freeotp-extractor

Release 0.3.1

Extract tokens from FreeOTP backup

Homepage PyPI

License
MIT
Install
pip install freeotp-extractor==0.3.1

Documentation

FreeOTP tokens extractor

pipeline status PyPI - License PyPI PyPI - Python Version Code style: black

Backing up FreeOTP

Using adb, create a backup of the app using the following command:

adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp

org.fedorahosted.freeotp is the app ID for FreeOTP.

This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.

Manually extracting the backup

The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them.

It's available on the AUR as android-backup-extractor-git.

Use it like so (this command will ask you for the password you just set to decrypt it):

abe unpack freeotp-backup.ab freeotp-backup.tar

Then extract the generated tar file:

$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml

We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml.

Extract tokens

First, download freeotp_extractor.pyz (or install it from PyPi with pip), then you can run ./freeotp_extractor.pyz -h :

usage: freeotp_extractor.pyz [-h] [-v] [-o OUTPUT] [-q {term,svg,eps}] input

Extract token from FreeOTP

positional arguments:
  input                 File containing XML with tokens (usually 'tokens.xml')

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -o OUTPUT, --output OUTPUT
                        Give the output file for save tokens
  -q {term,svg,eps}, --qrcode {term,svg,eps}
                        Use a JSON input to recreate QRcode for each issuer.
                        Use 'term' to display directly to the terminal, 'svg'
                        and 'eps' output the qrcode into a file

To just output tokens in the termnal :

./freeotp_extractor.pyz apps/org.fedorahosted.freeotp/sp/tokens.xml

It will output something like :

Dropbox:example@gmail.com: BQ4F6XX3QOFEXQY5SNFPJZW3
gitlab.com:example@gmail.com: 4FBTY2GE3VK7BMFBFOE3X7CR
Google:example@gmail.com: RK6MVRZCQXFBUMGBKZBF5CAA

Or you can pass a output parameter to save it into a file :

./freeotp_extractor.pyz --output tokens.json apps/org.fedorahosted.freeotp/sp/tokens.xml

tokens.json:

{
  "Dropbox:example@gmail.com":{
    "secret":"BQ4F6XX3QOFEXQY5SNFPJZW3",
    "issuer":"Dropbox"
  },
  "gitlab.com:example@gmail.com":{
    "secret":"4FBTY2GE3VK7BMFBFOE3X7CR",
    "issuer":"Gitlab"
  },
  "Google:example@gmail.com":{
    "secret":"RK6MVRZCQXFBUMGBKZBF5CAA",
    "issuer":"Google"
  }
}

Recreate QRcode

With the JSON file (i.e.: tokens.json) you can recreate QRcode to scan from an application. To output it directly to the terminal :

./freeotp_extractor.pyz tokens.json -q term

Or if you wan to save it into files :

mkdir -p ./qrcode
./freeotp_extractor.pyz tokens.json -q svg -o ./qrcode

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
4
Latest release
First release
Stars
0
Forks
0
Contributors
0
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.3.1
0.3.0
0.2.2
0.2.0

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-15 17:33:51 UTC

Login to resync this project