private static bool AuthenticateUser()
{
// 32 byte random blob of data
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] encryptedSessionKey;
// ... which is then encrypted with RSA using the Steam system's public key
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe)))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
// users hashed loginkey, AES encrypted with the sessionkey
var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(WebAPIUserNonce), sessionKey);
using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
KeyValue result;
try
{
result = userAuth.AuthenticateUser(
steamid: Steam.Instance.Client.SteamID.ConvertToUInt64(),
sessionkey: WebHelpers.UrlEncode(encryptedSessionKey),
encrypted_loginkey: WebHelpers.UrlEncode(encryptedLoginKey),
method: "POST",
secure: true
);
}
catch (WebException e)
{
var response = (HttpWebResponse)e.Response;
if (response.StatusCode == HttpStatusCode.Unauthorized || response.StatusCode == HttpStatusCode.Forbidden)
{
IsAuthorized = false;
if (Steam.Instance.Client.IsConnected)
{
Steam.Instance.User.RequestWebAPIUserNonce();
}
}
Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message);
return(false);
}
Cookies = new CookieContainer();
Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com"));
Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com"));
}
IsAuthorized = true;
Log.WriteInfo("WebAuth", "Authenticated");
return(true);
}
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey)
{
Token = TokenSecure = String.Empty;
SessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId));
_cookies = new CookieContainer();
using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
// userAuth.Timeout = TimeSpan.FromSeconds(5);
// Generate an AES session key.
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey = null;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length);
// AES encrypt the loginkey with our session key.
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
KeyValue authResult;
// Get the Authentification Result.
try
{
Dictionary <string, object> sessionArgs = new Dictionary <string, object>()
{
{ "steamid", client.SteamID.ConvertToUInt64() },
{ "sessionkey", cryptedSessionKey },
{ "encrypted_loginkey", cryptedLoginKey }
};
authResult = userAuth.Call(HttpMethod.Post, "AuthenticateUser", args: sessionArgs);
}
catch (Exception hehe)
{
Console.WriteLine("Unable to make AuthenticateUser API Request: {0}", hehe.Message);
Token = TokenSecure = null;
return(false);
}
Token = authResult["token"].AsString();
TokenSecure = authResult["tokensecure"].AsString();
// Adding cookies to the cookie container.
_cookies.Add(new Cookie("sessionid", SessionID, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("Steam_Language", "english", string.Empty, SteamCommunityDomain));
Console.WriteLine("Crukies: " + VerifyCookies());
return(true);
}
}
public static async Task <WebSession> AuthenticateWebSession(
this SteamClient client,
string userNonce
)
{
// Generate random SessionId
var sessionId = Guid.NewGuid().ToString("N");
// Generate an AES SessionKey.
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] encryptedSessionKey;
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
// AES encrypt the loginkey with our session key.
var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(
Encoding.ASCII.GetBytes(userNonce),
sessionKey
);
try
{
using (var steamUserAuth = WebAPI.GetAsyncInterface("ISteamUserAuth"))
{
var result = await steamUserAuth.CallAsync(
HttpMethod.Post,
"AuthenticateUser",
1,
new Dictionary <string, object>
{
{ "steamid", client.SteamID.ConvertToUInt64().ToString() },
{ "sessionkey", encryptedSessionKey },
{ "encrypted_loginkey", encryptedLoginKey }
}
).ConfigureAwait(false);
return(new WebSession(
client.SteamID.ConvertToUInt64(),
result["token"]?.Value?.ToUpper(),
result["tokensecure"]?.Value?.ToUpper(),
sessionId,
null,
null
));
}
}
catch
{
return(null);
}
}
///<summary>
/// Authenticate using SteamKit2 and ISteamUserAuth.
/// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website.
/// </summary>
/// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks>
/// <param name="myUniqueId">Id what you get to login.</param>
/// <param name="client">An instance of a SteamClient.</param>
/// <param name="myLoginKey">Login Key of your account.</param>
/// <returns>A bool, which is true if the login was successful.</returns>
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey)
{
Token = TokenSecure = "";
SessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId));
_cookies = new CookieContainer();
using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
// Generate an AES session key.
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length);
// AES encrypt the loginkey with our session key.
