Skip to content
/ authy-decryptor Public
forked from heeeyflo/authy-decryptor

๐Ÿ˜พ Decrypt your precious TOTP secrets from Authy iOS app cache

License

MIT license
0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

9021007/authy-decryptor

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

6 Commits
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
decrypt.mjs
decrypt.mjs
ย 
ย 

Repository files navigation

Authy Keychain Decryptor

After discontinuation of Authy Desktop app, it is no longer possible to neither access nor export your 2FA tokens on desktop.

This script makes it possible to partially (around 90% in my case) extract your tokens from cached data of the Authy iOS app, on macOS or iOS.

The previous author wrote it for themselves in about an hour, so it's far from perfect, but should work. I improved it slightly by having it output in BitWarden format, and adding support for some changes to the Authy internal files.

Step 1 โ€“ Locate cached keychain

What we are looking for is an encrypted keychain file in iOS Storage Container.

You can use this command to find the right Container, using Python:

import os
for root, dirs, files in os.walk("/Users/MYUSERNAME/Library/Containers"):
    for d in dirs:
        if "fsCachedData" in os.path.join(root, d) and "com.authy" in os.path.join(root, d):
            print(os.path.join(root, d))

Otherwise, you can search for the keychain file manually:

  1. In Finder, go to your home directory, then to Library/Containers/.
  2. Look for directories with UUID names like A8A8A8A8-A8A8-A8A8-A8A8-A8A8A8A8A8A8.
  3. In each directory, look for Data/Library/Caches/com.authy/fsCachedData folder.
  4. If you find such a folder, look for a file with JSON content and authenticator_tokens key in it.

If you are doing this on a live (jailbroken) iOS device:

  1. Launch Filza
  2. Press the Star button on the bottom
  3. Press "Apps Manager"
  4. Select "Authy"
  5. Go to Library > Caches > com.authy > fsCachedData
  6. Press "Edit"
  7. Select all files
  8. Press "More"
  9. Press "Create Zip"
  10. Press on the "i" next to the zip file
  11. Press the Share icon in the upper right
  12. Press "QuickLook"
  13. Press the Share icon in the upper right
  14. Airdrop to your Mac
  15. Inspect the files for JSON with authenticator_tokens

Step 2 โ€“ Decrypt keychain

First, audit the decrypt.mjs script contents. There should be no large strings, network requests, or anything else suspicious. The original script is throughly commented and should be easy to understand.

Then, run the script with the path to the keychain file as an argument:

cat ~/Library/Containers/.../00000000-0000-0000-0000-000000000000 | BACKUP_KEY="your-cool-bACKup-KEY" node decrypt.mjs

You should now see your Authy tokens decrypted in the console, and a new file called authyout.json, which you can import into BitWarden of KeePassXC.

About

๐Ÿ˜พ Decrypt your precious TOTP secrets from Authy iOS app cache

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • JavaScript 100.0%