-
-
Save p120ph37/8213727 to your computer and use it in GitHub Desktop.
#!/usr/bin/expect -f | |
# | |
# VIPAccess.exp | |
# | |
# Command-line emulation of Symantec's VIP Access software token. | |
# Usage: | |
# ./VIPAccess.exp [v] | |
# If the "v" argument (or any argument) is specified, verbose output | |
# will be produced on stderr. The OTP value will be output on stdout. | |
# | |
set timeout 10 | |
log_user 0 | |
set aes_key D0D0D0E0D0D0DFDFDF2C34323937D7AE | |
set keychain /Users/$env(USER)/Library/Keychains/VIPAccess.keychain | |
proc vlog { s } { if $::argc { puts stderr $s } } | |
vlog "Finding machine serial number (used by VIPAccess to secure the keychain.):" | |
spawn /bin/sh -c "ioreg -rac IOPlatformExpertDevice | xpath 'plist/array/dict/key\[.=\"IOPlatformSerialNumber\"\]/following-sibling::*\[position()=1\]/text()' 2>/dev/null" | |
expect eof | |
set serial $expect_out(buffer) | |
vlog " $serial" | |
vlog "Reading encrypted Credential ID and OTP secret key from $keychain:" | |
spawn security unlock-keychain $keychain | |
expect "password to unlock $keychain: " | |
send "${serial}SymantecVIPAccess$env(USER)\n" | |
expect eof | |
spawn security find-generic-password -gl CredentialStore $keychain | |
expect -re \"acct\"<blob>=\"\(\[a-zA-Z0-9/+\]+=\)\" | |
set id_crypt $expect_out(1,string) | |
vlog " $id_crypt" | |
expect -re password:\ \"\(\[a-zA-Z0-9/+\]+=\)\" | |
set key_crypt $expect_out(1,string) | |
vlog " $key_crypt" | |
vlog "Decrypting Credential ID and OTP key:" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$id_crypt'" | |
expect -re \(.*\)Symantec | |
set id_plain $expect_out(1,string) | |
vlog " $id_plain" | |
spawn /bin/sh -c "openssl enc -aes-128-cbc -d -K $aes_key -iv 0 -a <<< '$key_crypt' | xxd -p" | |
expect -re \[0-9a-f\]+ | |
set key_plain $expect_out(0,string) | |
vlog " $key_plain" | |
vlog "Generating current OTP using secret key." | |
spawn oathtool --totp $key_plain | |
expect -re \\d+ | |
set otp $expect_out(0,string) | |
puts $otp |
I also have the file VIPAccess.keychain-db instead of VIPAccess.keychain. I installed Saymantec VIP on Dec6.
I also have the file VIPAccess.keychain-db instead of VIPAccess.keychain. I installed Saymantec VIP on Dec6.
My script was almost 4 years old. It looks like the name of the keychain file has changed in the meantime. I updated the script and tested it as well. Amazingly, it still works. Enjoy!
Please advice for someone new to that:
I currently have VIP installed in desktop and I'm trying to make an automatic way to get the token (which is changed in 30 seconds) for some automation.
I don't have a
VIPAccess.keychain
file, I only haveVIPAccess.keychain-db
(I don't know if it the same the script is trying to use). And every time I run the script this Keychain application is prompting me to input a password that I don't know what it is (it's not my macbook password at least).
My script was almost 4 years old. It looks like the name of the keychain file has changed in the meantime. I updated the script and tested it as well. Amazingly, it still works. Enjoy!
Please advice for someone new to that:
I currently have VIP installed in desktop and I'm trying to make an automatic way to get the token (which is changed in 30 seconds) for some automation.
I don't have a
VIPAccess.keychain
file, I only haveVIPAccess.keychain-db
(I don't know if it the same the script is trying to use).And every time I run the script this Keychain application is prompting me to input a password that I don't know what it is (it's not my macbook password at least).