Skip to content

r2dev2/OneFactorAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.github/workflows
.github/workflows
 
 
onefactorauth
onefactorauth
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
format
format
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

OneFactorAuth

A tool to bypass 2 factor authentication.

one_fa_demo.mp4

Usage

Installation

python3 -m pip install onefactorauth

Setup

  1. Go to https://receivesms.cc/sms/ and choose a phone number
  2. Run 1fa config -p <phone_number> (ex: 1fa config -p 31616099881)
  3. Register the phone number under your account for 2 factor authentication
  4. Go to https://receivesms.cc/sms/<phone_number> (ex: https://receivesms.cc/sms/31616099881) to see the text message
  5. Complete the setup of this phone number in your account settings
  6. Take note of the pattern of the message, eg. how it is structured, where the code is

Invoking

$: 1fa code --help

usage: 1fa code [-h] [-c] [-t TIMEOUT] [-p PATTERN] [-m MAX_TIME]

Get 1fa code

options:
  -h, --help            show this help message and exit
  -c, --clipboard       copy to clipboard
  -t TIMEOUT, --timeout TIMEOUT
                        timeout (s)
  -p PATTERN, --pattern PATTERN
                        regex pattern for passcode
  -m MAX_TIME, --max-time MAX_TIME
                        maximum age of the sms code msg (min)
  • pattern for the passcode should have one capture group with the code
    • ex: messages are like SMS p***codes: 93209
      • pattern of SMS p\*\*\*codes: (\d+)
    • ex: messages are like Your Uber code is 43890
      • pattern of Uber code is (\d+) (partial matches are acceptable)
  • bind 1fa code --pattern='code is (\d+)' --clipboard to a keybind
    • windows: use winhotkey
    • macos: automator or icanhazshortcut
    • linux: depends on your desktop environment, there's something in the built in settings for gnome and xfce
      • my binding: super+u: 1fa code --timeout=3 --clipboard && notify-send -i system-lock-screen -t 1 'UCLA Duo' 'Copied!' || notify-send -i system-lock-screen -t 1 'UCLA Duo' 'Oopsie woopsie'

How

It uses https://receivesms.cc/sms/ to receive and scrape texts for your text passcode

Why

UCLA makes me 2fa every time I wanna log into my portal. No one's trying to hack my BruinBill, UCLA, just lemme use my account. I have 2fa setup for GitHub and Discord which are likelier targets for hacking and neither of them ask me for 2fa on every login.

License

Do WTF You Want To Public License

Developers

Developed by Ronak Badhe (r2dev2)

About

A tool to bypass 2 factor authentication.

Topics

python web-scraping wtfpl two-factor-authentication one-factor-auth

Resources

Readme

License

WTFPL license
Activity

Stars

11 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 2

v0.1.1 Latest
Nov 12, 2022
+ 1 release

Packages

No packages published

Languages