Support for TOTP (Google Authenticator) secret bruteforcing #613

Open
lawgrjnolmolgrfm opened this Issue Nov 24, 2016 · 0 comments

Comments

Projects
None yet
2 participants
@lawgrjnolmolgrfm

lawgrjnolmolgrfm commented Nov 24, 2016

Please add supporto for TOTP secret bruteforcing.

Actually the main part of the algoritm is simply an hmac('secret_seed', 'int_of_time_frames_since_epoch')

A very good descriptionf of the algorithm can be found here:

https://garbagecollected.org/2014/09/14/how-google-authenticator-works/

The attack should guess the secret given a known past One Time Password and its time frame:

Example:

$ oathtool -b NBSWY3DP --totp
061817
$ date +%s
1479986013

Given 061817 and 1479986013 (which is 49332867 thirty seconds windows since epoch), hashcat should be able to recover NBSWY3DP that is the base32 value of 'hello'.

While most implementation use strong, randomly generated secrets it happened to me a few times that someone implemented it with short, small charset secrets (8-10chars, lowercase only et similar)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment