Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save cameronelliott/f677d8ac937c9d3b28bb0755c4f661ec to your computer and use it in GitHub Desktop.
Save cameronelliott/f677d8ac937c9d3b28bb0755c4f661ec to your computer and use it in GitHub Desktop.
Generate Symantec VIP Access Token as TOTP

Generate Symantec VIP Access Token as OTP

Recently I came across a web service that required two-factor authentication using the Symantec VIP Access App. I already manage all of my OTP tokens in a different app (If you are on iOS I highly recommend using OTP Auth by Roland Moers.) and did not want to have to use yet another app to generate the TOTP.

There is a way to generate a Symantec VIP Access compatible token very easily if you have access to an environment which can run Python PIP. I happen to have Ubuntu Windows Subsystem Linux running on my machine. (If you are running Windows 10 and don't have this you should really check it out.) Let's get started...

hello

Instructions

Here we install python3-pip and qrencode so we can generate our secret, ID, and QR code.

$ sudo apt install python3-pip qrencode

Next we install the python-vipaccess tool from dlenksi's github repo.

 $ pip3 install https://github.com/dlenski/python-vipaccess/archive/HEAD.zip

Now we are going to generate our VIP Access token

 $ vipaccess provision -p -t SYMC

If everything worked correctly you should see the following output.

....
Generating request...
Fetching provisioning response...
Getting token from response...
Decrypting token...
Checking token...
Credential created successfully:
        otpauth://totp/VIP%20Access:SYMC54313423?period=30&digits=6&issuer=Symantec&secret=5YKAUZA4I4RAIJIZBU4KME34XLODWEUX&algorithm=SHA1
This credential expires on this date: 2022-03-14T14:57:31.615Z

You will need the ID to register this credential: SYMC54313423

You can use oathtool to generate the same OTP codes
as would be produced by the official VIP Access apps:

    oathtool -d6 -b --totp    5YKAUZA4I4RAIJIZBU4KME34XLODWEUX  # 6-digit code
    oathtool -d6 -b --totp -v 5YKAUZA4I4RAIJIZBU4KME34XLODWEUX  # ... with extra information

You can enter the TOTP secret just after --totp into your password manager or OTP app or in our case we're going to create a QR code to scan into your OTP app. You should copy and paste the otp auth credential just after Credential created successfully in the previous step now.

$ qrencode -t ANSI256 'otpauth://totp/VIP%20Access:SYMC54313423?period=30&digits=6&issuer=Symantec&secret=5YKAUZA4I4RAIJIZBU4KME34XLODWEUX&algorithm=SHA1'

You should see a QR code on your screen which you can then scan with your OTP app to generate your TOTP codes without ever having to use the Symantec VIP Access app! If you get an error, check to make sure you added single quotes around the otpauth:// string.

Much love for @cryozap for reverse engineering the Symantec VIP Access Provisioning Protocol and to @dlenksi for maintaining the fork.

For more information on the python-vipaccess tool check out the README.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment