Skip to content

Instantly share code, notes, and snippets.

@jbinto
Created February 8, 2014 04:20
Show Gist options
  • Save jbinto/8876658 to your computer and use it in GitHub Desktop.
Save jbinto/8876658 to your computer and use it in GitHub Desktop.
Recovering Google Authenticator keys from Android device for backup
### Last tested February 7 2014 on a Galaxy S3 (d2att) running Cyanogenmod 11 nightly, with Google Authenticator 2.49.
### Device with Google Authenticator must have root.
### Computer requires Android Developer Tools and SQLite 3.
### Connect your device in USB debugging mode.
$ cd /tmp
$ adb root
$ adb pull /data/data/com.google.android.apps.authenticator2/databases/databases
$ sqlite3 ./databases "select * from accounts" > /Volumes/TRUECRYPT_ENCRYPTED_VOLUME/google_authenticator_backup.txt
$ rm ./databases
### If you look at the file, you see a pipe-delimited file with entries looking like the following.
### The X's mark the key.
1|Google:me@gmail.com|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0||
2|Google:me@domain.org|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0|Google|Google:me@domain.org
3|Dropbox:me@gmail.com|XXXXXXXXXXXXXXXXXXXXXXXX|0|0|0|Dropbox|Dropbox:me@gmail.com
### To restore the keys, you can key them in manually in Google Authenticator:
### Menu -> Set up account -> Enter provided key.
### Enter the key exactly as it appears, case sensitive, and choose Time-based.
@unlocomqx
Copy link

Thank you very much!!
I have a rooted m8 and successfully restored my Neteller key (I was locked out for few hours after installing new rom)
I extracted my TWRP backup on my PC (change the extension to .tar/ open with winrar or so)
Copied the file data.ext4.win000.tar\data\data\com.google.android.apps.authenticator2\databases\databases
To
\data\data\com.google.android.apps.authenticator2\databases\ on my Android using "ES File Explorer"
(Maybe you'll need to check "Root Explorer" in settings to access "data/data/"
OBViously, this will overwrite any previous codes (I had none anyway)

@thouis
Copy link

thouis commented Jul 30, 2015

If you have python and the 'qrcode' module installed, you can use this to generate QR codes from the sqlite database:

import qrcode
import sqlite3
conn = sqlite3.connect('databases')
c = conn.cursor()

for idx, (email, secret, issuer) in enumerate(c.execute("SELECT email,secret,issuer FROM accounts").fetchall()):
    url = 'otpauth://totp/{}?secret={}&issuer={}'.format(email, secret, issuer)
    print url
    im = qrcode.make(url)
    im.save('{}.png'.format(idx))

Be sure to treat the qrcode images as secret (remove them when you're done!).

@haridsv
Copy link

haridsv commented Oct 18, 2016

Thanks a lot!

@Mic92
Copy link

Mic92 commented Nov 16, 2016

to make the python script above working with google authenticator from fdroid issue must be removed

#! /usr/bin/env nix-shell
#! nix-shell -i python3 -p python3 python3Packages.qrcode

import qrcode
import sqlite3
conn = sqlite3.connect('databases')

c = conn.cursor()
for i, (email, secret) in enumerate(c.execute("SELECT email, secret FROM accounts").fetchall()):
    url = 'otpauth://totp/{}?secret={}'.format(email, secret)
    print(url)
    im = qrcode.make(url)
    im.save('{}.png'.format(i))

@ttofis
Copy link

ttofis commented Jun 21, 2017

I don't have root and my phone has a locked bootloader. What can I do? There is another app that you can use to extract saves without root. Will that work?

@juancil
Copy link

juancil commented Nov 2, 2017

Hello,
I did a phone backup without having rooted my phone, because I did a factory reset. Now I have the file com.google.android.apps.authenticator2.db (no /database) which I cannot open to extract my old authenticator codes.
Do I need to root my phone, and then somehow insert this file into the new backup to maybe be able to recover it via TWBR? Thank you!

@Zian
Copy link

Zian commented Mar 25, 2018

Here's a version of the script if you need to edit or recover the issuer field:

import qrcode
import sqlite3
conn = sqlite3.connect('C:/Users/Zian/Documents/databases')
c = conn.cursor()

for idx, (email, secret, issuer) in enumerate(c.execute("SELECT email,secret,issuer FROM accounts").fetchall()):
    if issuer==None:
        if len(email.split(" "))>0:
            issuer=email.split(" ")[0]
        else:
            issuer=email

        if len(issuer.split(":"))>0:
            issuer=issuer.split(":")[0]
        
        print("If the following issuer looks wrong, enter a new value. If it's OK, just press ENTER.")
        newIssuer=input(issuer)
        if len(newIssuer)>0:
            issuer=newIssuer
    url = 'otpauth://totp/{}?secret={}&issuer={}'.format(email, secret, issuer)
    print (url)
    im = qrcode.make(url)
    im.save('C:/Users/Zian/Documents/qrcodes/{}.png'.format(idx))

