-
-
Save norio-nomura/3a434582f34747e7524ce2ca95f02329 to your computer and use it in GitHub Desktop.
Generate otpauth URL from Symantec's "VIP Access" on OS X that can be used by TOTP Apps such as 1Password.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/expect -f | |
# | |
# otpauthFromVIPAccess.exp | |
# | |
# Generate otpauth scheme url from Symantec VIP Access. | |
# Usage: | |
# ./otpauthFromVIPAccess.exp [v] | |
# If the "v" argument (or any argument) is specified, verbose output | |
# will be produced on stderr. The otpauth url will be output on stdout. | |
# | |
set timeout 10 | |
log_user 0 | |
set aes_key D0D0D0E0D0D0DFDFDF2C34323937D7AE | |
set keychain /Users/$env(USER)/Library/Keychains/VIPAccess.keychain | |
proc vlog { s } { if $::argc { puts stderr $s } } | |
vlog "Finding machine serial number (used by VIPAccess to secure the keychain.):" | |
spawn /bin/sh -c "ioreg -rac IOPlatformExpertDevice | xpath 'plist/array/dict/key\[.=\"IOPlatformSerialNumber\"\]/following-sibling::*\[position()=1\]/text()' 2>/dev/null" | |
expect eof | |
set serial $expect_out(buffer) | |
vlog " $serial" | |
vlog "Reading encrypted Credential ID and OTP secret key from $keychain:" | |
spawn security unlock-keychain $keychain | |
expect "password to unlock $keychain: " | |
send "${serial}SymantecVIPAccess$env(USER)\n" | |
expect eof | |
spawn security find-generic-password -gl CredentialStore $keychain | |
expect -re \"acct\"<blob>=\"\(\[a-zA-Z0-9/+\]+=\)\" | |
set id_crypt $expect_out(1,string) | |
vlog " $id_crypt" | |
expect -re password:\ \"\(\[a-zA-Z0-9/+\]+=\)\" | |
set key_crypt $expect_out(1,string) | |
vlog " $key_crypt" | |
vlog "Decrypting Credential ID and OTP key:" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$id_crypt'" | |
expect -re \(.*\)Symantec | |
set id_plain $expect_out(1,string) | |
vlog " $id_plain" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$key_crypt' | xxd -p" | |
expect -re \[0-9a-f\]+ | |
set key_plain $expect_out(0,string) | |
vlog " $key_plain" | |
vlog "Converting OTP key from base16 to base32:" | |
spawn python -c "import base64; print base64.b32encode(base64.b16decode('$key_plain'.upper()))" | |
expect -re \[A-Z2-7\]+ | |
set key_base32 $expect_out(0,string) | |
vlog " $key_base32" | |
puts "otpauth://totp/VIP%20Access:$id_plain?secret=$key_base32&issuer=Symantec" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment