Howto: Recover your 2 Factor Authentication Secrets from Google Authenticator

By now most of you have probably already heard about 2 Factor Authentication and are probably using it for some websites, like Google. Also, chances are, if you are on Android device, you are using Google Authenticator app. The problem is: if you change your phones, wipe it, or loose it, you are left with a HUGE HEADACHE trying to recover your codes to re-generate tokens.
To preven that from happening, you have couple of choices:

  1. Re-create your 2FA QR codes and print them out
  2. Root your device and extract secrets so that you could re-create your QR code at a later time.

In this tutorial, I am going to explain how to extract secrets for all your accounts.
Before we begin, I have the following assumptions:

  1. You are using an Android device
  2. Your Android device has been ROOTED
  3. You have Titanium Backup installed (can be found here: Titanium Backup)

All pre-requisites are met? Awesome! Let's get started!

  1. Navigate to the Backup/Restore tab and sarch for Google
  2. In the list of search results, look for Authenticator
    Step 1
  3. Long press on Authenticator until a contextual menu pops up

  4. Find entry titled Explore and tap it
    Step 2
  5. In the next menu, find entry [TABLE] accounts and tap it
    Step 3
  6. In the next menu, select only email, issuer, and secret columns and tap OK
    Step 4
  7. Lastly, tap on Save file locally (for maximum security) or any other application that will store the this information for you
    Step 5

Right now, you ended up with a csv file that contain all the necessary information that is needed to re-generate all entries in your Google Autenticator app.
If you want to generate QR codes, create urls that are in a form of:

otpauth://totp/<email>?secret=<secret>&issuer=<issuer>

and use a service like QR Code Generator to generate your QR codes so that they could be easily scanned into the application!

Hope you find this useful!

Comments