Close
Showing results 1 to 6 of 6
  1. #1

    Default Any chance to start WoW-client without entering a password?

    If I start WoW-client outside of the launcher, it requires to enter credentials.

    Is there any way to start WoW-client already logged (like being started in launcher)?

    The best solution should use minimum external software.

    (The launcher starts WoW-client with command line arguments "-launcherlogin -uid wow_classic". But it doesn't work if I just add them to my WoW-client shortcut. I got the error "you were disconnected").
    Last edited by sharpMouse : 07-12-2020 at 06:39 AM

  2. #2

  3. #3

    Default

    Thank you. According to the link, it looks like there is no good method to start WoW without entering a password

    I wrote about "-launcherlogin" error to Blizzard's forum and support, but no much chance I guess...

  4. #4

    Default

    What you are trying to do doesn't work because this is disallowed for security reasons.
    If everyone could start the game just by passing a simple flag, without any real login, that would be sick!
    Sadly, this is a bit more complicated.

    The battle.net launcher is using an OAUTH2 mechanism system to authenticate a user, this is a well known standard and is considered secure, there is a good sum-up of how it works (this is a little bit simplified) :

    1 - The first time you start the battle.net launcher, you write your credentials into the login dialog, this happens only one time or until you explicitly disconnect later on.

    2 - The launcher sends an authentication request (usually POST) to the blizzard authentication server with the provided credentials over HTTPS (aswell a standard nowadays, it helps to prevent any MITM attacks by encrypting data, never use HTTP)

    3 - The authentication server returns what we call a "token" if the user successfully logged, this token is a UNIQUE string that has been generated for that user, it allows any blizzard API to differentiate a valid (logged) user to a non-valid (not logged) user. This token has an expiration date which is in general very close.

    4 - The token being valid, the launcher shows up and you can now start a game, you click the "PLAY" button and it starts it by providing the token which is used to authenticate you with the WOW API servers, without the hassle to manually type your login/password nor the issues related to transmitting them clearly.

    5 - You can play.

    A side note : the token is being stored locally on your computer and expires after a finite amount of time, every time you start the launcher, it checks if the token is still valid, if so it automatically logs you and refresh the token with a greater expiration date, if not (eg : after quite a long time) you then have to type your credentials again, else someone getting one of those tokens could do many things with your account, that doesn't make the system 100% secure tho but it helps a lot.

    This is also the reason (and because of how they designed it) you sometimes can start wow and login successfully to it while you can't by using the launcher, they are communicating with different servers so while one (eg : b.net authentication server) is in maintenance, the other (eg : wow API servers) aren't necessary OFF (or when the authentication servers are saturated).

    So now let's get straight into your problem, if you absolutely want to add that kind of automatic authentication to your wow multiboxing software for your users without asking them to clearly state what their password is (that would be insecure), your best bet is to do some wireshark analysis over the network and try to understand the authentication payloads the battle.net launcher is receiving (probably in JSON) and then make use of that shiny generated token.
    You will also have to understand how that token is being used to start the wow.exe instance (with the process parameters) and maybe there are some additional steps that you'd need to deduce and understand.

    But it's a lot of work, you probably want to avoid doing that.

    -Intoxx
    Last edited by intoxx : 07-21-2020 at 11:19 PM

  5. #5

    Default

    Thank you for such explaining answer.

    I still don't understand the difference. I can start WoW via launcher without entering any password - and everybody does this. So Blizzard thinks this is ok and secure. Why starting WoW from command line is insecure?!

    I expect that "-launcherlogin" parameter does exactly what you told in point 4 - asks for token from launcher. Moveover, it looks like it really does this - since client is trying to login. The problem is that login is failed for unknown reason. And unfortunately, it looks like that Blizzard aren't going to fix it.

  6. #6

    Default

    Why starting WoW from command line is insecure?!
    Because this doesn't make any sense for 99% of people and this has been designed to be started with the official battle.net launcher (or manually with credentials) but not third party programs.

    I expect that "-launcherlogin" parameter does exactly what you told in point 4 - asks for token from launcher
    WoW will never ask for a token but it is being fed with it via the battle.net launcher in a way or another which is the only one supposed to handle this, nobody else is supposed to handle this, a token can provide an access to your account and that is not something they want to mess with for obvious reasons.
    PS : You seem to miss-understand what's the role of the launcher here, wow.exe will never magically retrieve a token from the launcher, the launcher has to feed it. That's how it works.

    Blizzard aren't going to fix it.
    There is nothing to fix, that's not a bug, the login fails and that is totally normal else anybody could start an instance and login without entering any credentials.
    A token is required and this is supposed to be handled by the battle.net launcher for security reasons.
    Last edited by intoxx : 07-31-2020 at 05:50 AM Reason: Obvious not being obvious

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •