How to get Battle.net Mobile Authenticator COMPLETELY free.

[Deleted]

having everything considered - there is no safe solution at all. but don't tell me that using this method you are nowhere near safety

Your solution is much less safe than a hardware token or a mobile authenticator, because an attacker just could read your local authenticator installation files, and transfer them to his machine, and just calculate the correct auth ids himself.

You infact did not even think about to consider this.

but to decrypt android system, because only there the information is kept, you would need serious software it isn't worth doing that.

Bullshit. You only would have to read the files of the emulated fs where android stores its data, nothing more. The emulator saves all its data local on the machine you are using.

And therefore, your solution is, as i said, not even close to safe. Infact, you support script kiddies and make their work even more easy.

If you want a much better solution, get the mobile authenticator on your phone, or get the hardware token. But dont ever use it on your local machine where you play the game.

That is fundamental for this security token.

[Spray]

Your solution is much less safe than a hardware token or a mobile authenticator, because an attacker just could read your local authenticator installation files, and transfer them to his machine, and just calculate the correct auth ids himself.

You infact did not even think about to consider this.

installator won't help him. after installing it on android you MUST register it as normal, so what? your ID is custom generated. and Android doesn't store any files ANYWHERE.

Your solution is much less safe than a hardware token or a mobile authenticator, because an attacker just could read your local authenticator installation files, and transfer them to his machine, and just calculate the correct auth ids himself.

You infact did not even think about to consider this.

Bullshit. You only would have to read the files of the emulated fs where android stores its data, nothing more. The emulator saves all its data local on the machine you are using.

And therefore, your solution is, as i said, not even close to safe. Infact, you support script kiddies and make their work even more easy.

If you want a much better solution, get the mobile authenticator on your phone, or get the hardware token. But dont ever use it on your local machine where you play the game.

That is fundamental for this security token.

ok, but who would do such a thing? ordinary keylogger won't access .img files whic Android uses to store application information.. even if it do it, the information is encrypted.. it is too complicated to be afraid of being compromised through this solution..

[Zuvassinhellfire]

Delivery from CA to Ohio took 2 days, you cant wait that long?

Delivery from Germany to the UK = 6 weeks.

[Deleted]

Because somebody is definitely going to launch a full-scale assault on your machine just to get your WoW account.
Unless you are in a world top 10 guild, I think you're having too high impressions of your own importance.

[Deleted]

installator won't help him. after installing it on android you MUST register it as normal, so what? your ID is custom generated. and Android doesn't store any files ANYWHERE.

Android stores the serial number, to calculate the correct auth id.

And yes, you just can read its fs to obtain that.

So dont tell people bullshit as if this would be safe.

It isnt.

[Garots]

hmm, i'd feel like I was breaking Blizzards ToS, which is punishable by death...

[Spray]

Android stores the serial number, to calculate the correct auth id.

And yes, you just can read its fs to obtain that.

So dont tell people bullshit as if this would be safe.

It isnt.

and OF COURSE it is safer to not use authenticator at all, right? *sigh* i stated that it is worse solution than using actual authenticator, but it is still WAY safer than having your account without auth.. and don't tell me it isn't safe.. it can be decrypted which doesn't mean it's not safe, right? for example: you have 5-star-rated car in NCAP tests.. it's safe, huh? but you still can kill yourself in it.. decryptable != unsafe..

Because somebody is definitely going to launch a full-scale assault on your machine just to get your WoW account.
Unless you are in a world top 10 guild, I think you're having too high impressions of your own importance.

indeed.

i appreciate your knowledge, really, but you are exaggerating, man.

[Deleted]

Because somebody is definitely going to launch a full-scale assault on your machine just to get your WoW account.
Unless you are in a world top 10 guild, I think you're having too high impressions of your own importance.

Many trojans allow access to all files stored on the local machine.

The difference just ist, that an attacker got no access to your authenticator settings. If you use an authenticator on your local machine, this data could also be read by an attacker.

So its higher security, if you use a mobile authenticator or a hardware authenticator.

If you dont think, security is usefull, just use no authenticator at all then.

By using a local emulator you make it easy for script kiddies.

[darkriver41]

Because a dollar is too much to spend, right?

[Deleted]

and OF COURSE it is safer to not use authenticator at all, right? *sigh* i stated that it is worse solution than using actual authenticator, but it is still WAY safer than having your account without auth.

So you want security, but dont really want it?

You are a hypocrite.

Either you want security, then get an external authenticator noone else you got access to, or you dont want security, then get none. Theres nothing inbetween.

[Skulli]

As Jimmy said, how reliable is this ?

I asked the dev back then and here a roughly translation:

In principle, it is obvious that if something Blizzard
can occur completely different, an authenticator, the
protocol described may no longer work.

