Merge pull request #21 from 0x4f53/v3.0

V3.0

.github/workflows/build-release-apk.yml

@@ -0,0 +1,32 @@
+name: Build Release App Bundle
+
+on: workflow_dispatch
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Decode Keystore
+        id: decode_keystore
+        uses: timheuer/base64-to-file@v1
+        with:
+          fileName: 'keystore/your_signing_keystore.jks'
+          encodedString: ${{ secrets.KEYSTORE }}
+      - uses: actions/checkout@v2
+      - name: set up JDK 1.8
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+      - name: Make gradlew executable
+        run: chmod +x ./gradlew
+      - name: build prod
+        run: ./gradlew app:bundleRelease
+        env:
+          SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
+          SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
+          SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
+      - name: Upload
+        uses: actions/upload-artifact@v2
+        with:
+          name: Build Artifacts
+          path: app/build/outputs/

LICENSE

@@ -1,6 +1,7 @@
 MIT License
 
 Copyright (c) 2022 Owais Shaikh
+(me@0x4f.in)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -2,237 +2,51 @@
 [![License](https://img.shields.io/badge/License-MIT-purple?style=flat-square&logo=libreoffice)](LICENSE)
 [![Latest Version](https://img.shields.io/github/v/tag/4f77616973/Wristkey?label=Version&style=flat-square&logo=semver)](https://github.com/4f77616973/Wristkey/tags)
 [![Download APK](https://img.shields.io/badge/Download%20APK-Click%20Here-blue?style=flat-square&logo=dropbox)](app/build/outputs/apk/debug/)
+[![Google Play](https://img.shields.io/badge/Play%20Store-Click%20Here-teal?style=flat-square&logo=googleplay)](https://play.google.com/store/apps/details?id=zeroxfourf.wristkey)
 
 # Wristkey
 
-<img src = "app/src/debug/res/mipmap-hdpi/ic_launcher_round.png" alt = "Wristkey logo" width = "75dp">
+<img src = "app/src/main/res/mipmap-xxxhdpi/ic_launcher.png" alt = "Wristkey logo" width = "75dp">
 
-Have an old smartwatch lying around that you'd like to use for 2FA? Or do you just need a minimal and open-source 2FA app you can trust? Wristkey is an open-source 2FA client for Wear OS watches, but it works on any Android-based smartwatch! [Get the APK here.](app/build/outputs/apk/debug/)
+Need a minimal and open-source 2FA app you can trust? Wristkey is an open-source 2FA client for Wear OS (but it works on any Android-based smartwatch!) 
 
-You can now run Wristkey on your phone too! Just download the APK and install it on your phone.
+You can now run Wristkey on your phone too! Just download the APK on your phone and install it.
 
-<img src = screenshots/g-watch-preview.png alt="mockup"><img src = screenshots/pixel-watch-preview.png alt="mockup">
+<img src = "https://upload.wikimedia.org/wikipedia/commons/thumb/7/78/Google_Play_Store_badge_EN.svg/1200px-Google_Play_Store_badge_EN.svg.png" alt = "Wristkey logo" width = "125dp">
 
-## FEATURES
-
-- Use without pairing to a phone (standalone) or being connected to Wi-Fi.
-
-- Import via Aegis Authenticator, andOTP, Bitwarden and Google Authenticator using ADB.
+or
 
-- Export to other devices using QR code or export file.
+[Get the APK here.](app/build/outputs/apk/debug/)
 
-- Lock via PIN, pattern and password.
+<img src = screenshots/2024_circle.png alt="mockup">
 
-- Data stored using 256-bit AES-GCM.
+## FEATURES
 
-- Time and counter mode OTPs, up to SHA512 and 4-8 digits.
+- Can be used without pairing your watch to a phone.
 
-- Supports round and square devices.
+- Imports (and exports) from Aegis Authenticator, andOTP and Bitwarden using ADB, WiFi or file imports.
 
