export authy totp codes

getTotps.js

/* base32 */
/*
Copyright (c) 2011, Chris Umbel

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
var charTable = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
function quintetCount(buff) {
  var quintets = Math.floor(buff.length / 5);
  return buff.length % 5 === 0 ? quintets : quintets + 1;
}
encode = function(plain) {
  var i = 0;
  var j = 0;
  var shiftIndex = 0;
  var digit = 0;
  var encoded = new Array(quintetCount(plain) * 8);
  /* byte by byte isn't as pretty as quintet by quintet but tests a bit faster. will have to revisit. */
  while(i < plain.length) {
      var current = plain[i];
      if(shiftIndex > 3) {
          digit = current & (0xff >> shiftIndex);
          shiftIndex = (shiftIndex + 5) % 8;
          digit = (digit << shiftIndex) | ((i + 1 < plain.length) ?
              plain[i + 1] : 0) >> (8 - shiftIndex);
          i++;
      } else {
          digit = (current >> (8 - (shiftIndex + 5))) & 0x1f;
          shiftIndex = (shiftIndex + 5) % 8;
          if(shiftIndex === 0) i++;
      }

      encoded[j] = charTable.charCodeAt(digit);
      j++;
  }
  for(i = j; i < encoded.length; i++) {
      encoded[i] = 0x3d; //'='.charCodeAt(0)
  }
  return encoded.join('');
};
/* base32 end */
function hexToInt(str) {
  var result = [];
  for (var i = 0; i < str.length; i += 2) {
      result.push(parseInt(str.substr(i, 2), 16));
  }
  return result;
}
function hexToB32(str) {
  return encode(hexToInt(str));
}

getTotps = function() {
var totps = [];

console.warn("Here's your Authy tokens:");
appManager.getModel().forEach(function(i) {
  var secret = (i.markedForDeletion === false || !i.secretSeed)  ? i.decryptedSeed : hexToB32(i.secretSeed);
  var totp_uri = 'otpauth://totp/' + encodeURIComponent(i.name) + '?secret=' + secret + '&issuer=' + i.accountType + '&digits=' + i.digits + '&period=10';
  console.group(i.name);
  console.log('TOTP URI: ' + totp_uri);
  var qr_code = 'https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' + encodeURIComponent(totp_uri);
  console.log('QR code: ' + qr_code);
  totps.push({
      name: i.name,
      totpURI: totp_uri,
      qrCode: qr_code
  })
  console.groupEnd();
});

console.log(JSON.stringify(totps));

return totps;
}

They are using non-standard timing, but its not a big deal - it will still work! (usually)
-The OTP codes are generated using the 10 second matrix, but the code is "good" for 20 seconds It's because Authy allows for 3 code skew.

• Because they allow 3 code skew, you can put Authy and your password manager side by side and see them narrowly miss each other or sometimes they're exactly aligned, your milage may vary depending on how exact your clock is.
• If you're synced exactly to NTP, try rolling your clock back 10 seconds. Authy appears to be running about 10 seconds behind (probably intentionally) but anyways, this will usually put you right in the middle of the Authy skew window while not messing with your other apps.
• Screw Authy for not having a standardized export function. Seriously.

I think they changed the formula or something because I've been trying and both 10 and 20 seconds with the private key does not generate a valid code. Tested in website and collected a boat full of codes over time. No bueno.