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
KeyValue authResult;
// Get the Authentification Result.
try
{
authResult = userAuth.AuthenticateUser(
steamid: client.SteamID.ConvertToUInt64(),
sessionkey: HttpUtility.UrlEncode(cryptedSessionKey),
encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey),
method: "POST",
secure: true
);
}
catch (Exception e)
{
Token = TokenSecure = null;
return(false);
}
Token = authResult["token"].AsString();
TokenSecure = authResult["tokensecure"].AsString();
// Adding cookies to the cookie container.
_cookies.Add(new Cookie("sessionid", SessionId, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("Steam_Language", "english", string.Empty, SteamCommunityDomain));
return(true);
}
}
public async Task <bool> AuthenticateAsync(ulong steamId, SteamClient client, string myLoginKey)
{
mToken = mTokenSecure = "";
mSessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamId.ToString()));
mCookieContainer = new CookieContainer();
KeyValue response;
using (WebAPI.AsyncInterface iSteamUserAuth = client.Configuration.GetAsyncWebAPIInterface("ISteamUserAuth"))
{
// generate an AES session key
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey = null;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = Encoding.UTF8.GetBytes(myLoginKey);
// aes encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
try
{
response = await iSteamUserAuth.CallAsync(
HttpMethod.Post, "AuthenticateUser", args : new Dictionary <string, object>(3, StringComparer.Ordinal)
{
{ "encrypted_loginkey", cryptedLoginKey },
{ "sessionkey", cryptedSessionKey },
{ "steamid", client.SteamID.ConvertToUInt64() }
});
}
catch (TaskCanceledException e)
{
mToken = mTokenSecure = null;
return(false);
}
catch (Exception e)
{
mToken = mTokenSecure = null;
return(false);
}
mToken = response["token"].AsString();
mTokenSecure = response["tokensecure"].AsString();
mCookieContainer.Add(new Cookie("sessionid", mSessionId, String.Empty, mSteamCommunityDomain));
mCookieContainer.Add(new Cookie("steamLogin", mToken, String.Empty, mSteamCommunityDomain));
mCookieContainer.Add(new Cookie("steamLoginSecure", mTokenSecure, String.Empty, mSteamCommunityDomain));
return(true);
}
}
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey)
{
mToken = mTokenSecure = "";
mSessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId));
mCookieContainer = new CookieContainer();
using (var userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
// generate an AES session key
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey = null;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length);
// aes encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
KeyValue authResult;
try
{
var dict = new System.Collections.Generic.Dictionary <string, object>()
{
{ "steamid", client.SteamID.ConvertToUInt64() },
{ "sessionkey", cryptedSessionKey },
{ "encrypted_loginkey", cryptedLoginKey },
{ "secure", true }
};
authResult = userAuth.Call(System.Net.Http.HttpMethod.Post, "AuthenticateUser", 1, dict);
}
catch (Exception)
{
mToken = mTokenSecure = null;
return(false);
}
mToken = authResult["token"].AsString();
mTokenSecure = authResult["tokensecure"].AsString();
mCookieContainer.Add(new Cookie("sessionid", mSessionId, string.Empty, mSteamCommunityDomain));
mCookieContainer.Add(new Cookie("steamLogin", mToken, string.Empty, mSteamCommunityDomain));
mCookieContainer.Add(new Cookie("steamLoginSecure", mTokenSecure, string.Empty, mSteamCommunityDomain));
return(true);
}
}
///<summary>
/// Authenticate using SteamKit2 and ISteamUserAuth.
/// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website.
/// </summary>
/// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks>
public static bool Authenticate(string myUniqueId, SteamClient client, out string sessionId, out string token, out string tokensecure, string myLoginKey)
{
sessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId));
using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
// generate an AES session key
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey = null;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.ConnectedUniverse)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length);
// aes encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
KeyValue authResult;
try
{
authResult = userAuth.AuthenticateUser(
steamid: client.SteamID.ConvertToUInt64(),
sessionkey: HttpUtility.UrlEncode(cryptedSessionKey),
encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey),
method: "POST",
secure: true
);
}
catch (Exception)
{
token = null;
tokensecure = null;
return(false);
}
token = authResult ["token"].AsString();
tokensecure = authResult["tokensecure"].AsString();
return(true);
}
}
void HandleEncryptRequest(IPacketMsg packetMsg)
{
var encRequest = new Msg <MsgChannelEncryptRequest>(packetMsg);
EUniverse eUniv = encRequest.Body.Universe;
uint protoVersion = encRequest.Body.ProtocolVersion;
DebugLog.WriteLine("CMClient", "Got encryption request. Universe: {0} Protocol ver: {1}", eUniv, protoVersion);
DebugLog.Assert(protoVersion == 1, "CMClient", "Encryption handshake protocol version mismatch!");
byte[] pubKey = KeyDictionary.GetPublicKey(eUniv);
if (pubKey == null)
{
DebugLog.WriteLine("CMClient", "HandleEncryptionRequest got request for invalid universe! Universe: {0} Protocol ver: {1}", eUniv, protoVersion);
return;
}
ConnectedUniverse = eUniv;
var encResp = new Msg <MsgChannelEncryptResponse>();
tempSessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] cryptedSessKey = null;
using (var rsa = new RSACrypto(pubKey))
{
cryptedSessKey = rsa.Encrypt(tempSessionKey);
}
byte[] keyCrc = CryptoHelper.CRCHash(cryptedSessKey);
encResp.Write(cryptedSessKey);
encResp.Write(keyCrc);
encResp.Write(( uint )0);
this.Send(encResp);
}
public static async Task <bool> AuthenticateUser()
{
SteamUser.WebAPIUserNonceCallback nonce;
ulong steamid;
try
{
nonce = await Steam.Instance.User.RequestWebAPIUserNonce();
steamid = Steam.Instance.Client.SteamID.ConvertToUInt64();
}
catch (Exception e)
{
IsAuthorized = false;
Log.WriteWarn("WebAuth", "Failed to get nonce: {0}", e.Message);
return(false);
}
// 32 byte random blob of data
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] encryptedSessionKey;
// ... which is then encrypted with RSA using the Steam system's public key
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe) !))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
// users hashed loginkey, AES encrypted with the sessionkey
var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(nonce.Nonce), sessionKey);
using (var userAuth = Steam.Configuration.GetAsyncWebAPIInterface("ISteamUserAuth"))
{
KeyValue result;
try
{
result = await userAuth.CallAsync(HttpMethod.Post, "AuthenticateUser", 1,
new Dictionary <string, object>
{
{ "steamid", steamid },
{ "sessionkey", encryptedSessionKey },
{ "encrypted_loginkey", encryptedLoginKey },
}
);
}
catch (HttpRequestException e)
{
IsAuthorized = false;
Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message);
return(false);
}
Cookies = new CookieContainer();
Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com"));
Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com"));
}
IsAuthorized = true;
Log.WriteInfo("WebAuth", "Authenticated");
return(true);
}
internal async Task <bool> Init(SteamClient steamClient, string webAPIUserNonce, string parentalPin)
{
if (steamClient == null || steamClient.SteamID == null || string.IsNullOrEmpty(webAPIUserNonce))
{
return(false);
}
SteamID = steamClient.SteamID;
string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(SteamID.ToString()));
// Generate an AES session key
byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(steamClient.ConnectedUniverse))) {
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
// Copy our login key
byte[] loginKey = new byte[webAPIUserNonce.Length];
Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length);
// AES encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
// Do the magic
Logging.LogGenericInfo("Logging in to ISteamUserAuth...", Bot.BotName);
KeyValue authResult;
using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) {
iSteamUserAuth.Timeout = Timeout;
try {
authResult = iSteamUserAuth.AuthenticateUser(
steamid: SteamID,
sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)),
encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)),
method: WebRequestMethods.Http.Post,
secure: !Program.GlobalConfig.ForceHttp
