mirror of https://github.com/scito/extract_otp_secret_keys.git synced 2025-12-06 06:44:57 +01:00

Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app

2fa google-authenticator otp otpauth otpauth-migration proto3 python qr-codes recovering-data recovery secret-keys tfa totp

Find a file

scito 4027677b38 add vscode settings.json		2022-09-04 13:44:46 +02:00
.github	add dependabot.yml	2022-09-04 01:30:45 +02:00
.vscode	add vscode settings.json	2022-09-04 13:44:46 +02:00
protobuf_generated_python	upgrade to protobuf 4.21.5, add quiet mode, refactor code, add unit test	2022-09-03 14:55:17 +02:00
test	add test for verbose output	2022-09-04 08:16:20 +02:00
.editorconfig	Initial	2020-05-23 08:51:41 +02:00
.flake8	fix optional QRCode import	2022-09-03 23:46:05 +02:00
.gitignore	add vscode settings.json	2022-09-04 13:44:46 +02:00
devbox.json	add a devbox.json to convenientally run this	2022-09-03 11:13:45 +02:00
example_export.txt	fix: improve logging, handle file saving without issuer, extend example	2021-02-13 16:58:30 +01:00
example_output.csv	upgrade to protobuf 4.21.5, add quiet mode, refactor code, add unit test	2022-09-03 14:55:17 +02:00
example_output.json	upgrade to protobuf 4.21.5, add quiet mode, refactor code, add unit test	2022-09-03 14:55:17 +02:00
extract_otp_secret_keys.py	refactor to reduce complexity of extract_otps (main loop)	2022-09-04 08:37:03 +02:00
google_auth.proto	Initial	2020-05-23 08:51:41 +02:00
LICENSE	Add GPL3 LICENSE	2022-09-03 18:23:30 +02:00
Pipfile	support pipenv	2022-09-03 19:05:30 +02:00
Pipfile.lock	support pipenv	2022-09-03 19:05:30 +02:00
README.md	improve README.md	2022-09-04 08:57:12 +02:00
requirements-buildenv.txt	Add python virtual env instructions	2022-01-06 20:47:57 +01:00
requirements.txt	Add python virtual env instructions	2022-01-06 20:47:57 +01:00
test_extract_otp_secret_keys_pytest.py	add test for verbose output	2022-09-04 08:16:20 +02:00
test_extract_otp_secret_keys_unittest.py	add test for verbose output	2022-09-04 08:16:20 +02:00
utils.py	add output tests	2022-09-04 00:15:08 +02:00

README.md

Extract TOTP/HOTP secret keys from Google Authenticator

Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app. The secret and otp values can be printed and exported to json or csv. The QR codes can be printed or saved as PNG images.

Usage

Export the QR codes from "Google Authenticator" app
Read QR codes with QR code reader
Save the captured QR codes in a text file. Save each QR code on a new line. (The captured QR codes look like otpauth-migration://offline?data=...)

Call this script with the file as input:

 python extract_otp_secret_keys.py -p example_export.txt

Dependencies

pip install -r requirements.txt

Known to work with

Python 3.10.6, protobuf 4.21.5, qrcode 7.3.1, and pillow 9.2

For protobuf versions 3.14.0 or similar or Python 3.6, use the extract_otp_secret_keys version 1.4.0.

Optional

For printing QR codes, the qrcode module is required, otherwise it can be omitted.

pip install qrcode[pil]

Technical background

The export QR code of "Google Authenticator" contains the URL otpauth-migration://offline?data=.... The data parameter is a base64 encoded proto3 message (Google Protocol Buffers).

Command for regeneration of Python code from proto3 message definition file (only necessary in case of changes of the proto3 message definition or new protobuf versions):

protoc --python_out=protobuf_generated_python google_auth.proto

The generated protobuf Python code was generated by protoc 21.5 (https://github.com/protocolbuffers/protobuf/releases/tag/v21.5).

References

Proto3 documentation: https://developers.google.com/protocol-buffers/docs/pythontutorial
Template code: https://github.com/beemdevelopment/Aegis/pull/406

Alternative installation methods

pipenv

You can you use Pipenv for running extract_otp_secret_keys.

pipenv install
pipenv shell
python extract_otp_secret_keys.py example_export.txt

venv

Alternatively, you can use a python virtual env for the dependencies:

python -m venv venv
. venv/bin/activate
pip install -r requirements-buildenv.txt
pip install -r requirements.txt

The requirements*.txt files contain all the dependencies (also the optional ones). To leave the python virtual env just call deactivate.

devbox

Install devbox, which is a wrapper for nix. Then enter the environment with Python and the packages installed with:

devbox shell

Tests

PyTest

There are basic pytests, see test_extract_otp_secret_keys_pytest.py.

Run tests:

pytest

python -m pytest

unittest

There are basic unittests, see test_extract_otp_secret_keys_unittest.py.

Run tests:

python -m unittest