your PC/Mac via USB.
    2. Open Smart Switch and select "Backup".
    3. Ensure "Settings" is checked (Samsung Pass data is stored here).
    4. After completion, find the .spass file in \SAMSUNG\PASS\backup\.
  • Method B: Direct Export (Mobile)

    1. Open Samsung Pass -> Settings -> Import and Export -> Export to .spass.
    2. Set an export password (Crucial: Remember this password for decryption).
    3. The file will be saved to your phone's internal storage.

2. Obtain Google Authenticator Data

  1. In Google Authenticator, select "Transfer accounts" -> "Export accounts".
  2. Take a screenshot of the QR code(s) or use a scanner to get the otpauth-migration:// URL string.

Step 2: Installation

Method A: Direct Download (Recommended for most users)

Go to the Releases page and download the binary for your OS. It runs standalone without needing Python.

Method B: Via PyPI

pip install unsealer

Note: If pip is not found, try pip3 install unsealer.

Method C: From Source

git clone https://github.com/ChaseanChen/Vespera.git
cd Vespera
pip install .

Step 3: Usage

Unsealer uses a subcommand structure.

1. Decrypt Samsung Pass (.spass)

# Basic export (Default: CSV)
unsealer samsung ./my_backup.spass

# Preview mode (Display first 5 entries in terminal only)
unsealer samsung ./my_backup.spass --preview

# Export to Markdown at a specific path
unsealer samsung ./my_backup.spass -f md -o ./report.md

2. Extract Google 2FA (Authenticator)

Google Authenticator Wallpaper
# Extract from a migration string
unsealer google "otpauth-migration://offline?data=..."

# Batch scan a folder of QR screenshots and generate a report
unsealer google ./qr_screenshots/ -o 2fa_backup.md

CLI Reference

Argument Description
input_file (Required) Path to your .spass file or image folder.
password (Optional) Your master password. If omitted, you will be prompted securely.
Option Full Flag Description
-f --format Output format: csv, txt, md. Default: csv.
-o --output Destination path for the output file.
--preview Display first 5 entries as a table in terminal.

[!WARNING] Security Risk: Passwords in Command Line Strongly discouraged. Providing passwords as arguments may leave them in your .bash_history. Use the interactive prompt instead.


FAQ

Q: I get a "Decryption or Parsing Failed" error. What happened? A: This is usually caused by:

  1. Incorrect Password: 99% of failures are due to wrong passwords. Smart Switch backups use your Samsung Account password; mobile exports use the custom password you set during export.
  2. Corrupted File: The .spass file may be corrupted during transfer. Try creating a fresh backup.
  3. Incompatible Version: While Samsung/Google formats have been stable for years, a major update might require a tool update.

Q: Is it safe to handle my sensitive data with this tool? A: Yes, by design:

  • 100% Offline: No data ever leaves your machine.
  • Open Source: The code is transparent and auditable by security experts.

Q: What data can be exported? A: It parses credentials, identities, addresses, and secure notes from Samsung Pass, and TOTP secrets from Google Authenticator.

Q: Error "libzbar.so not found" on Linux/macOS? A: The Google module's QR scanning depends on zbar. Install it via:

  • Ubuntu/Debian: sudo apt install libzbar0
  • macOS: brew install zbar

Acknowledgments

  • Core decryption algorithms are based on the pioneering reverse engineering by 0xdeb7ef in the spass-manager project.
  • Google migration protocol implementation was inspired by Kristian Rekstad's google-authenticator-exporter.
  • Thanks to all developers contributing to the open-source security community.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

unsealer-2.0.8.tar.gz (26.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

unsealer-2.0.8-py3-none-any.whl (26.8 kB view details)

Uploaded Python 3

File details

Details for the file unsealer-2.0.8.tar.gz.

File metadata

  • Download URL: unsealer-2.0.8.tar.gz
  • Upload date:
  • Size: 26.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for unsealer-2.0.8.tar.gz
Algorithm Hash digest
SHA256 acf99c9e064c7bda11d577830ec7859f9b5b7bc7b1a65d577efb57f04e736ea6
MD5 23c809d96716842eac7586f8319ec6b6
BLAKE2b-256 4bbb526cea095ef7aa8842f35a0635a5b6b49ecf859aab6ec82f86a5d76562d7

See more details on using hashes here.

File details

Details for the file unsealer-2.0.8-py3-none-any.whl.

File metadata

  • Download URL: unsealer-2.0.8-py3-none-any.whl
  • Upload date:
  • Size: 26.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.12

File hashes

Hashes for unsealer-2.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 455e816cedd8c05d447511b760da64fd03ac0d8c721ae26456265079c6e48a97
MD5 c79f30c0f0ed2fcefde0e62a6816ff92
BLAKE2b-256 b8e63d438bdfd2a56bc7fbfb4fc28933f635174894d9980358542396b3388d6f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page