private static bool AuthenticateUser() { // 32 byte random blob of data var sessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] encryptedSessionKey; // ... which is then encrypted with RSA using the Steam system's public key using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // users hashed loginkey, AES encrypted with the sessionkey var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(WebAPIUserNonce), sessionKey); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { KeyValue result; try { result = userAuth.AuthenticateUser( steamid: Steam.Instance.Client.SteamID.ConvertToUInt64(), sessionkey: WebHelpers.UrlEncode(encryptedSessionKey), encrypted_loginkey: WebHelpers.UrlEncode(encryptedLoginKey), method: "POST", secure: true ); } catch (WebException e) { var response = (HttpWebResponse)e.Response; if (response.StatusCode == HttpStatusCode.Unauthorized || response.StatusCode == HttpStatusCode.Forbidden) { IsAuthorized = false; if (Steam.Instance.Client.IsConnected) { Steam.Instance.User.RequestWebAPIUserNonce(); } } Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message); return(false); } Cookies = new CookieContainer(); Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com")); Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com")); } IsAuthorized = true; Log.WriteInfo("WebAuth", "Authenticated"); return(true); }
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey) { Token = TokenSecure = String.Empty; SessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId)); _cookies = new CookieContainer(); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { // userAuth.Timeout = TimeSpan.FromSeconds(5); // Generate an AES session key. var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey = null; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length); // AES encrypt the loginkey with our session key. byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); KeyValue authResult; // Get the Authentification Result. try { Dictionary <string, object> sessionArgs = new Dictionary <string, object>() { { "steamid", client.SteamID.ConvertToUInt64() }, { "sessionkey", cryptedSessionKey }, { "encrypted_loginkey", cryptedLoginKey } }; authResult = userAuth.Call(HttpMethod.Post, "AuthenticateUser", args: sessionArgs); } catch (Exception hehe) { Console.WriteLine("Unable to make AuthenticateUser API Request: {0}", hehe.Message); Token = TokenSecure = null; return(false); } Token = authResult["token"].AsString(); TokenSecure = authResult["tokensecure"].AsString(); // Adding cookies to the cookie container. _cookies.Add(new Cookie("sessionid", SessionID, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("Steam_Language", "english", string.Empty, SteamCommunityDomain)); Console.WriteLine("Crukies: " + VerifyCookies()); return(true); } }
public static async Task <WebSession> AuthenticateWebSession( this SteamClient client, string userNonce ) { // Generate random SessionId var sessionId = Guid.NewGuid().ToString("N"); // Generate an AES SessionKey. var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] encryptedSessionKey; using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // AES encrypt the loginkey with our session key. var encryptedLoginKey = CryptoHelper.SymmetricEncrypt( Encoding.ASCII.GetBytes(userNonce), sessionKey ); try { using (var steamUserAuth = WebAPI.GetAsyncInterface("ISteamUserAuth")) { var result = await steamUserAuth.CallAsync( HttpMethod.Post, "AuthenticateUser", 1, new Dictionary <string, object> { { "steamid", client.SteamID.ConvertToUInt64().ToString() }, { "sessionkey", encryptedSessionKey }, { "encrypted_loginkey", encryptedLoginKey } } ).ConfigureAwait(false); return(new WebSession( client.SteamID.ConvertToUInt64(), result["token"]?.Value?.ToUpper(), result["tokensecure"]?.Value?.ToUpper(), sessionId, null, null )); } } catch { return(null); } }
