Blizzard Authenticators May Become Mandatory

[wheunis]

Is there a windows mobile emulator?
There should be.

EDIT:

Get it here : http://www.microsoft.com/downloads/...af-12e3-4b2f-a394-356e2c2fb114&DisplayLang=en
A friendly article: http://www.downloadsquad.com/2008/0...ulator-lets-you-run-windows-mobile-6-on-your/

Okay, so perhaps running this and WoW at the same time is a bit of a stretch on system resources. But, if you have a laptop lying around ...

This will not work.
You can tattoo that somewhere if you like, coz it wont change.
Will NEVER work.

For the most part, because the authenticator generates its serial number based off a series of internal values from your phone.
What those exact values are nobody would ever be allowed to know.

The range of possiblities however include:
Phone serial nr.
Phone IMEI nr.
Phone Model Code.
Phone OS version.
Phone OS product key.
...
the list goes on.


Emulators are just for testing an application's compatibility and features.
Seeing as emulators have neither of the above values, and if they do, have them wrong, it wont work.

 

[wheunis]

And what about the actual authenticator where would u download for use via this emulator? When u buy it via blizz they send you the link for your particular phone via sms?

Yes you go to website.
Enter cell number, phone compatibility irrelevant.
Wait for sms with link.
**Open link on Phone to which authenticator must be installed (Phone must be on compatible list or error message will reject the download)

**By using Firefox and the UserAgentSwitcher (plugin) to change your browser into identifying itself as if it were the phone in question, you would be able to download the package successfully onto your PC.

This is essentially how i can help ppl get it on any Windows Mobile phone, even if it is unsupported in the list.

Once on the PC, simply Bluetooth/USB it to the phone and install.

Yet again, for reiteration, this will not work on an emulator.

 

[Tinuva]

Actually Wheunis, a guy posted a howto on the official blizzard forums after he got it working on a emulator on his winblows pc. So that throws your theory out the windows.

Also, its java, and java is the easiest language in the world to decompile. Now I am sure blizzard took it a few steps futhers and made a lot of strings in hex ect to make it harder to figure out the code, but I am sure anyone can figure it with enough time.

The big thing here is, if the hackers don't have the serial you attached to your account, they can;t hack it, but I am sure if they can find that serial they can make minimal changes to the decompiled code and add the serial and tada they have a copy of your authenticator.

Which is why I wouldn't trust it on windows, but it can work on windows.

 

[wheunis]

Actually Wheunis, a guy posted a howto on the official blizzard forums after he got it working on a emulator on his winblows pc. So that throws your theory out the windows.

Also, its java, and java is the easiest language in the world to decompile. Now I am sure blizzard took it a few steps futhers and made a lot of strings in hex ect to make it harder to figure out the code, but I am sure anyone can figure it with enough time.

The big thing here is, if the hackers don't have the serial you attached to your account, they can;t hack it, but I am sure if they can find that serial they can make minimal changes to the decompiled code and add the serial and tada they have a copy of your authenticator.

Which is why I wouldn't trust it on windows, but it can work on windows.

That being the case, if it has been done, i apologize.

Having looked over the case you presented from the forums, this was no everyday task though.
It might sound simple on first glance...

That being said, if i owe anyone for tattoo removal lemme know.

About the decoding Java.
Blizzard has taken very strong steps towards keeping that from happening. I'm not saying just because I cant do it, nobody can. I just don't have the time or resources available to run a decryption algorithm for the next 3 years to break their code lol.

Rest assured though, Tinuva is absolutely correct. Even if they do "crack" the code, they cant do anything without your specific serial number, and further they would also need your "synchronization code" (the code generated by the authenticator server that is saved on your device at the time of installation).
This code also changes each time you "resync" the authenticator application.


EDIT: Upon looking further into the matter, it would seem i was only HALF wrong. Yes the authenticator app will RUN on the emulator, but it seems that it loses it's original "security token" upon restart/close/exit/etc.
What this means is, each time you wanna use it, you MIGHT need to unbind your authenticator from your account, and rebind it. This will include a phone-call to blizzard to prove ownership before they will unbind the authenticator.

EDIT-EDIT: Further research indicates that the EU Guild, Nihilum, has managed to re-engineer the authenticator app into a usable, emulated, mini-java-applet for Windows XP/VISTA/7.
For further information see http://www.nihilum.eu/news/

Dont ask me! I just found it!

 

[MrG]

No version for N97 yet

 

[davemc]

Thanks for the link to the Windows applet wheunis.

 

[wheunis]

Thanks for the link to the Windows applet wheunis.

As far as i gather its still in development/testing, so they require you email them stating you wanna test it... at least thats how far i read down the page lol.

 

[Tinuva]

Hehe, I must admit, I saw the post on the Blizzard forums, never completed reading it so my apologies for that, because you are probably correct regarding the issue if you restart it the codes and so are lost, and it makes completely sense, as I never remembered the emulators I used to use at University to store any data like most phones do nowadays.

I just used it to code a simple game for a phone application project we had at one point a network coding coarse.

The applet sounds cool, but I will stay with my Nokia 6210i for now until I can get my hands on a proper authenticator.