);
} catch (Exception e) {
Logging.LogGenericException(e, Bot.BotName);
return(false);
}
}
if (authResult == null)
{
return(false);
}
Logging.LogGenericInfo("Success!", Bot.BotName);
string steamLogin = authResult["token"].AsString();
string steamLoginSecure = authResult["tokensecure"].AsString();
Cookie["sessionid"] = sessionID;
Cookie["steamLogin"] = steamLogin;
Cookie["steamLoginSecure"] = steamLoginSecure;
// The below is used for display purposes only
Cookie["webTradeEligibility"] = "{\"allowed\":0,\"reason\":0,\"allowed_at_time\":0,\"steamguard_required_days\":0,\"sales_this_year\":0,\"max_sales_per_year\":0,\"forms_requested\":0}";
await UnlockParentalAccount(parentalPin).ConfigureAwait(false);
return(true);
}
internal async Task <bool> Init(ulong steamID, EUniverse universe, string webAPIUserNonce, string parentalPin)
{
if ((steamID == 0) || (universe == EUniverse.Invalid) || string.IsNullOrEmpty(webAPIUserNonce) || string.IsNullOrEmpty(parentalPin))
{
Logging.LogNullError(nameof(steamID) + " || " + nameof(universe) + " || " + nameof(webAPIUserNonce) + " || " + nameof(parentalPin), Bot.BotName);
return(false);
}
SteamID = steamID;
string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString()));
// Generate an AES session key
byte[] sessionKey = SteamKit2.CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(universe))) {
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
// Copy our login key
byte[] loginKey = new byte[webAPIUserNonce.Length];
Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length);
// AES encrypt the loginkey with our session key
byte[] cryptedLoginKey = SteamKit2.CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
// Do the magic
Logging.LogGenericInfo("Logging in to ISteamUserAuth...", Bot.BotName);
KeyValue authResult;
using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) {
iSteamUserAuth.Timeout = Timeout;
try {
authResult = iSteamUserAuth.AuthenticateUser(
steamid: steamID,
sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)),
encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)),
method: WebRequestMethods.Http.Post,
secure: !Program.GlobalConfig.ForceHttp
);
} catch (Exception e) {
Logging.LogGenericException(e, Bot.BotName);
return(false);
}
}
if (authResult == null)
{
Logging.LogNullError(nameof(authResult), Bot.BotName);
return(false);
}
string steamLogin = authResult["token"].Value;
if (string.IsNullOrEmpty(steamLogin))
{
Logging.LogNullError(nameof(steamLogin), Bot.BotName);
return(false);
}
string steamLoginSecure = authResult["tokensecure"].Value;
if (string.IsNullOrEmpty(steamLoginSecure))
{
Logging.LogNullError(nameof(steamLoginSecure), Bot.BotName);
return(false);
}
WebBrowser.CookieContainer.Add(new Cookie("sessionid", sessionID, "/", "." + SteamCommunityHost));
WebBrowser.CookieContainer.Add(new Cookie("steamLogin", steamLogin, "/", "." + SteamCommunityHost));
WebBrowser.CookieContainer.Add(new Cookie("steamLoginSecure", steamLoginSecure, "/", "." + SteamCommunityHost));
Logging.LogGenericInfo("Success!", Bot.BotName);
// Unlock Steam Parental if needed
if (!parentalPin.Equals("0"))
{
if (!await UnlockParentalAccount(parentalPin).ConfigureAwait(false))
{
return(false);
}
}
Ready = true;
LastSessionRefreshCheck = DateTime.Now;
return(true);
}
///<summary>
/// Authenticate using SteamKit2 and ISteamUserAuth.
/// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website.
/// </summary>
/// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks>
/// <param name="myUniqueId">Id what you get to login.</param>
/// <param name="client">An instance of a SteamClient.</param>
/// <param name="myLoginKey">Login Key of your account.</param>
/// <returns>A bool, which is true if the login was successful.</returns>
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey)
{
Token = TokenSecure = "";
SessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId));
_cookies = new CookieContainer();
using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
// Generate an AES session key.
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// rsa encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.ConnectedUniverse)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length);
// AES encrypt the loginkey with our session key.
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
KeyValue authResult;
// Get the Authentification Result.
try
{
authResult = userAuth.AuthenticateUser(
steamid: client.SteamID.ConvertToUInt64(),
sessionkey: HttpUtility.UrlEncode(cryptedSessionKey),
encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey),
method: "POST",
secure: true
);
}
catch (Exception)
{
Token = TokenSecure = null;
return(false);
}
Token = authResult["token"].AsString();
TokenSecure = authResult["tokensecure"].AsString();
// Adding cookies to the cookie container.
_cookies.Add(new Cookie("sessionid", SessionId, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain));
_cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain));
//Add custom shit to the cookie
_cookies.Add(new Cookie("webTradeEligibility",
"%7B%22allowed%22%3A1%2C%22allowed_at_time%22%3A0%2C%22steamguard_required_days%22%3A15%2C%22sales_this_year%22%3A6%2C%22max_sales_per_year%22%3A200%2C%22forms_requested%22%3A0%2C%22new_device_cooldown_days%22%3A7%7D",
string.Empty,
SteamCommunityDomain));
_cookies.Add(new Cookie("strInventoryLastContext", "730_2", string.Empty, SteamCommunityDomain));
return(true);
}
}
internal async Task Init(SteamClient steamClient, string webAPIUserNonce, string vanityURL, string parentalPin)
{
if (steamClient == null || steamClient.SteamID == null || string.IsNullOrEmpty(webAPIUserNonce))
{
return;
}
SteamID = steamClient.SteamID;
VanityURL = vanityURL;
string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(SteamID.ToString(CultureInfo.InvariantCulture)));
// Generate an AES session key
byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey = null;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(steamClient.ConnectedUniverse))) {
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
// Copy our login key
byte[] loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length);
// AES encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
// Send the magic
KeyValue authResult;
Logging.LogGenericInfo(Bot.BotName, "Logging in to ISteamUserAuth...");
using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) {
iSteamUserAuth.Timeout = Timeout;
try {
authResult = iSteamUserAuth.AuthenticateUser(
steamid: SteamID,
sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)),
encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)),
method: WebRequestMethods.Http.Post,
secure: true
);
} catch (Exception e) {
Logging.LogGenericException(Bot.BotName, e);
steamClient.Disconnect(); // We may get 403 if we use the same webAPIUserNonce twice
return;
}
}
if (authResult == null)
{
steamClient.Disconnect(); // Try again
return;
}
Logging.LogGenericInfo(Bot.BotName, "Success!");
string steamLogin = authResult["token"].AsString();
string steamLoginSecure = authResult["tokensecure"].AsString();
SteamCookieDictionary.Clear();
SteamCookieDictionary.Add("sessionid", sessionID);
SteamCookieDictionary.Add("steamLogin", steamLogin);
SteamCookieDictionary.Add("steamLoginSecure", steamLoginSecure);
SteamCookieDictionary.Add("birthtime", "-473356799"); // ( ͡° ͜ʖ ͡°)
if (!string.IsNullOrEmpty(parentalPin) && !parentalPin.Equals("0"))
{
Logging.LogGenericInfo(Bot.BotName, "Unlocking parental account...");
Dictionary <string, string> postData = new Dictionary <string, string>()
{
{ "pin", parentalPin }
};
HttpResponseMessage response = await Utilities.UrlPostRequestWithResponse("https://steamcommunity.com/parental/ajaxunlock", postData, SteamCookieDictionary, "https://steamcommunity.com/").ConfigureAwait(false);
if (response != null && response.IsSuccessStatusCode)
{
Logging.LogGenericInfo(Bot.BotName, "Success!");
var setCookieValues = response.Headers.GetValues("Set-Cookie");
foreach (string setCookieValue in setCookieValues)
{
if (setCookieValue.Contains("steamparental="))
{
string setCookie = setCookieValue.Substring(setCookieValue.IndexOf("steamparental=") + 14);
setCookie = setCookie.Substring(0, setCookie.IndexOf(';'));
SteamCookieDictionary.Add("steamparental", setCookie);
break;
}
}
}
else
{
Logging.LogGenericInfo(Bot.BotName, "Failed!");
}
}
Bot.Trading.CheckTrades();
}
/// <summary>
/// 重新获取新 Cookies,如果是第一次调用本方法,会同时启用定时检测计时器
/// </summary>
public async Task Refresh()
{
if (!_checkTimer.Enabled)
{
_logger.Info($"#{BotSequenceNumber} Cookies check timer started.");
_checkTimer.Start();
}
if (string.IsNullOrWhiteSpace(WebApiUserNonce))
{
return;
}
// generate an AES session key
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with the public key for the universe we're on
byte[] encryptedSessionKey;
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(ConnectedUniverse)))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
var loginKey = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(WebApiUserNonce), loginKey, WebApiUserNonce.Length);
// AES encrypt the loginkey with our session key
var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
try
{
await _retryPolicy.ExecuteAsync(async() =>
{
using (dynamic userAuth = WebAPI.GetAsyncInterface("ISteamUserAuth"))
{
KeyValue authResult =
await userAuth.AuthenticateUser(steamid: SteamId.ConvertToUInt64(),
sessionkey: HttpUtility.UrlEncode(encryptedSessionKey),
encrypted_loginkey: HttpUtility.UrlEncode(encryptedLoginKey),
method: "POST",
secure: true);
_cookieContainer.Add(new Cookie("sessionid",
Convert.ToBase64String(Encoding.UTF8.GetBytes(LoginKeyUniqueId.ToString())),
string.Empty,
"steamcommunity.com"));
_cookieContainer.Add(new Cookie("steamLogin", authResult["token"].AsString(),
string.Empty,
"steamcommunity.com"));
_cookieContainer.Add(new Cookie("steamLoginSecure", authResult["tokensecure"].AsString(),
string.Empty,
"steamcommunity.com"));
_logger.Info($"#{BotSequenceNumber} Cookies refreshed.");
}
});
}
catch (Exception e)
{
_logger.Warn($"#{BotSequenceNumber} Cookies refresh failed.", e);
}
}
/// <summary>
/// Authenticate the user at the online services of Steam
/// </summary>
public bool AuthenticateUser(SteamClient _steamClient, string _webAPIUserNonce)
{
m_steamClient = _steamClient;
// Get the interface for the authentication of the steamuser
using (dynamic authenticator = WebAPI.GetInterface("ISteamUserAuth"))
{
SessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(_steamClient.SteamID.ToString()));
// Generate a random block of 32 bytes for the security
byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32);
// Encrypt the above generated block of bytes with the Steam systems public key
byte[] encryptedSessionKey;
using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(_steamClient.ConnectedUniverse)))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
// Copy the string into the bytearray
byte[] loginkey = new byte[_webAPIUserNonce.Length];
Array.Copy(Encoding.ASCII.GetBytes(_webAPIUserNonce), loginkey, _webAPIUserNonce.Length);
// AES encrypt the loginkey with our sessionkey
byte[] encryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginkey, sessionKey);
// The value returned by the AuthenticateUser function are KeyValues
KeyValue authResult;
// Always TRY to work with interfaces, because it could go wrong and destroy everything
try
{
authResult = authenticator.AuthenticateUser(
steamid: _steamClient.SteamID.ConvertToUInt64(),
sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(encryptedSessionKey, 0, encryptedSessionKey.Length)),
encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(encryptedLoginKey, 0, encryptedLoginKey.Length)),
method: WebRequestMethods.Http.Post,
secure: true);
}
catch (Exception e)
{
if (!e.Message.Contains("403"))
{
m_logger.Error(e.Message);
}
return(false);
}
// Double check if it is null then return because we do not have anything to do here
if (authResult == null)
{
return(false);
}
// Set the cookies
SteamLogin = authResult["token"].Value;
SteamLoginSecure = authResult["tokensecure"].Value;
// Create a new instance of the cookieContainer
// After loosing connection a second m_domainTable will be created, holding the sessionID from the time we were not authenticated
// This will lead to inactive session while requesting API/WebCalls
m_WebHelper.m_CookieContainer = new CookieContainer();
m_WebHelper.m_CookieContainer.Add(new Cookie("sessionid", SessionID, string.Empty, m_SteamStoreHost));
m_WebHelper.m_CookieContainer.Add(new Cookie("sessionid", SessionID, string.Empty, m_SteamCommunityHost));
m_WebHelper.m_CookieContainer.Add(new Cookie("steamLogin", SteamLogin, string.Empty, m_SteamStoreHost));
m_WebHelper.m_CookieContainer.Add(new Cookie("steamLogin", SteamLogin, string.Empty, m_SteamCommunityHost));
m_WebHelper.m_CookieContainer.Add(new Cookie("steamLoginSecure", SteamLoginSecure, string.Empty, m_SteamStoreHost));
m_WebHelper.m_CookieContainer.Add(new Cookie("steamLoginSecure", SteamLoginSecure, string.Empty, m_SteamCommunityHost));
return(true);
}
}
public static async Task <bool> AuthenticateUser()
{
SteamUser.WebAPIUserNonceCallback nonce;
try
{
nonce = await Steam.Instance.User.RequestWebAPIUserNonce();
}
catch (Exception e)
{
IsAuthorized = false;
Log.WriteWarn("WebAuth", "Failed to get nonce: {0}", e.Message);
return(false);
}
// 32 byte random blob of data
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] encryptedSessionKey;