-## INSTALLATION
+- Screen locking via PIN, pattern and password.
 
-There are several guides available online on how to sideload apps via ADB. If you use a device that supports data transfer via USB, you can follow any ADB via USB debugging guide, such
-as [this one](https://forum.xda-developers.com/t/guide-adb-logcat-shell-etc.2143228/). If you're using a watch that supports wireless ADB only, you can use [this guide](https://www.guidingtech.com/how-to-install-apks-on-wear-os-smartwatches/).
+- Local storage encrypted using 256-bit AES-GCM.
 
-1. Connect your watch to your computer and enable Developer Options by on your watch by going to Settings → System → About and tapping 'Build Number' 7 times.
+- WiFi transfers encrypted using XSalsa20-Poly1305 and X25519.
 
-2. Download the latest Wristkey APK and install it on your watch by typing:
+- Time and counter mode OTPs, up to SHA512 and 4-8 digits.
 
-   ```
-   adb install -r app-debug.apk
-   ```
+- Supports round and square devices.
 
 ## USAGE
 
-### Adding items
-
-Wristkey supports importing data from multiple sources, though the procedures differ slightly for each of them. For example, for Bitwarden, a JSON file is parsed and the ```totp``` field is extracted from each account. For website QR codes, the QR Code is scanned and the resulting `otpauth://` URL is parsed.
-
-<img src = screenshots/2.0-add-round.png alt="add">
-
-#### Transferring data
-
-If your watch is paired to an Android phone, you can use a third-party Wear OS file manager like [myWear File Explorer](https://play.google.com/store/apps/details?id=com.mrs.wear_file_explorer) or [Nav Explorer](https://play.google.com/store/apps/details?id=com.turndapage.navexplorer) to transfer PNG / JSON files from your phone's storage to your watch.
-
-If your device has a camera, you can just use that to scan for QR codes.
-
-##### Via file picker
-
-If you're using Wristkey on a non-Wear OS Android device (such as an Android phone or an unknown Android smartwatch), you can browse for files on your device locally using the file picker.
-
-For Wear OS devices, there are two main ways of transferring files.
-
-##### Via ADB
-
-1. Enable ADB Debugging on your watch by going to Settings → System → About and tapping 'Build Number' 7 times.
-
-2. Go back and tap on Developer Settings, then scroll down and enable "ADB Debugging".
-
-3. Make sure Wristkey has storage permissions. On your watch, go to Settings → Apps & notifications → App info → Wristkey → Permissions and enable 'Storage'.
-
-###### ADB over USB
-
-1. Connect your watch to your computer via USB. When prompted on watch, tap 'Always allow from this computer'.
-
-###### ADB over Bluetooth
-
-1. Enable Bluetooth Debugging on your watch by going to Settings → System → About and tapping 'Build Number' 7 times.
-
-2. Now on your Android phone / tablet, open the Wear OS app and tap the top right mennu button and tap on 'Settings'.
-
-3. Enable 'Debugging over Bluetooth'. You’ll should see
-
-    ```
-    Host: disconnected
-    Target: connected
-    ```
-
-4. Connect your Android phone / tablet to your computer via USB. Then open a new terminal and run the following commands
-
-    ```
-    adb forward tcp:4444 localabstract:/adb-hub
-    adb connect localhost:4444
-    ```
-5. On your phone, the Wear OS app should display
-
-    ```
-    Host: connected
-    Target: connected
-    ```
-
-#### Google Authenticator, QR codes, Aegis Authenticator, andOTP, Bitwarden and Wristkey
-
-1. If using a QR Code from a website, save it as a screenshot and make sure it is clearly visible with no pixelation. If importing from Google Authenticator, tap the three dots on the top right corner, then tap on 'Export accounts'. Then select the accounts you\'d like to export and tap the export button 'Export'. Take a picture or screenshot of the QR code that is displayed, **make sure it is a PNG or JPG file** and that it is clear with no blurring, glare or pixelation.
-
-   If using a JSON file, make sure it was exported in an unencrypted JSON format. Make sure you don't rename the file.
-
-2. Open a terminal on your computer and place this PNG or JPG file on the main directory of your watch (/sdcard/) via the following command
-
-    ```
-    adb push <file>.<extension> /data/local/tmp
-    adb shell run-as app.wristkey cp /data/local/tmp/<file>.<extension> files/
-    ```
-   
-    If you get an error such as the one below:
-    
-    ```
-    cp: files/<file>.<extension>: No such file or directory
-    ```
-    
-    or
-    
-    ```
-    cp: files/: Is a directory
-    ```
-   
-    simply create the directory by typing
-
-    ```
-    adb shell run-as app.wristkey mkdir files
-    ```
-
-4. On your watch, open Wristkey, scroll down and tap the add icon '+', then select your import option.
-
-#### Manual entry
-
-On your watch, open Wristkey, scroll down and tap the add icon '+', then tap *Manual Entry*. The default settings are for Google Authenticator codes (SHA1, 6 digits, time-based). Scroll down and tap the done button '✓' at the at the bottom when done. 
-
-***Note:** Steam codes aren't supported yet.*
-
-<img src = screenshots/2.0-edit-square.png alt="add">
-
-### Editing and Deleting items
-
-To edit or delete an item, tap and hold on its name. To delete an item, scroll all the way to the bottom of the edit screen and tap the trash icon.
-
-### Exporting
-
-<img src = screenshots/2.0-export-square.png alt="export"><img src = screenshots/2.0-qrcode-square.png alt="qrcode">
-
-Since watches are tiny devices that can be misplaced, backing up and exporting your secrets and storing them in a safe place is always a safe bet.
-
-##### Via QR code
-
-To export a single account via a QR code, press and hold it, then scroll down and select the 'Show QR code' option.
-
-To export all your accounts via QR codes, tap the settings icon '⚙️', then scroll down and select *Export vault*. Then select the QR code option. All your account QR codes will be displayed at 5 second intervals. You can scan these in your preferred Authenticator app.
-
-##### Via file
-
-1. Tap the settings icon '⚙️', then scroll down and select *Export vault*. Then select the file option. An export file will be generated on your device.
-
-2. Find the name of the backup file by typing
-   
-   ```
-   adb shell run-as app.wristkey ls files/
-   ```
-
-4. Extract this file via the following command, replacing `<filename>` with the name of the wfs file
-
-    ```
-    adb shell run-as "app.wristkey" cat "<filename>.wfs" > backup.wfs   
-    ```
-
-***Note:** Exported text files are unencrypted and must be handled with care. Delete them when not in use.*
-
-## TROUBLESHOOTING
-
-#### App displays wrong TOTP codes
-
-Make sure you set your secret key, digit length and algorithm correctly. If the 2FA codes are still wrong, your watch may have the time set incorrectly. Please set the time by pairing it to a phone or connecting to Wi-Fi.
-
-#### File import not working
-
-Make sure that
-
-1. Wristkey has storage permissions in your watch's Settings app. 
-
-2. That the filename format is appropriate:
-    - When importing from JSON, make sure the file you export is an **Unencrypted** file in **JSON** format and that you don't rename it.
-    - When importing from Google Authenticator or a QR code, make sure the screenshot or picture is in **PNG or JPG** format and is clear. 
-    - When using a Wristkey backup file, make sure it has the _.wfs_ extension.
-
-3. If you're using an image of a QR code, make sure it is in focus and clearly visible.
-
-4. The `files/` directory exists in the destination. If this doesn't exist, Wristkey might accidentally paste your code into a file called "files". This can be solved by typing: 
-
-   ```
-   adb shell run-as app.wristkey mkdir files/
-   ```
-   
-   then run the import commands.
-
-#### File export not working
-
-Make sure that Wristkey has storage permissions in your watch's Settings app. If already enabled, disable and enable storage permissions again.
-
-## SECURITY
-
-_Further reading: [Security Policy](https://github.com/4f77616973/Wristkey/security/policy)_
-
-### Importing files
-
-To prevent data extraction, make sure you delete the JSON, PNG or JPG files from both your watch's storage and your computer once you're done importing them. Check for any lingering files via ADB by running the ```adb shell ls /sdcard/``` command.
-
-### Storage
-
-All sensitive data within Wristkey (including secrets to generate OTPs) is stored encrypted [using 256-bit AES-GCM encryption](https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences), with the decryption key [stored locally](https://developer.android.com/training/articles/keystore) on your watch. No backdoor on my end. ;)
-
-### Privacy
-
-Wristkey can be set to unlock after entering your watch's password / PIN / pattern. To enable screen locking for the app, go to your watch's Settings → Personalization → Screen Lock and set a PIN / pattern / password. To override this setting, open Wristkey, tap the settings icon '⚙️', then scroll down and disable *Screen lock*
-
-## CHANGELOG
-
-A detailed changelog is available on the [releases](https://github.com/4f77616973/Wristkey/releases) page. The latest release is [![Release](https://img.shields.io/github/v/tag/4f77616973/Wristkey?style=plastic&label=)](https://github.com/4f77616973/Wristkey/releases).
+[Click here to see the usage guide]()
 
 ## CONTRIBUTION
 
 _Further reading: [Contributing](CONTRIBUTING.md) and [Code of Conduct](CODE_OF_CONDUCT.md)_
 
 ### Contributing
 
-I made this app for myself because the ancient LG G Watch W100 I use barely works when paired with iOS. But you can contribute too if you want. [Click here](CONTRIBUTING.md) to read the rules before doing so. 
+I made this app for myself because the ancient LG G Watch W100 I use barely works when paired with iOS. But you can contribute too if you want. [Click here](CONTRIBUTING.md) to read how to do so. 
 
 ### Code of Conduct
 
@@ -256,16 +70,6 @@ Please star and support these developers for their hard work. All libraries, dep
 
 [Yuriy Budiyev - Code scanner](https://github.com/yuriy-budiyev/code-scanner)
 
-[Zxing (to scan QR codes for Google Authenticator imports)](https://github.com/zxing/zxing)
-
-[GSON (to parse data)](https://github.com/google/gson)
-
-[EncryptedSharedPreferences (to store data in an encrypted format securely)](https://android.googlesource.com/platform/frameworks/support/+/refs/heads/androidx-main/security/crypto/src/main/java/androidx/security/crypto/EncryptedSharedPreferences.java)
-
-[Roland Kurmann - extract_otp_secret_keys (to extract Google Authenticator data)](https://github.com/scito/extract_otp_secret_keys)
-
-[Chaquo Ltd - Chaquopy (to run Python to decode protobuf3 data)](https://github.com/chaquo/chaquopy)
-
 ## LICENSE
 
 Multimedia licensed under [![License: CC BY-NC-SA 4.0](https://licensebuttons.net/l/by-nc-sa/4.0/80x15.png)](https://creativecommons.org/licenses/by-nc-sa/4.0/) 
@@ -274,8 +78,4 @@ Multimedia licensed under [![License: CC BY-NC-SA 4.0](https://licensebuttons.ne
 
 ## DONATE
 
-If you'd like to donate to me, send me lots of Bitcoin here:
-
-<img src="https://raw.githubusercontent.com/4f77616973/4f77616973/main/owais-bitcoin.png" width="200" alt="19xgj8XoDMcHSENUDrkW3GtjQjfnbnmWTS">
-
-**`19xgj8XoDMcHSENUDrkW3GtjQjfnbnmWTS`**
+If you'd like to donate to me, [visit my GitHub page](https://github.com/0x4f53).