Skip to content

Instantly share code, notes, and snippets.

@nmurthy

nmurthy/getTotps.js

Created January 30, 2019 20:56
Show Gist options
  • Star 18 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save nmurthy/a5e7107671cf04529ac5f3a7471f2357 to your computer and use it in GitHub Desktop.
Save nmurthy/a5e7107671cf04529ac5f3a7471f2357 to your computer and use it in GitHub Desktop.
Download ZIP
export authy totp codes
Raw
getTotps.js
/* base32 */
/*
Copyright (c) 2011, Chris Umbel
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
var charTable = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
function quintetCount(buff) {
var quintets = Math.floor(buff.length / 5);
return buff.length % 5 === 0 ? quintets : quintets + 1;
}
encode = function(plain) {
var i = 0;
var j = 0;
var shiftIndex = 0;
var digit = 0;
var encoded = new Array(quintetCount(plain) * 8);
/* byte by byte isn't as pretty as quintet by quintet but tests a bit faster. will have to revisit. */
while(i < plain.length) {
var current = plain[i];
if(shiftIndex > 3) {
digit = current & (0xff >> shiftIndex);
shiftIndex = (shiftIndex + 5) % 8;
digit = (digit << shiftIndex) | ((i + 1 < plain.length) ?
plain[i + 1] : 0) >> (8 - shiftIndex);
i++;
} else {
digit = (current >> (8 - (shiftIndex + 5))) & 0x1f;
shiftIndex = (shiftIndex + 5) % 8;
if(shiftIndex === 0) i++;
}
encoded[j] = charTable.charCodeAt(digit);
j++;
}
for(i = j; i < encoded.length; i++) {
encoded[i] = 0x3d; //'='.charCodeAt(0)
}
return encoded.join('');
};
/* base32 end */
function hexToInt(str) {
var result = [];
for (var i = 0; i < str.length; i += 2) {
result.push(parseInt(str.substr(i, 2), 16));
}
return result;
}
function hexToB32(str) {
return encode(hexToInt(str));
}
getTotps = function() {
var totps = [];
console.warn("Here's your Authy tokens:");
appManager.getModel().forEach(function(i) {
var secret = (i.markedForDeletion === false || !i.secretSeed) ? i.decryptedSeed : hexToB32(i.secretSeed);
var totp_uri = 'otpauth://totp/' + encodeURIComponent(i.name) + '?secret=' + secret + '&issuer=' + i.accountType + '&digits=' + i.digits + '&period=10';
console.group(i.name);
console.log('TOTP URI: ' + totp_uri);
var qr_code = 'https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' + encodeURIComponent(totp_uri);
console.log('QR code: ' + qr_code);
totps.push({
name: i.name,
totpURI: totp_uri,
qrCode: qr_code
})
console.groupEnd();
});
console.log(JSON.stringify(totps));
return totps;
}
@scramblr
Copy link

They are using non-standard timing, but its not a big deal - it will still work! (usually)
-The OTP codes are generated using the 10 second matrix, but the code is "good" for 20 seconds It's because Authy allows for 3 code skew.

  • Because they allow 3 code skew, you can put Authy and your password manager side by side and see them narrowly miss each other or sometimes they're exactly aligned, your milage may vary depending on how exact your clock is.
  • If you're synced exactly to NTP, try rolling your clock back 10 seconds. Authy appears to be running about 10 seconds behind (probably intentionally) but anyways, this will usually put you right in the middle of the Authy skew window while not messing with your other apps.
  • Screw Authy for not having a standardized export function. Seriously.

@Valinwolf
Copy link

They are using non-standard timing, but its not a big deal - it will still work! (usually)
-The OTP codes are generated using the 10 second matrix, but the code is "good" for 20 seconds It's because Authy allows for 3 code skew.

  • Because they allow 3 code skew, you can put Authy and your password manager side by side and see them narrowly miss each other or sometimes they're exactly aligned, your milage may vary depending on how exact your clock is.
  • If you're synced exactly to NTP, try rolling your clock back 10 seconds. Authy appears to be running about 10 seconds behind (probably intentionally) but anyways, this will usually put you right in the middle of the Authy skew window while not messing with your other apps.
  • Screw Authy for not having a standardized export function. Seriously.

I think they changed the formula or something because I've been trying and both 10 and 20 seconds with the private key does not generate a valid code. Tested in website and collected a boat full of codes over time. No bueno.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment