2FA bypasser app

martonmiklos · 4 December 2021 17:39

Growing number of sites (my bank, etc.) offers 2FA where they send an SMS with the OTP login code.

Manually entering the codes every time is quite cumbersome. I was wondering about creating a service like app to the phone which would check the incoming messages and if they match the patterns then the OTP code will be extracted.

For the PC I would create a small tool/script which could SSH to the phone ask for the last OTP code and put it the clipboard.

Did anyone know about application for similar purposes?

Is there any guidance/hint how to “subscribe” to the SMS reception on SFOS?

ApB · 4 December 2021 19:30

Wouldn’t that be solved with copy paste in the SMS app (part of the sms i mean, not the whole thing)

martonmiklos · 4 December 2021 19:40

Wouldn’t that be solved with copy paste in the SMS app (part of the sms i mean, not the whole thing)

Maybe I was misunderstood-able: I use my desktop PC for these tasks (the SFOS browser is not capable to work with these websites). So my intention is to extract the OTP codes from the received SMSs and retrieve it via SSH. (I would like to avoid touching my phone in these scenarios.)

simonschmeisser · 4 December 2021 20:27

you should be able to access your incoming messages on the desktop with kde-connect

gabrielg · 5 December 2021 09:53

Wouldn’t automating this process make its existence unjustifiable in the first place? “I don’t want to have to turn my house key every-single-time, so I’ll automate the the key-turning action”

vesa.s · 5 December 2021 14:52

How about dedicated SIM card and mobile USB stick to computer? Then your banking access is not tied to your phone.

jollajo · 6 December 2021 08:47

I have a couple of scripts running on my Linux PC and ssh to the phone to read the latest SMS and parse the OTP for the main services I use.

Here’s how I do it
Main script, that executes sms reader (see below) on phone and parses SMS text on PC:

#!/bin/bash

MSG=$(cat ~/bin/readOtpFromXA2.sh | ssh xa2usb)
if echo $MSG | grep -q "^Your PingID authentication code is:"
then
  echo "got PingID"
  OTP=$(echo "${MSG}" | rev | cut -d ' ' -f 1 | rev)
elif echo $MSG | grep -q "^Your OTP Code:"
then
  echo "got Entitlement OTP"
  OTP=$(echo "${MSG}" | cut -d ' ' -f 4)
elif echo $MSG  | grep -q "Verwenden Sie diesen Code für die Überprüfung von Microsoft.$"
then
  echo "Microsoft OTP"
  OTP=$(echo $MSG | head -c 6)
elif echo $MSG  | grep -q "Use this code for Microsoft verification$"
then
  echo "Microsoft OTP"
  OTP=$(echo $MSG | head -c 6)
elif echo $MSG  | grep "^Use verification code" | grep -q "for Microsoft authentication."
then
  echo "Microsoft OTP"
  OTP=$(echo $MSG | cut -d ' ' -f 4 )
elif echo $MSG  | grep "^Verwenden Sie den Prüfcode" | grep -q "die Microsoft-Authentifizierung"
then
  echo "Microsoft OTP"
  OTP=$(echo $MSG | cut -d '"' -f 2 )
else
  kdialog --passivepopup "Unknown message pattern: \n$MSG"
  exit
fi

echo "${OTP}" | xclip -selection c \
  && kdialog --passivepopup "OTP: $(xclip -o -selection c)" 3

Extracting latest SMS ~/bin/readOtopFromXA2.sh:

#! /usr/bin/env bash

MSG=$(sqlite3 /home/nemo/.local/share/commhistory/commhistory.db "select freetext from events order by id desc limit 1;")
MSGID=$(sqlite3 /home/nemo/.local/share/commhistory/commhistory.db "select id from events order by id desc limit 1;")
sqlite3 /home/nemo/.local/share/commhistory/commhistory.db "update events set isRead = 1 where id = $MSGID;"
echo $MSG

martonmiklos · 6 December 2021 22:03

Thanks man!

I am glad that I am not alone with this problem/idea combo

I modified to fit my banks SMSs and now I am very satisified with the result!
Thanks again!