Comments (10)
dim13
commented on June 16, 2024
4
Careful thoughts and some help from apk decompiler for the clues. As far as I can tell, the version above is correct and complete.
If you like, take also look at my go implementation of link-extractor: https://github.com/dim13/otpauth
from google-authenticator-android.
OmarWKH
commented on June 16, 2024
3
The data is in google's protocol buffer format and encoded with base64.
Aegis is already able to decode it.
It would be nice to have more official documentation like the one for otpauth.
from google-authenticator-android.
alexbakker
commented on June 16, 2024
1
I wrote a brief article about the format here. That should have all the info you need to parse it.
from google-authenticator-android.
dim13
commented on June 16, 2024
I wrote a brief article about the format here. That should have all the info you need to parse it.
The digits field is however an enum. As far, as I could reverse-engineer the format, the proto file should read:
syntax = "proto3";
message MigrationPayload {
enum Algorithm {
ALGORITHM_UNSPECIFIED = 0;
ALGORITHM_SHA1 = 1;
ALGORITHM_SHA256 = 2;
ALGORITHM_SHA512 = 3;
ALGORITHM_MD5 = 4;
}
enum DigitCount {
DIGIT_COUNT_UNSPECIFIED = 0;
DIGIT_COUNT_SIX = 1;
DIGIT_COUNT_EIGHT = 2;
}
enum OtpType {
OTP_TYPE_UNSPECIFIED = 0;
OTP_TYPE_HOTP = 1;
OTP_TYPE_TOTP = 2;
}
message OtpParameters {
bytes secret = 1;
string name = 2;
string issuer = 3;
Algorithm algorithm = 4;
DigitCount digits = 5;
OtpType type = 6;
int64 counter = 7;
}
repeated OtpParameters otp_parameters = 1;
int32 version = 2;
int32 batch_size = 3;
int32 batch_index = 4;
int32 batch_id = 5;
}from google-authenticator-android.
crazygit
commented on June 16, 2024
as I could reverse-engineer the format,
Could you share how to reverse-engineer the format, thanks!
from google-authenticator-android.
crazygit
commented on June 16, 2024
Careful thoughts and some help from apk decompiler for the clues. As far as I can tell, the version above is correct and complete.
If you like, take also look at my go implementation of link-extractor: https://github.com/dim13/otpauth
thanks
from google-authenticator-android.
alexbakker
commented on June 16, 2024
@dim13 You're right, I checked again and it appears I missed some stuff. While Google Authenticator certainly doesn't support the extra digits/algorithm options, I've updated my post for completeness sake.
from google-authenticator-android.
dim13
commented on June 16, 2024
@alexbakker on a second thought, as it looks like, all int32 fields may be unsigned however. Not quite sure about counter filed too.
From compiled files in it is not quite clear which to choose, as they converge to same type in Java:
https://developers.google.com/protocol-buffers/docs/proto3#scalar
But I've run into negative version numbers, which indicates unsigned types.
from google-authenticator-android.
alexbakker
commented on June 16, 2024
@dim13 I've only seen negative batch id's. While more correctness would be nice, the other integers are unlikely to ever be large enough for sign to matter.
from google-authenticator-android.
dim13
commented on June 16, 2024
@alexbakker You're right, I think it was a batch_id, I've run into.
from google-authenticator-android.
Related Issues (20)
- Current Google Authenticator Version does not work on Android 2.3.7 HOT 3
- Stable version, compatible with Android 2.3.7?
- Query the function of the specified account HOT 3
- App can't be installed on devices w/o back-facing camera HOT 3
- The problem with data recovery
- Invalid Codes for 3rd Parties HOT 2
- 8digits HOT 1
- Maven library error when building apk
- F-Droid HOT 6
- A problem with hotmail.com Google Accounts "[email protected] like Google Account" do not have the code email to verify HOT 1
- Active search
- InflateException: Binary XML file line #110 HOT 2
- Consider adding ability to momentarily pause 6-digit code from refreshing while entering it
- Error: Cannot interpret QR code HOT 7
- google authenticator 2fa key value illegal character HOT 6
- Feature Request: Rearrange the order of your accounts
- Support client side encrypted backups and device to device transfers.
- Infinite loading after selecting the account in the dialog for sign in HOT 3
- Archive unmaintained repository HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-authenticator-android.