Antidote4296
/
sielteextract
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SielteExtract allows you to generate SielteID SPID TOTP codes from any compatible software like Google Authenticator or Bitwarden.
3 Commits 1 Branch 0 Tags 44 KiB
Python 100%
Go to file
Antidote4296 b4a7877732 Add main.py 2024-01-17 21:52:31 +00:00
LICENSE Add LICENSE 2024-01-17 21:49:50 +00:00
README.md Add README.md 2024-01-17 21:48:53 +00:00
main.py Add main.py 2024-01-17 21:52:31 +00:00

README.md

SielteExtract

Have you ever wanted to "import" your SPID into Google Authenticator, Bitwarden or any compatible TOTP-generating software?
SielteExtract allows you to do exactly that: it extracts the TOTP seed from a mocked app session, so you can add it into any TOTP authenticator and generate codes from anywhere, without ever needing to use (or have installed) the official app.

How to use it

[!WARNING]
Only one MySielteID session can generate TOTPs. This means that when you run the script successfully, you will be logged out of the MySielteID app on your phone. You will be able to log back in at any time, but by doing so, the codes generated from the seed obtained by SielteExtract will not work anymore. Read the next paragraph for more information.

git clone https://git.disroot.org/Antidote4296/sielteextract
cd sielteextract
pip3 install pyjwt
python3 main.py

Insert the fiscal code and password as prompted. If all goes well, you will get a SMS code to the authorized number. Input it when prompted and, if all goes well again, you will get the seed.

Note that SielteID TOTP codes have a duration of 60 seconds instead of the default 30. The seeds obtained with SielteExtract do specify it, so most authenticators should handle it correctly, but it's always worth a double-check.

If you need the seed as a QR code, you can use any QR generator such as this. Enter the seed in the first text field and click "Generate".

If you run into any error which isn't caused by yourself, enable the debug mode by changing line 5 in main.py to debug = True and see what happens. Open an issue if you need help or have found a bug.

When you need to enter the TOTP in the SielteID access page, choose the "use an OTP generated with the MySielteID app" option, then enter the TOTP code generated by whatever software you're using.

Why does it need my credentials? Is it safe?

SielteExtract needs your credentials because it minics the workflow of the MySielteID app, which goes something like this:

  1. User provides fiscal code and password and gets a secret key
  2. A request is made to send an SMS with the login code to the registered phone number
  3. User inputs the code from the SMS and gets a new secret key with more privileges
  4. A request is made to get the TOTP seed using the new secret key
  5. The server invalidates the TOTP seed for the previous session, and establishes that only codes obtained from the newly-generated seed will be considered as valid

SielteExtract is secure because your data only goes to Sielte's servers. Credentials are not stored anywhere on your device, neither encrypted nor unencrypted. The source code of SielteExtract is simple and easy to read, and I encourage you to verify these claims.

Donate

Although SielteExtract is built to be helpful and not to generate profit, you can choose to donate as a way to say "thank you" if you find the project useful. Note that it won't give you any benefit or advantage over other users. Due to the unfortunate circumstances of this project, I can only accept donations in Monero (XMR). The address of the wallet is 84xitNxMoCxKtjx6zkUu1pevxPAcC8a2PbRPtBEhFmwGWeJkyxURVJdc1J3QVMAMF9BRYCVVbCuyWXHr9nwymo4A2U2CcbN

Licensing and disclaimer

SielteExtract Copyright (C) 2024 Antidote4296

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Antidote4296, SielteExtract and this website are NOT related, authorized, approved or endorsed by MySielteID, SielteID, Sielte S.p.A., Sielte. By using SielteExtract, you acknowledge that you are solely responsible for your actions, you are NOT entitled to customer support from Sielte, and you are solely responsible for the security of your credentials and TOTP seeds. MySielteID, SielteID, Sielte are registered trademarks of Sielte S.p.A.