Skip to content

Home

Jump to bottom
XanaDublaKublaConch edited this page Mar 14, 2019 · 5 revisions

Welcome to the pysdtoken wiki!

The only information here right now is how to use stoken to generate fake tokens for dev/test work. Most of don't have admin access to the RSA servers that buy and issue tokens.

First, get stoken for Linux or Mac. The Windows version apparently hasn't implemented --random, which is needed for the random token data in the fake token.

Follow the instrctions to get it compiled and installed. Run ldconfig to update your lib searches.

You have to start with a template sdtid. I used the sample tpl.xml from the stoken example. My first attempts created tokens that crashed my windows soft token client, so you have to have add more fields in there apparently or it will choke. I made mine similar to what I was given at work and it loaded. I then modified the AddPin setting and it gave me a token that requires a PIN "login" to get to the passcode, which then rotates on screen. The one I use for work has no PIN input, so you just grab the tokencode from the soft token and prepend your PIN to the tokencode when logging in with 2FA.

A pinless token template might look like this:

<?xml version="1.0"?>
<TKNBatch>
  <TKNHeader>
    <Version>0</Version>
    <Origin>N/A</Origin>
    <Dest>N/A</Dest>
    <Name>N/A</Name>
    <FirstToken>N/A</FirstToken>
    <LastToken>N/A</LastToken>
    <NumTokens>0</NumTokens>
    <DefBirth>2017/10/17</DefBirth>
    <DefDeath>2035/12/31</DefDeath>
    <DefDigits>8</DefDigits>
    <DefInterval>30</DefInterval>
    <DefAlg>1</DefAlg>
    <DefMode>0</DefMode>
    <DefPrecision>1200</DefPrecision>
    <DefSmallWin>300</DefSmallWin>
    <DefMediumWin>600</DefMediumWin>
    <DefLargeWin>600</DefLargeWin>
    <DefAddPIN>0</DefAddPIN>
    <DefLocalPIN>0</DefLocalPIN>
    <DefCopyProtection>0</DefCopyProtection>
    <DefPinType>0</DefPinType>
    <DefKeypad>1</DefKeypad>
    <DefProtLevel>0</DefProtLevel>
    <DefRevision>0</DefRevision>
    <DefTimeDerivedSeeds>1</DefTimeDerivedSeeds>
    <DefAppDerivedSeeds>0</DefAppDerivedSeeds>
    <DefFormFactor>20000001</DefFormFactor>
  </TKNHeader>
  <TKN>
    <SN>000408697972</SN>
    <UserFirstName>Darth</UserFirstName>
    <UserLastName>Vader</UserLastName>
    <UserLogin>dvader</UserLogin>
	<PinType>0</PinType>
    <TokenAttributes>
      <Nickname>Pinless</Nickname>
	  <DeviceSerialNumber>00ea065b2ea4dd3f48ah</DeviceSerialNumber>
	  <DeviceTypeVersion>5.x</DeviceTypeVersion>
	  <DeviceType>PC Software Token V3.0 or later</DeviceType>
	  <DeviceTypeFamily>Desktop PC with Automation</DeviceTypeFamily>
    </TokenAttributes>
  </TKN>
</TKNBatch>


Then generate the token with the stoken command:
stoken issue --random --sdtid --template pnless.tpl > fake_pinless.sdtid

Finally, import the sdtid into your soft token:
![Sof Token GUI with new pinless token](https://image.prntscr.com/image/B3_a9-QlR6ul9L6cISwSBg.png)
Clone this wiki locally