-
Notifications
You must be signed in to change notification settings - Fork 0
kirillkh/hotp
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This repository contains 4 related projects:
1. An OTP (one-time password) generator for logging into HUJI servers (and perhaps other servers that use the same OTP mechanism) for JavaSE based on a reverse-engineered JavaME app.
2. The reverse-engineered JavaME app with modifications that allow to increment/decrement the counter which is used by the OTP algorithm.
3. Shell scripts + SSH configuration for automating OTP generation during SSH and SSHFS login.
4. Firefox extention for logging into Moodle.
Usage:
hotp init <pin> <source_jad> [conf]
creates conf with data from source_jad and with the specified pin.
hotp [make [-i] [conf]]
generates the OTP
If -i is passed, increments the counter.
hotp show <"curr"|"orig"> [conf]
prints either current, or original counter value.
hotp set <counter> [conf]
resets the counter in the conf file to the specified value.
hotp inc [-np] [conf]
increments the counter in the conf file and prints it after incrementing.
If -np is passed, doesn't print the new counter.
If no conf file is specified, the $HOME/.hotp.conf file will be used.
--------------------------------------------------------------------------------------------------------
What is it good for?
1. Install it on your home machine/laptop, generate passwords and copy-paste them, when prompted.
2. Pipe its output to a program that would place the password to the clipboard and then bind it to a hotkey (I tried doing it from Java, but it didn’t work well).
3. Automatically feed its output to Firefox, when logging into the CS websites.
4. Automatically feed its output to ssh, when logging into the university account.
5. Mount your campus user directory to your home machine with sshfs: manually or from /etc/fstab.
To achieve (2)-(5), additional work is required. I have been able to solve (4) and (5) through scripts. (3) can be achieved with a Firefox extension. When we have all of (3)-(5), the cell phone will no longer be needed (except rare cases). Upd: all of this has been achieved, with exception of 2nd.
The program, as it is, will work on any system that supports Java SE.
--------------------------------------------------------------------------------------------------------
Setup instructions
1. First, let’s discover the parameters for the program. The only way to do that is to download the JAD (its configuration file). After you fill out and submit the form, you will receive an SMS with the link to download the JAD file.
2. Decide, where you’ll be keeping your configuration file (look at the program’s usage, posted above, to see the options; I prefer to keep it in ~/.hotp.conf). Copy the file to that path.
3. Init the program with “java -jar hotp.jar init <pin> <source_jad> [target_conf]“. This will create the <target_conf> file, which will store all settings from the given JAD and your pin.
4. Only you should be able to access the file. Otherwise other users of your machine will be able to generate your passwords. In Linux:
chmod 600 ~/.hotp.conf
5. If you intend to continue using your cell phone (probably a good idea at this stage), follow the instructions to install the application on your phone. You have to use the same JAD, don’t download another one from the site. The reason is that each JAD generated by the site has a random key and a random counter, so with the new JAD your phone will generate different values than the PC version.
6. Otherwise, do the following:
6.1. grep Notify <jad>
6.2. Paste the link in the output to your browser and hit enter. This makes the OTP system at HUJI activate the new settings (which include the counter, the pin and a random 256-bit key).
7. Test that all is well:
7.1. If you reinstalled the app on your cell phone, generate a new OTP on both. They should be equal.
7.2. Log into a HUJI facility (web account or telnet/ssh) with the generated OTP.
--------------------------------------------------------------------------------------------------------
SSH setup instructions:
1. install program called 'expect'
2. cd <hotp source tree>
3. cp -r ssh/* ~/.ssh/ && chmod -R go-rwx ~/.ssh
4. cp <path to hotp.jar> ~/.ssh/otp/
5. customize variables in otp/init_ssh.sh
Usage: ssh <USER>@huji
--------------------------------------------------------------------------------------------------------
SSHFS setup instructions:
1. Add this line (without quotes, replace every <TAG> with its correct value) to /etc/fstab: "sshfs#<REMOTE_USER>@huji:/cs/stud/<REMOTE_USER> <MOUNT_POINT> fuse defaults,sshfs_debug,sshfs_debug,compression=yes,user,uid=<LOCAL_USER_ID>,gid=<LOCAL_GROUP_ID>,noauto,ssh_command=/home/<LOCAL_USER>/.ssh/otp/init_sshfs.sh 0 0"
Usage: execute "mount <MOUNT_POINT>" as your own user (NOT as root)
2. The above gives you access to your home directory. You can duplicate the above line, replacing "/cs/stud/<REMOTE_USER>" with other paths to gain access to other directories, such as:
- /cs/+/stud/<REMOTE_USER> - your additional space
- / - root filesystem
--------------------------------------------------------------------------------------------------------
DISCLAIMER: to my knowledge, there is no obstacle for publishing or using this code, as the original app did not specify any distribution conditions.
About
reverse-engineered OTP generator
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published