Skip to content

BluePass

F-Droid

Open source

BluePass extracts 2FA tokens from SMS and forwards them via Bluetooth

Version
0.3.0
Size
14.6 MB
Updated
Dec 2, 2021
Get from Download APK (v0.3.0)
Signing certificate on record

About this app

Description

BluePass extracts two factor authentication codes (2FA) from SMS and sends them to a paired device via Bluetooth RFCOMM. A Qt based companion app bluepass-server will receive the 2FA codes and provide them via the system clipboard.

Use Case

The company I work for is relying on third party services that require to authenticate using 2FA. The second factor is an SMS to your mobile phone. This app was built for convenience, to avoid having to unlock your phone, find the message and then type the received code on the PC.

It is not about the time saved, it's about getting rid of robot tasks.

Setup

You have to configure parameters to match the sender of the SMS and parse the code from the messages sent to you. Currently, regular expressions are used for this task. However, a very basic setup will be provided below.

Regular expression for sender has to be set to a regular expression that matches all the senders of SMS (as they appear in your chat application). Multiple numbers and names can be provided:

• To match CompanyA, you might simply putCompanyA into the box

• To match CompanyA and 12345678, write (CompanyA|12345678)

Regular expression to filter the content has to be set to a regular expression that matches the messages you want to catch. Additionally, it has to define one group to extract the actual code that has to be sent to the PC.

• To match any number, you can use [^\d]*(\d+).*

• To match a code only with 6 digits, use: .*(\d{6}).*

... as the process of defining a proper regular expression is not that easy, there is another text box Test message. You can paste here the content of the SMS thatyou want to match and adjust the regular expression until it gets parsed correctly.

The last step of the configuration is to pair with the bluetooth adapter of your PC and configure the adapter to be used.

Operation

• Whenever your mobile phone receives an SMS (and the settings above are configured), this app will try to match the sender and content. If one of the two doesn't match, the message will not be processed any further.

• If the 2FA code could be extracted, a foreground service will be started (status bar) and the app tries to connect to the configured Bluetooth adapter and sends the code. It retries for some amount of time and reports the status in the status bar. Note: The notification in the status bar doesn't automatically disappear. However, this doesn't consume any resources and can be removed using the Stop button.

• If the code is required on the mobile phone, it can be copied using the Copy last button.

Protocol

The communication is based on very simple primitives using an RFCOMM channel. The UUID for the service is e4d56fb3-b86d-4572-9b0d-44d483eb1eee. Extracted codes are sent as text (over a secure Bluetooth connection) terminated with a new line character. Therefore, codes may not contain any new line characters.

Future

• The protocol will be changed to something more sophisticated and extensible

• Configuration of the sender should be done through contact providers and not use regular expressions

• Allow to use this app to share text / files with the PC

Licensed under MIT, by Manuel Huber.

OfficialSignature VerifiedOpen Source

What's New in v0.3.0

Imported from the F-Droid repository index.

  • - Add a button to send the last code again to the companion app
  • - Add a test button to allow to trigger sending a code to the companion app
  • - Fix the format of the summary

Version history

v0.3.0Latest
Signature continuous

Dec 2, 2021 · 14.6 MB · Android API 2929 · code 5

Imported from the F-Droid repository index.

  • - Add a button to send the last code again to the companion app
  • - Add a test button to allow to trigger sending a code to the companion app
  • - Fix the format of the summary
FOREGROUND_SERVICERECEIVE_SMSBLUETOOTHBLUETOOTH_ADMINBLUETOOTH_CONNECTBLUETOOTH_SCANACCESS_FINE_LOCATIONACCESS_COARSE_LOCATIONWAKE_LOCK

SHA-256 ed8e50fe4873f1bed1ccb5bd7368b4daadc4f455f6e2e61c3e962d6c3b37639e

v0.2.1
Signature continuous

Nov 2, 2021 · 14.6 MB · Android API 2929 · code 4

Imported from the F-Droid repository index.

FOREGROUND_SERVICERECEIVE_SMSBLUETOOTHBLUETOOTH_ADMINBLUETOOTH_CONNECTBLUETOOTH_SCANACCESS_FINE_LOCATIONACCESS_COARSE_LOCATIONWAKE_LOCK

SHA-256 70b3e5bf6021469f0bcca1887e5d059480116e9470ee6b388b6009b4822a6860

Will it run on your device?

CompatibilityCheck the requirements

55%

  • Targets newer Android builds, so legacy devices may be excluded.
  • ABI coverage is focused on newer 64-bit devices.
What changed in this release
Size delta
0 MB
Added permissions
None
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be org.booncode.bluepass4 is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 0.2.1 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall BluePass first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of BluePass, and a listing is removed when the evidence for it stops holding up.

Get BluePass

Every source we list for org.booncode.bluepass4 is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Social
Android
10+
Architectures
Version
0.3.0 (code 5)
Size
14.6 MB
Updated
Dec 2, 2021
Package name
org.booncode.bluepass4

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v0.3.0)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

ed8e50fe4873f1bed1ccb5bd7368b4daadc4f455f6e2e61c3e962d6c3b37639e

Signing certificate

342660f021f25237e8568751fa9234dda52e54254d7f76c1f2bd1646a970af77

Permissions Required

FOREGROUND_SERVICE
RECEIVE_SMS
BLUETOOTH
BLUETOOTH_ADMIN
BLUETOOTH_CONNECT
BLUETOOTH_SCAN
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
WAKE_LOCK

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem