-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bna restore: bna.http.HTTPError: mobile-service.blizzard.com returned status 502 #38
Comments
If you want to fix it and submit a patch I will review and merge it, but in general I don't have a way of actively maintaining it. |
I am guessing the overall method for api is different now so not working... Its been 10 years since I worked with python, so I'll just use the ios authenticator. |
Yes as blizzard deprecated the battlenet authenticator and replaced it with battlenet messenger with authenticator included, they changed probably the api endpoints. I already looked a little bit how the new works but didn't find something. |
I tracked the dns requests and found the domain authenticator-rest-api.bnet-identity.blizzard.net that has an swagger ui: (Dont know why blizz has that documentation online because i don't think they want third party implementations) https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator/device deviceSecret is the secret as hex. Biggest issue is that you need an oauth 2.0 with a specific scope that probably not avail with this way: https://develop.battle.net/documentation/guides/using-oauth |
ix it possible to get that scope by snooping in the app binary or something? |
The scope is auth.authenticator (you can see it on the swagger page if you press the authorize button), i dont have much time at the moment, so i don't look further into the oauth auth with this scope. |
Now this gets my interest. I'm writing a simple Rust binary for this. (i hate installing fuckloads of libraries lol) Hopefully done this weekend if I don't hit any roadblocks. |
Yup. Turns out you can't just ask for auth.authenticator scope and be granted that. I tried authenticating with various scopes plus that scope but turns out directly asking for auth.authenticator as some random app is just impossible, it gets silently blocked. I tried entering the access token into the authenticator swagger, no joy saying "must-revalidate" after trying out one of the urls. This is what I got from redirecting to the swagger
We need another approach for this. Maybe even some gray area methods by trying to get the Battle.net app info. For now, I can try sniffing the REST GETs and POSTs of the app with wireshark androiddump and see if there's something that can be useful. |
The api works with the extracted devicekey from the battlenet app. So yes thats the way it should work. |
@mx03 how do you extract the devicekey? and also we need a way to either distribute the key (kinda grey area legal) or provide a way for people to reliably extract the device key. Once done, I can finish my implementation within a few days. |
Sorry i meant the client id, its stored on a android device in this file under <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="com.blizzard.messenger.AUTHENTICATOR_CREDENTIALS_ENCRYPTION_TYPE">AES</string>
<boolean name="com.blizzard.messenger.AUTHENTICATOR_SETUP_POSTPONE_LOGIN" value="false" />
<string name="com.blizzard.messenger.AUTHENTICATOR_RESTORE_CODE">Y</string>
<string name="com.blizzard.messenger.PREF_AUTHENTICATION_PROVIDER_CLIENT_ID">C</string>
<string name="com.blizzard.messenger.AUTHENTICATOR_DEVICE_SECRET">X </string>
<string name="com.blizzard.messenger.PREF_AUTHENTICATION_PROVIDER_HOST_URL">oauth.battle.net</string>
<string name="com.blizzard.messenger.AUTHENTICATOR_BGS_REGION_CODE">EU</string>
<string name="com.blizzard.messenger.AUTHENTICATOR_SERIAL">R</string>
<long name="com.blizzard.messenger.AUTHENTICATOR_SERVER_TIME_DIFF" value="0" />
</map> |
LOL IT FUCKING WORKED HAHAHAHAHA THANK YOU SO MUCH @mx03 Sadly that forces everyone to download the app and login once before getting the client ID. Are you actually sure about the client ID being per-user? I'm gonna test with different accounts later if you haven't tried that. And would non-rooted users be able to access that directory? For those waiting for an app to automate these steps. (only slightly due to the way of getting the client ID/device secret) This is what I did:
|
Maybe there is an API that allows us to grab a custom per user client ID like the app but that's highly improbable. |
As the app has certificate pinning i haven't the time for look into more details, but it shouldn't be hard to make an oauth auth like the app and get the client id. |
@mx03 does your client id start and end with 'b' and 'a' respectively? Because if so, the client ID is the same everywhere. I tried with two accounts and it is the same. Just wondering if it's also the same on all devices. Just wondering because maybe we can just distribute the client ID since it's hard/impossible for people without rooted phones to get the client ID anyways. |
Yes start with b and ending with a. So it seems it is the same. Just thought about oauth and yes the client id is no secret https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/ . Just half year ago i implemented oauth myself just forget the naming and the use of the clientid. |
Reckoned I'm backed into a corner on this one. The localhost redirects are not whitelisted for this client ID and only allows redirect to the Swagger UI (https://authenticator-rest-api.bnet-identity.blizzard.net/swagger-ui/oauth2-redirect.html) and probably the localhost address pointing to the messenger. I'm wondering how do Android apps implement OAuth2 with just a client ID then redirect to the device's web viewer/bowser? Snipping full HTTPS URLs is impossible so the only way to figure this out is by trying to reverse engineer it lol So ye, it's kinda pointless even to make an app for this if you can't ask for an oauth2 token from the device with the client ID provided. I'm putting the client ID of the Battle.net Messenger |
