Open FireCubeStudios opened 1 year ago
peternrdstrm
commented
1 year ago You'd basically need to parse JSON files as far as I understand, that the format most authentificator apps export to. The twist is that some of them might be encryped, so you probably need to deal with that too, other than that, it should be easy to implement this feature
FireCubeStudios
commented
1 year ago Since I am not familiar with the export types of other auth apps can people post an example of the file contents, file type and from which app the export is from so I can take a look
DmitryGolubenkov
commented
1 year ago I researched some formats in Android applications that are installed on my phone.
Google Authenticator provides a QR code that can be used to export accounts. QR code is limited to 10 accounts, so, when user tries to export more that 10, the application generates more QR codes. Its contents are encoded in base64, as far as I can tell. I didn't spend much time while researching, so I can be wrong. Relevant links:
otpauth-migration://offline?data=SOME_LONG_ENCODED_STRINGOpen source android client written in C#. Provides several ways to export content.
For individual items it shows a QR code that contains
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED%3A is : but it is still shown as its code.
By clicking Show URI button is shows the string above to user.
By the way, I tried to use the QR to export one of the codes to Protecc and couldn't do it.
The issue is that Protecc requires QR to contain only the secret string and can't parse it.
Export to native application format. It contains custom app icons and is encrypted. I don't think Protecc should support it as there are another ways to export from this app.
Export to HTML.
HTML contains a table:
Issuer | Username | OTP Auth URI | QR Code
OTP Auth URI contains the same structure as is described in first way.
I don't think Protecc should support is as this format is more for users than for parsing.
Export to txt. This format can be easily parsed. Format:
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUEDThe same format as in first way but all the codes and secrets are separated by new line. So it can be used for batch import.
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
FireCubeStudios
commented
1 year ago I researched some formats in Android applications that are installed on my phone.
Google Authenticator
Google Authenticator provides a QR code that can be used to export accounts. QR code is limited to 10 accounts, so, when user tries to export more that 10, the application generates more QR codes.
Its contents are encoded in base64, as far as I can tell. I didn't spend much time while researching, so I can be wrong. Relevant links:
https://github.com/dim13/otpauth - an application written in Go that can decode Google Authentication.
https://github.com/google/google-authenticator-android/issues/118 - a discussion about decoding contents of QR code.
Format:
otpauth-migration://offline?data=SOME_LONG_ENCODED_STRINGAuthenticator Pro
Open source android client written in C#.
Provides several ways to export content.
First way
For individual items it shows a QR code that contains
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
%3Ais:but it is still shown as its code.By clicking
Show URIbutton is shows the string above to user.By the way, I tried to use the QR to export one of the codes to Protecc and couldn't do it.
The issue is that Protecc requires QR to contain only the secret string and can't parse it.
Second way
Export to native application format. It contains custom app icons and is encrypted. I don't think Protecc should support it as there are another ways to export from this app.
Third way
Export to HTML.
HTML contains a table:
Issuer | Username | OTP Auth URI | QR CodeOTP Auth URI contains the same structure as is described in first way.
I don't think Protecc should support is as this format is more for users than for parsing.
Fourth way
Export to txt. This format can be easily parsed.
Format:
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUEDThe same format as in first way but all the codes and secrets are separated by new line. So it can be used for batch import.
Microsoft Authenticator
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
It looks like both Google and Authenticator pro support keyuri and if I implement issue Keyuri support it should work for those. For Microsoft Authenticator do they have a qr code export option or is it just file?
DmitryGolubenkov
commented
1 year ago I think that most authenticator apps will support keyuri, and an utility function to parse them to Account or something like that would help with implementing support for each of the applications.
Microsoft Authenticator doesn't have a QR code export option. Its only options are:
I can't find any other option inside the app or in posts on different forums. And the only post about a function to export secret keys to file that can be used in other apps a microsoft MVP pretends like no other app besides their exists in this world, so why would you need such a feature?
I think that trying to support their app could be very hard and time-consuming. If it is even possible
FireCubeStudios
commented
1 year ago Ok we don't need to focus on importing from ms Authenticator then
peternrdstrm
commented
1 year ago Another popular open source option is Aegis, found in the main repository of F-Droid. It's export option include text, unencrypted text, json and unencrypted json. This is how that looks (the unencrypted one):
otpauth://totp/Website%3AUSERNAME?period=30&digits=6&algorithm=SHA1&secret=SECRET&issuer=Website
FireCubeStudios
commented
1 year ago how is the json one? I am thinking of making interfaces for anyone (with basic c# knowledge) to easily add compatibility to third party importing
peternrdstrm
commented
1 year ago how is the json one? I am thinking of making interfaces for anyone (with basic c# knowledge) to easily add compatibility to third party importing
I think the contents are identical, only the formatting is different
kurisucat
commented
1 year ago I'm using Aegis on my Android phone.
It have 2 way to export, Aegis' json and txt.
Aegis' json can be encryption.
This is Aegis .json (No encryption):
{
"version": 1,
"header": {
"slots": null,
"params": null
},
"db": {
"version": 2,
"entries": [
{
"type": "totp",
"uuid": "ititit-just-aaaa-fake-uuiduuiduuid",
"name": "KurisuCat",
"issuer": "FakeBBS",
"note": "",
"icon": null,
"info": {
"secret": "ABCDEFGHIJKLMNOP",
"algo": "SHA1",
"digits": 6,
"period": 30
}
},
{
"type": "steam",
"uuid": "ititit-just-aaaa-fake-uuiduuiduuid",
"name": "KurisuCat",
"issuer": "Steam",
"note": "",
"icon": null,
"info": {
"secret": "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345",
"algo": "SHA1",
"digits": 5,
"period": 30
}
}
]
}
}This is .txt:
otpauth://totp/FakeBBS%3AKurisuCat?period=30&digits=6&algorithm=SHA1&secret=ABCDEFGHIJKLMNOP&issuer=FakeBBS
otpauth://steam/Steam%3AKurisuCat?period=30&digits=5&algorithm=SHA1&secret=ABCDEFGHIJKLMNOPQRSTUVWXYZ012345&issuer=SteamThanks for sending this. I can add Aegis importing then
FireCubeStudios
commented
1 year ago @kurisucat can you send the json but with an icon to see how icon format looks like
kurisucat
commented
1 year ago @kurisucat can you send the json but with an icon to see how icon format looks like
icon value is base64 of image,
iVBORw0KGgoAAAANSUhEUgAAAZ... too longand not include data:image/png;base64,
ghost
commented
1 year ago Microsoft Authenticator
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
DmitryGolubenkov
commented
1 year ago @KitCat36
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
Maybe there is no such function.. I opened settings and scrolled down to the bottom, where I saw export and import buttons. I thought that that was the export thing. Now I have checked this again - and no, these buttons export other things from the app
So you are correct It is impossible to export 2FA keys from Microsoft Authenticator They can be backed up to Microsoft cloud, and that's it
krisu5
commented
1 year ago
iconvalue is base64 of image,iVBORw0KGgoAAAANSUhEUgAAAZ... too longand not include
data:image/png;base64,
Note that Aegis also supports SVG vectors and JPGs for entry icons.
ricardoboss
commented
9 months ago Would also be cool to be able to import TOTP keys from 1password.
I have found the following:
accounts[i].vaults[ii].items[iii].details.sections[iv].fields[v].value.totp contains the TOTP keyThe value can also contain a URI with the
otpauth://scheme
I will see if I can contribute an importer for this. Also not sure if the path above is the only path to find TOTP keys. If not me, I hope this helps someone else integrate this. I can provide more info on the 1password exported file.
FireCubeStudios
commented
9 months ago The 1 password looks simple so I can add it
ricardoboss
commented
9 months ago @FireCubeStudios started work on a view for importing. Maybe you can build off of it? https://github.com/FireCubeStudios/Protecc/pull/85
minecraftfen
commented
4 months ago @KitCat36
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
Maybe there is no such function.. I opened settings and scrolled down to the bottom, where I saw export and import buttons. I thought that that was the export thing. Now I have checked this again - and no, these buttons export other things from the app
So you are correct It is impossible to export 2FA keys from Microsoft Authenticator They can be backed up to Microsoft Cloud, and that's it
@DmitryGolubenkov
There are some possible ways to export data manually: original link(Chinese)
Simply put, the original text says those data are saved in folder /data/data/com.azure.authenticator/databases/, file PhoneFactor, PhoneFactor-shm, PhoneFactor-wal, in SQLite format, it needs a rooted android device.
I have exported it this way and I get a JSON, an Array of {uuid, otpauthstr}, and I'm finding ways to import it into protecc
maybe I can convert this JSON into something that protecc can import, but I can't find any options to import or documents of protecc's YAML
Basically Protecc should support importing from as many other apps as possible. I don't know how to get started on this so suggestions are welcome.