-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathduo_activate.py
executable file
·64 lines (55 loc) · 1.93 KB
/
duo_activate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env python3
import pyotp
import requests
import base64
import json
import sys
from Crypto.PublicKey import RSA
raw_input: str = sys.argv[1]
split_raw_input: list = raw_input.split('-')
code: str = split_raw_input[0]
encoded_host: str = split_raw_input[1]
host: str = base64.decodebytes(encoded_host.encode('utf-8') + b'==').decode()
# Obsolete documentation for reference purposes:
#The QR Code is in the format: XXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
#copy 'XXXXXXXXXX' to "code"
#use https://www.base64decode.org/ to decode YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY and put it in 'host'
#decoded format should be in the format: api-XXXXX.duosecurity.com
#host = 'api-XXXXX.duosecurity.com'
#code = 'XXXXXXXXXX'
url = 'https://{host}/push/v2/activation/{code}?customer_protocol=1'.format(host=host, code=code)
headers = {'User-Agent': 'okhttp/2.7.5'}
data = {'pkpush': 'rsa-sha512',
'pubkey': RSA.generate(2048).public_key().export_key("PEM").decode(),
'jailbroken': 'false',
'architecture': 'arm64',
'region': 'US',
'app_id': 'com.duosecurity.duomobile',
'full_disk_encryption': 'true',
'passcode_status': 'true',
'platform': 'Android',
'app_version': '3.49.0',
'app_build_number': '323001',
'version': '11',
'manufacturer': 'unknown',
'language': 'en',
'model': 'Pixel 3a',
'security_patch_level': '2021-02-01'}
r = requests.post(url, headers=headers, data=data)
response = json.loads(r.text)
try:
secret = base64.b32encode(response['response']['hotp_secret'].encode())
except KeyError:
print(response)
sys.exit(1)
print("secret", secret)
print("10 Next OneTime Passwords!")
# Generate 10 Otps!
hotp = pyotp.HOTP(secret)
for _ in range(10):
print(hotp.at(_))
with open('duotoken.hotp', 'w') as file:
file.write(secret.decode() + "\n")
file.write("0")
with open('response.json', 'w') as resp:
resp.write(r.text)