Merge pull request #1 from nilsstreedain/dev

v1.0

README.md

@@ -1,2 +1,44 @@
-# duo-mobile-workaround
-Cisco DUO Mobile App OTP Workaround
+# duo-workaround
+Script to generate valid HOTP key from DUO Security credentials allowing use of 3rd party and open source authentication applications such as Google Authenticator. An automatic installer, along with a online version is currently in progress.
+
+## Install:
+An automatic install script is in progress, for the time being, this manual process is required.
+1. Install dependencies using apt-get or homebrew
+    - jq
+    - coreutils
+    - qrencode
+    - oath-toolkit
+2. Place the `duo-workaround` script in the `/usr/local/bin/` folder.
+3. Make sure the file is executable with the following terminal command:
+```bash
+chmod +x /usr/local/bin/duo-workaround
+```
+
+
+## Setup:
+1. Install `duo-workaround`
+2. Navigate to your DUO Security Portal
+3. Login with your current DUO 2fa method
+4. On your device management screen, select `+ Add another device`
+<img width="423" alt="Screenshot 2022-09-26 at 12 51 56 AM" src="https://user-images.githubusercontent.com/25465133/192222493-d9040d55-7271-4140-ba12-af4480781c26.png">
+
+5. Select `Tablet`
+<img width="423" alt="Screenshot 2022-09-26 at 12 47 44 AM" src="https://user-images.githubusercontent.com/25465133/192221693-85f10e11-51c1-4b0b-8107-dbecd83d9bee.png">
+
+6. Select `Android`
+<img width="423" alt="Screenshot 2022-09-26 at 12 48 00 AM" src="https://user-images.githubusercontent.com/25465133/192221770-be4ccbd6-232d-43ed-8d3a-2c6086950aa0.png">
+
+7. Select `I have DUO Mobile installed`
+<img width="423" alt="Screenshot 2022-09-26 at 12 48 22 AM" src="https://user-images.githubusercontent.com/25465133/192221856-f8c09525-feec-46bc-b434-a5b0bad01f9d.png">
+
+8. Right Click the QR Code and copy the image URL
+<img width="423" alt="Screenshot 2022-09-26 at 12 49 43 AM" src="https://user-images.githubusercontent.com/25465133/192222277-08102469-a447-4960-b17d-e6dd36bc5397.png">
+
+9. In terminal type the following and press 'Enter' (replace the URL with the URL you copied)
+```bash
+duo-workaround 'https://api-12345678.duosecurity.com/frame...'
+```
+![SCR-20220926-1hx](https://user-images.githubusercontent.com/25465133/192225295-545c1a31-fcf9-4a2d-b212-281c2f4ce324.png)
+
+10. Open your HOTP app of choice (Such as Google Authenticator) and scan the QR Code.
+11. Done! The OTP codes within you HOTP app should be in sync with DUO. You may need to press the refresh button to update the code.

duo-workaround

@@ -0,0 +1,27 @@
+#!/bin/sh +x
+
+#	duo-workaround
+#
+#	Script to generate valid HOTP key from DUO Security credentials allowing
+#	use of 3rd party and open source authentication applications.
+#
+#	Dependacies:
+#		- jq		- coreutils		- qrencode		- oath-toolkit
+#
+#	Created by Nils Streedain on 9/25/22.
+
+# Remove characters before (and including) '=' in QR code URL
+API_PARAMS=${1#*=}
+
+# Parse hostname from image URL and retrieve HOTP credentials from DUO API
+RESPONSE=$(curl -s POST "${1%%frame*}push/v2/activation/${API_PARAMS%-*}?customer_protocol=1" -H "User-Agent: okhttp/2.7.5" -d '{"jailbroken":"false","architecture":"arm64","region":"US","app_id":"com.duosecurity.duomobile","full_disk_encryption":"true","passcode_status":"true","platform":"Android","app_version":"3.49.0","app_build_number":"323001","version":"11","manufacturer":"unknown","language":"en","model":"Pixel 3a","security_patch_level":"2021-02-01"}' | jq -j .response)
+
+# Parse DUO hotp_secret and customer_name
+CUSTOMER=$(jq -j .customer_name <<< $RESPONSE)
+SECRET=$(jq -j .hotp_secret <<< $RESPONSE | base32)
+SECRET=${SECRET//[=]/}
+
+# Generate OTPAUTH QR Code and Bypass Codes
+qrencode "otpauth://hotp/${CUSTOMER}?secret=${SECRET}&issuer=DUO&counter=1" -t ANSI
+echo "Key: ${SECRET}\n\nWarning: Only HOTP (not just TOTP) applications are supported, such as Google Authenticator.\nUse the following one time codes to bypass DUO if you lose access to your device:"
+oathtool $SECRET -b -w 10