// ... which is then encrypted with RSA using the Steam system's public key
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe)))
{
encryptedSessionKey = rsa.Encrypt(sessionKey);
}
// users hashed loginkey, AES encrypted with the sessionkey
var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(nonce.Nonce), sessionKey);
using (dynamic userAuth = WebAPI.GetAsyncInterface("ISteamUserAuth"))
{
KeyValue result;
try
{
result = await userAuth.AuthenticateUser(
steamid : Steam.Instance.Client.SteamID.ConvertToUInt64(),
sessionkey : WebHelpers.UrlEncode(encryptedSessionKey),
encrypted_loginkey : WebHelpers.UrlEncode(encryptedLoginKey),
method : "POST",
secure : true
);
}
catch (HttpRequestException e)
{
IsAuthorized = false;
Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message);
return(false);
}
File.WriteAllText(Path.Combine(Application.Path, "files", ".support", "cookie.txt"), $"steamLogin={result["token"].AsString()}; steamLoginSecure={result["tokensecure"].AsString()}");
Cookies = new CookieContainer();
Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com"));
Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com"));
}
IsAuthorized = true;
Log.WriteInfo("WebAuth", "Authenticated");
if (!Settings.IsFullRun)
{
await AccountInfo.RefreshAppsToIdle();
}
return(true);
}
bool HandleEncryptRequest(IPacketMsg packetMsg)
{
var encRequest = new Msg <MsgChannelEncryptRequest>(packetMsg);
EUniverse eUniv = encRequest.Body.Universe;
uint protoVersion = encRequest.Body.ProtocolVersion;
DebugLog.WriteLine("CMClient", "Got encryption request. Universe: {0} Protocol ver: {1}", eUniv, protoVersion);
DebugLog.Assert(protoVersion == 1, "CMClient", "Encryption handshake protocol version mismatch!");
byte[] randomChallenge;
if (encRequest.Payload.Length >= 16)
{
randomChallenge = encRequest.Payload.ToArray();
}
else
{
randomChallenge = null;
}
byte[] pubKey = KeyDictionary.GetPublicKey(eUniv);
if (pubKey == null)
{
connection.Disconnect();
DebugLog.WriteLine("CMClient", "HandleEncryptionRequest got request for invalid universe! Universe: {0} Protocol ver: {1}", eUniv, protoVersion);
return(false);
}
ConnectedUniverse = eUniv;
var encResp = new Msg <MsgChannelEncryptResponse>();
var tempSessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] encryptedHandshakeBlob = null;
using (var rsa = new RSACrypto(pubKey))
{
if (randomChallenge != null)
{
var blobToEncrypt = new byte[tempSessionKey.Length + randomChallenge.Length];
Array.Copy(tempSessionKey, blobToEncrypt, tempSessionKey.Length);
Array.Copy(randomChallenge, 0, blobToEncrypt, tempSessionKey.Length, randomChallenge.Length);
encryptedHandshakeBlob = rsa.Encrypt(blobToEncrypt);
}
else
{
encryptedHandshakeBlob = rsa.Encrypt(tempSessionKey);
}
}
var keyCrc = CryptoHelper.CRCHash(encryptedHandshakeBlob);
encResp.Write(encryptedHandshakeBlob);
encResp.Write(keyCrc);
encResp.Write(( uint )0);
if (randomChallenge != null)
{
pendingNetFilterEncryption = new NetFilterEncryptionWithHMAC(tempSessionKey);
}
else
{
pendingNetFilterEncryption = new NetFilterEncryption(tempSessionKey);
}
this.Send(encResp);
return(true);
}
internal async Task Init(string webAPIUserNonce)
{
steamID = _bot.steamClient.SteamID;
sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString()));
// Generate an AES session key
byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with the public key for the universe we're on
byte[] cryptedSessionKey;
using (var crypto = new RSACrypto(KeyDictionary.GetPublicKey(_bot.steamClient.ConnectedUniverse)))
{
cryptedSessionKey = crypto.Encrypt(sessionKey);
}
// Copy our login key
byte[] loginKey = new byte[webAPIUserNonce.Length];
Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length);
// AES encrypt the loginkey with our session key
byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
_bot.Log("Logging in to ISteamUserAuth", LogType.Info);
KeyValue autResult;
using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth"))
{
iSteamUserAuth.Timeout = 60000;
try
{
autResult = iSteamUserAuth.AuthenticateUser(
steamid: steamID.ConvertToUInt64(),
sessionkey:
Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0,
cryptedSessionKey.Length)),
encrypted_loginkey:
Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0,
cryptedLoginKey.Length)),
method: WebRequestMethods.Http.Post,
secure: true);
}
