Created
December 6, 2015 17:35
-
-
Save merrilymeredith/f0c10ccd6a5a55a7e405 to your computer and use it in GitHub Desktop.
Dump Duo TOTP accounts from backup, in QR code form.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!perl | |
=head1 duo-qr-dump.pl | |
perl duo-qr-dump.pl accounts.json | |
Requires: Mojolicious, Term::QRCode (which requires Text::QRCode which | |
requires qrencode) | |
Given accounts.json from your Duo android app's private data, dumps a list of | |
QR codes for quickly reimporting to another app. | |
I like Duo, but I also like having at least one spare key or at least a secure | |
backup, and so every new phone requires me to either migrate every account by | |
hand or root my devices so I can use backup/restore to copy Duo over. I've | |
used this to move to Authy, which provides encrypted cloud backups. | |
In an unencrypted Titanium Backup dump, accounts.json is found in the .tgz file | |
under files/duokit. Be sure not to leave your OTP secrets laying around | |
anywhere! Secure-delete these files when you're done, wipe your terminal | |
buffers of the QR codes, etc. | |
=cut | |
use warnings; | |
use strict; | |
use feature 'say'; | |
use Term::QRCode; | |
use Mojo::JSON 'decode_json'; | |
use Mojo::Util 'slurp'; | |
my $qr = Term::QRCode->new; | |
for my $file (@ARGV) { | |
for my $acct (@{decode_json(slurp $file)}) { | |
next unless $acct->{otpGenerator}; | |
say $acct->{name}; | |
say $qr->plot(sprintf( | |
'otpauth://totp/%s?secret=%s&issuer=%s', | |
$acct->{name}, | |
$acct->{otpGenerator}->{otpSecret}, | |
($acct->{logoUri} // '') =~ s/^.*ic_//r, | |
)); | |
say $/; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment