Using adb, create a backup of the app using the following command:
adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp
org.fedorahosted.freeotp is the app ID for FreeOTP.
This will ask, on the phone, for a password to encrypt the backup. Proceed with a password.
The backups are some form of encrypted tar file. Android Backup Extractor can decrypt them. It's available on the AUR as android-backup-extractor-git.
Use it like so (this command will ask you for the password you just set to decrypt it):
abe unpack freeotp-backup.ab freeotp-backup.tar
# Or
java -jar abe-all.jar unpack freeotp-backup.ab freeotp-backup.tar
Then extract the generated tar file:
$ tar xvf freeotp-backup.tar
apps/org.fedorahosted.freeotp/_manifest
apps/org.fedorahosted.freeotp/sp/tokens.xml
We don't care about the manifest file, so let's look at apps/org.fedorahosted.freeotp/sp/tokens.xml
.
To understand what's going on read this.
To quickly extract your tokens, save this python code in a file named extract_freeotp_tokens.py
.
import xml.etree.ElementTree as ET
import json
import base64
token_files = "./apps/org.fedorahosted.freeotp/sp/tokens.xml"
with open(token_files, "r") as f:
tree = ET.parse(f).getroot()
tokens = tree.findall('string')
for token in tokens:
if token.get('name') == "tokenOrder":
continue
jtoken = json.loads(token.text)
secret_byte = bytes((x % 256) for x in jtoken["secret"])
secret_key = base64.b32encode(secret_byte).decode()
print(f"{token.get('name')}: {secret_key}")
and run it:
python ./extract_freeotp_tokens.py
Now you can import your 2FA tokens in other tools such as KeepassXC.