The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,182 other subscribers

Archive for January 5th, 2021

GitHub – andOTP/andOTP: Open source two-factor authentication for Android

Posted by jpluimers on 2021/01/05

[WayBack] GitHub – andOTP/andOTP: Open source two-factor authentication for Android.

A few highlights:

  • andOTP is a two-factor authentication App for Android 4.4+.It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
  • OpenPGP: OpenPGP can be used to easily decrypt the OpenPGP-encrypted backups on your PC.
  • BroadcastReceivers: AndOTP supports a number of broadcasts to perform automated backups, eg. via Tasker. These will get saved to the defined backup directory. These only work when KeyStore is used as the encryption mechanism
    • org.shadowice.flocke.andotp.broadcast.PLAIN_TEXT_BACKUP: Perform a plain text backup. WARNING: This will save your 2FA tokens onto the disk in an unencrypted manner!
    • org.shadowice.flocke.andotp.broadcast.ENCRYPTED_BACKUP: Perform an encrypted backup of your 2FA database using the selected password in settings.
  • All three versions (Google Play, F-Droid and the APKs) are not compatible (not signed by the same key)! You will have to uninstall one to install the other, which will delete all your data. So make sure you have a current backup before switching!

PlayStore: [WayBack] andOTP – Android OTP Authenticator – Apps on Google Play

•  Free and Open-Source
•  Requires minimal permissions:
•  Camera access for QR code scanning
•  Storage access for import and export of the database
•  Encrypted storage with two backends:
•  Android KeyStore (can cause problems, please only use if you absolutely have to)
•  Password / PIN
•  Multiple backup options:
•  Plain-text
•  Password-protected
•  OpenPGP-encrypted
•  Sleek minimalistic Material Design with three different themes:
•  Light
•  Dark
•  Black (for OLED screens)
•  Great Usability
•  Compatible with Google Authenticator

Via: [WayBack] ‘Aanvallen via ss7-protocol om 2fa-sms’jes te onderscheppen nemen toe’ – Computer – Nieuws – Tweakers

Check out @Jaykul’s Tweet:

Instead of Google authenticator and Authy


Related :

Nope. It’s just a secret encoded in a QR code.

Here’s the docs on the format of the URI in the QR code:

The QR code delivers a simple, durable, shared secret.

Use U2F if you can. It is much safer, as it cannot be phished or copied.

Depends on your risk model. Device to device transfer would be a good mid-ground, but doesn’t solve the “my phone was stolen/bricked/damaged” scenario.

Which is your bigger risk – duplicating (normally encrypted) secrets or losing your device and access to everything?



Posted in Android, Development, Mobile Development, Security, Software Development | Leave a Comment »

Batch file: check for (non-)existence of registry key

Posted by jpluimers on 2021/01/05

Small batch file that only deletes a registry key if it exists:

reg query %1 >nul 2>&1
if %errorlevel% equ 0 reg delete %1 /f
goto :eof

It is based on:

  • redirecting both stderr and stdout to nul (the >nul 2>&1 bit)
  • checking reg query with the appropriate errorlevel value for equality (equ operator) for 0 (existence); you can also use 1 for non-existence.

Based on:


Posted in Batch-Files, Development, Scripting, Software Development | Leave a Comment »

IDEIds11…IDEIds21 – RAD Studio

Posted by jpluimers on 2021/01/05

It looks like there are pages  [WayBack] IDEIds21 – RAD Studio … [WayBack] IDEIds21 – RAD Studio.

Maybe I ever find time to find out where they are referenced from and why there is no IDEIds1 page.


Posted in Delphi, Development, Software Development | Leave a Comment »

%d bloggers like this: