In [1]:
# You may need to install the « cryptography » module

import os
import time
import codecs
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
from cryptography.hazmat.primitives.hashes import SHA1


In [2]:
# The key should be randomly generated and be at least 128 bits ; it is
# recommended to be 160 bits length (20 * 8). This key MUST be kept secret.
KEY_BITS_LENGTH = 20
key_bits = os.urandom(KEY_BITS_LENGTH)
# The length controls the length of the generated one time password
# and must be between 6 and 8.
length = 6
hotp = HOTP(key_bits, length, SHA1(), backend=default_backend())
hotp_value = hotp.generate(0)
# Raises a InvalidToken if the hotp_value cannot be verified
hotp.verify(hotp_value, 0)

In [None]:
print('hotp_value to find: ', hotp_value)

solution = None

t_start = time.time()
# Brute force time limit
t_end = t_start + 60 * 1
tries_counter = 0

while time.time() < t_end:
    # Random key generation
    _key_bits = os.urandom(KEY_BITS_LENGTH)
    _HTOP = HOTP(_key_bits, 6, SHA1(), backend=default_backend())
    _hotp_value = _HTOP.generate(0)
    
    tries_counter += 1
    
    # Tests this key
    try:
        # It works !
        hotp.verify(_hotp_value, 0)
        solution = _hotp_value
        t_end = time.time()
        break
    except:
        # Not this time...
        pass
    
if solution:
    print('A solution has been found: ', solution)
    #print(codecs.encode(key_bits, 'hex'))
    #print(codecs.encode(solution, 'hex'))
else:
    print('No solution found...')
    
print('Number of tries: ', tries_counter)
print('Time elapsed: %.2f [s]' % (t_end - t_start))

hotp_value to find:  b'675443'
