B4A Library TOTP (Time-Based One-Time Passwords)

Hello,
this is my first library for Basic4Android, so i am sorry if anything is wrong. I didn't tested everything.
This is a wrapper for this library: https://github.com/wstrange/GoogleAuth

(I had to add the Apache Commons Codec lib too, Which is why it is so big. I will have a look at it to maybe replace it.)

I only needed it to get a TOTP Password from an already existing secret.
But maybe someone else has some other use for it. :)

I removed the QRCode Stuff, as that was just calling the online service from google, and i think sending security relevant data over the internet is not a super good idea, and we have better QR-Code libraries that should also work offline. :)

B4X:
Sub Process_Globals
    Private totp As GoogleAuthenticator
End Sub

Dim pass = totp.getTotpPassword("theTOTPsecret")

Some small more complete example with a countdown like the google authenticator.
B4X:
Sub Process_Globals
    Private secretKey As String = "JBSWY3DPEHPK3PXP"

    Private totp As GoogleAuthenticator
   
    Dim timer1Service As Timer
End Sub

Sub Globals
    Private EditText_secret As EditText
    Private EditText_totp As EditText
    Private EditText_countdown As EditText
End Sub

Sub generateTotp(secret As String)
    Dim key As String = ""
    Try
        key = totp.getTotpPassword(secret)
        EditText_totp.Text = key
    Catch
        EditText_totp.Text = "Invalid Secret"
        Log(LastException)
    End Try
       
End Sub

Sub Activity_Create(FirstTime As Boolean)
    Activity.LoadLayout("main")
   
    EditText_secret.Text = secretKey
   
    timer1Service.Initialize("timer1Service", 1000)
    timer1Service.Enabled = True
       
    generateTotp(secretKey)
End Sub

Sub timer1Service_tick
    Dim timewindow As Long = DateTime.Now / 1000.0
    Dim countDown As Int = 30 - (timewindow Mod 30)
   
    If timewindow Mod 30 = 0 Then
        generateTotp(secretKey)
    End If
   
    EditText_countdown.Text = countDown
End Sub

Sub Activity_Resume

End Sub

Sub Activity_Pause (UserClosed As Boolean)

End Sub

Sub EditText_secret_TextChanged (Old As String, New As String)
    secretKey = New
    generateTotp(secretKey)
End Sub
 

Attachments

  • TOTP.zip
    228.6 KB · Views: 275
Last edited:

sktanmoy

Active Member
Licensed User
Longtime User
Not sure if anyone used this library before but I was trying today. Using the same secret, generated code was working fine (apps like Authy or Google Authenticator) but not using this library.

I've tried totp.getTotpPassword(Secrect) and totp.getTotpPassword2(Secrect, DateTime.Now ) and nothing worked.

Can you please instruct me?
 

beowulf6

Member
Licensed User
Longtime User
Hello,

Thanks for the reply and trying to use it. :)

totp.getTotpPassword(Secrect) should be exactly the same as totp.getTotpPassword2(Secrect, DateTime.Now)
since its doing the exact same thing internally.

I used it personally with a Totp-Secret generated by this the Keepass Plugin: https://bitbucket.org/devinmartin/keeotp/wiki/Home

which worked perfectly fine for me.

Or have you even generated the Totpsecret with the library?

There might also be some time related difference. I am new to the TOTP standard.

Could you also compare the output with this that i found?
http://jsfiddle.net/russau/ch8PK/

its also giving me the same OTP codes as this library.

//Edit: i added some hopefully more complete example that resembles more the google authenticator with its timer
 
Last edited:

sktanmoy

Active Member
Licensed User
Longtime User
Thanks for your quick reply. I found same code as http://jsfiddle.net/russau/ch8PK/ using this library. Other OTP apps get the same code. But this library cannot work with providers like Google/Facebook 2FA. Do I need to user username or something others to get correct code?
 

beowulf6

Member
Licensed User
Longtime User
Hi. Sorry that you seem to have issues.

I just tried my application with the Facebook 2FA, and entered the code into the app (source code above) because i don't have build in a QR-Code scanner yet. :)
And it worked flawless. (no need for username or anything.)

So i am not sure what you are doing differently. (Can you probably tell me what android version you use?)

And if the javascript code on jsfiddle worked for you, i can only guess that there might be some difference in your System Clock.
Are you sure your PC and Android Time is set correctly? Since TOTP is highly dependend on a correctly set time.

You can try my small example application here (see the code at the top. nothing changed, just build into an APK with some simple GUI that hopefully fits):
https://drive.google.com/file/d/0B6-PoXhBY7zcRXlaejdNeXpfeWs/view?usp=sharing

You can enter the secret there, and you should get a new code.
 
Last edited:

sktanmoy

Active Member
Licensed User
Longtime User
Yes, that worked for me. I'll dive more deeply.
Would you mind to test this one?
 

Attachments

  • OTPSimple.apk
    357.4 KB · Views: 190

beowulf6

Member
Licensed User
Longtime User
That application works perfectly fine for me.

I compared it with the javascript one (had to remove the spaces in the secret for the javascript one)
And tested it with facebook 2FA and both were valid.
 
Last edited:

avalle

Active Member
Licensed User
Longtime User
I tested this library and it works fine.
Just noticed that if the generated TOTP contains leading zeros they are not returned, which leads to error if the user simply types the number that appears.

@beowulf6 could you please update the library so that the getTotpPassword method returns the complete TOTP including leading zeros?

Thanks
Andrea
 
Top