This is a little script I put together after I reverse engineered the Duo 2FA Mobile App and figured out how their auth flow works. This can be ported into probably a useful desktop app or chrome extention and can probably be used to write bots for MIT Services that require auth.
Install stuff,
pip install -r requirements.txtGrab the text from the QR code, it is the format: XXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
On Linux, you may use the following command that will automatically parse it from a saved qr code image.
You must save the image as qr.png.
sudo apt-get install zbar-tools
zbarimg qr.png | sed 's/QR-Code:duo:\/\/\(.*\)/\1/'Then, replace XXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY with your text, and run:
./duo_activate.py XXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYIf everything worked you can then generate a code by running:
./duo_gen.pyWarning: These are HOTP tokens and generate codes increments a counter. If you get too far out of sync with the server it will stop accepting your codes.
./duo_export.pyExport the duo hotp secret as a QR code for inclusion in third-party hotp apps like freeotp.
