search

jleclanche / python-bna

Python implementation of the mobile Blizzard Authenticator (TOTP)
https://eu.battle.net/support/en/article/24520
MIT License
256 stars 38 forks source link

Here is my guide on how to attach an authenticator to a Battle.net account #42

Open wpeii opened 3 weeks ago

wpeii commented 3 weeks ago
Reposting my comment (see #38) as a new issue.

Hello everyone. Thanks to @BillyCurtis and @Gigafrost, I made it too! I have wrapped up both their methods, tested, and rewrote them for people who still are facing issues. Here is my guide on how to attach an authenticator to a Battle.net account.

Before Starting...

  1. This guide is only made for attaching a new authenticator.
  2. I have only tested this on a Windows machine.
  3. Everything here is based on my own results, and may differ for you.

    Perquisites

  4. Have a phone number linked to your Battle.net account.
  5. Check if you have an attached authenticator to your Battle.net account and go ahead detaching it by going to account.battle.net > Security > Battle.net Authenticator - click "Detach" > and confirm by clicking "Detach" again. If you do not have an attached authenticator, skip this and go to Step 1.

    Step 1. Retrieve SSO Token

    • Go to account.battle.net/login/en/?ref=localhost. Log in, and ignore the "404" error. From the URL bar, look for the "ST=" entry and copy the SSO token following it.
      • This is how the SSO Token should look like: EU-u33pyxqgx5l73zu936oujss6mabeyhry-1177987422 or US-u33pyxqgx5l73zu936oujss6mabeyhry-1177987422
      • The token starts with either "EU" or "US" depending from which country you logged in from.
      • If you received an error with the SSO Token in steps to follow, use a VPN to change the beginning format of the token. For example, if you received an error with an SSO Token that starts with "EU", then use a VPN to route your connection to the United States (make sure that you are at us.account.battle.net/login/en/?ref=localhost (or eu.account.battle.net/login/en/?ref=localhost if you are routing your connection from the United States to an EU country)) and retry Step 1 to retrieve an SSO Token that starts with "US" (or "EU"). This will not affect your Battle.net account region/payments/pricings or any similar settings and is intended for the authenticator only.

        Step 2. Get Bearer Token

    • Replace <SSO_TOKEN> with the SSO Token you retrieved from Step 1 in the following command and execute it to obtain the Bearer Token.
    • Open CMD.
    • Run: 
      curl -X "POST" "https://oauth.battle.net/oauth/sso" -H "content-type: application/x-www-form-urlencoded; charset=utf-8" -d "client_id=baedda12fe054e4abdfc3ad7bdea970a&grant_type=client_sso&scope=auth.authenticator&token=<SSO_TOKEN>"
      • Response that you should be getting: {"access_token":"XXX","token_type":"bearer","expires_in":0,"scope":"auth.authenticator","sub":"XXX"}
    • Save the response somewhere safe, keep CMD open, and go ahead to Step 3.

      Step 3. Attach a New Authenticator

    • Replace <BREARER_TOKEN> with the Bearer Token you retrieved from Step 2 in the following command and execute it to attach an authenticator to your Battle.net account and obtain Device Secret.
    • Run: 
      curl -X "POST" "https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator" -H "accept: application/json" -H "Authorization: Bearer <BEARER_TOKEN>"
      • Response that you should be getting: {"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}
    • Now you have successfully attached an authenticator to your Battle.net account.
    • Save the response somewhere safe too and read Additional Notes below.

      Additional Notes

    • Save both responses from Step 2 and Step 3 somewhere safe. Do NOT save it in your password manager as it may cause a security risk. Treat them like backup/recovery credentials. Feel free to save SSO Token too.
    • You can close CMD now.

      Step 4. Setup the Attached Authenticator to a TOTP URL

    • After you have obtained deviceSecret, convert it from hex to base32 using cryptii.com/pipes/hex-to-base32.
    • Place deviceSecret with the following TOTP URL with the newly obtained Device Secret, and you should have a working TOTP URL.
    • otpauth://totp/Battle.net?secret=deviceSecret&digits=8
    • Lastly, paste the TOTP to an authenticator app or a password manager that supports TOTP.

      Credits

    • #38 (comment) by @BillyCurtis.
    • #38 (comment) by @Gigafrost.
Dobbelklick commented 1 week ago

Worked perfectly. I only had a problem with getting the SSO token because I didn't log out before using the first link.

Archelius92 commented 1 day ago

Step 3 is not giving me a response, it comes back as blank