Add import from Microsoft Authenticator

[p0358]

Hello, I would be very keen to see such functionality added, it shouldn't be too hard as the format is pretty simple SQLite database, similiar to one of already existing formats for import code.
The database lives in PhoneFactor file, just to make the searching quicker for you.
Microsoft account has a little different format than 3rd party auths with some additional metadata (for MS-specific functionality), but it's also possible to extract the data from it and generate valid codes.

[alexbakker]

Sounds good. Would you like to work on it?

[p0358]

I was planning to get to it for past 2 months and try, even cloned the repo and created the file, but something was always distracting me for the time. Not sure how my coding would fit the codebase either :D

[alexbakker]

That's fine. We're not in a hurry. We don't have a coding style guide written down yet, but you should be able to infer most of it from the surrounding code. The Google Authenticator importer also reads from an SQLite database, so that might be a good example to refer to.

[ulidtko]

Perhaps not exactly the problem stated, but I found a workaround of relevant interest.

Turns out, in 2020 you can QR-enroll Aegis into your Microsoft account under a generic "Authenticator app" method. Here's how. Aim at this page -- https://mysignins.microsoft.com/security-info -- on the uncommon rolls when it loads at all and is happy with all its [expiring in mere minutes] authentication credentials, it will load up a list like this:

Then trivially, click the Add method plus sign, select Authenticator app, choose "I want to use a different authenticator app":

... and finally, scan the QR code and confirm registration with the 6-digit TOTP.

Tested with a business org account.

[p0358]

@ulidtko It's always been possible to add a third party app this way. The point was to import entries from Microsoft Authenticator app, Microsoft accounts and other ones added there. Microsoft accounts have a different entry format, but it's also possible to import them and generate OTP codes for them, pretty much the only difference from the most is that they are 8 digits. Of course something like accepting login requests with accept button would be unavailable then

[ulidtko]

@p0358 well honestly, I didn't even find any "export" function in Microsoft Authenticator app. There is uhhh Export To Cloud only.

So it's not entirely clear what the issue is about... Let's clear that up.

How would the "definition of done" for this issue look like?

• Aegis supports importing Cloud Exports of ms-authenticator, (or?)

• Aegis supports opening the DB file of the other app, using root privileges, (or?)

• There is a convertor service/script/button which turns ms-auth format into standard TOTP format,

• Aegis can generate exactly the same codes as ms-authenticator

• Aegis can generate working codes for Microsoft 2FA sign-in [my workaround is here]

Which ones are meant?

[michaelschattgen]

I'm pretty sure this issue is about these two points:

• Aegis supports opening the DB file of the other app, using root privileges
• Aegis can generate exactly the same codes as ms-authenticator
  (which already is the case)

People use the Microsoft Authenticator app in the same way Aegis is meant to be used; generating 2FA tokens for your online services. Users want to switch from Microsoft Authenticator to Aegis without having to manually reset all of their 2FA accounts one by one. This feature request solves that problem. Aegis already supports importing tokens from other 2FA apps (or file formats) such as andOTP, Google Authenticator, FreeOTP etc. and @p0358 requested to add Microsoft Authenticator to that list.

When we implement this feature in the same way as we added the other apps, Aegis will be able to import codes from the Microsoft Authenticator app itself, which requires root, or by file (which also once required root too).

[JonnyTech]

Will there be a release, which includes this new feature, soon?

[alexbakker]

The next version will be released when it's ready. We don't do ETA's.

[JonnyTech]

Thanks, I manually pulled my key from the PhoneFactor file (one can read it with a text editor, at the end of the file just after your email address) then entered it into Aegis and it worked (just in case anyone else wants to know).

[lucknaumann]

Please excuse my necroing this thread.
@JonnyTech

Thanks, I manually pulled my key from the PhoneFactor file (one can read it with a text editor, at the end of the file just after your email address) then entered it into Aegis and it worked (just in case anyone else wants to know).

Thanks for this information. Where can the PhoneFactor file be found? I have searched the 'Net but have not found an answer.

[JonnyTech]

It is in the data storage folder of Microsoft Authenticator: from memory something like /data/data/com.microsoft.authenticator/something/phonefactor. You can get to it with a file manager (assuming that you have root access on your device) or from custom recovery such as TWRP.

[JonnyTech]

From file MicrosoftAuthImporter.java:
/data/data/com.azure.authenticator/databases/PhoneFactor

[lucknaumann]

From file MicrosoftAuthImporter.java:
/data/data/com.azure.authenticator/databases/PhoneFactor

@JonnyTech Hey, thanks for the response! Unfortunately, my device is not rooted. 😞 Fortunately, I don't have many accounts associated with Microsoft Authenticator. 😄