No description, website, or topics provided.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

FreeOTP Decoder

Decodes the tokens preference file from FreeOTP for Android.

Outputs tokens as "Name: URI".

URIs are designed to support the Google Authenticator format:


Using this script is a terrible idea. It will expose your one-time-password secrets, which can be used to generate codes to pass two-factor authentication checks.

This whole process should only be attempted on a secure machine with an encoded disk. Care should be taken to redirect output and/or clear scrollback.


  • PHP 5.4+
  • PHP SimpleXML extension (enabled by default)


Before running the decoder you must get and extract a backup file of your FreeOTP data. The most direct way is to use the Android Debug Bridge (adb).

The general command for backup is adb backup -f ~/freeotp.ab -noapk org.fedorahosted.freeotp

The commands to extract are dd if=freeotp.ab bs=1 skip=24 | openssl zlib -d | tar -xvf - or dd if=freeotp.ab bs=1 skip=24 | python -c "import zlib,sys;sys.stdout.write(zlib.decompress(" | tar -xvf -

The files will be extracted into the subdirectory apps/org.fedorahosted.freeotp

Detailed instructions are available at


php decoder.php /path/to/apps/org.fedorahosted.freeotp/sp/tokens.xml


This script is released under the same Apache License, Version 2.0, as FreeOTP and Google Authenticator