Exporting tokens from FreeOTP

After using FreeOTP on a single device for a while, I came to the conclusion that it would be safer to store the tokens on multiple devices, in case one is out of battery or out-of-arms-reach.

I didn't find any option from the UI to do it, so I checked the data over adb, and as the tokens were stored as JSON-in-XML, I whipped up a quick perl script to convert the data to a list of otpauth:// URIs.

#!/usr/bin/perl -w

use XML::LibXML;
use JSON;
use MIME::Base32;
use URI::Encode qw/uri_encode/;

my $p = XML::LibXML->new();
my $d = $p->load_xml(string => join '', <<>>);
my $j = JSON->new();

for ($d->findnodes('/map/string')) {
	my $l = $_->findvalue('@name');
	next if $l eq 'tokenOrder';
	my $d = $j->decode($_->findvalue('.'));
	$d->{secret} = encode_base32(join('', map {
		chr(($_ + 256) % 256)
	} @{$d->{'secret'}}));
	print "otpauth://" . lc($d->{'type'}) . "/" .
		uri_encode($l) . "?" .
		join("&", map { $_ . "=" . uri_encode($d->{$_}) } keys %$d) .

The output of which can be then be fed to qrencode or similar to get tokens added to another device.

I used:

adb shell su -c 'cat /data/data/org.fedorahosted.freeotp/shared_prefs/tokens.xml''./otp.pl'while read u; do qrencode -o - $u ' display -; done
to view the codes one-by-one. (Note: this method needs rooted device, it may be possible to do it without, but didn't look for one).