catch (Exception e)
{
_bot.Log("Cant AuthenticateUser " + e.Message, LogType.Error);
return;
}
}
if (autResult == null)
{
return;
}
_bot.Log("Success", LogType.Info);
string steamLogin = autResult["token"].Value;
string steamLoginSecure = autResult["tokensecure"].Value;
webClient.cookieContainer.Add(new Cookie("sessionid", sessionID, "/", "." + SteamCommunityHOST));
webClient.cookieContainer.Add(new Cookie("steamLogin", steamLogin, "/", "." + SteamCommunityHOST));
webClient.cookieContainer.Add(new Cookie("steamLoginSecure", steamLoginSecure, "/", "." + SteamCommunityHOST));
gameminerBot = new GameminerBot(webClient, _bot.BotConfig);
Initialized = true;
//GiveawayBotInit().Forget();
}
////////////////////////////////////////////////////
// STEAM WEB INTERFACE
////////////////////////////////////////////////////
// Copied this shit straight from ArchisSteamFarm, credit to him
public override async void LoginWebInterface(ulong steamID)
{
if (!IsAuthenticated)
{
SteamUser.WebAPIUserNonceCallback callback;
try
{
callback = await _steamUser.RequestWebAPIUserNonce();
}
catch (Exception ex)
{
_log.Error(ex, "Unable to request Web API Nonce. Titan won't be able to execute Web API actions.");
return;
}
if (string.IsNullOrWhiteSpace(callback?.Nonce))
{
_log.Error("Received empty Web API Nonce. Titan won't be able to execute Web API actions.");
return;
}
var sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString()));
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
byte[] cryptedSessionKey;
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(_steamClient.Universe)))
{
cryptedSessionKey = rsa.Encrypt(sessionKey);
}
var loginKey = new byte[callback.Nonce.Length];
Array.Copy(Encoding.ASCII.GetBytes(callback.Nonce), loginKey, callback.Nonce.Length);
// AES encrypt the login key with our session key
var cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey);
if (!Titan.Instance.WebHandle.AuthentificateUser(
steamID, cryptedLoginKey, cryptedSessionKey, out var result
))
{
_log.Error("Failed to authentificate with Web API Nonce. " +
"Titan won't be able to execute Web API actions.");
return;
}
var token = result["token"].Value;
var secureToken = result["tokensecure"].Value;
if (string.IsNullOrWhiteSpace(token) || string.IsNullOrWhiteSpace(secureToken))
{
_log.Error("Failed to authentificate with Web API Nonce. " +
"Titan won't be able to execute Web API actions.");
return;
}
Cookies.Add("sessionid", sessionID);
Cookies.Add("steamLogin", token);
Cookies.Add("steamLoginSecure", secureToken);
if (!Titan.Instance.Options.Secure)
{
_log.Debug("Authorized with Steam Web API. Session ID: {id}", sessionID);
}
_log.Information("Successfully authorized with Steam Web API.");
IsAuthenticated = true;
}
}
public bool Authenticate(string uniqueID, string loginKey)
{
// Check so they are valid
if (uniqueID == null || loginKey == null)
{
return(false);
}
var sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(uniqueID));
using (dynamic auth = WebAPI.GetInterface("ISteamUserAuth"))
{
// Generate AES session key
var sessionKey = CryptoHelper.GenerateRandomBlock(32);
// RSA encrypt it with public key
byte[] cryptedSessionKey;
using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe)))
cryptedSessionKey = rsa.Encrypt(sessionKey);
var key = new byte[20];
Array.Copy(Encoding.ASCII.GetBytes(loginKey), key, loginKey.Length);
// AES encrypt loginkey with session
var cryptedLoginKey = CryptoHelper.SymmetricEncrypt(key, sessionKey);
KeyValue authResult;
// Get auth result
try
{
authResult = auth.AuthenticateUser(
steamid: client.SteamID.ConvertToUInt64(),
sessionkey: HttpUtility.UrlEncode(cryptedSessionKey),
encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey),
method: "POST",
secure: true
);
}
catch (Exception e)
{
Kraxbot.Log($"Warning: Failed to authenticate: {e.Message}");
return(false);
}
var token = authResult["token"].AsString();
var tokenSecure = authResult["tokensecure"].AsString();
// Add cookies
Cookies.Add(new Cookie("sessionid", sessionID, string.Empty, "steamcommunity.com"));
Cookies.Add(new Cookie("steamLogin", token, string.Empty, "steamcommunity.com"));
Cookies.Add(new Cookie("steamLoginSecure", tokenSecure, string.Empty, "steamcommunity.com"));
SessionID = sessionID;
SteamLogin = token;
SteamLoginSecure = tokenSecure;
IsLoggedOn = true;
return(true);
}
}
