Blizzard Authenticator Support

[roshavagarga]

Is this possible?

[alexbakker]

Did you try extracting the secret and entering it into Aegis?

[roshavagarga]

How would one go about doing that? Secret extraction I mean? Also, blizz uses 8 digit codes, not sure if that's an issue.

[alexbakker]

It looks like Blizzard Authenticator uses its own deformed version of TOTP. Can you try setting up https://github.com/jleclanche/python-bna and importing the otpauth URL into Aegis?

[roshavagarga]

I don't actually run Linux on my PC, so I have no idea how to make that work on Windows...

[alexbakker]

Python works the same on Windows as it does on Linux for most things. Unless python-bna does something platform specific, it should just work.

I'll give python-bna a shot at some point, unless you beat me to it.

[michaelschattgen]

I will try to extract my own secret from the Blizzard launcher using python-bna myself later this day.

[roshavagarga]

Feel free to notify me when you've tested this out so that I can close this. Can't set up python-bna on my own atm.

[michaelschattgen]

Sorry! I've tested it and its works fine in Aegis. Although you need to install and set up python-bna yourself in order for this to work.

[roshavagarga]

Thanks for the info! I'm guessing there's no way that can be done via the app itself, since nobody has gone through the motions of turning python-bna into a module/library?

[michaelschattgen]

The reason why we don't support this method is because Python-BNA does some network requests to Blizzard endpoints. Aegis currently doesn't have any networking functionality and we would like to keep it this way from a security standpoint.

What is the reason why can't setup python-bna yourself? If you think it's too difficult to set-up, we can try to wrap python-bna into an executable which should make it easier for you to run.

[roshavagarga]

Mostly your latter point, yeah, I'm finding setting up Linux just for python-bna to be hard for most people. An executable would be better and I understand why you don't want to have Aegis change its permissions, didn't know python-bna required network access :)

[alexbakker]

Right, that would be too hard for most people. What I meant was that you don't actually need to install Linux. It should also work on Windows. @michaelschattgen tested this and it turns out that it does.

I've wrapped python-bna in an executable using PyInstaller: bna.zip. Want to give it a shot?

[Iolaum]

I just got it working. Steps were:

1. Get Blizzard Authenticator app and enable it
2. Get serial number and restore code from app
3. Install python-bna, in my case by cloning the repo and installing locally with pip3 install --user -e .
4. Restore authenticator with bna restore --set-default $SERIAL $CODE
5. Get secret with bna show-secret and manually add it to Aegis. (SHA1, 8 Digits)
6. Verify that both authenticators give the same code and after that uninstall Blizzard Authenticator. I 'd also suggest deleting the key from python-bna since the config file can be easily read and keys stolen.

Notes:

• I tried step 5 by producing an image with bna show-url | qrencode -o ~/Desktop/bnet.png but trying to scan the image resulted in Aegis authenticator crashing. I am running it on LineageOS 16.0 with latest version from F-droid.
• If you are using a different platform than mine (Fedora/Linux) some steps will be slightly different.

[alexbakker]

I'll close this. We can't add support for Blizzard's 2FA setup process, but as said, it is possible to import the token into Aegis manually afterwards.

[ldehaas1612]

For everyone wondering how to setup Blizzard Authenticator here all these years later, check out this link from the python-bna repo issues: python-bna issue 38