BMS/Secure-IT Token OATHController.
src/OATHController.cs
extracted from uk.co.bmsnotts.mobilesecureit.apk
, which uses the Xamarin platform, with an added command-line interface.
dnSpy
and ILSpy
were used to decompile uk.co.bmsnotts.mobilesecureit.apk/assemblies/MobileSecureIT.dll
.
The passcode used to verify the secret is the 5th, 10th, 15th, 20th, 25th and 30th characters of the secret (zero-indexed).
The method for generating HOTP tokens can be found in OATHController.GenerateHOTPPassword
.
A Python interface to the Secure-IT Token SQLite3 database can be found in bms_token.db
.
The database can be found in the following location on Android:
/data/data/uk.co.bmsnotts.mobilesecureit/files/LocalDB.db3
A graphical interface can be found in bms_token.gui
and run using:
python -m bms_token.gui
A command-line interface is also provided:
python -m bms_token.cli
To use the C# command-line interface, compile the modified source.
Compile src/OATHController.cs
with Mono:
mcs OATHController.cs
mono OATHController.exe <gen|verify> <secret> <iteration|passcode>
-
gen
: generate token for secret at index iteration (negative for range) -
verify
: verify passcode for the specified secret
A Python wrapper (requires pythonnet
) for the C# classes is found in bms_token.controller.wrapper
.
Compile src/OATHController.cs
with Mono as a library:
mcs -t:library OATHController.cs
Then copy the built DLL to bms_token/controller/wrapper/bin/
.
The Python package bms_token
is licensed by the GPL-3.0.
All source code in src
is derived from libraries found in uk.co.bmsnotts.mobilesecureit.apk
, with an added BMSToken
class to provide a command-line interface.
Secure-IT Token = https://play.google.com/store/apps/details?id=uk.co.bmsnotts.mobilesecureit
dnSpy = https://github.com/dnSpy/dnSpy