///<summary> /// Authenticate using SteamKit2 and ISteamUserAuth. /// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website. /// </summary> /// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks> /// <param name="myUniqueId">Id what you get to login.</param> /// <param name="client">An instance of a SteamClient.</param> /// <param name="myLoginKey">Login Key of your account.</param> /// <returns>A bool, which is true if the login was successful.</returns> public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey) { Token = TokenSecure = ""; SessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId)); _cookies = new CookieContainer(); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { // Generate an AES session key. var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length); // AES encrypt the loginkey with our session key. byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); KeyValue authResult; // Get the Authentification Result. try { authResult = userAuth.AuthenticateUser( steamid: client.SteamID.ConvertToUInt64(), sessionkey: HttpUtility.UrlEncode(cryptedSessionKey), encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey), method: "POST", secure: true ); } catch (Exception e) { Token = TokenSecure = null; return(false); } Token = authResult["token"].AsString(); TokenSecure = authResult["tokensecure"].AsString(); // Adding cookies to the cookie container. _cookies.Add(new Cookie("sessionid", SessionId, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("Steam_Language", "english", string.Empty, SteamCommunityDomain)); return(true); } }
public async Task <bool> AuthenticateAsync(ulong steamId, SteamClient client, string myLoginKey) { mToken = mTokenSecure = ""; mSessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamId.ToString())); mCookieContainer = new CookieContainer(); KeyValue response; using (WebAPI.AsyncInterface iSteamUserAuth = client.Configuration.GetAsyncWebAPIInterface("ISteamUserAuth")) { // generate an AES session key var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey = null; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = Encoding.UTF8.GetBytes(myLoginKey); // aes encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); try { response = await iSteamUserAuth.CallAsync( HttpMethod.Post, "AuthenticateUser", args : new Dictionary <string, object>(3, StringComparer.Ordinal) { { "encrypted_loginkey", cryptedLoginKey }, { "sessionkey", cryptedSessionKey }, { "steamid", client.SteamID.ConvertToUInt64() } }); } catch (TaskCanceledException e) { mToken = mTokenSecure = null; return(false); } catch (Exception e) { mToken = mTokenSecure = null; return(false); } mToken = response["token"].AsString(); mTokenSecure = response["tokensecure"].AsString(); mCookieContainer.Add(new Cookie("sessionid", mSessionId, String.Empty, mSteamCommunityDomain)); mCookieContainer.Add(new Cookie("steamLogin", mToken, String.Empty, mSteamCommunityDomain)); mCookieContainer.Add(new Cookie("steamLoginSecure", mTokenSecure, String.Empty, mSteamCommunityDomain)); return(true); } }
public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey) { mToken = mTokenSecure = ""; mSessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId)); mCookieContainer = new CookieContainer(); using (var userAuth = WebAPI.GetInterface("ISteamUserAuth")) { // generate an AES session key var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey = null; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length); // aes encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); KeyValue authResult; try { var dict = new System.Collections.Generic.Dictionary <string, object>() { { "steamid", client.SteamID.ConvertToUInt64() }, { "sessionkey", cryptedSessionKey }, { "encrypted_loginkey", cryptedLoginKey }, { "secure", true } }; authResult = userAuth.Call(System.Net.Http.HttpMethod.Post, "AuthenticateUser", 1, dict); } catch (Exception) { mToken = mTokenSecure = null; return(false); } mToken = authResult["token"].AsString(); mTokenSecure = authResult["tokensecure"].AsString(); mCookieContainer.Add(new Cookie("sessionid", mSessionId, string.Empty, mSteamCommunityDomain)); mCookieContainer.Add(new Cookie("steamLogin", mToken, string.Empty, mSteamCommunityDomain)); mCookieContainer.Add(new Cookie("steamLoginSecure", mTokenSecure, string.Empty, mSteamCommunityDomain)); return(true); } }
///<summary> /// Authenticate using SteamKit2 and ISteamUserAuth. /// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website. /// </summary> /// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks> public static bool Authenticate(string myUniqueId, SteamClient client, out string sessionId, out string token, out string tokensecure, string myLoginKey) { sessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId)); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { // generate an AES session key var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey = null; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.ConnectedUniverse))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length); // aes encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); KeyValue authResult; try { authResult = userAuth.AuthenticateUser( steamid: client.SteamID.ConvertToUInt64(), sessionkey: HttpUtility.UrlEncode(cryptedSessionKey), encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey), method: "POST", secure: true ); } catch (Exception) { token = null; tokensecure = null; return(false); } token = authResult ["token"].AsString(); tokensecure = authResult["tokensecure"].AsString(); return(true); } }
