49
edits
WoW:Battle.net Mobile Authenticator Specification (source)
Revision as of 06:52, 18 September 2013
, 18 September 2013no edit summary
(the link of the php implementation has changed) |
mNo edit summary |
||
| Line 1: | Line 1: | ||
{{webapi}} | |||
{{source needed}} | {{source needed}} | ||
Technical description of the [[Battle.net Mobile Authenticator]] protocol: | Technical description of the [[Battle.net Mobile Authenticator]] protocol: | ||
| Line 13: | Line 14: | ||
The plaintext of the request has the following format: | The plaintext of the request has the following format: | ||
{|class="darktable" | {|class="darktable" | ||
|- | |- | ||
| Line 41: | Line 42: | ||
19a250fa4cc1278d12855b5b25818d162c6e6ee2ab4a350d401d78f6ddb99711 | 19a250fa4cc1278d12855b5b25818d162c6e6ee2ab4a350d401d78f6ddb99711 | ||
e72626b48bd8b5b0b7f3acf9ea3c9e0005fee59e19136cdb7c83f2ab8b0a2a99 | e72626b48bd8b5b0b7f3acf9ea3c9e0005fee59e19136cdb7c83f2ab8b0a2a99 | ||
(big endian) and the public exponent is "0x101" (257). The resulting 128 encrypted bytes are sent to the server within the HTTP-POST-request. Europe and North America are using the same keys for RSA. | (big endian) and the public exponent is "0x101" (257). The resulting 128 encrypted bytes are sent to the server within the HTTP-POST-request. Europe and North America are using the same keys for RSA. | ||
====Authenticator Initialization Response==== | ====Authenticator Initialization Response==== | ||
The HTTP body of the response has the following format: | The HTTP body of the response has the following format: | ||
{|class="darktable" | {|class="darktable" | ||
|- | |- | ||
| Line 70: | Line 71: | ||
|} | |} | ||
;Secret key for code calculation | ;Secret key for code calculation | ||
: Secret key generated by the server for calculation of the authenticator codes. Refer to [[#Code Calculation|code calculation section]] for the usage of this key. The key ''MUST'' be stored within the authenticator as long as it is linked to a Battle.net account and ''MUST'' kept secret. | : Secret key generated by the server for calculation of the authenticator codes. Refer to [[#Code Calculation|code calculation section]] for the usage of this key. The key ''MUST'' be stored within the authenticator as long as it is linked to a Battle.net account and ''MUST'' kept secret. | ||
;Authenticator serial number | ;Authenticator serial number | ||
: Serial number of the authenticator used for linking it to a Battle.net account. It has the format "EU-1234-5678-9012" or "US-1234-5678-9012". The number seems to be simply incremented by the server for every initialization request. There should be no way to calculate the secret key corresponding to this serial number. The serial number ''SHOULD'' be stored together with the secret key. Though it isn't any longer possible to link a single authenticator to more than one Battle.net account at a time<ref>Blizzard Entertainment: Battle.net Blog: [http://us.battle.net/sc2/en/blog/882513 Battle.net Authenticator Change] (Oct 7, 2010)</ref>, but maybe the support will ask for the serial number if there is a problem with the authenticator. | : Serial number of the authenticator used for linking it to a Battle.net account. It has the format "EU-1234-5678-9012" or "US-1234-5678-9012". The number seems to be simply incremented by the server for every initialization request. There should be no way to calculate the secret key corresponding to this serial number. The serial number ''SHOULD'' be stored together with the secret key. Though it isn't any longer possible to link a single authenticator to more than one Battle.net account at a time<ref>Blizzard Entertainment: Battle.net Blog: [http://us.battle.net/sc2/en/blog/882513 Battle.net Authenticator Change] (Oct 7, 2010)</ref>, but maybe the support will ask for the serial number if there is a problem with the authenticator. | ||
| Line 84: | Line 85: | ||
====Authenticator Time Synchronization Response==== | ====Authenticator Time Synchronization Response==== | ||
The HTTP body of the response has the following format: | The HTTP body of the response has the following format: | ||
{|class="darktable" | {|class="darktable" | ||
|- | |- | ||
| Line 133: | Line 134: | ||
{{elink|site=github.com|link=https://github.com/Adys/python-bna|desc=Code for open source python implementation of authenticator}} | {{elink|site=github.com|link=https://github.com/Adys/python-bna|desc=Code for open source python implementation of authenticator}} | ||
{{elink|site=github.com|link=https://github.com/krtek4/php-bma|desc=Code for open source PHP implementation of authenticator}} | {{elink|site=github.com|link=https://github.com/krtek4/php-bma|desc=Code for open source PHP implementation of authenticator}} | ||
[[Category: | [[Category:Web API]] | ||