search

scito / extract_otp_secrets

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.
https://scito.ch/content/extract-secret-keys-google-authenticator-qr-export
GNU General Public License v3.0
1.18k stars 139 forks source link

Feature request; Parse RSA SecureID QR code data #256

Open adjenks opened 5 months ago

adjenks commented 5 months ago

Feature request; Parse RSA SecureID QR code data.

It appears to be very obscured.

scito commented 5 months ago

Thanks for your request. In order to understand it I need more information:

  1. Do you have an example of QR code?
  2. What are RSA SecureID QR codes? What are they used for?
  3. Do you have any specification of RSA SecureID QR codes or information about these codes?
adjenks commented 4 months ago

I'm sorry, I don't have one I could provide you right now.

They are OTP token seeds. Basically the same as the ones you parse, but I think the algorithm is slightly different. I think RSA was the first company to create a product using OTP software tokens. Originally they made hardware devices that showed numbers.

Here is an unofficial library that generates the QR codes from the sdtid files: https://github.com/stoken-dev/stoken

Here is the official app to generate the tokens: https://play.google.com/store/apps/details?id=com.rsa.securidapp

Here is their official marketing page; https://www.rsa.com/products/securid/