Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ ga_export Public

Extract TOTP/HOTP secrets from Google Authenticator export QR code images and write them to files.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cthackers/ga_export

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ga_export.py
ga_export.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ga-qr-secrets-export

Extract TOTP/HOTP secrets from Google Authenticator export QR code images (otpauth-migration://...) and write them to files.

This tool is meant for account migration / backup into other authenticators or password managers that accept:

  • Base32 secrets
  • otpauth:// URLs
  • CSV imports

⚠️ Security warning: The output contains your MFA secrets. Treat it like a password vault export:

  • run on a trusted machine
  • keep files encrypted
  • do not commit output files to git
  • wipe screenshots and exports after you’ve migrated

What it does

Given a folder of GA export QR screenshots/photos (typically multiple QR codes if you have many accounts), it:

  1. Reads QR codes from images using zbarimg
  2. Extracts the data= payload from otpauth-migration://offline?data=...
  3. URL-decodes + Base64-decodes the payload
  4. Parses Google’s protobuf MigrationPayload
  5. Writes:
    • ga_secrets.csv (issuer, name, type, digits, algorithm, secret, otpauth url)
    • otpauth_urls.txt (one otpauth:// per line)

It also deduplicates accounts across batches (in case you scan overlapping QR codes).

Repo contents

  • ga_export.py — main script
  • requirements.txt — Python dependencies

External dependencies

1) System dependency: ZBar (zbarimg)

You need zbarimg available in your PATH.

Fedora / RHEL:

sudo dnf install zbar

Debian / Ubuntu:

sudo apt-get install zbar-tools

Arch:

sudo pacman -S zbar

Verify:

zbarimg --version

2) Python dependency: protobuf

Install via pip:

pip install -r requirements.txt

Recommended: use a virtualenv.

Usage

Put all your GA export QR images into a folder (e.g. ./exports/).

Run:

python3 ga_export.py ./exports

By default it scans *.jpg and writes:

  • ga_secrets.csv
  • otpauth_urls.txt

Change file pattern

If your screenshots are PNG:

python3 ga_export.py ./exports --pattern "*.png"

Custom output paths

python3 ga_export.py ./exports -o my_secrets.csv --urls my_urls.txt

How to create the QR exports (Google Authenticator)

On the phone that has your codes:

  1. Open Google Authenticator
  2. Tap Transfer accounts
  3. Export accounts
  4. Capture every QR code shown (it may be “1 of N”, “2 of N”, …)

Export often spans multiple QR codes when you have many accounts.

Output format

CSV (ga_secrets.csv)

Columns:

  • issuer
  • name
  • type (totp or hotp)
  • algorithm (usually SHA1)
  • digits (6 or 8)
  • secret_base32
  • counter (only relevant for HOTP)
  • otpauth_url

URLs (otpauth_urls.txt)

One otpauth://... URL per line, suitable for generating QR codes or importing into tools that accept URLs.

Notes / Limitations

  • This tool parses Google Authenticator’s export format (otpauth-migration://...).
  • If an image contains no readable QR, it’s skipped.
  • Works best with crisp screenshots (not blurry photos).

License

MIT

About

Extract TOTP/HOTP secrets from Google Authenticator export QR code images and write them to files.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages