From 81ec8281705f133b3f1e39f924f4bffa0ff6ad21 Mon Sep 17 00:00:00 2001 From: Richard Gepp Date: Sun, 24 Mar 2019 18:51:43 +0000 Subject: [PATCH 1/6] Added support for Multi-Factor Authentication Optionally support Multi-Factor Authentication by allowing (SET_)MFA_SECRET to be configured to contain the Amazon MFA secret. Some general tidying up to make string literals consistent (single- quotes) and match whitespace because I'm fussy. ;-) --- alexa_remote_control.sh | 23 ++++++++++++++++++++--- alexa_remote_control_plain.sh | 24 +++++++++++++++++++----- 2 files changed, 39 insertions(+), 8 deletions(-) diff --git a/alexa_remote_control.sh b/alexa_remote_control.sh index f6d4eec..68d47b7 100644 --- a/alexa_remote_control.sh +++ b/alexa_remote_control.sh @@ -39,6 +39,7 @@ # 2019-02-03: v0.11a fixed string escape for automation and speak commands # 2019-02-10: v0.12 added "-d ALL" to the plain version, lastalexa now checks for SUCCESS activityStatus # 2019-02-14: v0.12a reduced the number of replaced characters for TTS and automation +# 2019-03-24: v0.13 added support for Multi-Factor Authentication # ### # @@ -46,14 +47,16 @@ # - requires cURL for web communication # - (GNU) sed and awk for extraction # - jq as command line JSON parser (optional for the fancy bits) +# - oathtool as OATH one-time password tool (optional for two-factor authentication) # ########################################## SET_EMAIL='amazon_account@email.address' SET_PASSWORD='Very_Secret_Amazon_Account_Password' +#SET_MFA_SECRET='1234 5678 9ABC DEFG HIJK LMNO PQRS TUVW XYZ0 1234 5678 9ABC DEFG' -SET_LANGUAGE="de,en-US;q=0.7,en;q=0.3" -#SET_LANGUAGE="en-US" +SET_LANGUAGE='de,en-US;q=0.7,en;q=0.3' +#SET_LANGUAGE='en-US' SET_TTS_LOCALE='de-DE' @@ -87,6 +90,7 @@ SET_TMP="/tmp" # retrieving environment variables if any are set EMAIL=${EMAIL:-$SET_EMAIL} PASSWORD=${PASSWORD:-$SET_PASSWORD} +MFA_SECRET=${MFA_SECRET:-$SET_MFA_SECRET} AMAZON=${AMAZON:-$SET_AMAZON} ALEXA=${ALEXA:-$SET_ALEXA} LANGUAGE=${LANGUAGE:-$SET_LANGUAGE} @@ -397,6 +401,14 @@ ${CURL} ${OPTS} -s -D "${TMP}/.alexa.header" -c ${COOKIE} -b ${COOKIE} -A "${BRO ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language: ${LANGUAGE}" -H "DNT: 1" -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -L\ -H "$(grep 'Location: ' ${TMP}/.alexa.header | sed 's/Location: /Referer: /')" -d "@${TMP}/.alexa.postdata" https://www.${AMAZON}/ap/signin | grep "hidden" | sed 's/hidden/\n/g' | grep "value=\"" | sed -r 's/^.*name="([^"]+)".*value="([^"]+)".*/\1=\2\&/g' > "${TMP}/.alexa.postdata2" +# +# add HOTP if using MFA +# +if [ ! -z "${MFA_SECRET}" ] ; then + OTP=$(oathtool --base32 --totp "${MFA_SECRET}") + PASSWORD="${PASSWORD}${OTP}" +fi + # # login with filled out form # !!! referer now contains session in URL @@ -411,6 +423,11 @@ if [ -z "$(grep 'Location: https://alexa.