[Source] And-Yet-Another open-source Windows / Windows Mobile Authenticator

[cdm]

[Update: 2011-08-21] 1.5.1116 has been released that implements the new Restore feature and has added skinning. This means you can effectively clone your iPhone or Android authenticator, which was impossible before. Also with the new skins you can make it look more the official application or create your style.

More details at http://code.google.com/p/winauth



I still heartily recommend you instead use the physical authenticator from Blizzard, or a non-jaibroken/non-rooted phone.

However, if you are unable to get those, or would like to have an authenticator clone (useful in case your phone dies or you left it somewhere) then this is a good alternative.

Importantly, WinAuth is open-source so you can build it yourself (and recommended) to ensure nothing untoward is going on. It has many useful features, including loading of some other BMA keys (rooted Android and Java clones), encrypting stored keys and is portable.

Features:

• Register a new Authenticator
• Clone/import an iPhone authenticator using Restore feature
• Take backup of authenticator using the Restore feature
• Skin WinAuth to look like the official app
• Load/save/create multiple authenticators, saved with account-based/user encryption
• Import key from Android Mobile Authenticator and Java enabled phones
• Export key into other applications
• Displays code as bitmap making it harder to be read by malicious apps
• Auto/manual time-sync with Battle.net servers
• Auto-refresh code showing code's valid duration or manual operation by pressing button
• Always on top option
• Optional auto "copy to clipboard" on code generation
• Show/hide serial number
• Auto type directly into code field on hitting a single system-wide hotkey
• Send backups of authenticator data to your email

It is also ported it to Windows Mobile 6.x



Hope it is useful.

-c.

[bigboyinlove]

Awesome cdm thanks!!!

[BuloZB]

blizard no bans this for use?
btw nice job

[cdm]

blizard no bans this for use?

They have not said anything against software emulators, but have at least acknowledged they exist, so a ban is unlikely. I don't believe you aren't breaking any ToS.

technically* you can run an authenticator on a PC but it requires fancy emulation plus a lot of loops and it isn't supported at all

That was from a post by Blue Tech Support.

Plus I don't think they could see what you are using. They wouldn't be able to distinguish between the emulators and real devices.

btw nice job

tyvm

[mikkopekka]

Cool thanks!

[Iksf]

No offence but arnt you a bit late to the party, i know of about 5 others that have been around on this forum previously. Does this authenticator have any advantages over the previous ones?

[bigboyinlove]

No offence but arnt you a bit late to the party, i know of about 5 others that have been around on this forum previously. Does this authenticator have any advantages over the previous ones?

Quite a few actually. Have you checked the provided code development link? One that stands above all so far is the ability to import android xml token data to have an emulation backup on your pc. Furthermore, there is also the ability to password protect the program to add further secruity in your PC authentication....Furthermore this also provides a port of the authenticator to the window's mobile devices.

I know you mean no offense, but would have been nice if you actually checked the development site first before jumping the gun.

[eddie4]

Is there any way to make this as an backup for the real authenticator? Or better said link these to have an authenticator as backup for this programme?

[cdm]

No offence but arnt you a bit late to the party, i know of about 5 others that have been around on this forum previously. Does this authenticator have any advantages over the previous ones?

No offence taken. Yes, there are emulators and Java implementations, most requiring 3rd party software or are closed source. You don't know what you are getting. But use what you are most comfortable with.

I wrote this mainly so I could use a secure clone of my Android key on the PC. Makes it very convenient.

Compare the features, I'll think you find this has more, and is open-source, so as well as being available for review, you can add whatever else you like.

Is there any way to make this as an backup for the real authenticator? Or better said link these to have an authenticator as backup for this programme?

If by "real authenticator" you mean the keychain device, then no. It uses a different algorithm and the key is stored internally in hardware. Plus, you'll notice the code is only 6 digits, whereas all the Mobile Authenticators are 8.

You can however load the code from a rooted-Android's Authenticator or the Java-supported phones/emulator.

[bigboyinlove]

cdm how does the password protection work? I replaced my auth xml with my droid xml file and it works great, but when I open the winauth, it doesn't ask me for a password?

[eddie4]

You can however load the code from a rooted-Android's Authenticator or the Java-supported phones/emulator.

The reason I asked was I didn't want to have a single point of failure like leaving my authenticator on my desk 200km away (it happened to me TWICE) I have installed it on my (rooted)android just having troubles locating the xml file whit the secret. Rather new to this whole android

[cdm]

cdm how does the password protection work? I replaced my auth xml with my droid xml file and it works great, but when I open the winauth, it doesn't ask me for a password?

If you have loaded a different xml file, like the one from your droid, you need to do a "Save As..." (even with the same name) to get the password options to appear.

You can choose from:
1) No password - unencrpyted, like it was
2) Explict password - it will ask you each time you open that file
3) Windows User password - this is the key built into your windows account...you just have to logged in as that user
4) Windows machine password - this is the key built into your local machine account...you just have to be using the same machine

With the last 2 options, if you delete your user account, or reinstall windows, you will not be able to open your file as the windows encryption key will be lost. I highly recommend you create an unencrypted backup of your authenticator file and securely store it somewhere else...or use the "Backup..." option in WinAuth.

Hope that helps.

The reason I asked was I didn't want to have a single point of failure like leaving my authenticator on my desk 200km away (it happened to me TWICE) I have installed it on my (rooted)android just having troubles locating the xml file whit the secret. Rather new to this whole android

With a rooted Android phone, you can find the file in "\data\data\com.blizzard.bma\shared_prefs" called com.blizzard.bma.AUTH_STORE.xml. You need either the Google SDK tools (i.e. adb.exe) to browse the files, or get Root Explorer from the market.

Copy it to your computer, "Load..." in WinAuth, then save it as a different name to add encryption.


-c.

[bigboyinlove]

That certainly helped!! Thanks much. Yes I have backup of the raw android xml so it will all work out You're awesome.

[Omnia]

Added Export feature to show raw key so it can be copied to Java/Android

How can you copy the key to an android device? as far as i know the android authenticator app works off of the devices serial number, making it impossible to change... please elaborate

[cdm]

How can you copy the key to an android device? as far as i know the android authenticator app works off of the devices serial number, making it impossible to change... please elaborate

No, it doesn't.

The official Battle.net Mobile Authenticator (BMA) generates a key from an initial communication with the Battle.net servers. It has nothing to do with the device itself, except that the device seeds a random number initially. The BMA stores this returned 160-bit key and the serial number in its application preferences file. That file can be read (on rooted devices) and decoded so other authenticators can use the same key.

WinAuth can load the BMA's preferences file and read the key. With the new Export feature, it can also show you the actual key as well as the encoded xml that can be used to overwrite the BMA's preferences file, giving you the same key.