bnet-authenticator 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a7056e70c2b6c9ef1287b439f7fdc4af94f7d12c
-  data.tar.gz: ea57bd0c4df97f40c4d5b28176388c5401f62f4f
+  metadata.gz: f4191aafea73d608b418b1f57cc796f0b893c8eb
+  data.tar.gz: fe976d92aa9851508812f3d262a903d0996bc32c
 SHA512:
-  metadata.gz: 25eb9dbf2d68c0367ef0a9166c0e7633ba0cf7b51bfa5e972f0288ff1f694ed3badfc70a63153c487d64666fbad325297e54686bd6a23efd434f6cd3f42834c8
-  data.tar.gz: 9ba3f92663b958d3990dd161cf2d5563c3262d1a0c15831bd0ebc92b4fe2d08aa074be473efb44e907c1e557fc2f01b8f4fcd73ff34bd531cc89270ef67bbbdf
+  metadata.gz: 50f3ae4f46910cc95f96dd2e0b4736834c64711b9ba95ddf8a25b2951a3cf0e58197a287afad49df109bed7dc800a28023f345e5b881866566168ac6a3c8c947
+  data.tar.gz: 7be05aeeb5a6136f0a0fc4ca45fc64e80d29a793d9cb8902c99cf2d0dcff6f4e32c763b7b4873ee69a05ed918925b2c8a8d1447d715721a7c5d86499138e4aca

data/README.md

@@ -16,29 +16,23 @@ Using the library
 
 Request a new authenticator
 ----
-    >> authenticator = Bnet::Authenticator.new(:region => :US)
-    => Serial: US-1402-2552-9200
-    Secret: c1307afe865735653d981771dff04ceb79b1a353
-    Restoration Code: EQXCPB2YVE
+    >> authenticator = Bnet::Authenticator.request_authenticator(:US)
+    => #<Bnet::Authenticator:0x007f83599ae848 @serial="US-1403-1677-5336", @secret="33a107e6a2927a2aa1be99cfe7b2d08c092a7a2a", @region=:US, @restorecode="4YV9XZVNMX">
 
 Get a token
 ----
-    >> authenticator.caculate_token
-    => 80185191
+    >> authenticator.get_token
+    => ["18338810", 1394965110]
 
 Restore an authenticator from server
 ----
-    >> Bnet::Authenticator.new(:serial => 'CN-1402-1943-1283', :restorecode => '4CKBN08QEB')
-    => Serial: CN-1402-1943-1283
-    Secret: 4202aa2182640745d8a807e0fe7e34b30c1edb23
-    Restoration Code: 4CKBN08QEB
+    >> Bnet::Authenticator.restore_authenticator('CN-1402-1943-1283', '4CKBN08QEB')
+    => #<Bnet::Authenticator:0x007f83599cf458 @serial="CN-1402-1943-1283", @secret="4202aa2182640745d8a807e0fe7e34b30c1edb23", @region=:CN, @restorecode="4CKBN08QEB">
 
 Initialize an authenticator with given serial and secret
 ----
-    >> Bnet::Authenticator.new(:serial => 'CN-1402-1943-1283', :secret => '4202aa2182640745d8a807e0fe7e34b30c1edb23')
-    => Serial: CN-1402-1943-1283
-    Secret: 4202aa2182640745d8a807e0fe7e34b30c1edb23
-    Restoration Code: 4CKBN08QEB
+    >> Bnet::Authenticator.new('CN-1402-1943-1283', '4202aa2182640745d8a807e0fe7e34b30c1edb23')
+    => #<Bnet::Authenticator:0x007f8359a17500 @serial="CN-1402-1943-1283", @secret="4202aa2182640745d8a807e0fe7e34b30c1edb23", @region=:CN, @restorecode="4CKBN08QEB">
 
 Using the command-line tool
 ====

data/lib/bnet/authenticator.rb

@@ -1,108 +1,217 @@
-require 'bnet/authenticator/core'
+require 'bnet/support'
+require 'bnet/authenticator/errors'
+require 'bnet/authenticator/constants'
+require 'digest/sha1'
+require 'digest/hmac'
+require 'net/http'
 
 module Bnet
 
-  # The battle.net authenticator
+  # The Battle.net authenticator
   class Authenticator
 
     # @!attribute [r] serial
-    #   @return [String] the serial of the authenticator
+    # @return [String] serial
     attr_reader :serial
 
