Last active
November 11, 2025 13:59
-
-
Save chowder/2ead734d60d84d4d15034fcce81aaaf9 to your computer and use it in GitHub Desktop.
Revisions
-
chowder revised this gist
Feb 21, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ Forunately, after the registration is complete, the underlying mechanism the app # Extracting the keys 1. To extract the keys, a complete registration must first be done with a **rooted** Android device. I used a virtual Android device created with [Android Studio's Device Manager](https://developer.android.com/studio/run/managing-avds). 2. Once complete, an SQLite database storing the keys can be found on the device at: -
Feb 21, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ # Background Workplaces may enforce TOTP 2FA to be enabled Office 365 accounts, which require the [Microsoft Authenticator](https://www.microsoft.com/en-us/security/mobile-authenticator-app) app to be installed. Regular TOTP applications (such as [Aegis](https://getaegis.app/), [Authy](https://authy.com/), or [LastPass](https://www.lastpass.com/)) cannot be used as Microsoft uses a proprietary scheme called `phonefactor`. Furthermore, the application requires Google Services Framework (GSF) to be installed (likely to provide device notifications), and will refuse to work when it is not present on the device. Forunately, after the registration is complete, the underlying mechanism the app uses to generate TOTP codes is regular `otpauth`, and its secrets can be exported with a little bit of effort. # Extracting the keys 1. To extract the keys, a complete registration must first be done with a **rooted** Android device. I used an virtual Android device with [Android Studio's Device Manager](https://developer.android.com/studio/run/managing-avds). 2. Once complete, an SQLite database storing the keys can be found on the device at: `/data/data/com.azure.authenticator/databases/PhoneFactor` (accessing the `/data` partition is what requires root) 3. [ADB](https://developer.android.com/studio/command-line/adb) can then be used to connect to the device/emulator, using its bundled `sqlite3` tool to view the database: ``` $ adb root # Ensure we run as the root user $ adb shell # Launch a shell as the root user emu64xa:/ # whoami root emu64xa:/ # sqlite3 /data/data/com.azure.authenticator/databases/PhoneFactor # Connect to the database file sqlite> SELECT name, username, oath_secret_key from accounts; GitHub|[email protected]|w0swofa8wl02vqml0pkbzphvp54zyx5x ``` The 32-length string in the `oath_secret_key` column can then be imported into any TOTP application.