BluePass
BluePass extracts 2FA tokens from SMS and forwards them via Bluetooth
| AppID: | org.booncode.bluepass4 |
| Author: | Manuel Huber |
| License: | MIT |
| InRepoSince: | 2021-11-02 |
| LastRepoUpdate: | 2021-12-02 |
| LastAppUpdate: | Unknown |
| LastVersion: | 0.3.0 |
| Categories: | Connectivity, Phone & SMS, Security, System |
| Google Play: | Check if it's there |
DescriptionBluePass extracts two factor authentication codes (2FA) from SMS and sends them to a paired device via Bluetooth RFCOMM. A Qt based companion app bluepass-server will receive the 2FA codes and provide them via the system clipboard.
Use Case
The company I work for is relying on third party services that require to authenticate using 2FA. The second factor is an SMS to your mobile phone. This app was built for convenience, to avoid having to unlock your phone, find the message and then type the received code on the PC.
It is not about the time saved, it's about getting rid of robot tasks.
Setup
You have to configure parameters to match the sender of the SMS and parse the code from the messages sent to you. Currently, regular expressions are used for this task. However, a very basic setup will be provided below.
Regular expression for sender has to be set to a regular expression that matches all the senders of SMS (as they appear in your chat application). Multiple numbers and names can be provided:
- To match CompanyA, you might simply putCompanyA into the box
- To match CompanyA and 12345678, write (CompanyA|12345678)
Regular expression to filter the content has to be set to a regular expression that matches the messages you want to catch. Additionally, it has to define one group to extract the actual code that has to be sent to the PC.
- To match any number, you can use [^\d]*(\d+).*
- To match a code only with 6 digits, use: .*(\d).*
... as the process of defining a proper regular expression is not that easy, there is another text box Test message. You can paste here the content of the SMS thatyou want to match and adjust the regular expression until it gets parsed correctly.
The last step of the configuration is to pair with the bluetooth adapter of your PC and configure the adapter to be used.
Operation
- Whenever your mobile phone receives an SMS (and the settings above are configured), this app will try to match the sender and content. If one of the two doesn't match, the message will not be processed any further.
- If the 2FA code could be extracted, a foreground service will be started (status bar) and the app tries to connect to the configured Bluetooth adapter and sends the code. It retries for some amount of time and reports the status in the status bar. Note: The notification in the status bar doesn't automatically disappear. However, this doesn't consume any resources and can be removed using the Stop button.
- If the code is required on the mobile phone, it can be copied using the Copy last button.
Protocol
The communication is based on very simple primitives using an RFCOMM channel. The UUID for the service is e4d56fb3-b86d-4572-9b0d-44d483eb1eee. Extracted codes are sent as text (over a secure Bluetooth connection) terminated with a new line character. Therefore, codes may not contain any new line characters.
Future
- The protocol will be changed to something more sophisticated and extensible
- Configuration of the sender should be done through contact providers and not use regular expressions
- Allow to use this app to share text / files with the PC
WhatsNew:
- Add a button to send the last code again to the companion app
- Add a test button to allow to trigger sending a code to the companion app
- Fix the format of the summary
While you can download the APKs here directly, you should preferably use an F-Droid client so the app stays up-to-date on your device.
