Hello,
I'm trying to get some PHP code matching what the Google Authenticator on my phone outputs. I'm using HOTP (Once I get this working, I'd image matching TOPT will be easy).
For a key of:
abcdefg234567777
With index 1 (First count).
The Google Authenticator outputs: 306115
I've searched around, and found many PHP codes that claim to do the Google Authenticator in PHP, which in them selves work fine as HOTP and TOTP scripts, but none that match what the Authenticator outputs. Most seem to use RFC4226 and csRFC3548 character set for the key.
I've gone as far to download the Google Authenticator code on Android (Written in C) and try to reconstruct it in PHP.
Here's my current PHP code (I've obviously adapted it to fit into this post, I did not write it all, modified it from someone else's attempt at the TOTP):
It outputs: 220505 with ?key=ABCDEFG234567777&counter=1
base32.php can be found Here.
Any help is appreciated!
I'm trying to get some PHP code matching what the Google Authenticator on my phone outputs. I'm using HOTP (Once I get this working, I'd image matching TOPT will be easy).
For a key of:
abcdefg234567777
With index 1 (First count).
The Google Authenticator outputs: 306115
I've searched around, and found many PHP codes that claim to do the Google Authenticator in PHP, which in them selves work fine as HOTP and TOTP scripts, but none that match what the Authenticator outputs. Most seem to use RFC4226 and csRFC3548 character set for the key.
I've gone as far to download the Google Authenticator code on Android (Written in C) and try to reconstruct it in PHP.
Here's my current PHP code (I've obviously adapted it to fit into this post, I did not write it all, modified it from someone else's attempt at the TOTP):
It outputs: 220505 with ?key=ABCDEFG234567777&counter=1
PHP Code:
<?php
include_once "base32.php";
$key=$_GET['key'];
$counter=$_GET['counter'];
echo "Code: " . generateKey($key,$counter) . "<br />";
function generateKey ($key, $counter)
{
$b = new Base32(Base32::csRFC3548);
$key = $b->toString($key);
$hash = hash_hmac ('sha1', $counter, $key);
return oath_truncate($hash, 6);
}
function oath_truncate($hash, $length = 6)
{
// Convert to dec
foreach(str_split($hash,2) as $hex)
{
$hmac_result[]=hexdec($hex);
}
// Find offset
$offset = $hmac_result[19] & 0xf;
// Algorithm from RFC
return
(
(($hmac_result[$offset+0] & 0x7f) << 24 ) |
(($hmac_result[$offset+1] & 0xff) << 16 ) |
(($hmac_result[$offset+2] & 0xff) << 8 ) |
($hmac_result[$offset+3] & 0xff)
) % pow(10,$length);
}
Any help is appreciated!