[RADIATOR] How to generate a Google Authenticator code with the corresponding hex code

Heikki Vatiainen hvn at open.com.au
Mon Jun 20 10:28:44 CDT 2011 

On 06/17/2011 10:28 PM, Adwim Kalfsterman - AKSI Automatisering bv wrote:

> I'm using the AUTHSQLHOTP module to support Google Authenticator
> clients on a smartphone.
> 
> As a sample the Google Auth. code 'aaaaaaaaaaaaaaaaaaaa' is given and
> in the SQL database a hex code of 40 zero's (eg.
> 0000000000000000000000000000000000000000) should be stored to get it
> working.

>From RFC 3548 you can see that A is 0. That is, one A is 5 zero bits.
Note that encoding is case insensitive.

If you were to add to database this
F800000000000000000000000000000000000000 as the secret to the database,
the corresponding key that is entered in "Enter key" dialog is
7aaaaaaaaaaaaaaaaaaa. The Google app seems to pad with zeroes, so you do
not need to enter the rest of the 32 letters.

Also, the google client accepts space or dash as a separator, so you can
use this instead: 7AAA AAAA AAAA AAAA AAAA

In other words: F8 00 ... in hex is 1111 1000 0000 0000 ... in bits
which can be grouped to 11111 00000 00000 00000 ....  This is 7 A A A
... in base 32.

> This combination does indeed work, but I can't find out any other
> combination (you should use rfc 3548 with base32 encoding).
> 
> When I generate a Google Authenticator code how can I find out what
> hex code should be stored in the SQL database?

Try the code snippet below. It should generate the correct codes from
input that is 40 hex chars long.

Using the examples in goodies/hotp.sql as input, the output should be this:

3132333435363738393031323334353637383930
                                                           GEZD GNBV
GY3T QOJQ GEZD GNBV GY3T QOJQ

d8f828609e0f4056f852e4c9d75605099f483e20
                                                           3D4C QYE6
B5AF N6CS 4TE5 OVQF BGPU QPRA

b906daef6d002ec6cc89106df25f8268ce28f95e
                                                           XEDN V33N
AAXM NTEJ CBW7 EX4C NDHC R6K6

0000000000000000000000000000000000000000
                                                           AAAA AAAA
AAAA AAAA AAAA AAAA AAAA AAAA



Here is the code. It needs MIME::Base32 from CPAN.

#!/usr/bin/perl
# hex2base32.pl
# Convert hex string to Base32

use strict;
use warnings;
use MIME::Base32 qw(RFC);

die "usage: $0 hexstring" unless defined $ARGV[0];

my $hex = $ARGV[0];
my $base32 = MIME::Base32::encode(pack("H*", $hex));

$base32 =~ s/(.{4})/$1 /g;  # Add spaces
$base32 =~ s/ $//;          # Remove trailing space

print $base32 . "\n";


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list