Hello,
I have a backup of the app data folder, with secret.dat and the org.shadowice.flocke.andotp_preferences.xml.
I did not use keystore when asked, so it should be only password protected.
What is the python code I should use to recover it? Is it the one on the main git page? (It does not look like it since in the examples files reported are .aes files, not .dat)
No, the code I linked in the Readme is for the encrypted backups, not the database. If I find the time I will write a short Python script to decrypt the database. In your case (without the KeyStore) it should work with the two files you have.
Hello
I have the same problem. I also have both files, "secrets.dat" and "org.shadowice.flocke.andotp_preferences.xml", and used only password protection, I know the password.
I'll be looking forward for the solution to decrypt the database file.
Thank you for your support.
I've solved this problem. In my case, I had "secrets.dat" (without the KeyStore) and "org.shadowice.flocke.andotp_preferences.xml" files from my old AndOTP (version 0.6.3.1) that was inaccesible on my device due to OS corruption.
First, I've recovered these two files booting the phone in Recovery Mode and using TeamWin Recovery and its integrated File Manager, since the OS wasn't working. TeamWin Recovery it's an important requirement to access, copy or replace hidden files on the phone, even if Android doesn't work.
After backuping the files and repairing the OS, I've reinstalled the same old version of AndOTP that created the recovered database and the preferences file.
Later, I restarted the phone again in Recovery Mode, with TeamWin Recovery, and using the File Manager, I replaced the new "secrets.dat" and "org.shadowice.flocke.andotp_preferences.xml" with the old ones containing my hashes / keys.
Then I restarted the phone in "Safe Mode" , in my case I had to press (POWER) + (VOLUME-)
until the phone booted completely. While in Safe Mode, deleted the cache of AndOTP, (only the cache part, not the data part) inside Android Apps configuration.
Finally, Restarting the phone, normally, brought back all my old keys, just using my original password/pin to login in AndOTP .
I hope this solution works for others.
I finally found time to create a small python script to decrypt the database with the two files you have: https://github.com/andOTP/Tools/blob/master/decrypt_database.py
You will need to install pycryptodome to use it.
If you have the two files in the same folder as the script you can use that command:
python3 decrypt_database.py secrets.dat org.shadowice.flocke.andotp_preferences.xml <password>