Oathtool -d6 -b -totp -v SS3MEAKIBPSZYOI5NAOQHE2WDQYUXM3Z #. Oathtool -d6 -b -totp SS3MEAKIBPSZYOI5NAOQHE2WDQYUXM3Z # 6-digit code You can use oathtool to generate the same OTP codesĪs would be produced by the official VIP Access apps: You will need the ID to register this credential: VSMT22195338 This credential expires on this date: T14:13:21.891Z Otpauth://totp/VIP%20Access:VSMT22195338?issuer=Symantec&algorithm=SHA1&secret=SS3MEAKIBPSZYOI5NAOQHE2WDQYUXM3Z&digits=6&period=30 Now you should be able to run vipaccess with no issues: # vipaccess provision -t VSMT -p To resolve this, install the libxml2-dev and libxslt1-dev two libraries: apt-get install libxml2-dev libxslt1-dev When running the vipaccess command, I got the following error: ImportError: libxslt.so.1: cannot open shared object file: No such file or directory Successfully installed lxml-4.2.5 oath-1.4.3 pycryptodome-3.6.6 python-vipaccess-0.3.1 Running setup.py install for python-vipaccess. Installing collected packages: lxml, oath, pycryptodome, python-vipaccess Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from python-vipaccess=0.3.1) pip3 install Ĭollecting lxml=4.2.5 (from python-vipaccess=0.3.1)Ĭollecting oath>=1.4.1 (from python-vipaccess=0.3.1)Ĭollecting pycryptodome=3.6.6 (from python-vipaccess=0.3.1) Now we can download and install Dan’s python-vipaccess application. Sudo apt install python3-pip # Install pip (package manager) Sudo apt install python3 # Install Python 3 if not already installed Stepsįirst, we need Python 3: sudo -s # Being lazy, saves having to type sudo in front of everythingĪpt update # Ensure we’re going to get the latest version of packages Creating a QR code is a “nice to have” (I only have to type in those 32 letters once, so I did without that).Ĭrozap’s and Dan’s software does the clever bit of creating the TOTP credential from the Symantec VIP credential.Īs described above, I’m doing this on a Raspberry Pi 2B which was update to date as of 30th May 2019. TOTP credentials are usually 32 letters, often represented as a QR code. VIP credentials start with 4 letters and then 8 digits. When you initialise Symantec VIP, it generates a new random credential, but not one compatible with TOTP. To add a new credential to a TOTP app we therefore need a compatible credential. The 6 digit codes that get generated by authenticator apps are created based on 2 factors: the current time (obviously) and a credential. The instructions provided by Dan are pretty straightforward, but I hit a missing dependency that was required to make it work on my RPi 2B. Symantec VIP is actually just a layer over TOTP and thanks to a clever bit of work by Dan Lesnki (in turn forked from Cyrozap’s project) it’s possible to do away with the Symantec VIP application and use a “standard” TOTP app, such as Google Authenticator or Authy. So, what’s the problem? I resent having a “special” Symantec app on all my devices because, ultimately this is just a layer over the standard Time-based One Time Password (TOTP), as used by Google Microsoft, Facebook and countless others. (Why pseudo-two-factor? Because the code is generated from a secret, it’s really just a fancy password.) This is an example of pseudo-two-factor authentication: I have my password, something I know, as the first factor and something I have, the app that generates the code, as the second factor. When logging in to the system, I have to run the app to get the 6 digit code and then type it in, along with a username and password. For those that haven’t come across this before the app displays a 6 digit numeric code that changes every 30 seconds. Occasionally, I need to log in to a system that requires the use of a Symantec VIP code.
0 Comments
Leave a Reply. |