*html' ${TMP}/.alexa.header2)" ] ; then echo " make sure to have all Amazon related cookies deleted and Javascript disabled!" echo echo " (For more information have a look at ${TMP}/.alexa.login)" + echo + echo " To avoid issues with captcha, try using Multi-Factor Authentication." + echo " To do so, first set up Two-Step Verification on your Amazon account, then" + echo " configure this script (or the environment) with your MFA secret." + echo " Support for Multi-Factor Authentication requires 'oathtool' to be installed." rm -f ${COOKIE} rm -f "${TMP}/.alexa.header" @@ -526,7 +543,7 @@ if [ -n "${SEQUENCECMD}" ] ALEXACMD="{\"behaviorId\":\"PREVIEW\",\"sequenceJson\":\"{\\\"@type\\\":\\\"com.amazon.alexa.behaviors.model.Sequence\\\",\\\"startNode\\\":{\\\"@type\\\":\\\"com.amazon.alexa.behaviors.model.OpaquePayloadOperationNode\\\",\\\"type\\\":\\\"${SEQUENCECMD}\\\",\\\"operationPayload\\\":{\\\"deviceType\\\":\\\"${DEVICETYPE}\\\",\\\"deviceSerialNumber\\\":\\\"${DEVICESERIALNUMBER}\\\",\\\"locale\\\":\\\"${TTS_LOCALE}\\\",\\\"customerId\\\":\\\"${MEDIAOWNERCUSTOMERID}\\\"${TTS}}}}\",\"status\":\"ENABLED\"}" fi - # Due to some weird shell-escape-behavior the command has t be written to a file before POSTing it + # Due to some weird shell-escape-behavior the command has to be written to a file before POSTing it echo $ALEXACMD > "${TMP}/.alexa.cmd" ${CURL} ${OPTS} -s -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ diff --git a/alexa_remote_control_plain.sh b/alexa_remote_control_plain.sh index 8da155b..19e7f9a 100644 --- a/alexa_remote_control_plain.sh +++ b/alexa_remote_control_plain.sh @@ -3,7 +3,7 @@ # Amazon Alexa Remote Control (PLAIN shell) # alex(at)loetzimmer.de # -# 2019-02-14: v0.12a (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html) +# 2019-03-24: v0.13 (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html) # ### # @@ -13,12 +13,12 @@ # ########################################## - SET_EMAIL='amazon_account@email.address' SET_PASSWORD='Very_Secret_Amazon_Account_Password' +#SET_MFA_SECRET='1234 5678 9ABC DEFG HIJK LMNO PQRS TUVW XYZ0 1234 5678 9ABC DEFG' -SET_LANGUAGE="de,en-US;q=0.7,en;q=0.3" -#SET_LANGUAGE="en-US" +SET_LANGUAGE='de,en-US;q=0.7,en;q=0.3' +#SET_LANGUAGE='en-US' SET_TTS_LOCALE='de-DE' @@ -52,6 +52,7 @@ SET_TMP="/tmp" # retrieving environment variables if any are set EMAIL=${EMAIL:-$SET_EMAIL} PASSWORD=${PASSWORD:-$SET_PASSWORD} +MFA_SECRET=${MFA_SECRET:-$SET_MFA_SECRET} AMAZON=${AMAZON:-$SET_AMAZON} ALEXA=${ALEXA:-$SET_ALEXA} LANGUAGE=${LANGUAGE:-$SET_LANGUAGE} @@ -343,6 +344,14 @@ ${CURL} ${OPTS} -s -D "${TMP}/.alexa.header" -c ${COOKIE} -b ${COOKIE} -A "${BRO ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language: ${LANGUAGE}" -H "DNT: 1" -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -L\ -H "$(grep 'Location: ' ${TMP}/.alexa.header | sed 's/Location: /Referer: /')" -d "@${TMP}/.alexa.postdata" https://www.${AMAZON}/ap/signin | grep "hidden" | sed 's/hidden/\n/g' | grep "value=\"" | sed -r 's/^.*name="([^"]+)".*value="([^"]+)".*/\1=\2\&/g' > "${TMP}/.alexa.postdata2" +# +# add HOTP if using MFA +# +if [ ! -z "${MFA_SECRET}" ] ; then + OTP=$(oathtool --base32 --totp "${MFA_SECRET}") + PASSWORD="${PASSWORD}${OTP}" +fi + # # login with filled out form # !!! referer now contains session in URL @@ -357,6 +366,11 @@ if [ -z "$(grep 'Location: https://alexa.