WIP

2025-12-16 02:43:43 +01:00 · 2022-12-24 01:59:35 +01:00
parent 483fcc0163
commit f4934192ae
9 changed files with 303 additions and 389 deletions
--- a/extract_otp_secret_keys.py
+++ b/extract_otp_secret_keys.py
@@ -41,24 +41,22 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.

+# TODO optimze imports
 import argparse
 import base64
 import fileinput
 import sys
 import csv
 import json
-import cv2
+from cv2 import imread, imdecode, IMREAD_UNCHANGED
 from qreader import QReader
 from urllib.parse import parse_qs, urlencode, urlparse, quote
 from os import path, makedirs
 from re import compile as rcompile
+from numpy import frombuffer
 import protobuf_generated_python.google_auth_pb2


-verbose = False
-quiet = True
-
-
 def sys_main():
    main(sys.argv[1:])

@@ -82,19 +80,12 @@ def main(sys_args):
 def parse_args(sys_args):
    formatter = lambda prog: argparse.HelpFormatter(prog, max_help_position=52)
    arg_parser = argparse.ArgumentParser(formatter_class=formatter)
-    arg_parser.add_argument('infile',
-                            help="image file containing a QR code from a Google Authenticator export or a text file "
-                                 "or - for stdin with \"otpauth-migration://...\" URLs separated by newlines. Lines "
-                                 "starting with # are ignored.")
+    arg_parser.add_argument('infile', help='1) file or - for stdin with "otpauth-migration://..." URLs separated by newlines, lines starting with # are ignored; 2) image file containing a QR code or = for stdin for an image containing a QR code')
    arg_parser.add_argument('--json', '-j', help='export json file or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--csv', '-c', help='export csv file or - for stdout', metavar=('FILE'))
-    arg_parser.add_argument('--keepass', '-k', help='export totp/hotp csv file(s) for KeePass, - for stdout',
-                            metavar=('FILE'))
-    arg_parser.add_argument('--printqr', '-p', help='print QR code(s) as text to the terminal (requires qrcode module)',
-                            action='store_true')
-    arg_parser.add_argument('--saveqr', '-s',
-                            help='save QR code(s) as images to the given folder (requires qrcode module)',
-                            metavar=('DIR'))
+    arg_parser.add_argument('--keepass', '-k', help='export totp/hotp csv file(s) for KeePass, - for stdout', metavar=('FILE'))
+    arg_parser.add_argument('--printqr', '-p', help='print QR code(s) as text to the terminal (requires qrcode module)', action='store_true')
+    arg_parser.add_argument('--saveqr', '-s', help='save QR code(s) as images to the given folder (requires qrcode module)', metavar=('DIR'))
    output_group = arg_parser.add_mutually_exclusive_group()
    output_group.add_argument('--verbose', '-v', help='verbose output', action='count')
    output_group.add_argument('--quiet', '-q', help='no stdout output, except output set by -', action='store_true')
@@ -110,23 +101,18 @@ def extract_otps(args):

    otps = []

-    lines = get_lines_from_file(args.infile)
-
    i = j = 0

-    for line in lines:
-        if verbose:
-            print(line)
-        if line.startswith('#') or line == '':
-            continue
+    for line in get_lines_from_file(args.infile):
+        if verbose: print(line)
+        if line.startswith('#') or line == '': continue
        i += 1
        payload = get_payload_from_line(line, i, args)

        # pylint: disable=no-member
        for raw_otp in payload.otp_parameters:
            j += 1
-            if verbose:
-                print('\n{}. Secret Key'.format(j))
+            if verbose: print('\n{}. Secret Key'.format(j))
            secret = convert_secret_from_bytes_to_base32_str(raw_otp.secret)
            otp_type_enum = get_enum_name_by_number(raw_otp, 'type')
            otp_type = get_otp_type_str_from_code(raw_otp.type)
@@ -153,57 +139,61 @@ def extract_otps(args):
    return otps


-def get_lines_from_file(filepath):
+def get_lines_from_file(filename):
    global verbose

