Skip to content

How to migrate your Google Authenticator database to pass otp?

Roman Valls Guimera edited this page Jun 14, 2018 · 3 revisions

Howto

The script below transforms your Android's Google Authenticator sqlite3 database into a pass-otp-friendly string you can use on other of your devices in order to generate your TOTP tokens.

After dumping the database from a rooted android phone using these stackoverflow hints, you just need to adapt and run the following script:

#!/bin/bash

sqlite_run="sqlite3 -batch $HOME/tmp/google_authenticator_database.sqlite3"

#sqlite> .schema accounts
#CREATE TABLE accounts (_id INTEGER PRIMARY KEY, email TEXT NOT NULL, secret TEXT NOT NULL, counter INTEGER DEFAULT 0, type INTEGER, provider INTEGER DEFAULT 0, issuer TEXT DEFAULT NULL, original_name TEXT DEFAULT NULL);

# The idea is to extract and convert this:
#$ sqlite3 -batch ~/tmp/foo "select * from accounts;"
#2|Google:johndoe@example.com|SECRET|0|0|0|Google|Google:johndoe@example.com
#
# To this:
#otpauth://totp/johndoe@example.com@Google?secret=SECRET&issuer=Google

for id in $($sqlite_run "select _id from accounts;"); do
    email=$($sqlite_run "select email from accounts where _id=$id")
    secret=$($sqlite_run "select secret from accounts where _id=$id")
    issuer=$($sqlite_run "select issuer from accounts where _id=$id")
    echo "otpauth://totp/${email}?secret=${secret}&issuer=${issuer}"
done
Clone this wiki locally