WinAuth is an open-source Windows authenticator that supports Battle.net for World of Warcraft, Starcraft 2 and Diablo III, and ArenaNet’s Guild Wars 2.
WinAuth (version 2.x) is the original version of WinAuth, similar to the Battle.net Mobile Authenticators for iPhone and Android and used to secure Battle.Net accounts for World of Warcraft, Starcraft and Diablo III. It also implements the Google authenticator and specifically supports ArenaNet’s Guild Wars 2.
WinAuth uses the same algorithm as the Mobile Authenticator for Android and iPhone, and so generates the same codes when using the same serial number and secret key. One of the initial reasons to write it was to remove the dependency on having the phone available, but still use the same codes.
Whilst you cannot directly read the Mobile Authenticator’s private keys from an iPhone or non-rooted Android, you can now use the new Restore feature to copy your authenticator over to WinAuth. On your existing iPhone/Android app, select the menu and choose “Setup” and then press “Continue” to the next page. Note down the Serial Number and Restore Code. Within WinAuth you can just right click and select the “Restore…” option and enter those two same codes.
WinAuth can also load the record store from a Java enabled phone. Just retrieve the .rs or .rms file from your phone and use our “Load Authenticator…”. You can also import key data directly using the “Import Key…” feature.
WinAuth & Security
A physical authenticator device/keychain is the best for security, as there is no access to the internal key. Similarly, the official Mobile Authenticator app running on an iPhone or non-rooted Android phones are secure as long as you protect physical access to your phone. You should use these if you are extremely concerned about security on your account.
Desktop applications and emulators provide an alternative, convenient and portable option. However, you should only use one that is open-source so that you are able to inspect the code, and even build it yourself.
Whilst any Authenticator is subject to a man-in-the-middle attack, something is still better than nothing.
The first time you run WinAuth, you will be prompted to generate new Authenticator data from communication with the Battle.net servers. This data must be saved and is used to generate keys. It is imperative that this file (authenticator.xml by default) is kept safe and secure.
In the Windows version, you will be prompted to choose an encryption method that will be used to secure the Authentication data. If you use your own password, you will have to enter it each time your start your Authenticator.
A new code is then generated automatically every 30 seconds (you can only have one code per 30 seconds) and the GUI shows how much time that code has left to live. If you turn the Auto Refresh off from the menu, you can still click the button to get the current code.
Right-click in the GUI windows to bring up a menu to load/save different Authenticator data or change various options.
Can be run from the command line: (really to help with multi-boxing with more than one authenticator – most people don’t need this)
winauth.exe [-min] [-p password] <authenticator-xml-file>
-min to start WinAuth minimized
-p is explicit password to decrypt authenticator
<authenticator-xml-file> is the XML file containing your authenticator
- Register a new Battle.Net Authenticator
- Load/save/create multiple encrypted authenticators
- Restore/clone existing iPhone, Android and Windows Mobile 7 authenticators using the Restore Code
- Import directly from Android Mobile Authenticator and Java enabled phones
- Import manual keys from other software authenticators
- Skinning to look like the latest official app, or create your own custom skin
- Export keys for other authenticator applications including iPhone/Android
- Displays code as bitmap making it harder to be read by malicious apps
- Auto/manual time-sync with Battle.net servers
- Auto-refresh code showing code’s valid duration or manual operation by pressing button
- Always on top option
- Hide to system tray
- Start with Windows
- Optional auto “copy to clipboard” on code generation
- Show/hide serial number
- Auto type directly into code field on hitting a single system-wide hotkey
- Send backups of authenticator data to your email
- Microsoft Windows XP/2003/Vista/2008/7/8 (32 or 64 bit)
- Microsoft Net 2.0
- Microsoft Visual Studio 2010 (2005 or 2008 will work, but you will need to create your own solution file)
- Legion of the Bouncy Castle cryptographic assembly
- Zip library for .NET
- ILMerge is used to combined assemblies into one single exe