diff --git a/README.md b/README.md index 66a117e..e056776 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,44 @@ -# duo-mobile-workaround -Cisco DUO Mobile App OTP Workaround +# duo-workaround +Script to generate valid HOTP key from DUO Security credentials allowing use of 3rd party and open source authentication applications such as Google Authenticator. An automatic installer, along with a online version is currently in progress. + +## Install: +An automatic install script is in progress, for the time being, this manual process is required. +1. Install dependencies using apt-get or homebrew + - jq + - coreutils + - qrencode + - oath-toolkit +2. Place the `duo-workaround` script in the `/usr/local/bin/` folder. +3. Make sure the file is executable with the following terminal command: +```bash +chmod +x /usr/local/bin/duo-workaround +``` + + +## Setup: +1. Install `duo-workaround` +2. Navigate to your DUO Security Portal +3. Login with your current DUO 2fa method +4. On your device management screen, select `+ Add another device` +Screenshot 2022-09-26 at 12 51 56 AM + +5. Select `Tablet` +Screenshot 2022-09-26 at 12 47 44 AM + +6. Select `Android` +Screenshot 2022-09-26 at 12 48 00 AM + +7. Select `I have DUO Mobile installed` +Screenshot 2022-09-26 at 12 48 22 AM + +8. Right Click the QR Code and copy the image URL +Screenshot 2022-09-26 at 12 49 43 AM + +9. In terminal type the following and press 'Enter' (replace the URL with the URL you copied) +```bash +duo-workaround 'https://api-12345678.duosecurity.com/frame...' +``` +![SCR-20220926-1hx](https://user-images.githubusercontent.com/25465133/192225295-545c1a31-fcf9-4a2d-b212-281c2f4ce324.png) + +10. Open your HOTP app of choice (Such as Google Authenticator) and scan the QR Code. +11. Done! The OTP codes within you HOTP app should be in sync with DUO. You may need to press the refresh button to update the code. diff --git a/duo-workaround b/duo-workaround new file mode 100644 index 0000000..2427406 --- /dev/null +++ b/duo-workaround @@ -0,0 +1,27 @@ +#!/bin/sh +x + +# duo-workaround +# +# Script to generate valid HOTP key from DUO Security credentials allowing +# use of 3rd party and open source authentication applications. +# +# Dependacies: +# - jq - coreutils - qrencode - oath-toolkit +# +# Created by Nils Streedain on 9/25/22. + +# Remove characters before (and including) '=' in QR code URL +API_PARAMS=${1#*=} + +# Parse hostname from image URL and retrieve HOTP credentials from DUO API +RESPONSE=$(curl -s POST "${1%%frame*}push/v2/activation/${API_PARAMS%-*}?customer_protocol=1" -H "User-Agent: okhttp/2.7.5" -d '{"jailbroken":"false","architecture":"arm64","region":"US","app_id":"com.duosecurity.duomobile","full_disk_encryption":"true","passcode_status":"true","platform":"Android","app_version":"3.49.0","app_build_number":"323001","version":"11","manufacturer":"unknown","language":"en","model":"Pixel 3a","security_patch_level":"2021-02-01"}' | jq -j .response) + +# Parse DUO hotp_secret and customer_name +CUSTOMER=$(jq -j .customer_name <<< $RESPONSE) +SECRET=$(jq -j .hotp_secret <<< $RESPONSE | base32) +SECRET=${SECRET//[=]/} + +# Generate OTPAUTH QR Code and Bypass Codes +qrencode "otpauth://hotp/${CUSTOMER}?secret=${SECRET}&issuer=DUO&counter=1" -t ANSI +echo "Key: ${SECRET}\n\nWarning: Only HOTP (not just TOTP) applications are supported, such as Google Authenticator.\nUse the following one time codes to bypass DUO if you lose access to your device:" +oathtool $SECRET -b -w 10