From 3af9c9e5ea49fdefd748a1be7d3a0f5097498aae Mon Sep 17 00:00:00 2001 From: Stephen Shkardoon Date: Mon, 7 Oct 2019 21:33:05 +1300 Subject: Add crack-otp script The script cracks the original key given the QR code and a single OTP output. --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 3932606..3bbdd0e 100644 --- a/README.md +++ b/README.md @@ -41,3 +41,29 @@ Counter: 0x31EB8E5 (52345061) 814835 ``` + +# crack-otp.py +Because Entrust soft tokens only use 2 bytes of randomness generated on the end-user device, this means they're trivially bruteforcable given the original QR code and a single OTP output. Simply decode the QR code as usual, and provide it to the script along with an example OTP output and when it was generated. The script will do a sloppy match on the timing (+ and - 30 seconds) to improve the chances of a successful key being found, unless the `--strict-time` paramater is given which causes the script to do an search match. + +The script is fast enough on a CPU that a CUDA/OpenCL implmentation is probably not necessary. + +Example: +``` +$ time ./crack-otp.py 48244-13456 1745-7712-6942-8698 043700 1570434609 +Possibe valid OTP seed found: 9a8eab5ecc9fc413758a92ac223dc6a0 +To generate a code immediately, run: +oathtool -v --totp=sha256 --digits=6 9a8eab5ecc9fc413758a92ac223dc6a0 + +real 0m3.540s +user 0m3.537s +sys 0m0.003s + +$ time ./crack-otp.py 48244-13456 1745-7712-6942-8698 043700 1570434609 --strict-time +Possibe valid OTP seed found: 9a8eab5ecc9fc413758a92ac223dc6a0 +To generate a code immediately, run: +oathtool -v --totp=sha256 --digits=6 9a8eab5ecc9fc413758a92ac223dc6a0 + +real 0m1.212s +user 0m1.209s +sys 0m0.003s +``` -- cgit v1.2.3