     # @!attribute [r] secret
-    #   @return [String] hexified secret of the authenticator
+    # @return [String] hexified secret
     attr_reader :secret
 
     # @!attribute [r] restorecode
-    #   @return [String] the restoration code of the authenticator
+    # @return [String] restoration code
     attr_reader :restorecode
 
     # @!attribute [r] region
-    #   @return [Symbol] the region of the authenticator
+    # @return [Symbol] region
     attr_reader :region
 
-    # Create a new authenticator object
-    # @param options [Hash] read the examples for more infomation
-    #
-    # == Examples:
-    #   >> # Create an authenticator object with given serial and secret
-    #   >> Bnet::Authenticator.new(:serial => 'CN-1402-1943-1283', :secret => '4202aa2182640745d8a807e0fe7e34b30c1edb23')
-    #   => Serial: CN-1402-1943-1283
-    #   Secret: 4202aa2182640745d8a807e0fe7e34b30c1edb23
-    #   Restoration Code: 4CKBN08QEB
-    #
-    #   >> # Request server for a new authenticator
-    #   >> Bnet::Authenticator.new(:region => :US)
-    #   => Serial: US-1402-2552-9200
-    #   Secret: c1307afe865735653d981771dff04ceb79b1a353
-    #   Restoration Code: EQXCPB2YVE
-    #
-    #   >> # Reqeust to restore an authenticator
-    #   >> Bnet::Authenticator.new(:serial => 'CN-1402-1943-1283', :restorecode => '4CKBN08QEB')
-    #   => Serial: CN-1402-1943-1283
-    #   Secret: 4202aa2182640745d8a807e0fe7e34b30c1edb23
-    #   Restoration Code: 4CKBN08QEB
-    #
-    def initialize(options = {})
-      options = Core.normalize_options(options)
-
-      if options.has_key?(:serial) && options.has_key?(:secret)
-        @serial, @secret = options[:serial], options[:secret]
-      elsif options.has_key?(:region)
-        @serial, @secret = Core.request_new_serial(options[:region], options[:model])
-      elsif options.has_key?(:serial) && options.has_key?(:restorecode)
-        @serial, @secret = Core.request_restore(options[:serial], options[:restorecode])
-      else
-        raise BadInputError.new('invalid options')
-      end
+    # Create a new authenticator with given serial and secret
+    # @param serial [String]
+    # @param secret [String]
+    def initialize(serial, secret)
+      raise BadInputError.new("bad serial #{serial}") unless self.class.is_valid_serial?(serial)
+      raise BadInputError.new("bad secret #{secret}") unless self.class.is_valid_secret?(secret)
+
+      normalized_serial = self.class.normalize_serial(serial)
+
+      @serial = self.class.prettify_serial(normalized_serial)
+      @secret = secret
+      @region = self.class.extract_region(normalized_serial)
+
+      restorecode_bin = Digest::SHA1.digest(normalized_serial + secret.as_hex_to_bin)
+      @restorecode = self.class.encode_restorecode(restorecode_bin.split(//).last(10).join)
     end
 
-    # Get the restoration code of this authenticator
-    # @return [String]
-    def restorecode
-      return nil if @serial.nil? or @secret.nil?
+    # Request a new authenticator from server
+    # @param region [Symbol]
+    # @return [Bnet::Authenticator]
+    def self.request_authenticator(region)
+      region = region.to_s.upcase.to_sym
+      raise BadInputError.new("bad region #{region}") unless is_valid_region?(region)
+
+      k = create_one_time_pad(37)
+
+      payload_plain = "\1" + k + region.to_s + CLIENT_MODEL.ljust(16, "\0")[0, 16]
+      e = rsa_encrypted(payload_plain.as_bin_to_i)
 
-      code_bin = Digest::SHA1.digest(Core.normalize_serial(@serial) + @secret.as_hex_to_bin).reverse[0, 10].reverse
-      Core.encode_restorecode(code_bin)
+      response_body = request_for('new serial', region, ENROLLMENT_REQUEST_PATH, e)
+
+      decrypted = decrypt_response(response_body[8, 37], k)
+
+      Authenticator.new(decrypted[20, 17], decrypted[0, 20].as_bin_to_hex)
     end
 
-    # Get the region of this authenticator
-    # @return [Symbol]
-    def region
-      Core.extract_region(@serial)
+    # Restore an authenticator from server
+    # @param serial [String]
+    # @param restorecode [String]
+    # @return [Bnet::Authenticator]
+    def self.restore_authenticator(serial, restorecode)
+      raise BadInputError.new("bad serial #{serial}") unless is_valid_serial?(serial)
+      raise BadInputError.new("bad restoration code #{restorecode}") unless is_valid_restorecode?(restorecode)
+
+      normalized_serial = normalize_serial(serial)
+      region = extract_region(normalized_serial)
+
+      # stage 1
+      challenge = request_for('restore (stage 1)', region, RESTORE_INIT_REQUEST_PATH, normalized_serial)
+
+      # stage 2
+      key = create_one_time_pad(20)
+
+      digest = Digest::HMAC.digest(normalized_serial + challenge,
+                                   decode_restorecode(restorecode),
+                                   Digest::SHA1)
+
+      payload = normalized_serial + rsa_encrypted((digest + key).as_bin_to_i)
+
+      response_body = request_for('restore (stage 2)', region, RESTORE_VALIDATE_REQUEST_PATH, payload)
+
+      Authenticator.new(prettify_serial(normalized_serial), decrypt_response(response_body, key).as_bin_to_hex)
     end
 
-    # Caculate token using this authenticator's secret and given timestamp
-    # (in seconds, defaults to current timestamp)
-    #
-    # @param timestamp [Integer] a UNIX timestamp in seconds
-    # @return [String] current token
-    def caculate_token(timestamp = nil)
-      Core.caculate_token(@secret, timestamp)
+    # Get server's time
+    # @param region [Symbol]
+    # @return [Integer] server timestamp in seconds
+    def self.request_server_time(region)
+      request_for('server time', region, TIME_REQUEST_PATH).as_bin_to_i.to_f / 1000
+    end
+
+    # Get token from given secret and timestamp
+    # @param secret [String] hexified secret
+    # @param timestamp [Integer] UNIX timestamp in seconds,
+    #   defaults to current time
+    # @return [String, Integer] token and the next timestamp token to change
+    def self.get_token(secret, timestamp = nil)
+      raise BadInputError.new("bad seret #{secret}") unless is_valid_secret?(secret)
+
+      current = (timestamp || Time.now.getutc.to_i) / 30
+      digest = Digest::HMAC.digest([current].pack('Q>'), secret.as_hex_to_bin, Digest::SHA1)
+      start_position = digest[19].ord & 0xf
+      token = '%08d' % (digest[start_position, 4].as_bin_to_i % 100000000)
+
+      return token, (current + 1) * 30
+    end
+
+    # Get authenticator's token from given timestamp
+    # @param timestamp [Integer] UNIX timestamp in seconds,
+    #   defaults to current time
+    # @return [String, Integer] token and the next timestamp token to change
+    def get_token(timestamp = nil)
+      self.class.get_token(@secret, timestamp)
+    end
+
+    # Hash representation of this authenticator
+    # @return [Hash]
+    def to_hash
+      {
+        :serial => serial,
+        :secret => secret,
+        :restorecode => restorecode,
+      }
     end
 
     # String representation of this authenticator
     # @return [String]
     def to_s
-      "Serial: #{serial}\nSecret: #{secret}\nRestoration Code: #{restorecode}"
+      to_hash.to_s
     end
 
