According to their web site Duo allows for the use of HOTP tokens, so there's probably not much benefit to reverse engineering their proprietary token type.

I think what they mean is that the duo app can support HOTP. i.e. The duo app can act as a replacement for freeotp or google authenticator. However, if your organization uses Duo, you are stuck with the duo app for now.