Google Authenticator secret extractor

Note: This project and I are in no way affiliated with Google.

This lets you decode the URI generated by Google Authenticator.

Guide

Prerequisites:

Getting the secret keys:

Open the Google Authenticator app.
Click Settings (three dots, top right), and Transfer accounts.
Select Export accounts.
Authenticate, if prompted.
Select the accounts you want to export (default is all).
Click Next, and capture a picture of the QR code.
- Note: Screenshots are disabled by the app. Use your laptop webcam, a digital camera or another phone.
Click Next, and repeat step 6 for all QR codes shown (if you have many accounts).
Decode the QR codes to obtain the otpauth-migration://offline?data=... URI.
Clone/Download this repository.
Run npm install.
For generating json runnpm run start, for generating qr-codes run npm run start:qrcode.
Enter the URI when prompted
If you chose json and you want to save the output, enter y and accounts.json

Prerequisites:

Build the docker image locally:

docker build . --tag google-authenticator-exporter:0.0.1

Decode an obtained QR code URI:

docker run -it --rm google-authenticator-exporter:0.0.1

Enter the URI when prompted
Since you haven't mounted a volume, you cannot save the output using the above command, so leave the next questions empty (hit Enter).
The output to json will be printed out to terminal.

I found the protobuff code in https://github.com/beemdevelopment/Aegis/pull/406/files. The opensource Google Authenticator does not seem to have this yet (5th May 2020): google/google-authenticator-android#118.

The Base32 format is specified in https://tools.ietf.org/html/rfc3548. There are multiple ways to implement Base32.