-    # Caculate token using given secret and timestamp
-    # (in seconds, defaults to current timestamp)
-    #
-    # @param secret [String] hexified secret string of an authenticator
-    # @param timestamp [Integer] a UNIX timestamp in seconds
-    # @return [String] current token
-    def self.caculate_token(secret, timestamp = nil)
-      Core.caculate_token(secret, timestamp)
-    end
+    class << self
+      def is_valid_serial?(serial)
+        normalized_serial = normalize_serial(serial)
+        normalized_serial =~ Regexp.new("^(#{AUTHENTICATOR_HOSTS.keys.join('|')})\\d{12}$") && is_valid_region?(extract_region(normalized_serial))
+      end
+
+      def normalize_serial(serial)
+        serial.upcase.gsub(/-/, '')
+      end
+
+      def extract_region(serial)
+        serial[0, 2].upcase.to_sym
+      end
+
+      def prettify_serial(serial)
+        "#{serial[0, 2]}-" + serial[2, 12].scan(/.{4}/).join('-')
+      end
+
+      def is_valid_secret?(secret)
+        secret =~ /[0-9a-f]{40}/i
+      end
+
+      def is_valid_region?(region)
+        AUTHENTICATOR_HOSTS.has_key? region
+      end
+
+      def is_valid_restorecode?(restorecode)
+        restorecode =~ /[0-9A-Z]{10}/
+      end
+
+      def encode_restorecode(bin)
+        bin.bytes.map do |v|
+          RESTORECODE_MAP[v & 0x1f]
+        end.as_bytes_to_bin
+      end
+
+      def decode_restorecode(str)
+        str.bytes.map do |c|
+          RESTORECODE_MAP_INVERSE[c]
+        end.as_bytes_to_bin
+      end
+
+      def create_one_time_pad(length)
+        (0..1.0/0.0).reduce('') do |memo, i|
+          break memo if memo.length >= length
+          memo << Digest::SHA1.digest(rand().to_s)
+        end[0, length]
+      end
+
+      def decrypt_response(text, key)
+        text.bytes.zip(key.bytes).reduce('') do |memo, pair|
+          memo + (pair[0] ^ pair[1]).chr
+        end
+      end
+
+      def rsa_encrypted(integer)
+        (integer ** RSA_KEY % RSA_MOD).to_bin
+      end
+
+      def request_for(label, region, path, body = nil)
+        request = body.nil? ? Net::HTTP::Get.new(path) : Net::HTTP::Post.new(path)
+        request.content_type = 'application/octet-stream'
+        request.body = body unless body.nil?
+
+        response = Net::HTTP.new(AUTHENTICATOR_HOSTS[region]).start do |http|
+          http.request request
+        end
+
+        if response.code.to_i != 200
+          raise RequestFailedError.new("Error requesting #{label}: #{response.code}")
+        end
+
+        response.body
+      end
 
-    # Get server's time
-    #
-    # @param region [Symbol]
-    # @return [Integer] server timestamp in seconds
-    def self.request_server_time(region)
-      Core.request_server_time(region)
     end
 
   end

data/lib/bnet/authenticator/constants.rb

@@ -0,0 +1,35 @@
+module Bnet
+
+  class Authenticator
+
+    CLIENT_MODEL = 'bn/authenticator'
+    RSA_MOD = 104890018807986556874007710914205443157030159668034197186125678960287470894290830530618284943118405110896322835449099433232093151168250152146023319326491587651685252774820340995950744075665455681760652136576493028733914892166700899109836291180881063097461175643998356321993663868233366705340758102567742483097
+    RSA_KEY = 257
+    AUTHENTICATOR_HOSTS = {
+      :CN => "mobile-service.battlenet.com.cn",
+      :EU => "m.eu.mobileservice.blizzard.com",
+      :US => "m.us.mobileservice.blizzard.com",
+    }
+    ENROLLMENT_REQUEST_PATH = '/enrollment/enroll.htm'
+    TIME_REQUEST_PATH = '/enrollment/time.htm'
+    RESTORE_INIT_REQUEST_PATH = '/enrollment/initiatePaperRestore.htm'
+    RESTORE_VALIDATE_REQUEST_PATH = '/enrollment/validatePaperRestore.htm'
+
+    RESTORECODE_MAP = (0..32).reduce({}) do |memo, c|
+      memo[c] = case
+                  when c < 10 then c + 48
+                  else
+                    c += 55
+                    c += 1 if c > 72  # S
+                    c += 1 if c > 75  # O
+                    c += 1 if c > 78  # L
+                    c += 1 if c > 82  # I
+                    c
+                end
+      memo
+    end
+    RESTORECODE_MAP_INVERSE = RESTORECODE_MAP.invert
+
+  end
+
+end

data/lib/bnet/authenticator/version.rb

@@ -1,5 +1,5 @@
 module Bnet
   class Authenticator
-    VERSION = "0.1.2"
+    VERSION = "0.1.3"
   end
 end

data/lib/bnet/command.rb

@@ -1,5 +1,13 @@
 module Bnet
 
+  class Authenticator
+
+    def to_readable_text
+      "Serial: #{serial}\nSecret: #{secret}\nRestoration Code: #{restorecode}"
+    end
+
+  end
+
   class InvalidCommandException < StandardError
     attr_accessor :command
     attr_accessor :message

data/lib/bnet/commands/info.rb

@@ -18,8 +18,8 @@ module Bnet
         serial = @args.shift
         secret = @args.shift
 
