Jump to content

WoW Authenticator


Guest tcpa41

Recommended Posts

Hello guys,I'm thinking about implementing WoW Authenticator in Mangos.

So,to kick off, does someone know how to activate the enter digital code screen in the client? I think that server must send back some additional auth required flag to client after the client requests authentication. Am i correct?

Link to comment
Share on other sites

As I suspect this authenticator is just an ActiveCard solution, you would have to run an ActiveCard server to have the proper challenge/response from the server side. And then you would need to declare the tokens for this service to recognize the tokens sent code.

So in 2 words: forget it.

Neo2003

Link to comment
Share on other sites

  • 3 weeks later...

My blizz authenticator works like this

1. I type in my email and password and presses connect.

2. An authenticator window pops up

3. Pressing my authenticator and a code will show up, the code changes every 20-30 sec.

4. The code will disaper if i dont writ it in 10-15 sec, and if i press it again the same code will pop up.

5. I write in the code and then i will be able to log in.

next time you start the game you will be able to write it in before you press connect.

I wouldt try to make one.

Link to comment
Share on other sites

There's a flag in realm packet, that forces client to show "Enter pin" popup.

AuthSocket.cpp

pkt << uint8(securityFlags);            // security flags (0x0...0x04)

if(securityFlags & 0x01)                // PIN input (no idea wtf is that)
{
   pkt << uint32(0);
   pkt << uint64(0) << uint64(0);      // 16 bytes hash?
}

if(securityFlags & 0x02)                // Matrix input (The9 matrix cards)
{
   pkt << uint8(0);
   pkt << uint8(0);
   pkt << uint8(0);
   pkt << uint8(0);
   pkt << uint64(0);
}

if(securityFlags & 0x04)                // Security token input (aka authenticator)
{
   pkt << uint8(1);
}

Link to comment
Share on other sites

  • 2 months later...

Basically, the authenticator is a timed token generator.

You've a token sequence X1, X2, ..., Xi where Xi=f(Xi-1).

The authenticator is nothing but a simple microcontroller with a timer set to 30 seconds, an interrupt on the button and a screen.

On each timer interrupt, it updates its internal value. When you push the button, it power up the display and keeps active for some time. The rest of the time, it's in "sleep" mode which allows to lower it's power consuption.

Blizzard-side, when you've an authenticator, the server saves the time stamp and the Xi for that time stamp. when you log in, it computes f(f(f(...f(X)))), saves it with the new time stamp and check the value you've entered. Well, it keeps Xi-1 and also compute Xi+1 and test for the three values.

Without knowing the actual function, it'd be impossible to implement the official authenticator. But the authenticator mecanism can be implemented with a custom made authenticator...

We could have our own algorithm and mangos-authenticator programs for Windows, Linux, MacOS/X, Android and iPhone/... We may even design a small authenticator system with a cheap PIC or AVR microcontroller, a quartz (for precise timing), 2 capacitors, a transistor (to control the power of the LCD display) and an LCD display. Add a press button, a battery and you're done.

mangos-authenticator would also require a web-side administration which should allow to add an authenticator, remove it and emergency-remove (battery down for example, with a confirmation by E-Mail).

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use