Author

Topic: BTC-E flawed 2fa QR or code? .10 btc bounty if you can get this working for me.. (Read 907 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
The problem is that Google's timeservers are actually different from real time.
False. I just checked and all of Google's time servers exactly agree with the NIST and US Naval Observatory. Which is not surprising since a) I set all my clocks by the NIST, not Google, yet Google Authenticator works for me and b) why the Hell would Google use their own time standard? That doesn't make any sense.
Huh. Interesting. I saw somewhere that Google's time had drifted off of real time by a couple seconds to deal with leap seconds so that their own systems wouldn't fail dramatically
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
The problem is that Google's timeservers are actually different from real time.
False. I just checked and all of Google's time servers exactly agree with the NIST and US Naval Observatory. Which is not surprising since a) I set all my clocks by the NIST, not Google, yet Google Authenticator works for me and b) why the Hell would Google use their own time standard? That doesn't make any sense.
legendary
Activity: 966
Merit: 1000
In holiday we trust
Dunno if this is what your looking for :

http://spod.cx/blog/

Something about oathtool and tails don't know if that will solve your problem or make it worse.
staff
Activity: 3458
Merit: 6793
Just writing some code
I am fairly certain foxpup is partially correct, and I think I found the problem. The issue is solving it. What I think happens is that the times are not synced. Google Authenticator uses Google's time servers, and btc-e (and every other site that uses google authenticator) must also use Google's time servers in order to generate the correct codes and have their time synced. The problem is that Google's timeservers are actually different from real time. They have slight changes (e.g. fix for leap second problem) that makes google time different from real time. The other issue is that your computer is not using Google time. The various chrome apps are all using computer time, not google time, so they are not synced and not generating the right codes. The solution is to find or write an app that uses google time for the time instead of computer time.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
I'm still positive I'm correct, since there's really nothing else that can go wrong. The code is (basically) just a hash of the secret plus the current time, so either the program's calculating the hash incorrectly (unlikely if you've tried multiple programs that nobody else has reported a problem with), the secret was entered incorrectly (unlikely as you used a QR code), or your time is wrong (which is pretty easy to screw up). To be absolutely sure, set your time zone to UTC and go to time.gov. In Linux, the system clock (as displayed in the BIOS setup) is normally meant to be UTC and corrected to local time by user applications, but it's configurable so maybe Tails does something weird in that regard. Setting everything to UTC should eliminate any such issues. If your clock agrees with the NIST to within a few seconds and you still can't get it to work, then besides making sure the secret was entered correctly (but I'm not sure how it couldn't be) I'm out of ideas.
newbie
Activity: 19
Merit: 1
Are your time zone and system clock set correctly (to within 30 seconds)? They need to be for Google Authenticator (or anything using the same protocol) to work.

I was so positive that you were correct and that it was silly of me not to check this, but after changing the time and testing I still get different codes. Tails will automatically sync with TOR time, so I've gone into time and date, changed it to both the exact time (within 3 seconds) and tried setting my location and turning it to 'network time' and neither helped the situation.


Foxpup : I have already tried that app a long with every other 2fa I could find. None spit out the correct codes. I had had this same issue on a ubuntu install which the time was correctly synced, so that would lead me to think that it is not a time issue? Though not 100% positive.

I will up the bounty to .3 btc if anyone can get it working in tails. You will need to start with a root pass and sudo apt-get install chromium and then change your network proxy settings to 127.0.0.1 port 9050 to get chrome functional with a internet connection.
Have you tried the extension I posted?

Oops, I accidently said 'Foxpup' but I had meant that message to be to you. Yes, I have tried the one you posted already with a slew of others.

None of them work.

As previously stated, I would be happy to offer a .3 btc bounty to anyone who can get this working in tails. If you would like the bounty, please confirm it working in tails and then provide me the details of how you got it functional and I will be more than happy to provide the bounty.

Thanks!
staff
Activity: 3458
Merit: 6793
Just writing some code
Are your time zone and system clock set correctly (to within 30 seconds)? They need to be for Google Authenticator (or anything using the same protocol) to work.

