Protecc
Protecc copied to clipboard
FireCubeStudios
importing from third party apps
Basically Protecc should support importing from as many other apps as possible. I don't know how to get started on this so suggestions are welcome.
You'd basically need to parse JSON files as far as I understand, that the format most authentificator apps export to. The twist is that some of them might be encryped, so you probably need to deal with that too, other than that, it should be easy to implement this feature
Since I am not familiar with the export types of other auth apps can people post an example of the file contents, file type and from which app the export is from so I can take a look
I researched some formats in Android applications that are installed on my phone.
Google Authenticator
Google Authenticator provides a QR code that can be used to export accounts. QR code is limited to 10 accounts, so, when user tries to export more that 10, the application generates more QR codes. Its contents are encoded in base64, as far as I can tell. I didn't spend much time while researching, so I can be wrong. Relevant links:
- https://github.com/dim13/otpauth - an application written in Go that can decode Google Authentication.
- https://github.com/google/google-authenticator-android/issues/118 - a discussion about decoding contents of QR code. Format:
otpauth-migration://offline?data=SOME_LONG_ENCODED_STRING
Authenticator Pro
Open source android client written in C#. Provides several ways to export content.
First way
For individual items it shows a QR code that contains
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
%3A is : but it is still shown as its code.
By clicking Show URI button is shows the string above to user.
By the way, I tried to use the QR to export one of the codes to Protecc and couldn't do it.
The issue is that Protecc requires QR to contain only the secret string and can't parse it.
Second way
Export to native application format. It contains custom app icons and is encrypted. I don't think Protecc should support it as there are another ways to export from this app.
Third way
Export to HTML.
HTML contains a table:
Issuer | Username | OTP Auth URI | QR Code
OTP Auth URI contains the same structure as is described in first way.
I don't think Protecc should support is as this format is more for users than for parsing.
Fourth way
Export to txt. This format can be easily parsed. Format:
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
The same format as in first way but all the codes and secrets are separated by new line. So it can be used for batch import.
Microsoft Authenticator
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
I researched some formats in Android applications that are installed on my phone.
Google Authenticator
Google Authenticator provides a QR code that can be used to export accounts. QR code is limited to 10 accounts, so, when user tries to export more that 10, the application generates more QR codes.
Its contents are encoded in base64, as far as I can tell. I didn't spend much time while researching, so I can be wrong. Relevant links:
https://github.com/dim13/otpauth - an application written in Go that can decode Google Authentication.
https://github.com/google/google-authenticator-android/issues/118 - a discussion about decoding contents of QR code.
Format:
otpauth-migration://offline?data=SOME_LONG_ENCODED_STRINGAuthenticator Pro
Open source android client written in C#.
Provides several ways to export content.
First way
For individual items it shows a QR code that contains
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED
%3Ais:but it is still shown as its code.By clicking
Show URIbutton is shows the string above to user.By the way, I tried to use the QR to export one of the codes to Protecc and couldn't do it.
The issue is that Protecc requires QR to contain only the secret string and can't parse it.
Second way
Export to native application format. It contains custom app icons and is encrypted. I don't think Protecc should support it as there are another ways to export from this app.
Third way
Export to HTML.
HTML contains a table:
Issuer | Username | OTP Auth URI | QR CodeOTP Auth URI contains the same structure as is described in first way.
I don't think Protecc should support is as this format is more for users than for parsing.
Fourth way
Export to txt. This format can be easily parsed.
Format:
otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUED otpauth://totp/NAME_WRITTEN_BY_USER%3AUSERNAME?secret=SOME_SECRET&issuer=NAME_OF_APPLICATION_OR_WEBSITE_WHO_ISSUEDThe same format as in first way but all the codes and secrets are separated by new line. So it can be used for batch import.
Microsoft Authenticator
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
It looks like both Google and Authenticator pro support keyuri and if I implement issue Keyuri support it should work for those. For Microsoft Authenticator do they have a qr code export option or is it just file?
I think that most authenticator apps will support keyuri, and an utility function to parse them to Account or something like that would help with implementing support for each of the applications.
Microsoft Authenticator doesn't have a QR code export option. Its only options are:
- Backup to their cloud (and the file is encrypted with some personal token that is stored on Microsoft servers)
- Export to encrypted file designed to be restored only in their app. More information about their implementation, at least in cloud backup.
I can't find any other option inside the app or in posts on different forums. And the only post about a function to export secret keys to file that can be used in other apps a microsoft MVP pretends like no other app besides their exists in this world, so why would you need such a feature?
I think that trying to support their app could be very hard and time-consuming. If it is even possible
Another popular open source option is Aegis, found in the main repository of F-Droid. It's export option include text, unencrypted text, json and unencrypted json. This is how that looks (the unencrypted one):
otpauth://totp/Website%3AUSERNAME?period=30&digits=6&algorithm=SHA1&secret=SECRET&issuer=Website
how is the json one? I am thinking of making interfaces for anyone (with basic c# knowledge) to easily add compatibility to third party importing
how is the json one? I am thinking of making interfaces for anyone (with basic c# knowledge) to easily add compatibility to third party importing
I think the contents are identical, only the formatting is different
I'm using Aegis on my Android phone.
It have 2 way to export, Aegis' json and txt.
Aegis' json can be encryption.
This is Aegis .json (No encryption):
{
"version": 1,
"header": {
"slots": null,
"params": null
},
"db": {
"version": 2,
"entries": [
{
"type": "totp",
"uuid": "ititit-just-aaaa-fake-uuiduuiduuid",
"name": "KurisuCat",
"issuer": "FakeBBS",
"note": "",
"icon": null,
"info": {
"secret": "ABCDEFGHIJKLMNOP",
"algo": "SHA1",
"digits": 6,
"period": 30
}
},
{
"type": "steam",
"uuid": "ititit-just-aaaa-fake-uuiduuiduuid",
"name": "KurisuCat",
"issuer": "Steam",
"note": "",
"icon": null,
"info": {
"secret": "ABCDEFGHIJKLMNOPQRSTUVWXYZ012345",
"algo": "SHA1",
"digits": 5,
"period": 30
}
}
]
}
}
This is .txt:
otpauth://totp/FakeBBS%3AKurisuCat?period=30&digits=6&algorithm=SHA1&secret=ABCDEFGHIJKLMNOP&issuer=FakeBBS
otpauth://steam/Steam%3AKurisuCat?period=30&digits=5&algorithm=SHA1&secret=ABCDEFGHIJKLMNOPQRSTUVWXYZ012345&issuer=Steam
@kurisucat can you send the json but with an icon to see how icon format looks like
@kurisucat can you send the json but with an icon to see how icon format looks like
icon value is base64 of image,
iVBORw0KGgoAAAANSUhEUgAAAZ... too long
and not include data:image/png;base64,
Microsoft Authenticator
I think it encrypts exported file with some key that is composed of English dictionary words. I couldn't create a sample because the app broke on export.
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
@KitCat36
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
Maybe there is no such function.. I opened settings and scrolled down to the bottom, where I saw export and import buttons. I thought that that was the export thing. Now I have checked this again - and no, these buttons export other things from the app
So you are correct It is impossible to export 2FA keys from Microsoft Authenticator They can be backed up to Microsoft cloud, and that's it
iconvalue is base64 of image,iVBORw0KGgoAAAANSUhEUgAAAZ... too longand not include
data:image/png;base64,
Note that Aegis also supports SVG vectors and JPGs for entry icons.
Would also be cool to be able to import TOTP keys from 1password.
I have found the following:
- Export your vault via 1password Desktop as a 1pux file
- The file is actually a zip archive containing a "export.data" file with unencrypted JSON data
- in the JSON data, the path
accounts[i].vaults[ii].items[iii].details.sections[iv].fields[v].value.totpcontains the TOTP key
The value can also contain a URI with the
otpauth://scheme
I will see if I can contribute an importer for this. Also not sure if the path above is the only path to find TOTP keys. If not me, I hope this helps someone else integrate this. I can provide more info on the 1password exported file.
@FireCubeStudios started work on a view for importing. Maybe you can build off of it? https://github.com/FireCubeStudios/Protecc/pull/85
@KitCat36
How do you export your TOTPs in Microsoft Authenticator? couldn't find the option to do that.
Maybe there is no such function.. I opened settings and scrolled down to the bottom, where I saw export and import buttons. I thought that that was the export thing. Now I have checked this again - and no, these buttons export other things from the app
So you are correct It is impossible to export 2FA keys from Microsoft Authenticator They can be backed up to Microsoft Cloud, and that's it
@DmitryGolubenkov
There are some possible ways to export data manually: original link(Chinese)
Simply put, the original text says those data are saved in folder /data/data/com.azure.authenticator/databases/, file PhoneFactor, PhoneFactor-shm, PhoneFactor-wal, in SQLite format, it needs a rooted android device.
I have exported it this way and I get a JSON, an Array of {uuid, otpauthstr}, and I'm finding ways to import it into protecc
maybe I can convert this JSON into something that protecc can import, but I can't find any options to import or documents of protecc's YAML