void HandleEncryptRequest(IPacketMsg packetMsg) { var encRequest = new Msg <MsgChannelEncryptRequest>(packetMsg); EUniverse eUniv = encRequest.Body.Universe; uint protoVersion = encRequest.Body.ProtocolVersion; DebugLog.WriteLine("CMClient", "Got encryption request. Universe: {0} Protocol ver: {1}", eUniv, protoVersion); DebugLog.Assert(protoVersion == 1, "CMClient", "Encryption handshake protocol version mismatch!"); byte[] pubKey = KeyDictionary.GetPublicKey(eUniv); if (pubKey == null) { DebugLog.WriteLine("CMClient", "HandleEncryptionRequest got request for invalid universe! Universe: {0} Protocol ver: {1}", eUniv, protoVersion); return; } ConnectedUniverse = eUniv; var encResp = new Msg <MsgChannelEncryptResponse>(); tempSessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] cryptedSessKey = null; using (var rsa = new RSACrypto(pubKey)) { cryptedSessKey = rsa.Encrypt(tempSessionKey); } byte[] keyCrc = CryptoHelper.CRCHash(cryptedSessKey); encResp.Write(cryptedSessKey); encResp.Write(keyCrc); encResp.Write(( uint )0); this.Send(encResp); }
public static async Task <bool> AuthenticateUser() { SteamUser.WebAPIUserNonceCallback nonce; ulong steamid; try { nonce = await Steam.Instance.User.RequestWebAPIUserNonce(); steamid = Steam.Instance.Client.SteamID.ConvertToUInt64(); } catch (Exception e) { IsAuthorized = false; Log.WriteWarn("WebAuth", "Failed to get nonce: {0}", e.Message); return(false); } // 32 byte random blob of data var sessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] encryptedSessionKey; // ... which is then encrypted with RSA using the Steam system's public key using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe) !)) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // users hashed loginkey, AES encrypted with the sessionkey var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(nonce.Nonce), sessionKey); using (var userAuth = Steam.Configuration.GetAsyncWebAPIInterface("ISteamUserAuth")) { KeyValue result; try { result = await userAuth.CallAsync(HttpMethod.Post, "AuthenticateUser", 1, new Dictionary <string, object> { { "steamid", steamid }, { "sessionkey", encryptedSessionKey }, { "encrypted_loginkey", encryptedLoginKey }, } ); } catch (HttpRequestException e) { IsAuthorized = false; Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message); return(false); } Cookies = new CookieContainer(); Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com")); Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com")); } IsAuthorized = true; Log.WriteInfo("WebAuth", "Authenticated"); return(true); }
internal async Task <bool> Init(SteamClient steamClient, string webAPIUserNonce, string parentalPin) { if (steamClient == null || steamClient.SteamID == null || string.IsNullOrEmpty(webAPIUserNonce)) { return(false); } SteamID = steamClient.SteamID; string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(SteamID.ToString())); // Generate an AES session key byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with the public key for the universe we're on byte[] cryptedSessionKey; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(steamClient.ConnectedUniverse))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } // Copy our login key byte[] loginKey = new byte[webAPIUserNonce.Length]; Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length); // AES encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); // Do the magic Logging.LogGenericInfo("Logging in to ISteamUserAuth...", Bot.BotName); KeyValue authResult; using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) { iSteamUserAuth.Timeout = Timeout; try { authResult = iSteamUserAuth.AuthenticateUser( steamid: SteamID, sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: !Program.GlobalConfig.ForceHttp ); } catch (Exception e) { Logging.LogGenericException(e, Bot.BotName); return(false); } } if (authResult == null) { return(false); } Logging.LogGenericInfo("Success!", Bot.BotName); string steamLogin = authResult["token"].AsString(); string steamLoginSecure = authResult["tokensecure"].AsString(); Cookie["sessionid"] = sessionID; Cookie["steamLogin"] = steamLogin; Cookie["steamLoginSecure"] = steamLoginSecure; // The below is used for display purposes only Cookie["webTradeEligibility"] = "{\"allowed\":0,\"reason\":0,\"allowed_at_time\":0,\"steamguard_required_days\":0,\"sales_this_year\":0,\"max_sales_per_year\":0,\"forms_requested\":0}"; await UnlockParentalAccount(parentalPin).ConfigureAwait(false); return(true); }