I was so positive that you were correct and that it was silly of me not to check this, but after changing the time and testing I still get different codes. Tails will automatically sync with TOR time, so I've gone into time and date, changed it to both the exact time (within 3 seconds) and tried setting my location and turning it to 'network time' and neither helped the situation.


Foxpup : I have already tried that app a long with every other 2fa I could find. None spit out the correct codes. I had had this same issue on a ubuntu install which the time was correctly synced, so that would lead me to think that it is not a time issue? Though not 100% positive.

I will up the bounty to .3 btc if anyone can get it working in tails. You will need to start with a root pass and sudo apt-get install chromium and then change your network proxy settings to 127.0.0.1 port 9050 to get chrome functional with a internet connection.
Have you tried the extension I posted?
newbie
Activity: 19
Merit: 1
Are your time zone and system clock set correctly (to within 30 seconds)? They need to be for Google Authenticator (or anything using the same protocol) to work.

I was so positive that you were correct and that it was silly of me not to check this, but after changing the time and testing I still get different codes. Tails will automatically sync with TOR time, so I've gone into time and date, changed it to both the exact time (within 3 seconds) and tried setting my location and turning it to 'network time' and neither helped the situation.


Foxpup : I have already tried that app a long with every other 2fa I could find. None spit out the correct codes. I had had this same issue on a ubuntu install which the time was correctly synced, so that would lead me to think that it is not a time issue? Though not 100% positive.

I will up the bounty to .3 btc if anyone can get it working in tails. You will need to start with a root pass and sudo apt-get install chromium and then change your network proxy settings to 127.0.0.1 port 9050 to get chrome functional with a internet connection.
staff
Activity: 3458
Merit: 6793
Just writing some code
I used an extension called authenticator which worked. You can download it here: https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai/related?hl=en. If that is what you are looking for, then please send the reward to the address in my profile.

It may not detect the qr code on the screen, so enter the base32 key as the secret key for manual entry.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Are your time zone and system clock set correctly (to within 30 seconds)? They need to be for Google Authenticator (or anything using the same protocol) to work.
newbie
Activity: 19
Merit: 1
I've only ever been able to get the btc-e QR code working on google authenticator on a android mobile OS, however I see this as a very weak security design as I cannot really protect my data on my mobile phone if it is running all the time.

I have been attempting and failing at getting a working TOTP generator for BTC-e's 2FA and I can only conclude that perhaps the code generated is flawed in some way that google authenticator catches?

I've made a test account with a test 2fa and I want to see if anyone can get the codes to sync between google authenticator and Tokenizator. I've tried several 2fa programs under linux and they all seem to spit out the incorrect codes. I am attempting to get tokenizator working as it is a solution for me in my secure OS, where other apps are not possible. Im using tails and the persistent apt allows for installation of some things at boot, so I can do chromium + tokenizator with relative ease.

Here is the test 2fa:

https://img.bi/#/5Wcvl1D!R1XjegHT7aGAq0yhIwGtSU5AeXm9ggZ_1ODwFw4B

Here is the output when QR is scanned:

otpauth://totp/BTCe-test2fabtc?secret=KOMTQFSURJSD5AGUYSKDWR5AKR37HCKOJATRNODE34JLXY7VKHVW&issuer=btc-e

Tokenizator is nice because you can drag and drop the QR image directly into the program. The last version of the program had a bug fix to account for a incorrectly spaced QR secret, so that it would still take the correct input, however it does not seem to fix whatever the issue is here.

Link to Tokenizator in the chrome app store: https://chrome.google.com/webstore/detail/tokenizator/cfeppjpdaokjflnpmdmflnhecgbjicjm?hl=en

I have tried every combo of the account name and Secret Key directly and none of the combo's gives me the correct code.

If someone can figure out how to get this working in tokenizator for me, I will give a .10 btc bounty for your trouble.

Thank you all who try to help.

If you have figured it out, please PM me your btc address and the instructions needed to resolve and I will send the reward. If you really feel the need to receive compensation prior to telling me the trick then please post a picture of you holding up your mobile with a matching TOTP code against tokenizator and I will send the reward.
Jump to: