authy-extractor
Version:
Extract 2FA tokens from Authy
56 lines (55 loc) • 2.06 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const node_forge_1 = __importDefault(require("node-forge"));
// HOTP.hmac
function getHotpHmac(secret, counter) {
const counterBuffer = node_forge_1.default.util.hexToBytes(counter);
const secretBuffer = node_forge_1.default.util.hexToBytes(secret);
const hmac = node_forge_1.default.hmac.create();
hmac.start('sha1', secretBuffer);
hmac.update(counterBuffer);
return hmac.digest().toHex();
}
// HOTP.truncate
function truncateHotp(hash) {
const offset = parseInt(hash[39], 16) * 2;
const p = parseInt(hash.substring(offset, offset + 8), 16);
return p & 0x7fffffff;
}
// HOTP.hotp
function getHotp(secret, counter) {
const hmac = getHotpHmac(secret, counter);
return truncateHotp(hmac);
}
// TOTP.padTime
function padTotpTime(time) {
// eslint-disable-next-line no-param-reassign
while (time.length < 16)
time = `0${time}`;
return time;
}
// TOTP.time
function getTotpTime(time, timeStep) {
return padTotpTime(Math.floor(time / timeStep).toString(16));
}
// TOTP.totp
function getTotp(secret, time, otpLength) {
const totp = getHotp(secret, time).toString();
return totp.substring(totp.length - otpLength, totp.length);
}
// AuthyOtpGenerator.prototype.getOtps
function getOtps(secret, otpLength, otpTimeStep, movingFactorCorrection = 0) {
// TOTP.getUnixTime
const unixTime = Math.floor(new Date().getTime() / 1000) + movingFactorCorrection;
const time0 = getTotpTime(unixTime, otpTimeStep);
const time1 = getTotpTime(unixTime + otpTimeStep, otpTimeStep);
const time2 = getTotpTime(unixTime + otpTimeStep * 2, otpTimeStep);
const otp1 = getTotp(secret, time0, otpLength);
const otp2 = getTotp(secret, time1, otpLength);
const otp3 = getTotp(secret, time2, otpLength);
return { otp1, otp2, otp3 };
}
exports.default = getOtps;