Merge pull request #1 from ixs/master

Update activation code
This commit is contained in:
Ali Mashtizadeh 2019-03-21 21:59:50 -04:00 committed by GitHub
commit 5741daf915
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 80 additions and 36 deletions

2
.gitignore vendored
View File

@ -1 +1,3 @@
*.pyc
duotoken.hotp
response.json

View File

@ -30,3 +30,9 @@ If everything worked you can then generate a code by running:
Warning: These are HOTP tokens and generate codes increments a counter. If you
get too far out of sync with the server it will stop accepting your codes.
```
./duo_export.py
```
Export the duo hotp secret as a QR code for inclusion in third-party hotp apps
like freeotp.

View File

@ -1,47 +1,59 @@
#!/usr/bin/env python2.7
#!/usr/bin/env python3
import pyotp
import requests
import base64
import json
import sys
from urllib2 import unquote
if len(sys.argv) < 2:
print "Usage: python duo_bypass.py <url to duo qr>"; exit()
print("Usage: python duo_bypass.py <url to duo qr>")
sys.exit()
qr_url = sys.argv[1]
data = qr_url #unquote(qr_url.split('=')[1])
hostb64 = data.split('-')[1]
host = 'api-%s' % (qr_url.split('/')[2].split('-')[1],)
code = qr_url.rsplit('/',1)[1]
print "hostb64", hostb64
url = 'https://{host}/push/v2/activation/{code}?customer_protocol=1'.format(host=host, code=code)
headers = {'User-Agent': 'okhttp/2.7.5'}
data = {'jailbroken': 'false',
'architecture': 'armv7',
'region': 'US',
'app_id': 'com.duosecurity.duomobile',
'full_disk_encryption': 'true',
'passcode_status': 'true',
'platform': 'Android',
'app_version': '3.23.0',
'app_build_number': '323001',
'version': '8.1',
'manufacturer': 'unknown',
'language': 'en',
'model': 'Pixel C',
'security_patch_level': '2018-12-01'}
host = base64.b64decode(hostb64 + '='*(-len(hostb64) % 4))
code = data.split('-')[0]
print "host", host
print "code", code
url = 'https://{host}/push/v2/activation/{code}'.format(host=host, code=code)
r = requests.post(url)
r = requests.post(url, headers=headers, data=data)
response = json.loads(r.text)
print "url", url
print "r", r
print "response", response
secret = base64.b32encode(response['response']['hotp_secret'])
try:
secret = base64.b32encode(response['response']['hotp_secret'])
except KeyError:
print(response)
sys.exit(1)
print "secret", secret
print("secret", secret)
print "10 Next OneTime Passwords!"
print("10 Next OneTime Passwords!")
# Generate 10 Otps!
hotp = pyotp.HOTP(secret)
for _ in xrange(10):
print hotp.at(_)
print(hotp.at(_))
f = open('duotoken.hotp', 'w')
f.write(secret + "\n")
f.write("0")
f.close()
with open('response.json', 'w') as resp:
resp.write(r.text)

24
duo_export.py Executable file
View File

@ -0,0 +1,24 @@
#!/usr/bin/env python3
import pyotp
import pyqrcode
import json
import base64
import sys
file_json = "response.json"
with open('response.json', "r") as f:
response = json.loads(f.read())['response']
with open('duotoken.hotp', "r") as f:
counter = int(f.readlines()[1])
label = response['customer_name']
issuer = 'Duo'
# base32 encoded hotp secret, with the padding ("=") stripped.
secret = base64.b32encode(bytes(response['hotp_secret'], 'utf-8')).decode('utf-8').replace('=', '')
qrdata = 'otpauth://hotp/{label}?secret={secret}&issuer={issuer}&counter={counter}'.format(label=label, secret=secret, issuer=issuer, counter=counter)
qrcode = pyqrcode.create(qrdata)
print(qrcode.terminal(quiet_zone=1))
print(qrdata)

View File

@ -1,24 +1,24 @@
#!/usr/bin/env python2.7
#!/usr/bin/env python3
import pyotp
import requests
import base64
import json
import sys
from urllib2 import unquote
f = open("duotoken.hotp","r+");
if len(sys.argv) == 2:
file = sys.argv[1]
else:
file = "duotoken.hotp"
f = open(file, "r+");
secret = f.readline()[0:-1]
offset = f.tell()
count = int(f.readline())
print "secret", secret
print "count", count
print("secret", secret)
print("count", count)
hotp = pyotp.HOTP(secret)
print "Code:", hotp.at(count)
print("Code:", hotp.at(count))
f.seek(offset)
f.write(str(count + 1))
f.close()