RedHat has a lightweight open-source OTP implementation: FreeOTP.

It works well, though it does not have a well documented recovery procedure for transferring its config to a new phone. 1

First, pull the backup via ADB from the phone, and dump its tokens.xml.


adb backup -f $bak org.fedorahosted.freeotp

(printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" ; dd if=${bak} bs=1 skip=24) |
gunzip -c | tar -xvO apps/org.fedorahosted.freeotp/sp/tokens.xml | sed 's/"/"/g'

In the dump will be the secret and options. The secret needs to be base32 encoded for the FreeOTP on the new phone, though:

#!/bin/env python3
import base64
import sys

secret = bytes( (int(x) + 256) & 0xff for x in sys.argv[1:] )
print( "secret", base64.b32encode(secret).decode() )