Generate Symantec VIP Access Token as OTP
Recently I came across a web service that required two-factor authentication using the Symantec VIP Access App. I already manage all of my OTP tokens in a different app (If you are on iOS I highly reccomend using OTP Auth by Roland Moers.) and did not want to have to use yet another app to generate the TOTP.
There is a way to generate a Symantec VIP Access compatible token very easily if you have access to an environment which can run Python PIP. I happen to have Ubuntu Windows Subsystem Linux running on my machine. (If you are running Windows 10 and don’t have this you should really check it out.) Let’s get started…
Instructions
Here we install python3-pip and qrencode so we can generate our secret, ID, and QR code.
$ sudo apt install python3-pip qrencode
Next we install the python-vipaccess tool from dlenksi’s github repo.
$ pip3 install https://github.com/dlenski/python-vipaccess/archive/HEAD.zip
Now we are going to generate our VIP Access token
$ vipaccess provision -p -t SYMC
If everything worked correctly you should see the following output.
Generating request...
Fetching provisioning response...
Getting token from response...
Decrypting token...
Checking token...
Credential created successfully:
otpauth://totp/VIP%20Access:SYMC54313423?period=30&digits=6&issuer=Symantec&secret=5YKAUZA4I4RAIJIZBU4KME34XLODWEUX&algorithm=SHA1
This credential expires on this date: 2022-03-14T14:57:31.615Z
You will need the ID to register this credential: SYMC54313423
You can use oathtool to generate the same OTP codes
as would be produced by the official VIP Access apps:
oathtool -d6 -b --totp 5YKAUZA4I4RAIJIZBU4KME34XLODWEUX # 6-digit code
oathtool -d6 -b --totp -v 5YKAUZA4I4RAIJIZBU4KME34XLODWEUX # ... with extra information
You can enter the TOTP secret just after --totp into your password manager or OTP app or in our case we’re going to create a QR code to scan into your OTP app. You should copy and paste the otp auth credential just after Credential created successfully in the previous step now.
$ qrencode -t ANSI256 'otpauth://totp/VIP%20Access:SYMC54313423?period=30&digits=6&issuer=Symantec&secret=5YKAUZA4I4RAIJIZBU4KME34XLODWEUX&algorithm=SHA1'
You should see a QR code on your screen which you can then scan with your OTP app to generate your TOTP codes without ever having to use the Symantec VIP Access app! If you get an error, check to make sure you added single quotes around the otpauth:// string.
Much love for @cryozap for reverse engineering the Symantec VIP Access Provisioning Protocol and to @dlenksi for maintaining the fork.
For more information on the python-vipaccess tool check out the README.