*html' ${TMP}/.alexa.header2)" ] ; then echo " make sure to have all Amazon related cookies deleted and Javascript disabled!" echo echo " (For more information have a look at ${TMP}/.alexa.login)" + echo + echo " To avoid issues with captcha, try using Multi-Factor Authentication." + echo " To do so, first set up Two-Step Verification on your Amazon account, then" + echo " configure this script (or the environment) with your MFA secret." + echo " Support for Multi-Factor Authentication requires 'oathtool' to be installed." rm -f ${COOKIE} rm -f "${TMP}/.alexa.header" @@ -531,7 +545,7 @@ if [ -n "${SEQUENCECMD}" ] then ALEXACMD="{\"behaviorId\":\"PREVIEW\",\"sequenceJson\":\"{\\\"@type\\\":\\\"com.amazon.alexa.behaviors.model.Sequence\\\",\\\"startNode\\\":{\\\"@type\\\":\\\"com.amazon.alexa.behaviors.model.OpaquePayloadOperationNode\\\",\\\"type\\\":\\\"${SEQUENCECMD}\\\",\\\"operationPayload\\\":{\\\"deviceType\\\":\\\"${DEVICETYPE}\\\",\\\"deviceSerialNumber\\\":\\\"${DEVICESERIALNUMBER}\\\",\\\"locale\\\":\\\"${TTS_LOCALE}\\\",\\\"customerId\\\":\\\"${MEDIAOWNERCUSTOMERID}\\\"${TTS}}}}\",\"status\":\"ENABLED\"}" - # Due to some weird shell-escape-behavior the command has t be written to a file before POSTing it + # Due to some weird shell-escape-behavior the command has to be written to a file before POSTing it echo $ALEXACMD > "${TMP}/.alexa.cmd" ${CURL} ${OPTS} -s -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ From 21f3ab20d04c182e8cf900359788c09ae1eb9b00 Mon Sep 17 00:00:00 2001 From: Richard Gepp Date: Sun, 24 Mar 2019 21:31:48 +0000 Subject: [PATCH 2/6] Added support for Multi-Factor Authentication Changed comment to use 'OTP' rather than 'HOTP'. --- alexa_remote_control.sh | 2 +- alexa_remote_control_plain.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/alexa_remote_control.sh b/alexa_remote_control.sh index 68d47b7..7f4b131 100644 --- a/alexa_remote_control.sh +++ b/alexa_remote_control.sh @@ -402,7 +402,7 @@ ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language -H "$(grep 'Location: ' ${TMP}/.alexa.header | sed 's/Location: /Referer: /')" -d "@${TMP}/.alexa.postdata" https://www.${AMAZON}/ap/signin | grep "hidden" | sed 's/hidden/\n/g' | grep "value=\"" | sed -r 's/^.*name="([^"]+)".*value="([^"]+)".*/\1=\2\&/g' > "${TMP}/.alexa.postdata2" # -# add HOTP if using MFA +# add OTP if using MFA # if [ ! -z "${MFA_SECRET}" ] ; then OTP=$(oathtool --base32 --totp "${MFA_SECRET}") diff --git a/alexa_remote_control_plain.sh b/alexa_remote_control_plain.sh index 19e7f9a..85f4424 100644 --- a/alexa_remote_control_plain.sh +++ b/alexa_remote_control_plain.sh @@ -345,7 +345,7 @@ ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language -H "$(grep 'Location: ' ${TMP}/.alexa.header | sed 's/Location: /Referer: /')" -d "@${TMP}/.alexa.postdata" https://www.${AMAZON}/ap/signin | grep "hidden" | sed 's/hidden/\n/g' | grep "value=\"" | sed -r 's/^.*name="([^"]+)".*value="([^"]+)".*/\1=\2\&/g' > "${TMP}/.alexa.postdata2" # -# add HOTP if using MFA +# add OTP if using MFA # if [ ! -z "${MFA_SECRET}" ] ; then OTP=$(oathtool --base32 --totp "${MFA_SECRET}") From ca7a12deb1cf1f021aa6b8cf55df560b7f55dec9 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 8 Jul 2019 21:12:09 +0200 Subject: [PATCH 3/6] Made oathtool configurable --- README.md | 7 +------ alexa_remote_control.sh | 18 ++++++++++++------ alexa_remote_control_plain.sh | 12 +++++++++--- 3 files changed, 22 insertions(+), 15 deletions(-) mode change 100644 => 100755 alexa_remote_control.sh mode change 100644 => 100755 alexa_remote_control_plain.sh diff --git a/README.md b/README.md index 6a451ec..20882b8 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ ALEXA - the URL you would use for the Alexa Web App CURL - location of your cURL binary OPTS - any cURL options you require TMP - location of the temp dir +OATHTOOL - command line for oathtool MFA ``` You will very likely want to set the language to: ``` @@ -51,9 +52,3 @@ alexa-remote-control [-d |ALL] -e Date: Mon, 8 Jul 2019 22:41:22 +0200 Subject: [PATCH 4/6] cleaned up oathtool config --- alexa_remote_control.sh | 6 +++--- alexa_remote_control_plain.sh | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/alexa_remote_control.sh b/alexa_remote_control.sh index d327d04..c6d25e2 100755 --- a/alexa_remote_control.sh +++ b/alexa_remote_control.sh @@ -85,8 +85,8 @@ SET_OPTS='--compressed --http1.1' SET_BROWSER='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:1.0) bash-script/1.0' #SET_BROWSER='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0' -# oathtool command line -SET_OATHTOOL='oathtool --base32 --totp' +# oathtool command line tool +SET_OATHTOOL='/usr/bin/oathtool' # tmp path SET_TMP="/tmp" @@ -414,7 +414,7 @@ ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language # add OTP if using MFA # if [ -n "${MFA_SECRET}" ] ; then - OTP=$(${OATHTOOL} "${MFA_SECRET}") + OTP=$(${OATHTOOL} -b --totp "${MFA_SECRET}") PASSWORD="${PASSWORD}${OTP}" fi diff --git a/alexa_remote_control_plain.sh b/alexa_remote_control_plain.sh index d819759..8d5e397 100755 --- a/alexa_remote_control_plain.sh +++ b/alexa_remote_control_plain.sh @@ -44,8 +44,8 @@ SET_OPTS='--compressed --http1.1' SET_BROWSER='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:1.0) bash-script/1.0' #SET_BROWSER='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0' -# oathtool command line -SET_OATHTOOL='oathtool --base32 --totp' +# oathtool command line tool +SET_OATHTOOL='/usr/bin/oathtool' # tmp path SET_TMP="/tmp" @@ -354,7 +354,7 @@ ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "Accept-Language # add OTP if using MFA # if [ -n "${MFA_SECRET}" ] ; then - OTP=$(${OATHTOOL} "${MFA_SECRET}") + OTP=$(${OATHTOOL} -b --totp "${MFA_SECRET}") PASSWORD="${PASSWORD}${OTP}" fi From 7a7836e9b54ebd37fea281fcdf2d72096c215453 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 8 Jul 2019 23:25:41 +0200 Subject: [PATCH 5/6] Explained MFA --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 20882b8..8fbc2b6 100644 --- a/README.md +++ b/README.md @@ -51,4 +51,10 @@ alexa-remote-control [-d |ALL] -e Date: Mon, 8 Jul 2019 23:33:52 +0200 Subject: [PATCH 6/6] Explained MFA --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8fbc2b6..f3fba5c 100644 --- a/README.md +++ b/README.md @@ -51,10 +51,15 @@ alexa-remote-control [-d |ALL] -e "` and enter that in the web form +1. Going from here the MFA shared secret becomes the MFA_SECRET for the alexa_remote_control script +*Treat that MFA_SCECRET just like your password - DO NOT share it anywhere!!!* + +It is assumed that MFA secured accounts are less likely to get a captcha response during login - that's why MFA might yield better results if the plain username/password didn't work for you. http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html