From bf575ce2ecfefdd7e3308b40b9ac2d9b821d0e91 Mon Sep 17 00:00:00 2001 From: xBytez Date: Wed, 2 Oct 2019 23:52:50 +0200 Subject: [PATCH] Fix filename in argument example. Change URL format to Duo's new QR code format. Update device details to be a bit more descriptive and more recent versions. Fix Python 3 support. Remove functionality to generate tokens on activation. --- duo_activate.py | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/duo_activate.py b/duo_activate.py index 6d2ed44..8c0894e 100755 --- a/duo_activate.py +++ b/duo_activate.py @@ -7,53 +7,47 @@ import json import sys if len(sys.argv) < 2: - print("Usage: python duo_bypass.py ") + print("Usage: python duo_activate.py ") sys.exit() qr_url = sys.argv[1] host = 'api-%s' % (qr_url.split('/')[2].split('-')[1],) -code = qr_url.rsplit('/',1)[1] +code = qr_url.rsplit('/qr?value=',1)[1].split('-')[0] url = 'https://{host}/push/v2/activation/{code}?customer_protocol=1'.format(host=host, code=code) +print("url", url) headers = {'User-Agent': 'okhttp/2.7.5'} data = {'jailbroken': 'false', 'architecture': 'armv7', - 'region': 'US', + 'region': 'NL', 'app_id': 'com.duosecurity.duomobile', 'full_disk_encryption': 'true', 'passcode_status': 'true', 'platform': 'Android', - 'app_version': '3.23.0', - 'app_build_number': '323001', - 'version': '8.1', + 'app_version': '3.29.1', + 'app_build_number': '329101', + 'version': '10.0', 'manufacturer': 'unknown', 'language': 'en', - 'model': 'Pixel C', - 'security_patch_level': '2018-12-01'} + 'model': 'Command line', + 'security_patch_level': '2019-10-01'} r = requests.post(url, headers=headers, data=data) response = json.loads(r.text) try: - secret = base64.b32encode(response['response']['hotp_secret']) + secret = base64.b32encode(response['response']['hotp_secret'].encode("UTF-8")) except KeyError: print(response) sys.exit(1) print("secret", secret) -print("10 Next OneTime Passwords!") -# Generate 10 Otps! -hotp = pyotp.HOTP(secret) -for _ in xrange(10): - print(hotp.at(_)) - f = open('duotoken.hotp', 'w') -f.write(secret + "\n") -f.write("0") +f.write(secret.decode("UTF-8")) +f.write("\n0") f.close() with open('response.json', 'w') as resp: resp.write(r.text) -