Skip to content

Instantly share code, notes, and snippets.

Last active August 11, 2023 07:32
Show Gist options
  • Save jmiserez/744116545d7f595923966f883c4f1b5d to your computer and use it in GitHub Desktop.
Save jmiserez/744116545d7f595923966f883c4f1b5d to your computer and use it in GitHub Desktop.
CyberChef: Parse Google Authenticator QR Code (single export) using protobuf schema and extract TOTP secret as Base32
1. Go to
2. Download CyberChef (top left), extract .zip and open .html file
3. Click "Load Recipe" in the top middle
4. Enter the following recipe:
Regular_expression('User defined','otpauth-migration\\:\\/\\/offline\\?data\\=(.*)',true,false,true,false,false,false,'List capture groups')
Protobuf_Decode('syntax = "proto3";\n\noption java_package = "com.beemdevelopment.aegis";\noption java_outer_classname = "GoogleAuthProtos";\n\nmessage MigrationPayload {\n enum Algorithm {\n ALGORITHM_UNSPECIFIED = 0;\n ALGORITHM_SHA1 = 1;\n ALGORITHM_SHA256 = 2;\n ALGORITHM_SHA512 = 3;\n ALGORITHM_MD5 = 4;\n }\n\n enum DigitCount {\n DIGIT_COUNT_UNSPECIFIED = 0;\n DIGIT_COUNT_SIX = 1;\n DIGIT_COUNT_EIGHT = 2;\n }\n\n enum OtpType {\n OTP_TYPE_UNSPECIFIED = 0;\n OTP_TYPE_HOTP = 1;\n OTP_TYPE_TOTP = 2;\n }\n\n message OtpParameters {\n bytes secret = 1;\n string name = 2;\n string issuer = 3;\n Algorithm algorithm = 4;\n DigitCount digits = 5;\n OtpType type = 6;\n int64 counter = 7;\n }\n\n repeated OtpParameters otp_parameters = 1;\n int32 version = 2;\n int32 batch_size = 3;\n int32 batch_index = 4;\n int32 batch_id = 5;\n}',false,false)
Regular_expression('User defined','"secret": "(.*)",',true,true,false,false,false,false,'List capture groups')
5. Click "Load"
6. Click "Open file as input" (top right) with your QR code as the input file.
Notes on security (2023-08-11):
For very small input files or when entering plain text, the CyberChef tool may append the input file to the fragment identifier of the URL in your browser (i.e. '?input=' in the '#' part of the URL). This information could remain in your local browser history, which is undesirable in the case of TOTP secrets.
To prevent such information leakage through the browser history either clear the history entries afterwards, or use a private browsing window for the whole process, or uncheck the CyberChef option 'Update the URL when the input or recipe changes' in the top-right settings before uploading the input file. In any case do not share CyberChef URLs directly with anyone as they may contain input, instead use the 'Save recipe' button.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment