Reverse engineer IRS2Go secret key generating OTP?

Lucent
Lucent
Community Member

The IRS is now offering offline TOTP generation via their IRS2Go app which requires an IRS username (8-64 characters, no spaces or special characters other than _) and a key shown on their site, in my case, an 8-digit number. With these two items, it generates a 6-digit number every 60 seconds. I know 1Password only supports a TOTP period of 30 seconds, but it'd be useful to reverse engineer what their app is doing behind the scenes and how it's combining the username and password into one secret to generate the code so it could be done with other software. I tried colon or pipe as a delimiter with no luck. Any suggestions?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Unknown
    edited January 2019
    This content has been removed.
  • Lucent
    Lucent
    Community Member

    Same question for the Xfinity Authenticator app.

  • Hi @Lucent,

    Thanks for the suggestion. I'm not aware of any definite plans at this time, but I'll certainly pass the idea along to the rest of the team for further consideration.

    Ben

  • cellsheet
    cellsheet
    Community Member
    edited March 2019

    I have the same question for this app. The 2fa available notification is annoying not being able to fill it in 1password and no luck getting it to work either, but did help me become aware of the option for this particular app. Thanks.

  • Hi @cellsheet

    Until / unless another solution is implemented you can add a tag -- "2FA" -- to your login item for this site to have 1Password ignore the fact that it thinks you aren't using 2FA.

    Ben

  • rabidpaperclip
    rabidpaperclip
    Community Member

    Were you able to ever find the totp algorithm the irs uses?

  • Lucent
    Lucent
    Community Member

    Never had any luck with IRS or Xfinity. Probably best left to someone with the skill to decompile the APK.

  • :+1:

    Ben

This discussion has been closed.