-    # Check if this is an image file
-    if(path.splitext(filepath)[1][1:].lower() in ('bmp', 'jpg', 'jpeg', 'png', 'tif', 'tiff')):
-        # It's an image file, so try to read it as a QR Code
+    if filename != '=':
+        check_file_exists(filename)
+        finput = fileinput.input(filename)
        try:
-            decoder = QReader()
+            lines = []
+            for line in (line.strip() for line in finput):
+                # TODO improve
+                # if verbose: print(line)
+                # if line.startswith('#') or line == '':
+                #     continue
+                # unfortunately yield line leads to random test fails
+                lines.append(line)
+            return lines
+        except UnicodeDecodeError:
+            if filename == '-':
+                abort('\nERROR: Unable to open text file form stdin. '
+                'In case you want read an image file from stdin, you must use "=" instead of "-".')
+            # else: The file is probably an image, process below
+        finally:
+            finput.close()

-            if not path.isfile(filepath):
-                eprint('\nERROR: Input file provided is non-existent or not a file.'
-                       '\ninput file: {}'.format(filepath))
-                return []
+    # could not process text file, try reading as image
+    if filename != '-':
+        try:
+            if filename != '=':
+                image = imread(filename)
+            else:
+                try:
+                    stdin = sys.stdin.buffer.read()
+                except AttributeError:
+                    # Workaround for pytest, since pytest cannot monkeypatch sys.stdin.buffer
+                    stdin = sys.stdin.read()
+                array = frombuffer(stdin, dtype='uint8')
+                image = imdecode(array, IMREAD_UNCHANGED)

-            image = cv2.imread(filepath)
            if image is None:
-                eprint('\nERROR: Unable to open file for reading. Please ensure that you have read access to the '
-                       'file and that the file is a valid image file.\ninput file: {}'.format(filepath))
-                return []
+                abort('\nERROR: Unable to open file for reading.\ninput file: {}'.format(filename))

+            decoder = QReader()
            decoded_text = decoder.detect_and_decode(image=image)
            if decoded_text is None:
-                eprint('\nERROR: Unable to read QR Code from file.\ninput file: {}'.format(filepath))
-                return []
+                abort('\nERROR: Unable to read QR Code from file.\ninput file: {}'.format(filename))

            return [decoded_text]
        except Exception as e:
-            eprint('\nERROR: Encountered exception "{}".\ninput file: {}'.format(str(e), filepath))
-            return []
-    else:
-        # Not an image file, so assume it's a text file and proceed as usual
-        lines = []
-        finput = fileinput.input(filepath)
-        try:
-            for line in (line.strip() for line in finput):
-                if verbose:
-                    print(line)
-                if line.startswith('#') or line == '':
-                    continue
-                lines.append(line)
-        finally:
-            finput.close()
-        return lines
+            abort('\nERROR: Encountered exception "{}".\ninput file: {}'.format(str(e), filename))


 def get_payload_from_line(line, i, args):
    global verbose
    if not line.startswith('otpauth-migration://'):
-        eprint(
-            '\nWARN: line is not a otpauth-migration:// URL\ninput file: {}\nline "{}"\nProbably a wrong file was given'.format(
-                args.infile, line))
+        eprint( '\nWARN: line is not a otpauth-migration:// URL\ninput file: {}\nline "{}"\nProbably a wrong file was given'.format( args.infile, line))
    parsed_url = urlparse(line)
    if verbose > 1: print('\nDEBUG: parsed_url={}'.format(parsed_url))
    try:
@@ -212,10 +202,7 @@ def get_payload_from_line(line, i, args):
        params = []
    if verbose > 1: print('\nDEBUG: querystring params={}'.format(params))
    if 'data' not in params:
-        eprint(
-            '\nERROR: no data query parameter in input URL\ninput file: {}\nline "{}"\nProbably a wrong file was given'.format(
-                args.infile, line))
-        sys.exit(1)
+        abort('\nERROR: no data query parameter in input URL\ninput file: {}\nline "{}"\nProbably a wrong file was given'.format( args.infile, line))
    data_base64 = params['data'][0]
    if verbose > 1: print('\nDEBUG: data_base64={}'.format(data_base64))
    data_base64_fixed = data_base64.replace(' ', '+')
@@ -225,9 +212,8 @@ def get_payload_from_line(line, i, args):
    try:
        payload.ParseFromString(data)
    except:
-        eprint('\nERROR: Cannot decode otpauth-migration migration payload.')
-        eprint('data={}'.format(data_base64))
-        exit(1)
+        abort('\nERROR: Cannot decode otpauth-migration migration payload.\n'
+        'data={}'.format(data_base64))
    if verbose:
        print('\n{}. Payload Line'.format(i), payload, sep='\n')

@@ -252,8 +238,7 @@ def build_otp_url(secret, raw_otp):
    url_params = {'secret': secret}
    if raw_otp.type == 1: url_params['counter'] = raw_otp.counter
    if raw_otp.issuer: url_params['issuer'] = raw_otp.issuer
-    otp_url = 'otpauth://{}/{}?'.format(get_otp_type_str_from_code(raw_otp.type), quote(raw_otp.name)) + urlencode(
-        url_params)
+    otp_url = 'otpauth://{}/{}?'.format(get_otp_type_str_from_code(raw_otp.type), quote(raw_otp.name)) + urlencode( url_params)
    return otp_url


@@ -274,8 +259,7 @@ def save_qr(otp, args, j):
    pattern = rcompile(r'[\W_]+')
    file_otp_name = pattern.sub('', otp['name'])
    file_otp_issuer = pattern.sub('', otp['issuer'])
-    save_qr_file(args, otp['url'],
-                 '{}/{}-{}{}.png'.format(dir, j, file_otp_name, '-' + file_otp_issuer if file_otp_issuer else ''))
+    save_qr_file(args, otp['url'], '{}/{}-{}{}.png'.format(dir, j, file_otp_name, '-' + file_otp_issuer if file_otp_issuer else ''))
    return file_otp_issuer


@@ -330,8 +314,7 @@ def write_keepass_csv(args, otps):
                        count_totp_entries += 1
        if has_hotp:
            with open_file_or_stdout_for_csv(otp_filename_hotp) as outfile:
-                writer = csv.DictWriter(outfile,
-                                        ["Title", "User Name", "HmacOtp-Secret-Base32", "HmacOtp-Counter", "Group"])
+                writer = csv.DictWriter(outfile, ["Title", "User Name", "HmacOtp-Secret-Base32", "HmacOtp-Counter", "Group"])
                writer.writeheader()
                for otp in otps:
                    if otp['type'] == 'hotp':
@@ -344,10 +327,8 @@ def write_keepass_csv(args, otps):
                        })
                        count_hotp_entries += 1
        if not quiet:
-            if count_totp_entries > 0: print(
-                "Exported {} totp entries to keepass csv file {}".format(count_totp_entries, otp_filename_totp))
-            if count_hotp_entries > 0: print(
-                "Exported {} hotp entries to keepass csv file {}".format(count_hotp_entries, otp_filename_hotp))
+            if count_totp_entries > 0: print( "Exported {} totp entries to keepass csv file {}".format(count_totp_entries, otp_filename_totp))
+            if count_hotp_entries > 0: print( "Exported {} hotp entries to keepass csv file {}".format(count_hotp_entries, otp_filename_hotp))


 def write_json(args, otps):
@@ -386,10 +367,20 @@ def open_file_or_stdout_for_csv(filename):
    return open(filename, "w", encoding='utf-8', newline='') if filename != '-' else sys.stdout


+def check_file_exists(filename):
+    if filename != '-' and not path.isfile(filename):
+        abort('\nERROR: Input file provided is non-existent or not a file.'
+        '\ninput file: {}'.format(filename))
+
 def eprint(*args, **kwargs):
    '''Print to stderr.'''
    print(*args, file=sys.stderr, **kwargs)


+def abort(*args, **kwargs):
+    eprint(*args, **kwargs)
+    sys.exit(1)
+
+
 if __name__ == '__main__':
    sys_main()