The Microsoft Authenticator doesn’t have an option to export the TOTP secret. We have to help ourselves.
🚧 Requirements
- Android Studio or rooted device
sqite3adb- Microsoft account with activated TOTP authentication
⚙️ Setting up
↩️ You can skip the settings section if you have a rooted device.
- In android studio create a new virtual device with the Google API image. You can follow the official docs.
⚠️ Increasing the internal storage (a few GB) is recommended during the creation of a new virtual device to prevent an issue with full device storage.
- Launch the newly created virtual device and install the Microsoft Authenticator app via the Aurora Store app.
- Log in to your Microsoft account via the Microsoft Authenticator.
📤 Exporting database
- Change working directory to
/tmp.
$ cd /tmp
- Restart
adbdwith root permissions.
$ adb root
restarting adbd as root
- Copy the internal database of Microsoft Authenticator from the virtual device to your computer.
$ adb pull /data/data/com.azure.authenticator/databases/PhoneFactor
$ adb pull /data/data/com.azure.authenticator/databases/PhoneFactor-shm
$ adb pull /data/data/com.azure.authenticator/databases/PhoneFactor-wal
📖 Reading TOTP secret
$ sqlite3 PhoneFactor
SQLite version 3.39.2 2022-06-25 00:00:00
Enter ".help" for usage hints.
sqlite> select username, oath_secret_key from accounts;
contact.at.rootty.dot.pw|t0tps3cr3tsha1d1g1ts6int3rv4al30
💰 Bonus
There are several other ways to get TOTP secret from a Microsoft account:
- Recreate the “Authenticator app” sign-in method via Microsoft account settings. Instead of scanning the QR code with the Microsoft Authenticator app, you can use a different app that supports the export of the TOTP secret.
- Export database with a custom recovery such as the TWRP.
- Import the Microsoft Authenticator database via Aegis Authenticator (root access required).
- and more…