Yes this way probably only works with an electron app that can fetch the token from the returning url. The android app itself does this login request The response url is |
@striczkof Think the clientid might have changed, as I just tried this and get back |
@lightmaster Did you tick the "auth.authenticator" scope before trying to login? think I might have forgotten to add that in instructions. |
@lightmaster Oh ye I did forget 💀 |
90% sure I did, but I'll run it again to make sure |
I was wrong, apparently I didn't tick that box. Got serial, restorecode, and secret back. Thx |
@striczkof thank you so much for solving this, finally can have totp in bitwarden for blizzard |
I did @striczkof described (using the above device ID) but whenever i try and attach the converted device secret to a password manager (tried 1password and MS Authenticator) i only get 6 digit codes, which are then not accepted by the BN client. EDIT: Nevermind. I created the QR code wrong. Works in 1Password now. |
I managed to get the AUTHENTICATOR_DEVICE_SECRET string from a rooted phone method, but I could not figure out what to do next and could not get it working by trial and error. For me AUTHENTICATOR_DEVICE_SECRET are 2 base64 strings separated by comma with length 64 and 24. What am I doing wrong? |
Same here, the API method seems to be patched when going to the swagger-ui:
So the root method is the only option, I got the XML however its all bytes I believe after base64 decoding it. |
LOL I thought the same too, but apparently, they did not get rid of it. They just changed the URL to https://authenticator-rest-api.bnet-identity.blizzard.net/webjars/swagger-ui/index.html (redirect from https://authenticator-rest-api.bnet-identity.blizzard.net/) and the client ID still works somehow. (tried getting my serial and restore and it works) As for the device secret, they probably changed its format. I gotta check when I have free time. |
I just wanted to chip in and provide my 2 cents about this one. I followed above instructions and turns out you do not need to have the authenticator installed, do not have to use a special clientID. Just do the following to get 2fa secret:
As you can see, lots of overlap, but streamlined process. Hope this helps the next person! Thanks @mx03 and @striczkof! |
My apologies if this is too far off-topic, but I was able to use all the tricks that have been documented here to generate a QR code that works in Google Authenticator, but when I try to use it with Authy, I get a "Invalid format" "Token format not supported." error message. Does anyone have any ideas? |
I was able to add it to Authy by creating a QR code using |
Thank you so much, that works! |
For those in the Apple ecosystem with no access to Windows: Follow the steps in this comment, but install this free app on your iPhone or iPad as an alternative to Charles Proxy. No other device needed. |
How do I get Bearer Tokens without using Charles |
Bummer this does not work on Android. Recent Android releases adopt a safe-by-default method for using custom CAs. Each app has to be manually configured to accept the Charles CA, which we can't do since we don't have access to the app source. Sucks. I hate you, Blizzard. |
I have another way of doing this without needing to use the Battle.net App. i'll post a guide later |
Here is another way without having to use the Battle.net App1. Retrieve SSO Token:
2. Get Bearer Token:
3. Get Serial & Restore Codes:
4. Get Existing Authenticator Device Secret:
5. Create and Add a New Authenticator:
6. Add Authenticator to Password Manager.
|
That works, thanks @BillyCurtis ! Notes for others:
|
Hi Billy, I just tried this and died on step 2 with {"error":"invalid_token","error_description":"Invalid SSO token."}. I've tried it twice with two separate logins and SSO tokens. There seem to be a couple of places I could be going wrong.
Cheers! |
Hello Everyone, I've been able to replicate the OAuth, you will need to first login into your account at account.battle.net The open Dev Tools from the browser, go into Cookies Section and get the following value of the Cookie: You will need to copy it and use in OAuth to get the bearer token to use in the Authenticator Rest API: I've made Javascript script to do that but it can be converted to python too: async function generateToken() {
const headers = {
'Host': 'account.battle.net',
'accept': 'application/json; charset=UTF-8',
'content-type': 'application/json; charset=UTF-8',
'user-agent': 'Battle.net/7123 CFNetwork/1404.0.5 Darwin/22.3.0',
'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8',
};
const url = 'https://account.battle.net/login/sso/generate';
const data = {
program_id: 'BSAp',
platform_id: 'ios',
client_version: 1,
login_ticket: '[BA-tassadar COOKIE USE IT HERE]'
};
const options = {
method: 'POST',
headers: headers,
body: JSON.stringify(data),
};
try {
const response = await fetch(url, options);
const dataResponse = await response.json();
return await oauth(dataResponse.authentication_token);
} catch (error) {
console.error(error);
throw error; // Rethrow the error to propagate it up
}
}
async function oauth(generated_token) {
const headers = {
'Host': 'oauth.battle.net',
'accept': '*/*',
'content-type': 'application/x-www-form-urlencoded; charset=utf-8',
'user-agent': 'BlizzardSocial/1.24.2 (com.blizzard.social; build:7123; iOS 16.3.1) Alamofire/5.8.0',
'accept-language': 'en-BR;q=1.0, pt-BR;q=0.9',
};
const url = 'https://oauth.battle.net/oauth/sso';
const data = {
