-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from nilsstreedain/dev
v1.0
- Loading branch information
Showing
2 changed files
with
71 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,44 @@ | ||
# duo-mobile-workaround | ||
Cisco DUO Mobile App OTP Workaround | ||
# duo-workaround | ||
Script to generate valid HOTP key from DUO Security credentials allowing use of 3rd party and open source authentication applications such as Google Authenticator. An automatic installer, along with a online version is currently in progress. | ||
|
||
## Install: | ||
An automatic install script is in progress, for the time being, this manual process is required. | ||
1. Install dependencies using apt-get or homebrew | ||
- jq | ||
- coreutils | ||
- qrencode | ||
- oath-toolkit | ||
2. Place the `duo-workaround` script in the `/usr/local/bin/` folder. | ||
3. Make sure the file is executable with the following terminal command: | ||
```bash | ||
chmod +x /usr/local/bin/duo-workaround | ||
``` | ||
|
||
|
||
## Setup: | ||
1. Install `duo-workaround` | ||
2. Navigate to your DUO Security Portal | ||
3. Login with your current DUO 2fa method | ||
4. On your device management screen, select `+ Add another device` | ||
<img width="423" alt="Screenshot 2022-09-26 at 12 51 56 AM" src="https://user-images.githubusercontent.com/25465133/192222493-d9040d55-7271-4140-ba12-af4480781c26.png"> | ||
|
||
5. Select `Tablet` | ||
<img width="423" alt="Screenshot 2022-09-26 at 12 47 44 AM" src="https://user-images.githubusercontent.com/25465133/192221693-85f10e11-51c1-4b0b-8107-dbecd83d9bee.png"> | ||
|
||
6. Select `Android` | ||
<img width="423" alt="Screenshot 2022-09-26 at 12 48 00 AM" src="https://user-images.githubusercontent.com/25465133/192221770-be4ccbd6-232d-43ed-8d3a-2c6086950aa0.png"> | ||
|
||
7. Select `I have DUO Mobile installed` | ||
<img width="423" alt="Screenshot 2022-09-26 at 12 48 22 AM" src="https://user-images.githubusercontent.com/25465133/192221856-f8c09525-feec-46bc-b434-a5b0bad01f9d.png"> | ||
|
||
8. Right Click the QR Code and copy the image URL | ||
<img width="423" alt="Screenshot 2022-09-26 at 12 49 43 AM" src="https://user-images.githubusercontent.com/25465133/192222277-08102469-a447-4960-b17d-e6dd36bc5397.png"> | ||
|
||
9. In terminal type the following and press 'Enter' (replace the URL with the URL you copied) | ||
```bash | ||
duo-workaround 'https://api-12345678.duosecurity.com/frame...' | ||
``` | ||
![SCR-20220926-1hx](https://user-images.githubusercontent.com/25465133/192225295-545c1a31-fcf9-4a2d-b212-281c2f4ce324.png) | ||
|
||
10. Open your HOTP app of choice (Such as Google Authenticator) and scan the QR Code. | ||
11. Done! The OTP codes within you HOTP app should be in sync with DUO. You may need to press the refresh button to update the code. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
#!/bin/sh +x | ||
|
||
# duo-workaround | ||
# | ||
# Script to generate valid HOTP key from DUO Security credentials allowing | ||
# use of 3rd party and open source authentication applications. | ||
# | ||
# Dependacies: | ||
# - jq - coreutils - qrencode - oath-toolkit | ||
# | ||
# Created by Nils Streedain on 9/25/22. | ||
|
||
# Remove characters before (and including) '=' in QR code URL | ||
API_PARAMS=${1#*=} | ||
|
||
# Parse hostname from image URL and retrieve HOTP credentials from DUO API | ||
RESPONSE=$(curl -s POST "${1%%frame*}push/v2/activation/${API_PARAMS%-*}?customer_protocol=1" -H "User-Agent: okhttp/2.7.5" -d '{"jailbroken":"false","architecture":"arm64","region":"US","app_id":"com.duosecurity.duomobile","full_disk_encryption":"true","passcode_status":"true","platform":"Android","app_version":"3.49.0","app_build_number":"323001","version":"11","manufacturer":"unknown","language":"en","model":"Pixel 3a","security_patch_level":"2021-02-01"}' | jq -j .response) | ||
|
||
# Parse DUO hotp_secret and customer_name | ||
CUSTOMER=$(jq -j .customer_name <<< $RESPONSE) | ||
SECRET=$(jq -j .hotp_secret <<< $RESPONSE | base32) | ||
SECRET=${SECRET//[=]/} | ||
|
||
# Generate OTPAUTH QR Code and Bypass Codes | ||
qrencode "otpauth://hotp/${CUSTOMER}?secret=${SECRET}&issuer=DUO&counter=1" -t ANSI | ||
echo "Key: ${SECRET}\n\nWarning: Only HOTP (not just TOTP) applications are supported, such as Google Authenticator.\nUse the following one time codes to bypass DUO if you lose access to your device:" | ||
oathtool $SECRET -b -w 10 |