@F0nzy
Copy link

F0nzy commented Jul 9, 2019

Here is a new version, with terminal QC code: (comment out some line)
genqrcodes.py:

import pyqrcode
import sqlite3
conn = sqlite3.connect('/home/user/databases')
c = conn.cursor()

for idx, (email, secret, issuer) in enumerate(c.execute("SELECT email,secret,issuer FROM accounts").fetchall()):

if issuer==None:

    if len(email.split(" "))>0:
        issuer=email.split(" ")[0]
    else:
        issuer=email

    if len(issuer.split(":"))>0:
        issuer=issuer.split(":")[0]

    #print ("If the following issuer looks wrong, enter a new value. If it's OK, just press ENTER.")
    #newIssuer=input(issuer)
    #if len(newIssuer)>0:
    #    issuer=newIssuer

url = 'otpauth://totp/{}?secret={}&issuer={}'.format(email, secret, issuer)
im = pyqrcode.create(url)
#print (url)
#print(im.terminal(quiet_zone=1))

big_code = pyqrcode.create(url, error='L', version=27, mode='binary')
big_code.png(issuer+'.png', scale=6, module_color=[0, 0, 0, 128], background=[0xff, 0xff, 0xcc])
big_code.show()

@vigilantlaynar
Copy link

does anyone know how to open .enc file

@vigilantlaynar
Copy link

could someone plzz tell how to import qrcode and sqlite3
i have installed anaconda

@kda-jt
Copy link

kda-jt commented Sep 8, 2020

This still works on version 5.10, that was released in april 2020. Thanks

Copy link

ghost commented Feb 3, 2021

Really thanks. You just save my life. Still works.

@blazej222
Copy link

Unfortunately, this no longer works as of 12.07.2022. The secret in database seems to be encrypted somehow, and authenticator doesn't want to accept it (says + and / are invalid characters). Secrets are between 61 and 83 characters long in my case. I created my own secret to find out how it's encrypted, but I didn't succeed.
Example: Secret TEST1234TEST1234TEST1234TEST1234
gets encrypted to:
JoSYvgknFqwiMMQqEKbeZtPQ8gBppUdTbArhnsN3+fCAua0UqfqYHVHYchNWwyvSDY/BoHmUQsgRgf6W.
Lucky patcher or manual copying and pasting database file does not work - authenticator simply does not show the codes.
Also, QR codes generators don't work, as they try to create a QR code with this weirdly encrypted secret.

@moghingold
Copy link

Just here to confirm the same issue as blazej222, manual backup of Google Auth database did not allow me to restore any keys.

@zerkz
Copy link

zerkz commented Jul 21, 2022

ugh, I also just got hosed by this issue where the account.secret column is encrypted. The fact that Google Auth has no easy transfer (the QR Code way does not work if you are trying to flash your phone with the latest Android OS... and they don't even allow you to screenshot it!).

I've lost access to probably 20-30 services now. Thankfully had an export of my bitwarden vault.

If anyone finds the private key location (and hopefully its in one of the files that I backed up of the Authenticator's app data), maybe there is hope.

@brand1970
Copy link

brand1970 commented Nov 6, 2022

A solution with the encrypted accounts.secret column, there is in https://github.com/scito/extract_otp_secret_keys

@moghingold
Copy link

Link is dead

@krison1
Copy link

krison1 commented Dec 2, 2022

copy and paste the link instead, but he didn't specify how he did the simulated restore but then again I don't really understand sqlite3 that well.

@shokolatha
Copy link

shokolatha commented Dec 10, 2022

copy and paste the link instead, but he didn't specify how he did the simulated restore but then again I don't really understand sqlite3 that well.

he did mention the procedure at scito/extract_otp_secrets#24 , but the solution is misleading.
his solution is based on database of google authenticator version prior 5.10 which doesn't encrypt the secrets.
so the problem of encrypted secrets still persists.

@wegood9
Copy link

wegood9 commented Feb 11, 2023

I searched Google and accidentally found this website that can decode secrets from the newer Apps. I tested myself and it did work.

@shokolatha
Copy link

I searched Google and accidentally found this website that can decode secrets from the newer Apps. I tested myself and it did work.

It requires the QR codes, so it doesn't decrypt them "just by the database file".

@Fluorax
Copy link

Fluorax commented Oct 2, 2023

You can try disabling selinux. Tried the earlier suggestions, but Authenticator kept crashing. Restoring through Titanium backup that way, while upgrading from Android 10 to Android 13, I managed to recover my passwords.

@LudwigEuler
Copy link

LudwigEuler commented Aug 3, 2024

Link is dead

the link isn't dead.
actually, it works!

https://github.com/scito/extract_otp_secret_keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment