Extract TOTP/HOTP secret keys from Google Authenticator

Extract two-factor autentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app

Usage

Export the QR codes from "Google Authenticator" app
Read QR codes with QR code reader
Save the captured QR codes in a text file. Save each QR code on a new line. (The captured QR codes look like "otpauth-migration://offline?data=...")

Call this script with the file as input:

python extract_otp_secret_keys.py -q example_export.txt

Requirement

The protobuf package of Google for proto3 is required for running this script.

pip install protobuf

Optional

For printing QR codes, the qrcode module is required

pip install qrcode

Technical background

The export QR code of "Google Authenticator" contains the URL "otpauth-migration://offline?data=...". The data parameter is a base64 encoded proto3 message (Google Protocol Buffers).

Command for regeneration of Python code from proto3 message definition file (only necessary in case of changes of the proto3 message defintion):

protoc --python_out=generated_python google_auth.proto

References

Proto3 documentation: https://developers.google.com/protocol-buffers/docs/pythontutorial
Template code: https://github.com/beemdevelopment/Aegis/pull/406

Description

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.

2fa csv google-authenticator json mfa otp otpauth proto3 protobuf python qr-codes qrcode recovery security security-tools standwithukraine tfa totp two-factor two-factor-authentication

Readme GPL-3.0 8.3 MiB

Releases 1

manual upload of release binary Latest

2025-02-08 19:26:54 +01:00

Languages

Python 73.1%

Shell 24.3%

Dockerfile 2.4%

Nix 0.2%