Exporting tokens from FreeOTP

July 25, 2020 on 2:40 pm | In geeky | No Comments

After using FreeOTP on a single device for a while, I came to the conclusion that it would be safer to store the tokens on multiple devices, in case one is out of battery or out-of-arms-reach.

I didn't find any option from the UI to do it, so I checked the data over adb, and as the tokens were stored as JSON-in-XML, I whipped up a quick perl script to convert the data to a list of otpauth:// URIs.

#!/usr/bin/perl -w

use XML::LibXML;
use JSON;
use MIME::Base32;
use URI::Encode qw/uri_encode/;

my $p = XML::LibXML->new();
my $d = $p->load_xml(string => join '', <<>>);
my $j = JSON->new();

for ($d->findnodes('/map/string')) {
	my $l = $_->findvalue('@name');
	next if $l eq 'tokenOrder';
	my $d = $j->decode($_->findvalue('.'));
	$d->{secret} = encode_base32(join('', map {
		chr(($_ + 256) % 256)
	} @{$d->{'secret'}}));
	print "otpauth://" . lc($d->{'type'}) . "/" .
		uri_encode($l) . "?" .
		join("&", map { $_ . "=" . uri_encode($d->{$_}) } keys %$d) .

The output of which can be then be fed to qrencode or similar to get tokens added to another device.

I used:

adb shell su -c 'cat /data/data/org.fedorahosted.freeotp/shared_prefs/tokens.xml'|./otp.pl|while read u; do qrencode -o - $u | display -; done

to view the codes one-by-one. (Note: this method needs rooted device, it may be possible to do it without, but didn't look for one).

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress.
Entries and comments feeds. Valid XHTML and CSS. ^Top^