-        authenticator = Authenticator.new(:serial => serial, :secret => secret)
-        puts authenticator.to_s
+        authenticator = Authenticator.new(serial, secret)
+        puts authenticator.to_readable_text
       end
 
     end

data/lib/bnet/commands/new.rb

@@ -18,8 +18,8 @@ module Bnet
         region = args.shift || 'US'
         region = region.to_sym
 
-        authenticator = Authenticator.new(:region => region)
-        puts authenticator.to_s
+        authenticator = Authenticator.request_authenticator(region)
+        puts authenticator.to_readable_text
       end
 
     end

data/lib/bnet/commands/restore.rb

@@ -18,11 +18,8 @@ module Bnet
         serial = @args.shift
         restorecode = @args.shift
 
-        authenticator = Authenticator.new(
-          :serial => serial,
-          :restorecode => restorecode
-        )
-        puts authenticator.to_s
+        authenticator = Authenticator.restore_authenticator(serial, restorecode)
+        puts authenticator.to_readable_text
       end
 
     end

data/lib/bnet/commands/token.rb

@@ -24,7 +24,7 @@ module Bnet
       def run
         secret = @args.shift
 
-        token, next_timestamp = Authenticator.caculate_token(secret)
+        token, next_timestamp = Authenticator.get_token(secret)
 
         puts token
         if @options.repeat
@@ -39,7 +39,7 @@ module Bnet
               next
             end
 
-            token, next_timestamp = Authenticator.caculate_token(secret)
+            token, next_timestamp = Authenticator.get_token(secret)
             puts token
           end
         end

data/test/test_battlenet_authenticator.rb

@@ -12,31 +12,27 @@ class Bnet::AuthenticatorTest < Minitest::Test
   DEFAULT_REGION = :CN
 
   def test_load
-    authenticator = Bnet::Authenticator.new(:serial => DEFAULT_SERIAL, :secret => DEFAULT_SECRET)
+    authenticator = Bnet::Authenticator.new(DEFAULT_SERIAL, DEFAULT_SECRET)
     is_default_authenticator authenticator
   end
 
   def test_argument_error
     assert_raises ::Bnet::Authenticator::BadInputError do
-      Bnet::Authenticator.new
+      Bnet::Authenticator.new('ABC', '')
     end
 
     assert_raises ::Bnet::Authenticator::BadInputError do
-      Bnet::Authenticator.new(:serial => 'ABC')
+      Bnet::Authenticator.request_authenticator('SG')
     end
 
     assert_raises ::Bnet::Authenticator::BadInputError do
-      Bnet::Authenticator.new(:region => 'SG')
-    end
-
-    assert_raises ::Bnet::Authenticator::BadInputError do
-      Bnet::Authenticator.new(:restorecode => 'DDDD')
+      Bnet::Authenticator.restore_authenticator('DDDD', 'EEE')
     end
   end
 
   def test_request_new_serial
     begin
-      authenticator = Bnet::Authenticator.new(:region => :US)
+      authenticator = Bnet::Authenticator.request_authenticator(:US)
       assert_equal :US, authenticator.region
       refute_nil authenticator.serial
       refute_nil authenticator.secret
@@ -48,7 +44,7 @@ class Bnet::AuthenticatorTest < Minitest::Test
 
   def test_restore
     begin
-      authenticator = Bnet::Authenticator.new(:serial => DEFAULT_SERIAL, :restorecode => DEFAULT_RSCODE)
+      authenticator = Bnet::Authenticator.restore_authenticator(DEFAULT_SERIAL, DEFAULT_RSCODE)
       is_default_authenticator authenticator
     rescue Bnet::Authenticator::RequestFailedError => e
       puts e
@@ -70,8 +66,8 @@ class Bnet::AuthenticatorTest < Minitest::Test
     assert_equal DEFAULT_SERIAL, authenticator.serial
     assert_equal DEFAULT_SECRET, authenticator.secret
     assert_equal DEFAULT_RSCODE, authenticator.restorecode
-    assert_equal ['61459300', 1347279360], authenticator.caculate_token(1347279358)
-    assert_equal ['61459300', 1347279360], authenticator.caculate_token(1347279359)
-    assert_equal ['23423634', 1347279390], authenticator.caculate_token(1347279360)
+    assert_equal ['61459300', 1347279360], authenticator.get_token(1347279358)
+    assert_equal ['61459300', 1347279360], authenticator.get_token(1347279359)
+    assert_equal ['23423634', 1347279390], authenticator.get_token(1347279360)
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bnet-authenticator
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - ZHANG Yi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-11 00:00:00.000000000 Z
+date: 2014-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -82,7 +82,7 @@ files:
 - bin/bna
 - bnet-authenticator.gemspec
 - lib/bnet/authenticator.rb
-- lib/bnet/authenticator/core.rb
+- lib/bnet/authenticator/constants.rb
 - lib/bnet/authenticator/errors.rb
 - lib/bnet/authenticator/version.rb
 - lib/bnet/command.rb

data/lib/bnet/authenticator/core.rb

@@ -1,240 +0,0 @@
-require 'digest/sha1'
-require 'digest/hmac'
-require 'net/http'
-require 'bnet/support'
-require 'bnet/authenticator/errors'
-
-module Bnet
-
-  class Authenticator
-
-    module Core
-
-      RSA_MOD = 104890018807986556874007710914205443157030159668034197186125678960287470894290830530618284943118405110896322835449099433232093151168250152146023319326491587651685252774820340995950744075665455681760652136576493028733914892166700899109836291180881063097461175643998356321993663868233366705340758102567742483097
-      RSA_KEY = 257
-      AUTHENTICATOR_HOSTS = {
-        :CN => "mobile-service.battlenet.com.cn",
-        :EU => "m.eu.mobileservice.blizzard.com",
-        :US => "m.us.mobileservice.blizzard.com",
-      }
-      ENROLLMENT_REQUEST_PATH = '/enrollment/enroll.htm'
-      TIME_REQUEST_PATH = '/enrollment/time.htm'
-      RESTORE_INIT_REQUEST_PATH = '/enrollment/initiatePaperRestore.htm'
-      RESTORE_VALIDATE_REQUEST_PATH = '/enrollment/validatePaperRestore.htm'
-
-      RESTORECODE_MAP = (0..32).reduce({}) do |memo, c|
-        memo[c] = case
-                    when c < 10 then c + 48
-                    else
-                      c += 55
-                      c += 1 if c > 72  # S
-                      c += 1 if c > 75  # O
-                      c += 1 if c > 78  # L
-                      c += 1 if c > 82  # I
-                      c
-                  end
-        memo
-      end
-      RESTORECODE_MAP_INVERSE = RESTORECODE_MAP.invert
-
-      def self.normalize_options(options)
-        return nil if options.nil?
-
-        %w(serial region restorecode secret).each do |attr|
-          if options.has_key? attr.to_sym
-            options[attr.to_sym] = send "normalize_#{attr}".to_sym, options[attr.to_sym] do |value|
-              raise BadInputError.new("bad #{attr} #{value}")
-            end
-          end
-        end
-
-        options[:serial] = prettify_serial(options[:serial]) if options.has_key?(:serial)
-
-        options
-      end
-
-      def self.encode_restorecode(bin)
-        bin.bytes.map do |v|
-          RESTORECODE_MAP[v & 0x1f]
-        end.as_bytes_to_bin
-      end
-
-      def self.extract_region(serial)
-        serial.to_s[0, 2].upcase.to_sym
-      end
-
-      def self.caculate_token(secret, timestamp = nil)
-        secret = normalize_secret secret do |invalid_secret|
-          return nil
-        end
-
-        current = (timestamp || Time.now.getutc.to_i) / 30
-
-        digest = Digest::HMAC.digest([current].pack('Q>'), secret.as_hex_to_bin, Digest::SHA1)
-
-        start_position = digest[19].ord & 0xf
-
-        token = '%08d' % (digest[start_position, 4].as_bin_to_i % 100000000)
-
-        return token, (current + 1) * 30
-      end
-
-      def self.request_new_serial(region, model = nil)
-        e, k = prepair_serial_request(region, model || 'bn/authenticator')
-
-        # request to server
-        response_body = request_for('new serial', region, ENROLLMENT_REQUEST_PATH, e)
-
-        # the first 8 bytes be server timestamp in milliseconds
-        # the rest 37 bytes, to be XORed with `k`
-        decrypted = decrypt_response(response_body[8, 37], k)
-
-        # now
-        # the first 20 bytes be the authenticator secret
-        # the rest 17 bytes be the authenticator serial (readable string begins with CN-, US-, EU-, etc.)
-        secret = decrypted[0, 20]
-        serial = decrypted[20, 17]
-
-        return serial, secret.as_bin_to_hex
-      end
-
-      def self.request_restore(serial, restorecode)
-        serial_normalized = normalize_serial(serial)
-        region = extract_region(serial_normalized)
-        restorecode_bin = decode_restorecode(restorecode)
-
-        # stage 1
-        challenge = request_for('restore (stage 1)', region, RESTORE_INIT_REQUEST_PATH, serial_normalized)