internal async Task <bool> Init(ulong steamID, EUniverse universe, string webAPIUserNonce, string parentalPin) { if ((steamID == 0) || (universe == EUniverse.Invalid) || string.IsNullOrEmpty(webAPIUserNonce) || string.IsNullOrEmpty(parentalPin)) { Logging.LogNullError(nameof(steamID) + " || " + nameof(universe) + " || " + nameof(webAPIUserNonce) + " || " + nameof(parentalPin), Bot.BotName); return(false); } SteamID = steamID; string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString())); // Generate an AES session key byte[] sessionKey = SteamKit2.CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with the public key for the universe we're on byte[] cryptedSessionKey; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } // Copy our login key byte[] loginKey = new byte[webAPIUserNonce.Length]; Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length); // AES encrypt the loginkey with our session key byte[] cryptedLoginKey = SteamKit2.CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); // Do the magic Logging.LogGenericInfo("Logging in to ISteamUserAuth...", Bot.BotName); KeyValue authResult; using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) { iSteamUserAuth.Timeout = Timeout; try { authResult = iSteamUserAuth.AuthenticateUser( steamid: steamID, sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: !Program.GlobalConfig.ForceHttp ); } catch (Exception e) { Logging.LogGenericException(e, Bot.BotName); return(false); } } if (authResult == null) { Logging.LogNullError(nameof(authResult), Bot.BotName); return(false); } string steamLogin = authResult["token"].Value; if (string.IsNullOrEmpty(steamLogin)) { Logging.LogNullError(nameof(steamLogin), Bot.BotName); return(false); } string steamLoginSecure = authResult["tokensecure"].Value; if (string.IsNullOrEmpty(steamLoginSecure)) { Logging.LogNullError(nameof(steamLoginSecure), Bot.BotName); return(false); } WebBrowser.CookieContainer.Add(new Cookie("sessionid", sessionID, "/", "." + SteamCommunityHost)); WebBrowser.CookieContainer.Add(new Cookie("steamLogin", steamLogin, "/", "." + SteamCommunityHost)); WebBrowser.CookieContainer.Add(new Cookie("steamLoginSecure", steamLoginSecure, "/", "." + SteamCommunityHost)); Logging.LogGenericInfo("Success!", Bot.BotName); // Unlock Steam Parental if needed if (!parentalPin.Equals("0")) { if (!await UnlockParentalAccount(parentalPin).ConfigureAwait(false)) { return(false); } } Ready = true; LastSessionRefreshCheck = DateTime.Now; return(true); }
///<summary> /// Authenticate using SteamKit2 and ISteamUserAuth. /// This does the same as SteamWeb.DoLogin(), but without contacting the Steam Website. /// </summary> /// <remarks>Should this one doesnt work anymore, use <see cref="SteamWeb.DoLogin"/></remarks> /// <param name="myUniqueId">Id what you get to login.</param> /// <param name="client">An instance of a SteamClient.</param> /// <param name="myLoginKey">Login Key of your account.</param> /// <returns>A bool, which is true if the login was successful.</returns> public bool Authenticate(string myUniqueId, SteamClient client, string myLoginKey) { Token = TokenSecure = ""; SessionId = Convert.ToBase64String(Encoding.UTF8.GetBytes(myUniqueId)); _cookies = new CookieContainer(); using (dynamic userAuth = WebAPI.GetInterface("ISteamUserAuth")) { // Generate an AES session key. var sessionKey = CryptoHelper.GenerateRandomBlock(32); // rsa encrypt it with the public key for the universe we're on byte[] cryptedSessionKey; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.ConnectedUniverse))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(myLoginKey), loginKey, myLoginKey.Length); // AES encrypt the loginkey with our session key. byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); KeyValue authResult; // Get the Authentification Result. try { authResult = userAuth.AuthenticateUser( steamid: client.SteamID.ConvertToUInt64(), sessionkey: HttpUtility.UrlEncode(cryptedSessionKey), encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey), method: "POST", secure: true ); } catch (Exception) { Token = TokenSecure = null; return(false); } Token = authResult["token"].AsString(); TokenSecure = authResult["tokensecure"].AsString(); // Adding cookies to the cookie container. _cookies.Add(new Cookie("sessionid", SessionId, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLogin", Token, string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("steamLoginSecure", TokenSecure, string.Empty, SteamCommunityDomain)); //Add custom shit to the cookie _cookies.Add(new Cookie("webTradeEligibility", "%7B%22allowed%22%3A1%2C%22allowed_at_time%22%3A0%2C%22steamguard_required_days%22%3A15%2C%22sales_this_year%22%3A6%2C%22max_sales_per_year%22%3A200%2C%22forms_requested%22%3A0%2C%22new_device_cooldown_days%22%3A7%7D", string.Empty, SteamCommunityDomain)); _cookies.Add(new Cookie("strInventoryLastContext", "730_2", string.Empty, SteamCommunityDomain)); return(true); } }
internal async Task Init(SteamClient steamClient, string webAPIUserNonce, string vanityURL, string parentalPin) { if (steamClient == null || steamClient.SteamID == null || string.IsNullOrEmpty(webAPIUserNonce)) { return; } SteamID = steamClient.SteamID; VanityURL = vanityURL; string sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(SteamID.ToString(CultureInfo.InvariantCulture))); // Generate an AES session key byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with the public key for the universe we're on byte[] cryptedSessionKey = null; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(steamClient.ConnectedUniverse))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } // Copy our login key byte[] loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length); // AES encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); // Send the magic KeyValue authResult; Logging.LogGenericInfo(Bot.BotName, "Logging in to ISteamUserAuth..."); using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) { iSteamUserAuth.Timeout = Timeout; try { authResult = iSteamUserAuth.AuthenticateUser( steamid: SteamID, sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: true ); } catch (Exception e) { Logging.LogGenericException(Bot.BotName, e); steamClient.Disconnect(); // We may get 403 if we use the same webAPIUserNonce twice return; } } if (authResult == null) { steamClient.Disconnect(); // Try again return; } Logging.LogGenericInfo(Bot.BotName, "Success!"); string steamLogin = authResult["token"].AsString(); string steamLoginSecure = authResult["tokensecure"].AsString(); SteamCookieDictionary.Clear(); SteamCookieDictionary.Add("sessionid", sessionID); SteamCookieDictionary.Add("steamLogin", steamLogin); SteamCookieDictionary.Add("steamLoginSecure", steamLoginSecure); SteamCookieDictionary.Add("birthtime", "-473356799"); // ( ͡° ͜ʖ ͡°) if (!string.IsNullOrEmpty(parentalPin) && !parentalPin.Equals("0")) { Logging.LogGenericInfo(Bot.BotName, "Unlocking parental account..."); Dictionary <string, string> postData = new Dictionary <string, string>() { { "pin", parentalPin } }; HttpResponseMessage response = await Utilities.UrlPostRequestWithResponse("https://steamcommunity.com/parental/ajaxunlock", postData, SteamCookieDictionary, "https://steamcommunity.com/").ConfigureAwait(false); if (response != null && response.IsSuccessStatusCode) { Logging.LogGenericInfo(Bot.BotName, "Success!"); var setCookieValues = response.Headers.GetValues("Set-Cookie"); foreach (string setCookieValue in setCookieValues) { if (setCookieValue.Contains("steamparental=")) { string setCookie = setCookieValue.Substring(setCookieValue.IndexOf("steamparental=") + 14); setCookie = setCookie.Substring(0, setCookie.IndexOf(';')); SteamCookieDictionary.Add("steamparental", setCookie); break; } } } else { Logging.LogGenericInfo(Bot.BotName, "Failed!"); } } Bot.Trading.CheckTrades(); }