But, Blizzard has indeed, in the form of its Mobile Authenticator now
already brought a lot of software with the crowd, which also
only exactly described protocol. An update, etc.
at least for the J2ME version is not planned. Here would
Blizzard also to all stakeholders, a new software distribution - I
do not know how they want to do this. In addition,
they have in this case also no way the settings
to assume (especially the secret key), because the
Recordstore on the mobile phone is stored in which he always
for an installed application itself is accessible. Already
a new installation or the like can no longer have access to it.

In short: in principle conceivable that Blizzard changes something in my
Eyes were completely improbable (if not some GAU
happened and as the protocol unexpectedly unsafe
out to act in a way that Blizzard would have to - but I do not see
where there exists a starting point).

Also, the account would not be useless. It is possible the authenticator
Remove course through the usual path of the support can be. For
from Blizzards point of view there is no difference between oneself
programmed authenticator and its official. So you can
do not know if that one has its own version.

[Spray]

Many trojans allow access to all files stored on the local machine.

The difference just ist, that an attacker got no access to your authenticator settings. If you use an authenticator on your local machine, this data could also be read by an attacker.

So its higher security, if you use a mobile authenticator or a hardware authenticator.

If you dont think, security is usefull, just use no authenticator at all then.

By using a local emulator you make it easy for script kiddies.

i think that nobody would post here: "I WOULD UZ DIS AWTHENTICATURR, HEY, COME AND GET ME INFO".
really, the percentage of ppl using it wouldn;t be even 0,1%, and it is additionally impossible to know if this person is using real authenticator or emulated..

[Deleted]

I asked the dev back then and here a roughly translation:

I wont wonder if theres not already a trojan which exactly looks for the "authenticator.config" on the local machine.

If not, i wont wonder, if there will be soon.

[Deleted]

i think that nobody would post here: "I WOULD UZ DIS AWTHENTICATURR, HEY, COME AND GET ME INFO".
really, the percentage of ppl using it wouldn;t be even 0,1%, and it is additionally impossible to know if this person is using real authenticator or emulated..

You can do that automatically in any trojan. If i was a script kiddie and if i would read this thread, i would exactly do that.

Thank you for all your accounts and for your emulator serial numbers you stored on the same machine you play on.

[The Core]

Well, it's good and legal for people who are in too much of a hurry to wait for 2 days and pay a wooping
USD 6.50/4.9 EUR.

But I would not call installing a program you cannot guarantee to be trustworthy on your machine. Stop being cheap and lazy, do it properly, buy an authenticator or check the other thread about making the Iphone application work on other cellphones.

I asked the dev back then and here a roughly translation:

That translation makes no sense at all. None.

[Skulli]

http://bnetauth.freeportal.us/j2meimpl_de.html

there you can find a J2ME edition for your moile phone which can handle java apps.

[Spray]

So you want security, but dont really want it?

You are a hypocrite.

Either you want security, then get an external authenticator noone else you got access to, or you dont want security, then get none. Theres nothing inbetween.

close to true, but it is still up to you.. i simply gave an other option, if someone like it - okay, use it, but it's your decision, not mine.. it's easier and still ten thousand times safer than not using it at all.. the probability of being compromised using an emulator is incredibly small.. and i'm not a hypocrite, there are people for whom 8 euros and weeks of waiting are too much.. and they don't have shiny, new phones..

[Deviltry]

Okay, WHAT THE FUCK? OP showed a clever way to get cheaper Authenticator and all the nQQbs went "it's stealing / can't you afford normal authenticator / etc".

Retards.

Oh, and how this is "more insecure" than Mobile Authenticator on a phone? Personally, I've lost two phones already. Now loosing Desktop PC is a bit trickier... And even if it would get stolen — learn to make one partition and encrypt it. You should store sensitive information there.
And if trojan got in your system... Well, accounts were stolen even with "normal" authenticators, so liek whutever.

Again, retards, fu all.

P.S. Hmm, why I haven't thought about using an emulator for mobile authenticator... :/ I even started using Windows Phone 7 emulator (developing with Microsoft products is ez n fun )
P.P.S. I still won't get authenticator, even if it's cheaper, these things are for user, who need computer with two buttons — ON / OFF...

[Skulli]

That translation makes no sense at all. None.

The text is about, whats the risk that this auth isnt working anymore? Like when blizzard is changing something with the protocol etc. and he said that the chance is very unlikely.
Further its possible to remove the auth from the account again since Blizzard cannot see if you use an regular auth or a self programmed one.

[Deleted]

i simply gave an other option, if someone like it - okay, use it, but it's your decision, not mine.. it's easier and still ten thousand times safer than not using it at all

It is not, because it exposes your authenticator serial number on your local machine.

Your way supports account hacking, and does not help to prevent it.

This thread should be closed in fact. And i really would ask everyone not to take this "option", because it is no real option, but a jack in the box.