-
-
Save p120ph37/8213727 to your computer and use it in GitHub Desktop.
#!/usr/bin/expect -f | |
# | |
# VIPAccess.exp | |
# | |
# Command-line emulation of Symantec's VIP Access software token. | |
# Usage: | |
# ./VIPAccess.exp [v] | |
# If the "v" argument (or any argument) is specified, verbose output | |
# will be produced on stderr. The OTP value will be output on stdout. | |
# | |
set timeout 10 | |
log_user 0 | |
set aes_key D0D0D0E0D0D0DFDFDF2C34323937D7AE | |
set keychain /Users/$env(USER)/Library/Keychains/VIPAccess.keychain | |
proc vlog { s } { if $::argc { puts stderr $s } } | |
vlog "Finding machine serial number (used by VIPAccess to secure the keychain.):" | |
spawn /bin/sh -c "ioreg -rac IOPlatformExpertDevice | xpath 'plist/array/dict/key\[.=\"IOPlatformSerialNumber\"\]/following-sibling::*\[position()=1\]/text()' 2>/dev/null" | |
expect eof | |
set serial $expect_out(buffer) | |
vlog " $serial" | |
vlog "Reading encrypted Credential ID and OTP secret key from $keychain:" | |
spawn security unlock-keychain $keychain | |
expect "password to unlock $keychain: " | |
send "${serial}SymantecVIPAccess$env(USER)\n" | |
expect eof | |
spawn security find-generic-password -gl CredentialStore $keychain | |
expect -re \"acct\"<blob>=\"\(\[a-zA-Z0-9/+\]+=\)\" | |
set id_crypt $expect_out(1,string) | |
vlog " $id_crypt" | |
expect -re password:\ \"\(\[a-zA-Z0-9/+\]+=\)\" | |
set key_crypt $expect_out(1,string) | |
vlog " $key_crypt" | |
vlog "Decrypting Credential ID and OTP key:" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$id_crypt'" | |
expect -re \(.*\)Symantec | |
set id_plain $expect_out(1,string) | |
vlog " $id_plain" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$key_crypt' | xxd -p" | |
expect -re \[0-9a-f\]+ | |
set key_plain $expect_out(0,string) | |
vlog " $key_plain" | |
vlog "Generating current OTP using secret key." | |
spawn oathtool --totp $key_plain | |
expect -re \\d+ | |
set otp $expect_out(0,string) | |
puts $otp |
@Mike-c-Jackson
I wrote a wrapper script based on the code presented here couple of years back. The script still works fine (I just tried on my iMac/intel and macbook/m2) with the latest macOS version. You can give it a try and see if you can get past your issue. It is at the link below.
https://github.com/aselvan/scripts/blob/master/security/symantec_vipaccess_key.sh
Please advice for someone new to that:
I currently have VIP installed in desktop and I'm trying to make an automatic way to get the token (which is changed in 30 seconds) for some automation.
I don't have a VIPAccess.keychain
file, I only have VIPAccess.keychain-db
(I don't know if it the same the script is trying to use).
And every time I run the script this Keychain application is prompting me to input a password that I don't know what it is (it's not my macbook password at least).
I also have the file VIPAccess.keychain-db instead of VIPAccess.keychain. I installed Saymantec VIP on Dec6.
I also have the file VIPAccess.keychain-db instead of VIPAccess.keychain. I installed Saymantec VIP on Dec6.
My script was almost 4 years old. It looks like the name of the keychain file has changed in the meantime. I updated the script and tested it as well. Amazingly, it still works. Enjoy!
Please advice for someone new to that:
I currently have VIP installed in desktop and I'm trying to make an automatic way to get the token (which is changed in 30 seconds) for some automation.
I don't have a
VIPAccess.keychain
file, I only haveVIPAccess.keychain-db
(I don't know if it the same the script is trying to use). And every time I run the script this Keychain application is prompting me to input a password that I don't know what it is (it's not my macbook password at least).
My script was almost 4 years old. It looks like the name of the keychain file has changed in the meantime. I updated the script and tested it as well. Amazingly, it still works. Enjoy!
In using the serial extraction in the original script (uncommented line in below code excerpt), I get no value returned.
When using the different option mentioned by @p120ph37 (first commented line in below code excerpt) I get the serial, but with quotes and a carriage return
I found the following code (second commented line in below code excerpt) that gives me just the serial, but it still contains the carriage return, so when it creates the password to unlock the keychain, the result shows with the carriage return so it always fail
Code options used:
Any thoughts on how to remove the carriage return?