client_id: 'baedda12fe054e4abdfc3ad7bdea970a',
grant_type: 'client_sso',
scope: 'auth.authenticator',
token: generated_token
};
const body = new URLSearchParams(data);
const options = {
method: 'POST',
headers: headers,
body: body,
};
try {
const response = await fetch(url, options);
return await response.json();
} catch (error) {
console.error(error);
throw error; // Rethrow the error to propagate it up
}
} These 2 Functions are used to generate the SSO Token and the other one retrives the Bearer Token to use it then after having the bearer token you are free to use in the request for the rest api like that: async function fetchAuthenticatorData(bearerToken) {
const url = 'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator';
const headers = {
'Host': 'authenticator-rest-api.bnet-identity.blizzard.net',
'accept': '*/*',
'user-agent': 'BlizzardSocial/1.24.2 (com.blizzard.social; build:7123; iOS 16.3.1) Alamofire/5.8.0',
'accept-language': 'en-BR;q=1.0, pt-BR;q=0.9',
'authorization': `Bearer ${bearerToken}`,
'Content-Type': 'application/json',
};
const options = {
method: 'POST',
headers: headers,
};
try {
const response = await fetch(url, options);
return await response.json();
} catch (error) {
console.error(error);
throw error;
}
} |
Resolved my problem. In step 1, I grabbed the sso token at the 404 page. However, it changed between this page and the account overview. My success path was:
Thank you to all of the thread contributors - much appreciated. |
Using the SSO token from the 404 page URL should work without having to get it from the |
I thought so too, but it failed several times for me using the token from the 404 page. I've just rechecked, and the So I'm not sure what is different for me? Maybe firefox, maybe the fact that I already have the Blizzard authenticator setup and I'm just trying to recover the devicesecret? Regardless, I thought I would share as it may provide a resolution for others. |
For anyone unable to locate the SSO Token in step one you may already have the authenticator added like me (for the sweet sweet push notification approval). In that case you need to go to the Security Section of your Account page and select Get Restore Code. Then open dev tools and find the required token as described. This thread should be made into a wiki if you ask me. |
Blizzard killed my 2fa cuz I still had an old version of their authenticator authorized. Trying @BillyCurtis's steps, and I get the SSO-token and the bearer token, but when I try to add a new authenticator, I get this response:
|
I believe that the |
Read carefully.. You have to specify an phone number to your account in order to create a 2FA. This is their fallback method |
@ldehaas1612 @L-Goncalves Just found that when reading all the messages since last time I had to do this dance with Blizzard. Today I had just looked at the most recent set of instructions and didn't realize there had to be a phone number on the account. Also, I definitely had a phone number on it before cuz the verification message when I just added my number showed the last time they sent verification to my number. Not sure why they removed my number at some point. EDIT: It worked now, thanks. |
Trying to follow @BillyCurtis's method and it fails for me at step 3 Can someone confirm if this method still works? |
Go straight to step 5 after you get the bearer token if you don’t already have an authenticator |
Thank you, I have successfully obtained the device secret following your tutorial. |
I'm pleased to report that @BillyCurtis's refined steps here: still work like a charm! I received the dreaded e-mail today that my legacy authenticator was removed from my account so I had no authenticator, and they also reset my password. I followed the password reset e-mail, logged in, did step 1 & 2, skipped to step 5 and everything went perfectly. I was able to logout and back in, was prompted for the auth code, and the andOTP worked using: Type TOTP Thanks to everyone who contributed here! |
#38 (comment) So what worked for me was first following steps to get the Bearer token from #38 (comment) by @L-Goncalves I only needed the first code but had to convert it to python because I didn't know how to run it properly as a js file. Here's my python version of the code which seemed to work:
Then I followed @BillyCurtis 's tutorial from there, but for me the formatting of the curl commands didn't work on my end, so I figured out that I had to remove the backslashes and change the single quotes to double quotes, then making it all a single line So for example his first curl command
was changed to this:
Which then worked. And pasting your entire otpauth URL right in that field and hitting save Took a bit to figure out but now it works great!~ Thanks so much guys for helping us with this! |
Thanks to #38 (comment)
When I came back to the tab where I was login I had to login again. It asked me for the auth code. Used the one in Aegis and worked like a champ! |
Hello everyone. Thanks to @BillyCurtis and @Gigafrost, I made it too! I have wrapped up both their methods, tested, and rewrote them for people who still are facing issues. Here is my guide on how to attach an authenticator to a Battle.net account. Before Starting...
Perquisites
Step 1. Retrieve SSO Token
Step 2. Get Bearer Token
Step 3. Attach a New Authenticator
Additional Notes
Step 4. Setup the Attached Authenticator to a TOTP URL
Credits |
Is this project still supported? Not sure how much you can do if the battlenet endpoints got changed, but maybe someone has an idea.
The text was updated successfully, but these errors were encountered: