Instantly share code, notes, and snippets.

Embed
What would you like to do?
Recovering Google Authenticator keys from Android device for backup
### Last tested February 7 2014 on a Galaxy S3 (d2att) running Cyanogenmod 11 nightly, with Google Authenticator 2.49.
### Device with Google Authenticator must have root.
### Computer requires Android Developer Tools and SQLite 3.
### Connect your device in USB debugging mode.
$ cd /tmp
$ adb root
$ adb pull /data/data/com.google.android.apps.authenticator2/databases/databases
$ sqlite3 ./databases "select * from accounts" > /Volumes/TRUECRYPT_ENCRYPTED_VOLUME/google_authenticator_backup.txt
$ rm ./databases
### If you look at the file, you see a pipe-delimited file with entries looking like the following.
### The X's mark the key.
1|Google:me@gmail.com|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0||
2|Google:me@domain.org|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0|Google|Google:me@domain.org
3|Dropbox:me@gmail.com|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0|Dropbox|Dropbox:me@gmail.com
### To restore the keys, you can key them in manually in Google Authenticator:
### Menu -> Set up account -> Enter provided key.
### Enter the key exactly as it appears, case sensitive, and choose Time-based.
@jbinto

This comment has been minimized.

Owner

jbinto commented Feb 8, 2014

It's interesting that the length of the keys varies wildly, from 16 to 52 (presumably base64) characters.

@EnsarN

This comment has been minimized.

EnsarN commented Mar 23, 2014

Hi there,
Can I still recover it when I've lost my phone, and simply install the Google Authenticator on any other andriod and play with the "com.google.android.apps.authenticator2" in the root to generate/recover a key for my account.
BR

@lthown

This comment has been minimized.

lthown commented Aug 6, 2014

if you lost your phone and happen to have a titanium backup of your data you might be able to recover it. Otherwise: no.

I needed this to go from Google Authenticator to Authy. I wasn't able to do adb root, it said something about can't be done in a production environment. But I was able to use the info to grab the "databases" file using Root Explorer and then pop it over onto a linux box to run the sqllite3 command.

@lee1418

This comment has been minimized.

lee1418 commented Jan 10, 2015

Ok I need help! I have my phone rooted but i don't understand what to do above. I have a samsung s5, I hard reset my phone but my google account restored all my applications including google authenticator but it didn't keep all my keys from the websites. I really need help! Someone explain specifically how to obtain this on a phone that was recently formatted but it still has root.

@unlocomqx

This comment has been minimized.

unlocomqx commented Feb 3, 2015

Thank you very much!!
I have a rooted m8 and successfully restored my Neteller key (I was locked out for few hours after installing new rom)
I extracted my TWRP backup on my PC (change the extension to .tar/ open with winrar or so)
Copied the file data.ext4.win000.tar\data\data\com.google.android.apps.authenticator2\databases\databases
To
\data\data\com.google.android.apps.authenticator2\databases\ on my Android using "ES File Explorer"
(Maybe you'll need to check "Root Explorer" in settings to access "data/data/"
OBViously, this will overwrite any previous codes (I had none anyway)

@thouis

This comment has been minimized.

thouis commented Jul 30, 2015

If you have python and the 'qrcode' module installed, you can use this to generate QR codes from the sqlite database:

import qrcode
import sqlite3
conn = sqlite3.connect('databases')
c = conn.cursor()

for idx, (email, secret, issuer) in enumerate(c.execute("SELECT email,secret,issuer FROM accounts").fetchall()):
    url = 'otpauth://totp/{}?secret={}&issuer={}'.format(email, secret, issuer)
    print url
    im = qrcode.make(url)
    im.save('{}.png'.format(idx))

Be sure to treat the qrcode images as secret (remove them when you're done!).

@haridsv

This comment has been minimized.

haridsv commented Oct 18, 2016

Thanks a lot!

@Mic92

This comment has been minimized.

Mic92 commented Nov 16, 2016

to make the python script above working with google authenticator from fdroid issue must be removed

#! /usr/bin/env nix-shell
#! nix-shell -i python3 -p python3 python3Packages.qrcode

import qrcode
import sqlite3
conn = sqlite3.connect('databases')

c = conn.cursor()
for i, (email, secret) in enumerate(c.execute("SELECT email, secret FROM accounts").fetchall()):
    url = 'otpauth://totp/{}?secret={}'.format(email, secret)
    print(url)
    im = qrcode.make(url)
    im.save('{}.png'.format(i))
@ELChris414

This comment has been minimized.

ELChris414 commented Jun 21, 2017

I don't have root and my phone has a locked bootloader. What can I do? There is another app that you can use to extract saves without root. Will that work?

@juancil

This comment has been minimized.

juancil commented Nov 2, 2017

Hello,
I did a phone backup without having rooted my phone, because I did a factory reset. Now I have the file com.google.android.apps.authenticator2.db (no /database) which I cannot open to extract my old authenticator codes.
Do I need to root my phone, and then somehow insert this file into the new backup to maybe be able to recover it via TWBR? Thank you!

@Zian

This comment has been minimized.

Zian commented Mar 25, 2018

Here's a version of the script if you need to edit or recover the issuer field:

import qrcode
import sqlite3
conn = sqlite3.connect('C:/Users/Zian/Documents/databases')
c = conn.cursor()

for idx, (email, secret, issuer) in enumerate(c.execute("SELECT email,secret,issuer FROM accounts").fetchall()):
    if issuer==None:
        if len(email.split(" "))>0:
            issuer=email.split(" ")[0]
        else:
            issuer=email

        if len(issuer.split(":"))>0:
            issuer=issuer.split(":")[0]
        
        print("If the following issuer looks wrong, enter a new value. If it's OK, just press ENTER.")
        newIssuer=input(issuer)
        if len(newIssuer)>0:
            issuer=newIssuer
    url = 'otpauth://totp/{}?secret={}&issuer={}'.format(email, secret, issuer)
    print (url)
    im = qrcode.make(url)
    im.save('C:/Users/Zian/Documents/qrcodes/{}.png'.format(idx))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment