## Here is another way wThank you, I have successfully obtained the device secret following your tutorial.ithout having to use the Battle.net App

ningmeng52022 commented 6 months ago

          ## Here is another way without having to use the Battle.net App

1. Retrieve SSO Token:

Go to https://account.battle.net/login/en/?ref=localhost. After logging in, ignore the 404 Error, but copy the token following ST= from the URL.
- Example: EU-84902f44j57m687039586j7egdfa0a54-1165739690

2. Get Bearer Token:

Replace <SSO_TOKEN> with the token you got from step 1 and execute the following curl command to obtain the Bearer Token:

curl -X 'POST' \
'https://oauth.battle.net/oauth/sso' \
-H "content-type: application/x-www-form-urlencoded; charset=utf-8" \
-d "client_id=baedda12fe054e4abdfc3ad7bdea970a&grant_type=client_sso&scope=auth.authenticator&token=<SSO_TOKEN>"

Response:

{"access_token":"XXX","token_type":"bearer","expires_in":0,"scope":"auth.authenticator","sub":"XXX"}

Copy the Bearer Token to use in steps 3, 4. or 5.

3. Get Serial & Restore Codes:

Use the Bearer Token to fetch the Serial and Restore Codes of an existing authenticator:

curl -X 'GET' \
'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator' \
-H 'accept: application/json' \
-H "Authorization: Bearer <BEARER_TOKEN>"

Response:

{"Restore Code": "XXX", "Serial Number": "XXX"}

4. Get Existing Authenticator Device Secret:

Use the Bearer Token, Serial, and Restore codes to retrieve the Device Secret of an Existing Authenticator:

curl -X 'POST' \
'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator/device' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer <BEARER_TOKEN>" \
-d '{
"restoreCode": "<RESTORE_CODE>",
"serial": "<SERIAL>"
}'

Response:

{"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}

5. Create and Add a New Authenticator:

Use the Bearer Token to create and add a new authenticator to the users account :
```
curl -X 'POST' \
'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator' \
-H 'accept: application/json' \
-H "Authorization: Bearer <BEARER_TOKEN>" \
-d ''
```
- Response:
```
{"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}
```
6. Add Authenticator to Password Manager.
- After you have obtianed the deviceSecret convert it from hex to base32 using echo "deviceSecret" | xxd -r -p | base32 on Linux/macOS or cryptii.com if on Windows
Replace deviceSecret in the following URL: otpauth://totp/Battle.net?secret=deviceSecret&digits=8 with the newly obtained base32 device secret, and you should have a working TOTP.

Originally posted by @BillyCurtis in https://github.com/jleclanche/python-bna/issues/38#issuecomment-1902482544

stacksjb commented 6 months ago

I just went through this, migrating to a new TOTP app (Byebye Authy, no thanks for terminating your Desktop app...)

A couple notes to help simplify: 1) If you already have an authenticator, you will do steps 3 and 4 (NOT 5) - you will request the secrets for your existing Authenticator into your TOTP app. 2) If you do NOT have an authenticator already attached, you will do step 5 (not 3 and 4), and create a new one. NOT both (If you try step 5 and already have an authenticator, you'll get an error that one is already attached - you can't attach a new one).

Also, for the HEX-> Base32 conversion, If you are on MacOS, they don't include base32 by default (you can install with brew, "brew install coreutils"). However, I'd just use Cyberchef (it's simpler than cryptii, doesnt' store data, and works on any platform.)

You can use this link: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')To_Base32('A-Z2-7%3D')

sbates commented 5 months ago

I appreciate this a lot. I used this method to setup battle net with 1Password.

Mazwak commented 4 months ago

Thanks a lot.

Worked perfectly to create a new token.

You could write that you can go to step 5 (skip 3 and 4) if you don’t have one already.

Foxtrod89 commented 3 months ago

works fine with gauth, just pass it via qr code

PoisonFrog commented 2 months ago

First step wasn't working in Firefox but it worked when I switched to Chromium. Thank you.

n3ih7 commented 2 months ago

Thanks @stacksjb, this method works.

christopherthake commented 2 months ago

Followed this guide and eventually got it working. I found I always got an error using the built-in macos curl. Installed curl using homebrew and setup the PATH to use brew curl.

I did this for kpxc and just needed to select Custom Settings in the Setup TOTP then paste in the deviceSecret

IceSoulZ commented 1 month ago

Why don't I get a 404 error after the first step, but instead I'm asked to enter a validator numbe 微信截图_20240715190005

BillyCurtis commented 1 month ago

Why don't I get a 404 error after the first step, but instead I'm asked to enter a validator numbe

It’s because you already have an authenticator setup. if you enter the code does it then take you to the 404 page?

jleclanche / python-bna