jump to navigation

Google Authenticator without a phone March 20, 2013

Posted by Rich in linux.
add a comment

I’m a fan of Google Authenticator and have it enabled for my Google accounts and use the Android app. However, I have downgraded phones temporarily and no longer have access to my Android phone. But I don’t want to disable Google Authenticator on my accounts just because my phone can’t run a GAuth client.

So I decided to use a desktop client instead. The wikipedia page has some clients, and this simple Java one looks like it will be good for my needs. I haven’t tried it yet, but in order for it to work, it needs my secret key. I could regenerate a new one, but where’s the fun in that?

Although I don’t have my Android phone, I have the SD card and a nandroid backup. From this backup, I can recover the secret key. I followed this very helpful blog post, and here are the commands I used:

  1. Mount the sdcard: pmount /dev/mmcblk0p1
  2. Extract the data directory for Google Authenticator into my current directory: tar xf /media/mmcblk0p1/clockworkmod/backup/2013-03-18.23.39.29_full_visioneng4.2.2JDQ39/data.ext4.tar data/data/com.google.android.apps.authenticator2/
  3. Change to the app’s databases directory: cd data/data/com.google.android.apps.authenticator2/databases/
  4. Open up the sqlite database: sqlite3 ./databases
  5. Display the account information:sqlite> select * from accounts;
    1|me@gmail.com|fe3k4jxozpj3lcl3|0|0|0

And there is my secret key, after the email address as a BASE32-encoded 16-character string. (Names and keys have been changed to protect the innocent.)