pip3 requirements installation fails due to externally managed requirements (full error below). In the Dockerfile, if you add

RUN rm /usr/lib/python3.11/EXTERNALLY-MANAGED

above

RUN pip3 install -r requirements.txt

then the issue is resolved. I'm happy to open a PR for this.

And a HUGE thank you. This saved me probably hours.

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
    python3-xyz, where xyz is the package you are trying to
    install.
    
    If you wish to install a non-Debian-packaged Python package,
    create a virtual environment using python3 -m venv path/to/venv.
    Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
    sure you have python3-full installed.
    
    If you wish to install a non-Debian packaged Python application,
    it may be easiest to use pipx install xyz, which will manage a
    virtual environment for you. Make sure you have pipx installed.
    
    See /usr/share/doc/python3.11/README.venv for more information.

The script runs, accepts the user flag and asks for the password, then prints this:

Login failed!
<response><error server="lastpass.eu" message="Please update to the latest version of LastPass." /></response>

Haven't been able to migrate from Authenticator just yet and so made a CLI to tide me over: https://github.com/SuperSonicHub1/lpass-auth
It's released into the public domain under the Unlicense; if there's an issue with that, we can negotiate, although I'd assume you're cool with it.

In my case, mfa_data returned with the following data at the end of the export.

{"accounts":[{" ... "deviceId":"6d241bc0-1e5d-4a3b-8c33-b3453c92d26e"}\x06\x06\x06\x06\x06\x06

Causing this error:

Traceback (most recent call last):
  File "d:/Documents/Personal/PythonTestingArea/lastpass-authenticator-export.py", line 178, in <module>
    main()
  File "d:/Documents/Personal/PythonTestingArea/lastpass-authenticator-export.py", line 173, in main
    mfa_data = decrypt_user_data(user_data, key)
  File "d:/Documents/Personal/PythonTestingArea/lastpass-authenticator-export.py", line 109, in decrypt_user_data
    f.write(plaintext)
TypeError: write() argument must be str, not bytes

I got it to work but I haven't fixed the script properly as I hard coded the values just to get my export.

When signing in I receive the following error:

Login Failed!
<response><error iterations="5000" /></response>

This was solved by changing the "Iterations" amount in the Lastpass Account Advanced settings to their recommended value of "100100"

Just tried to use the docker and I got this error :

Traceback (most recent call last):
File "//lastpass-authenticator-export.py", line 212, in
main()
File "//lastpass-authenticator-export.py", line 206, in main
user_data = get_mfa_backup(session, csrf)
File "//lastpass-authenticator-export.py", line 110, in get_mfa_backup
return r.json()['userData']
KeyError: 'userData'

I am super sure about the username, password and OTP - testing the very same credentials in a browser works - still I am getting::

Login failed!
<response><error message="Check your master password and try again." cause="password_invalid" email="[email protected]" is_passwordless_login=""  /></response>

PS: I've even tried grabbing the session id and csrf from the browser, but there may be something else broken. Since I was getting Padding is incorrect.....

Login failed!

/*error message="Account settings are preventing you from logging in with this device. Look for an email from LastPass or go to your account settings to enable." cause="mobilerestricted" allowmultifactortrust="true" tempuid="xxxxx" trustexpired="0" trustlabel="" hidedisable="false" enabled_providers="" enabled_provider_names="" email="xxxxxx" login_method="mfa_login" */

did not get any email
disabled MFA
should the mode of lastpass be set as computer or mobile for it to work? just have 1 switch left.
any idea based on above?

Hi, thank you for the awesome script. But I have problem.

My account is using OTP which provided with the lastpass authenticator. I tried to login with the script, put the OTP from authenticator, and then put my password. The script returned:

Login failed!
<response><error message="Try again OR look for an email from LastPass to verify it&apos;s you." cause="unifiedloginresult" email="my email" is_passwordless_login="" passwordless_device_id=""  /></response>

Am I missing something? Thanks!

Hi, I am trying to export my MFA codes from lastpass using this script. I get an error below when trying to run it. Does anyone have any idea?

Sam@Sams-MBP Desktop % python3 lastpass-authenticator-export.py -u *******@gmail.com Password: Traceback (most recent call last): File "lastpass-authenticator-export.py", line 188, in <module> main() File "lastpass-authenticator-export.py", line 182, in main user_data = get_mfa_backup(session, csrf) File "lastpass-authenticator-export.py", line 108, in get_mfa_backup return r.json()['userData'] KeyError: 'userData'

I've recently wanted switch out of LastPass and discovered they didn't have this functionality and this script really saved the day.

I am for sure typing out my password correctly and properly typing in my email and OTP, but I still get a login failed error. Looking through your code, I can see that you print out the text of the login response, but there is none. Is that supposed to happen?

Allow for passing in the "accounts.json" manually export file.. For example I do not backup my lastpass authenticator on the cloud and my cloud account has been closed.. I can do a manual export in json format and would be nice to allow an option to reference it directly instead of credentials.

Describe the Bug

When running script:

$ ./lastpass-authenticator-export.py -u [email protected]

and enter my password, I get:

Traceback (most recent call last):
  File "/mnt/wd1000/BTSync/RPi conf files/dev/lastpass-authenticator-export/./lastpass-authenticator-export.py", line 176, in <module>
    main()
  File "/mnt/dev/lastpass-authenticator-export/./lastpass-authenticator-export.py", line 169, in main
    session, csrf, key = login(username, password, otp)
  File "/mnt/dev/lastpass-authenticator-export/./lastpass-authenticator-export.py", line 51, in login
    iteration_count = iterations(username)
  File "/mnt/dev/lastpass-authenticator-export/./lastpass-authenticator-export.py", line 32, in iterations
    iterations = int(r.text)
ValueError: invalid literal for int() with base 10: ''

When I tried to debug, I tried to print r.text from def iterations but it comes up as empty. When I print r.status_code that is equal to 420 https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#Unofficial_codes

Let me know if I can do anything to help solve. I'd really like to be able to get my QR codes!

Tried running this recently and got the following error.

Traceback (most recent call last):
  File "lastpass-authenticator-export.py", line 191, in <module>
    main()
  File "lastpass-authenticator-export.py", line 186, in main
    mfa_data = decrypt_user_data(user_data, key)
  File "lastpass-authenticator-export.py", line 121, in decrypt_user_data
    plaintext = unpad(
  File "/.../local/lib/python3.8/site-packages/Crypto/Util/Padding.py", line 92, in unpad
    raise ValueError("Padding is incorrect.")
ValueError: Padding is incorrect.

No 2FA enabled.

When using the script provided as is right now you will get the following response in CLI.

1. python3 script.py -u [email protected] -o OTP
2. Password: (it prompts password and I enter it)
3. Login failed!
<response><error server="lastpass.eu" message="Please update to the latest version of LastPass." /></response>

When exporting my Lastpass Authenticator entries I've noticed that some entries do not have AccountID defined hence the reference to the QR code png is ".png" for multiple entries.. that caused issues..

Would be best to use a random key for each and insure that each QR code src is unique.