nikdoof/decrypt-otpauth-files
1
0
Fork 0
mirror of https://github.com/nikdoof/decrypt-otpauth-files.git synced 2025-12-17 19:49:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from ewdurbin/ewdurbin/master

Browse Source 
Render valid QR Codes.
This commit is contained in:
Roland Moers
2018-02-15 21:45:22 +01:00
committed by GitHub
parent bda4bf2b42 cfbcc97e9d
commit 82a83f8458
1 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
decrypt_otpauth.py
View File

@@ -16,11 +16,21 @@ from Crypto.Cipher import AES
from rncryptor import RNCryptor from rncryptor import RNCryptor
from rncryptor import bord from rncryptor import bord
class Type(Enum): class Type(Enum):
Unknown = 0 Unknown = 0
HOTP = 1 HOTP = 1
TOTP = 2 TOTP = 2
@property
def uri_value(self):
if self.value == 0:
return 'unknown'
if self.value == 1:
return 'hotp'
if self.value == 2:
return 'totp'
class Algorithm(Enum): class Algorithm(Enum):
Unknown = 0 Unknown = 0
@@ -109,10 +119,10 @@ class OTPAccount:
return OTPAccount(label, issuer, secret, type, algorithm, digits, counter, period, refDate) return OTPAccount(label, issuer, secret, type, algorithm, digits, counter, period, refDate)
def otp_uri(self): def otp_uri(self):
otp_type = self.type otp_type = self.type.uri_value
otp_label = quote(f'{self.issuer}:{self.label}') otp_label = quote(f'{self.issuer}:{self.label}')
otp_parameters = { otp_parameters = {
'secret': base64.b32encode(self.secret).decode("utf-8"), 'secret': base64.b32encode(self.secret).decode("utf-8").rstrip("="),
'algorithm': self.algorithm, 'algorithm': self.algorithm,
'period': self.period, 'period': self.period,
'digits': self.digits, 'digits': self.digits,
@@ -128,6 +138,7 @@ archiver.update_class_map({'NSMutableString': MutableString})
archiver.update_class_map({'ACOTPFolder': OTPFolder}) archiver.update_class_map({'ACOTPFolder': OTPFolder})
archiver.update_class_map({'ACOTPAccount': OTPAccount}) archiver.update_class_map({'ACOTPAccount': OTPAccount})
class RawRNCryptor(RNCryptor): class RawRNCryptor(RNCryptor):
def post_decrypt_data(self, data): def post_decrypt_data(self, data):
@@ -136,6 +147,7 @@ class RawRNCryptor(RNCryptor):
data = data[:-bord(data[-1])] data = data[:-bord(data[-1])]
return data return data
class DangerousUnarchive(archiver.Unarchive): class DangerousUnarchive(archiver.Unarchive):
def decode_object(self, index): def decode_object(self, index):
@@ -202,13 +214,14 @@ def decrypt_account(encrypted_otpauth_account):
elif archive['Version'] == 1.2: elif archive['Version'] == 1.2:
account = decrypt_account_12(archive, password) account = decrypt_account_12(archive, password)
else: else:
print('Encountered unknow file version', archive['Version']) click.echo(f'Encountered unknow file version: {archive["Version"]}')
return return
render_qr_to_terminal(account.otp_uri(), account.type, account.issuer, account.label) render_qr_to_terminal(account.otp_uri(), account.type, account.issuer, account.label)
def decrypt_account_11(archive, password): def decrypt_account_11(archive, password):
# Get IV and key for actual archive # Get IV and key for actual archive
iv = hashlib.sha1(archive['IV']).digest()[:16] iv = hashlib.sha1(archive['IV']).digest()[:16]
salt = archive['Salt'] salt = archive['Salt']
key = hashlib.sha256((salt + '-' + password).encode('utf-8')).digest() key = hashlib.sha256((salt + '-' + password).encode('utf-8')).digest()
@@ -223,6 +236,7 @@ def decrypt_account_11(archive, password):
# Construct OTPAccount object from returned dictionary # Construct OTPAccount object from returned dictionary
return OTPAccount.from_dict(archive) return OTPAccount.from_dict(archive)
def decrypt_account_12(archive, password): def decrypt_account_12(archive, password):
# Decrypt using RNCryptor # Decrypt using RNCryptor
data = data = RawRNCryptor().decrypt(archive['Data'], password) data = data = RawRNCryptor().decrypt(archive['Data'], password)
@@ -233,6 +247,7 @@ def decrypt_account_12(archive, password):
# Construct OTPAccount object from returned dictionary # Construct OTPAccount object from returned dictionary
return OTPAccount.from_dict(archive) return OTPAccount.from_dict(archive)
@cli.command() @cli.command()
@click.option('--encrypted-otpauth-backup', @click.option('--encrypted-otpauth-backup',
help="path to your encrypted OTP Auth backup (.otpauthdb)", help="path to your encrypted OTP Auth backup (.otpauthdb)",
@@ -258,15 +273,16 @@ def decrypt_backup(encrypted_otpauth_backup):
elif archive['Version'] == 1.1: elif archive['Version'] == 1.1:
accounts = decrypt_backup_11(archive, password) accounts = decrypt_backup_11(archive, password)
else: else:
print('Encountered unknow file version', archive['Version']) click.echo(f'Encountered unknow file version: {archive["Version"]}')
return return
for account in accounts: for account in accounts:
render_qr_to_terminal(account.otp_uri(), account.type, account.issuer, account.label) render_qr_to_terminal(account.otp_uri(), account.type, account.issuer, account.label)
input("Press Enter to continue...") input("Press Enter to continue...")
def decrypt_backup_10(archive, password): def decrypt_backup_10(archive, password):
# Get IV and key for actual archive # Get IV and key for actual archive
iv = hashlib.sha1(archive['IV'].encode('utf-8')).digest()[:16] iv = hashlib.sha1(archive['IV'].encode('utf-8')).digest()[:16]
salt = archive['Salt'] salt = archive['Salt']
key = hashlib.sha256((salt + '-' + password).encode('utf-8')).digest() key = hashlib.sha256((salt + '-' + password).encode('utf-8')).digest()
@@ -280,6 +296,7 @@ def decrypt_backup_10(archive, password):
return [account for folder in archive['Folders'] for account in folder.accounts] return [account for folder in archive['Folders'] for account in folder.accounts]
def decrypt_backup_11(archive, password): def decrypt_backup_11(archive, password):
# Decrypt using RNCryptor # Decrypt using RNCryptor
data = data = RawRNCryptor().decrypt(archive['WrappedData'], password) data = data = RawRNCryptor().decrypt(archive['WrappedData'], password)
@@ -289,5 +306,6 @@ def decrypt_backup_11(archive, password):
return [account for folder in archive['Folders'] for account in folder.accounts] return [account for folder in archive['Folders'] for account in folder.accounts]
if __name__ == '__main__': if __name__ == '__main__':
cli() cli()