-
-        # stage 2
-        key = create_one_time_pad(20)
-
-        digest = Digest::HMAC.digest(serial_normalized + challenge,
-                                     restorecode_bin,
-                                     Digest::SHA1)
-
-        payload = serial_normalized + rsa_encrypted((digest + key).as_bin_to_i)
-
-        response_body = request_for('restore (stage 2)', region, RESTORE_VALIDATE_REQUEST_PATH, payload)
-
-        secret = decrypt_response(response_body, key).as_bin_to_hex
-
-        return prettify_serial(serial), secret
-      end
-
-      def self.request_server_time(region)
-        request_for('server time', region, TIME_REQUEST_PATH).as_bin_to_i.to_f / 1000
-      end
-
-      class << self
-
-        def normalize_serial(serial)
-          s = serial.to_s.gsub(/-/, '').upcase
-
-          if block_given?
-            region = extract_region(s)
-            yield serial unless (AUTHENTICATOR_HOSTS.has_key?(region) && s =~ /\d{12}/)
-          end
-
-          s
-        end
-
-        def prettify_serial(serial)
-          serial = normalize_serial(serial) { |bad_serial| return nil }
-          "#{serial[0, 2]}-" + serial[2, 12].scan(/.{4}/).join('-')
-        end
-
-        def normalize_region(region)
-          normalized_region = region.to_s.upcase.to_sym
-
-          if block_given? && !AUTHENTICATOR_HOSTS.has_key?(normalized_region)
-            yield region
-          end
-
-          normalized_region
-        end
-
-        def normalize_restorecode(restorecode)
-          restorecode = restorecode.upcase
-
-          if block_given? && !(restorecode =~ /[0-9A-Z]{10}/)
-            yield restorecode
-          end
-
-          restorecode
-        end
-
-        def normalize_secret(secret)
-          if block_given? && !(secret =~ /[0-9a-f]{40}/i)
-            yield secret
-          end
-
-          secret
-        end
-
-        def create_one_time_pad(length)
-          (0..1.0/0.0).reduce('') do |memo, i|
-            break memo if memo.length >= length
-            memo << Digest::SHA1.digest(rand().to_s)
-          end[0, length]
-        end
-
-        def decode_restorecode(str)
-          str.bytes.map do |c|
-            RESTORECODE_MAP_INVERSE[c]
-          end.as_bytes_to_bin
-        end
-
-        def decrypt_response(text, key)
-          text.bytes.zip(key.bytes).reduce('') do |memo, pair|
-            memo + (pair[0] ^ pair[1]).chr
-          end
-        end
-
-        def rsa_encrypted(integer)
-          (integer ** RSA_KEY % RSA_MOD).to_bin
-        end
-
-        def prepair_serial_request(region, model)
-          # one-time key of 37 bytes
-          k = create_one_time_pad(37)
-
-          # make byte[56]
-          #   00 byte[1]  固定为1
-          #   01 byte[37] 37位的随机数据，只使用一次，用来解密服务器返回数据
-          #   38 byte[2]  区域码: CN, US, EU, etc.
-          #   40 byte[16] 设备模型数据(手机型号字符串，可随意)
-          bytes = [1]
-          bytes.concat(k.bytes.to_a)
-          bytes.concat(region.to_s.bytes.take(2))
-          bytes.concat(model.ljust(16, "\0").bytes.take(16))
-
-          # encrypted using RSA
-          e = rsa_encrypted(bytes.as_bytes_to_i)
-
-          return e, k
-        end
-
-        def request_for(label, region, path, body = nil)
-          request = body.nil? ? Net::HTTP::Get.new(path) : Net::HTTP::Post.new(path)
-          request.content_type = 'application/octet-stream'
-          request.body = body unless body.nil?
-
-          response = Net::HTTP.new(AUTHENTICATOR_HOSTS[region]).start do |http|
-            http.request request
-          end
-
-          if response.code.to_i != 200
-            raise RequestFailedError.new("Error requesting #{label}: #{response.code}")
-          end
-
-          response.body
-        end
-
-      end
-
-    end
-
-  end
-
-end