/// <summary> /// 重新获取新 Cookies,如果是第一次调用本方法,会同时启用定时检测计时器 /// </summary> public async Task Refresh() { if (!_checkTimer.Enabled) { _logger.Info($"#{BotSequenceNumber} Cookies check timer started."); _checkTimer.Start(); } if (string.IsNullOrWhiteSpace(WebApiUserNonce)) { return; } // generate an AES session key var sessionKey = CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with the public key for the universe we're on byte[] encryptedSessionKey; using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(ConnectedUniverse))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } var loginKey = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(WebApiUserNonce), loginKey, WebApiUserNonce.Length); // AES encrypt the loginkey with our session key var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); try { await _retryPolicy.ExecuteAsync(async() => { using (dynamic userAuth = WebAPI.GetAsyncInterface("ISteamUserAuth")) { KeyValue authResult = await userAuth.AuthenticateUser(steamid: SteamId.ConvertToUInt64(), sessionkey: HttpUtility.UrlEncode(encryptedSessionKey), encrypted_loginkey: HttpUtility.UrlEncode(encryptedLoginKey), method: "POST", secure: true); _cookieContainer.Add(new Cookie("sessionid", Convert.ToBase64String(Encoding.UTF8.GetBytes(LoginKeyUniqueId.ToString())), string.Empty, "steamcommunity.com")); _cookieContainer.Add(new Cookie("steamLogin", authResult["token"].AsString(), string.Empty, "steamcommunity.com")); _cookieContainer.Add(new Cookie("steamLoginSecure", authResult["tokensecure"].AsString(), string.Empty, "steamcommunity.com")); _logger.Info($"#{BotSequenceNumber} Cookies refreshed."); } }); } catch (Exception e) { _logger.Warn($"#{BotSequenceNumber} Cookies refresh failed.", e); } }
/// <summary> /// Authenticate the user at the online services of Steam /// </summary> public bool AuthenticateUser(SteamClient _steamClient, string _webAPIUserNonce) { m_steamClient = _steamClient; // Get the interface for the authentication of the steamuser using (dynamic authenticator = WebAPI.GetInterface("ISteamUserAuth")) { SessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(_steamClient.SteamID.ToString())); // Generate a random block of 32 bytes for the security byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32); // Encrypt the above generated block of bytes with the Steam systems public key byte[] encryptedSessionKey; using (RSACrypto rsa = new RSACrypto(KeyDictionary.GetPublicKey(_steamClient.ConnectedUniverse))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // Copy the string into the bytearray byte[] loginkey = new byte[_webAPIUserNonce.Length]; Array.Copy(Encoding.ASCII.GetBytes(_webAPIUserNonce), loginkey, _webAPIUserNonce.Length); // AES encrypt the loginkey with our sessionkey byte[] encryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginkey, sessionKey); // The value returned by the AuthenticateUser function are KeyValues KeyValue authResult; // Always TRY to work with interfaces, because it could go wrong and destroy everything try { authResult = authenticator.AuthenticateUser( steamid: _steamClient.SteamID.ConvertToUInt64(), sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(encryptedSessionKey, 0, encryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(encryptedLoginKey, 0, encryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: true); } catch (Exception e) { if (!e.Message.Contains("403")) { m_logger.Error(e.Message); } return(false); } // Double check if it is null then return because we do not have anything to do here if (authResult == null) { return(false); } // Set the cookies SteamLogin = authResult["token"].Value; SteamLoginSecure = authResult["tokensecure"].Value; // Create a new instance of the cookieContainer // After loosing connection a second m_domainTable will be created, holding the sessionID from the time we were not authenticated // This will lead to inactive session while requesting API/WebCalls m_WebHelper.m_CookieContainer = new CookieContainer(); m_WebHelper.m_CookieContainer.Add(new Cookie("sessionid", SessionID, string.Empty, m_SteamStoreHost)); m_WebHelper.m_CookieContainer.Add(new Cookie("sessionid", SessionID, string.Empty, m_SteamCommunityHost)); m_WebHelper.m_CookieContainer.Add(new Cookie("steamLogin", SteamLogin, string.Empty, m_SteamStoreHost)); m_WebHelper.m_CookieContainer.Add(new Cookie("steamLogin", SteamLogin, string.Empty, m_SteamCommunityHost)); m_WebHelper.m_CookieContainer.Add(new Cookie("steamLoginSecure", SteamLoginSecure, string.Empty, m_SteamStoreHost)); m_WebHelper.m_CookieContainer.Add(new Cookie("steamLoginSecure", SteamLoginSecure, string.Empty, m_SteamCommunityHost)); return(true); } }
