Battle.Net 2FA

[Ischtaratu]

Summary

Reference to ISSUE #4936

Until now, the Blizzard Battlenet Authenticator could be imported into KeePassXC via a detour via WinAuth and the extration of the secret key.

Today (December 2023), however, this no longer works because Blizzard has changed its accesses.

It would therefore be desirable to check whether there are alternative ways to use the TimeBased Code in KeePassXC.

I do not consider an app on a cell phone to be sufficiently secure.

THX

[notNSANE]

I came here to post this ( I was also the OP of #4936 ), so thanks!

What kind of auth Blizzard uses now?

[Offerel]

As I understand it, the algorithm is still the same. But a new serial number is needed and therefore you get a new secret key. I haven't used Battle.Net for a long time, and the current prices for games like Diablo IV more than put me off. However, there will probably be a way to read the secret key and the serial from the current app. I could imagine that this is possible with ADB, at least on Android. You might need root rights, but I haven't tried that yet as I haven't used the thing for ages.

When I have more time I can try to migrate the data. But there is also the possibility that the old code will continue to work. I would wait until the day of the migration and see what happens.

[orariley70]

I actually downloaded the new Battle.Net Mobile App and set up the new authenticator there. The OTP on the App and the one generated off my KeePass database actually is the same. I think you just have to download and accept migrating the authenticator to their new app, so your current authenticator secret is no longer marked for being killed off by Blizzard past the date.

[Peter774]

I actually downloaded the new Battle.Net Mobile App and set up the new authenticator there. The OTP on the App and the one generated off my KeePass database actually is the same. I think you just have to download and accept migrating the authenticator to their new app, so your current authenticator secret is no longer marked for being killed off by Blizzard past the date.

Thanks for trying it out. Your solution worked for me too. I wonder what is Blizzard next move regards 2FA is. I hope that they won't shift towards on-line authenticator like Microsoft did. If not we could generate new tokens using https://github.com/jleclanche/python-bna just like always.

[BuongiornoTexas]

| If not we could generate new tokens using https://github.com/jleclanche/python-bna just like always.

Not so much at the moment. https://github.com/jleclanche/python-bna/issues/38

BTW, does anyone here have any suggestions for extracting the secret from the IOS app without rooting the device? (I'm guessing the answer is no, but thought I would ask anyway).

[seniorm0ment]

@orariley70 For clarity you just downloaded the new app, signed in, and you didn't have to touch anything in your Keepass entry? The codes generated by keepass still work? And then you can uninstall the app without issue?

[NiyaShy]

Someone found a way to create/manage the 2FA token values without the app. See here. Tried it on windows with powershell 7 and just needed steps 1, 2, 5 and 6 to create a new token. (side note: if you use powershell, you have to remove the backslashes and line breaks in the commands)