Fix filename in argument example. Change URL format to Duo's new QR code format. Update device details to be a bit more descriptive and more recent versions. Fix Python 3 support. Remove functionality to generate tokens on activation.

This commit is contained in:
xBytez 2019-10-02 23:52:50 +02:00
parent dc2c889f53
commit bf575ce2ec
No known key found for this signature in database
GPG Key ID: AD7CA19F22991C0B
1 changed files with 12 additions and 18 deletions

View File

@ -7,53 +7,47 @@ import json
import sys import sys
if len(sys.argv) < 2: if len(sys.argv) < 2:
print("Usage: python duo_bypass.py <url to duo qr>") print("Usage: python duo_activate.py <url to duo qr>")
sys.exit() sys.exit()
qr_url = sys.argv[1] qr_url = sys.argv[1]
host = 'api-%s' % (qr_url.split('/')[2].split('-')[1],) host = 'api-%s' % (qr_url.split('/')[2].split('-')[1],)
code = qr_url.rsplit('/',1)[1] code = qr_url.rsplit('/qr?value=',1)[1].split('-')[0]
url = 'https://{host}/push/v2/activation/{code}?customer_protocol=1'.format(host=host, code=code) url = 'https://{host}/push/v2/activation/{code}?customer_protocol=1'.format(host=host, code=code)
print("url", url)
headers = {'User-Agent': 'okhttp/2.7.5'} headers = {'User-Agent': 'okhttp/2.7.5'}
data = {'jailbroken': 'false', data = {'jailbroken': 'false',
'architecture': 'armv7', 'architecture': 'armv7',
'region': 'US', 'region': 'NL',
'app_id': 'com.duosecurity.duomobile', 'app_id': 'com.duosecurity.duomobile',
'full_disk_encryption': 'true', 'full_disk_encryption': 'true',
'passcode_status': 'true', 'passcode_status': 'true',
'platform': 'Android', 'platform': 'Android',
'app_version': '3.23.0', 'app_version': '3.29.1',
'app_build_number': '323001', 'app_build_number': '329101',
'version': '8.1', 'version': '10.0',
'manufacturer': 'unknown', 'manufacturer': 'unknown',
'language': 'en', 'language': 'en',
'model': 'Pixel C', 'model': 'Command line',
'security_patch_level': '2018-12-01'} 'security_patch_level': '2019-10-01'}
r = requests.post(url, headers=headers, data=data) r = requests.post(url, headers=headers, data=data)
response = json.loads(r.text) response = json.loads(r.text)
try: try:
secret = base64.b32encode(response['response']['hotp_secret']) secret = base64.b32encode(response['response']['hotp_secret'].encode("UTF-8"))
except KeyError: except KeyError:
print(response) print(response)
sys.exit(1) sys.exit(1)
print("secret", secret) print("secret", secret)
print("10 Next OneTime Passwords!")
# Generate 10 Otps!
hotp = pyotp.HOTP(secret)
for _ in xrange(10):
print(hotp.at(_))
f = open('duotoken.hotp', 'w') f = open('duotoken.hotp', 'w')
f.write(secret + "\n") f.write(secret.decode("UTF-8"))
f.write("0") f.write("\n0")
f.close() f.close()
with open('response.json', 'w') as resp: with open('response.json', 'w') as resp:
resp.write(r.text) resp.write(r.text)