public static async Task <bool> AuthenticateUser() { SteamUser.WebAPIUserNonceCallback nonce; try { nonce = await Steam.Instance.User.RequestWebAPIUserNonce(); } catch (Exception e) { IsAuthorized = false; Log.WriteWarn("WebAuth", "Failed to get nonce: {0}", e.Message); return(false); } // 32 byte random blob of data var sessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] encryptedSessionKey; // ... which is then encrypted with RSA using the Steam system's public key using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(Steam.Instance.Client.Universe))) { encryptedSessionKey = rsa.Encrypt(sessionKey); } // users hashed loginkey, AES encrypted with the sessionkey var encryptedLoginKey = CryptoHelper.SymmetricEncrypt(Encoding.ASCII.GetBytes(nonce.Nonce), sessionKey); using (dynamic userAuth = WebAPI.GetAsyncInterface("ISteamUserAuth")) { KeyValue result; try { result = await userAuth.AuthenticateUser( steamid : Steam.Instance.Client.SteamID.ConvertToUInt64(), sessionkey : WebHelpers.UrlEncode(encryptedSessionKey), encrypted_loginkey : WebHelpers.UrlEncode(encryptedLoginKey), method : "POST", secure : true ); } catch (HttpRequestException e) { IsAuthorized = false; Log.WriteWarn("WebAuth", "Failed to authenticate: {0}", e.Message); return(false); } File.WriteAllText(Path.Combine(Application.Path, "files", ".support", "cookie.txt"), $"steamLogin={result["token"].AsString()}; steamLoginSecure={result["tokensecure"].AsString()}"); Cookies = new CookieContainer(); Cookies.Add(new Cookie("steamLogin", result["token"].AsString(), "/", "store.steampowered.com")); Cookies.Add(new Cookie("steamLoginSecure", result["tokensecure"].AsString(), "/", "store.steampowered.com")); } IsAuthorized = true; Log.WriteInfo("WebAuth", "Authenticated"); if (!Settings.IsFullRun) { await AccountInfo.RefreshAppsToIdle(); } return(true); }
bool HandleEncryptRequest(IPacketMsg packetMsg) { var encRequest = new Msg <MsgChannelEncryptRequest>(packetMsg); EUniverse eUniv = encRequest.Body.Universe; uint protoVersion = encRequest.Body.ProtocolVersion; DebugLog.WriteLine("CMClient", "Got encryption request. Universe: {0} Protocol ver: {1}", eUniv, protoVersion); DebugLog.Assert(protoVersion == 1, "CMClient", "Encryption handshake protocol version mismatch!"); byte[] randomChallenge; if (encRequest.Payload.Length >= 16) { randomChallenge = encRequest.Payload.ToArray(); } else { randomChallenge = null; } byte[] pubKey = KeyDictionary.GetPublicKey(eUniv); if (pubKey == null) { connection.Disconnect(); DebugLog.WriteLine("CMClient", "HandleEncryptionRequest got request for invalid universe! Universe: {0} Protocol ver: {1}", eUniv, protoVersion); return(false); } ConnectedUniverse = eUniv; var encResp = new Msg <MsgChannelEncryptResponse>(); var tempSessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] encryptedHandshakeBlob = null; using (var rsa = new RSACrypto(pubKey)) { if (randomChallenge != null) { var blobToEncrypt = new byte[tempSessionKey.Length + randomChallenge.Length]; Array.Copy(tempSessionKey, blobToEncrypt, tempSessionKey.Length); Array.Copy(randomChallenge, 0, blobToEncrypt, tempSessionKey.Length, randomChallenge.Length); encryptedHandshakeBlob = rsa.Encrypt(blobToEncrypt); } else { encryptedHandshakeBlob = rsa.Encrypt(tempSessionKey); } } var keyCrc = CryptoHelper.CRCHash(encryptedHandshakeBlob); encResp.Write(encryptedHandshakeBlob); encResp.Write(keyCrc); encResp.Write(( uint )0); if (randomChallenge != null) { pendingNetFilterEncryption = new NetFilterEncryptionWithHMAC(tempSessionKey); } else { pendingNetFilterEncryption = new NetFilterEncryption(tempSessionKey); } this.Send(encResp); return(true); }
internal async Task Init(string webAPIUserNonce) { steamID = _bot.steamClient.SteamID; sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString())); // Generate an AES session key byte[] sessionKey = CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with the public key for the universe we're on byte[] cryptedSessionKey; using (var crypto = new RSACrypto(KeyDictionary.GetPublicKey(_bot.steamClient.ConnectedUniverse))) { cryptedSessionKey = crypto.Encrypt(sessionKey); } // Copy our login key byte[] loginKey = new byte[webAPIUserNonce.Length]; Array.Copy(Encoding.ASCII.GetBytes(webAPIUserNonce), loginKey, webAPIUserNonce.Length); // AES encrypt the loginkey with our session key byte[] cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); _bot.Log("Logging in to ISteamUserAuth", LogType.Info); KeyValue autResult; using (dynamic iSteamUserAuth = WebAPI.GetInterface("ISteamUserAuth")) { iSteamUserAuth.Timeout = 60000; try { autResult = iSteamUserAuth.AuthenticateUser( steamid: steamID.ConvertToUInt64(), sessionkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedSessionKey, 0, cryptedSessionKey.Length)), encrypted_loginkey: Encoding.ASCII.GetString(WebUtility.UrlEncodeToBytes(cryptedLoginKey, 0, cryptedLoginKey.Length)), method: WebRequestMethods.Http.Post, secure: true); } catch (Exception e) { _bot.Log("Cant AuthenticateUser " + e.Message, LogType.Error); return; } } if (autResult == null) { return; } _bot.Log("Success", LogType.Info); string steamLogin = autResult["token"].Value; string steamLoginSecure = autResult["tokensecure"].Value; webClient.cookieContainer.Add(new Cookie("sessionid", sessionID, "/", "." + SteamCommunityHOST)); webClient.cookieContainer.Add(new Cookie("steamLogin", steamLogin, "/", "." + SteamCommunityHOST)); webClient.cookieContainer.Add(new Cookie("steamLoginSecure", steamLoginSecure, "/", "." + SteamCommunityHOST)); gameminerBot = new GameminerBot(webClient, _bot.BotConfig); Initialized = true; //GiveawayBotInit().Forget(); }
//////////////////////////////////////////////////// // STEAM WEB INTERFACE //////////////////////////////////////////////////// // Copied this shit straight from ArchisSteamFarm, credit to him public override async void LoginWebInterface(ulong steamID) { if (!IsAuthenticated) { SteamUser.WebAPIUserNonceCallback callback; try { callback = await _steamUser.RequestWebAPIUserNonce(); } catch (Exception ex) { _log.Error(ex, "Unable to request Web API Nonce. Titan won't be able to execute Web API actions."); return; } if (string.IsNullOrWhiteSpace(callback?.Nonce)) { _log.Error("Received empty Web API Nonce. Titan won't be able to execute Web API actions."); return; } var sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(steamID.ToString())); var sessionKey = CryptoHelper.GenerateRandomBlock(32); byte[] cryptedSessionKey; using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(_steamClient.Universe))) { cryptedSessionKey = rsa.Encrypt(sessionKey); } var loginKey = new byte[callback.Nonce.Length]; Array.Copy(Encoding.ASCII.GetBytes(callback.Nonce), loginKey, callback.Nonce.Length); // AES encrypt the login key with our session key var cryptedLoginKey = CryptoHelper.SymmetricEncrypt(loginKey, sessionKey); if (!Titan.Instance.WebHandle.AuthentificateUser( steamID, cryptedLoginKey, cryptedSessionKey, out var result )) { _log.Error("Failed to authentificate with Web API Nonce. " + "Titan won't be able to execute Web API actions."); return; } var token = result["token"].Value; var secureToken = result["tokensecure"].Value; if (string.IsNullOrWhiteSpace(token) || string.IsNullOrWhiteSpace(secureToken)) { _log.Error("Failed to authentificate with Web API Nonce. " + "Titan won't be able to execute Web API actions."); return; } Cookies.Add("sessionid", sessionID); Cookies.Add("steamLogin", token); Cookies.Add("steamLoginSecure", secureToken); if (!Titan.Instance.Options.Secure) { _log.Debug("Authorized with Steam Web API. Session ID: {id}", sessionID); } _log.Information("Successfully authorized with Steam Web API."); IsAuthenticated = true; } }
public bool Authenticate(string uniqueID, string loginKey) { // Check so they are valid if (uniqueID == null || loginKey == null) { return(false); } var sessionID = Convert.ToBase64String(Encoding.UTF8.GetBytes(uniqueID)); using (dynamic auth = WebAPI.GetInterface("ISteamUserAuth")) { // Generate AES session key var sessionKey = CryptoHelper.GenerateRandomBlock(32); // RSA encrypt it with public key byte[] cryptedSessionKey; using (var rsa = new RSACrypto(KeyDictionary.GetPublicKey(client.Universe))) cryptedSessionKey = rsa.Encrypt(sessionKey); var key = new byte[20]; Array.Copy(Encoding.ASCII.GetBytes(loginKey), key, loginKey.Length); // AES encrypt loginkey with session var cryptedLoginKey = CryptoHelper.SymmetricEncrypt(key, sessionKey); KeyValue authResult; // Get auth result try { authResult = auth.AuthenticateUser( steamid: client.SteamID.ConvertToUInt64(), sessionkey: HttpUtility.UrlEncode(cryptedSessionKey), encrypted_loginkey: HttpUtility.UrlEncode(cryptedLoginKey), method: "POST", secure: true ); } catch (Exception e) { Kraxbot.Log($"Warning: Failed to authenticate: {e.Message}"); return(false); } var token = authResult["token"].AsString(); var tokenSecure = authResult["tokensecure"].AsString(); // Add cookies Cookies.Add(new Cookie("sessionid", sessionID, string.Empty, "steamcommunity.com")); Cookies.Add(new Cookie("steamLogin", token, string.Empty, "steamcommunity.com")); Cookies.Add(new Cookie("steamLoginSecure", tokenSecure, string.Empty, "steamcommunity.com")); SessionID = sessionID; SteamLogin = token; SteamLoginSecure = tokenSecure; IsLoggedOn = true; return(true); } }