Jump to content
McKay Development

All Activity

This stream auto-updates

  1. Today
  2. Last week
  3. At some point, the structure of how manifest IDs are represented in appinfo has changed. This release adds a shim to support passing the old format into getManifest. Full Changelog: v4.28.5...v4.28.6 View on GitHub
  4. I found the error. I guess in an earlier version, the GID got returned directly. Thanks for your help!
  5. Bumping this, an issue has been opened on github: https://github.com/DoctorMcKay/steam-twofactor-server/issues/6 I tried to fix it myself but couldn't find a way to submit the 2FA code after filling the field. It looks like they removed most of the javascript functions which make it more difficult.
  6. I use the sortBackpack() method after every time a trade offer is accepted. In fact, since it doesn't seem to work for me, I execute the code several times. sortBackpack(n = 0) is the closest thing to "sort by class" in the range n = [0, 5], so I feel like I am not acknowledging the new items. What am I missing?
  7. Acknowledging a received item is done by simply moving it to a backpack slot using setPosition or by sorting your backpack again using sortBackpack. sortBackpack only sorts your backpack once; it won't stay sorted when you receive new items.
  8. Upon accepting a trade offer, my bot's inventory is sorted by class (presumably: tf2.sortBackpack(0)). However, as you can see in the picture, it is only partially sorted, possibly because I am not "acknowledging" the new items and they do not behave normally. I can find no other explanation - I have tried everything. Please, help me.
  9. This works fine for me: let manifestId = (await user.getProductInfo([730], [])).apps[730].appinfo.depots[731].manifests.public.gid; console.log(`Got manifest ${manifestId}`); console.log(await user.getManifest(730, 731, manifestId, 'public')); Please show your code.
  10. Thanks for your response. I updated, but get now this error: node:internal/process/promises:265 triggerUncaughtException(err, true /* fromPromise */); ^ OperationalError: HTTP error 404 at ClientRequest.<anonymous> (/app/node_modules/steam-user/components/cdn.js:585:13) ... 9 lines matching cause stack trace ... at TCP.onStreamRead (node:internal/stream_base_commons:190:23) { cause: Error: HTTP error 404 at ClientRequest.<anonymous> (/app/node_modules/steam-user/components/cdn.js:585:13) at Object.onceWrapper (node:events:640:26) at ClientRequest.emit (node:events:520:28) at HTTPParser.parserOnIncomingClient (node:_http_client:618:27) at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17) at Socket.socketOnData (node:_http_client:482:22) at Socket.emit (node:events:520:28) at addChunk (node:internal/streams/readable:315:12) at readableAddChunk (node:internal/streams/readable:289:9) at Socket.Readable.push (node:internal/streams/readable:228:10) at TCP.onStreamRead (node:internal/stream_base_commons:190:23), isOperational: true }
  11. How to send pictures + text to friends, please provide an example, thank you
  12. Thank you @Dr. McKay for the pointers. The solution was the `server_secret` field for the ticket in the CMsgClientAuthList message. I couldnt find out how this value is obtained/generated so I'm settling on patching steam-user locally. The server secret was just the shortened name of the game. Diff: diff --git a/components/appauth.js b/components/appauth.js index 3f6b5b6..1f29a0f 100644 --- a/components/appauth.js +++ b/components/appauth.js @@ -84,7 +84,7 @@ class SteamUserAppAuth extends SteamUserAccount { return AppTicket.parseAppTicket(ticket, allowInvalidSignature); } - createAuthSessionTicket(appid, callback) { + createAuthSessionTicket(appid, server_secret_hex_string, callback) { return StdLib.Promises.callbackPromise(['sessionTicket'], callback, (resolve, reject) => { // For an auth session ticket we need the following: // 1. Length-prefixed GCTOKEN @@ -120,7 +120,7 @@ class SteamUserAppAuth extends SteamUserAccount { try { // We need to activate our ticket - await this.activateAuthSessionTickets(appid, buffer); + await this.activateAuthSessionTickets(appid, buffer, server_secret); resolve({sessionTicket: buffer}); } catch (err) { reject(err); @@ -171,7 +173,7 @@ class SteamUserAppAuth extends SteamUserAccount { }); } - activateAuthSessionTickets(appid, tickets, callback) { + activateAuthSessionTickets(appid, tickets, server_secret, callback) { if (!Array.isArray(tickets)) { tickets = [tickets]; } @@ -210,6 +212,7 @@ class SteamUserAppAuth extends SteamUserAccount { ticket_crc: StdLib.Hashing.crc32(ticket.authTicket), ticket: ticket.authTicket }; + if (server_secret) thisTicket.server_secret = Buffer.from(server_secret, 'hex'); // Check if this ticket is already active if (this._activeAuthTickets.find(tkt => tkt.steamid == thisTicket.steamid && tkt.ticket_crc == thisTicket.ticket_crc)) {
  13. Hmm, it seems to work fine for me now, too. (Firefox 113.0.2 on Linux, same as earlier). It also works in Chromium for me now. I don't know what I changed; I also tried signing up for the forums a couple of months back and hit the same problem. But it's gone now. Sorry for wasting your time.
  14. They come from SteamDB, which itself dumps them from Steam using ProtobufDumper.
  15. The hcaptcha widget appears fine for me in Firefox 113.0.2.
  16. steam-user doesn't provide any way to specify your own sessionExternalIP value, but there's nothing stopping you from spoofing that field to be whatever you want, either. It's client-controlled and isn't authenticated by Steam as far as I'm aware. You could try changing the value directly in the steam-user code here and see what happens. Yes, the internal IP is determined from the private IP specified when you connected to Steam. By default, steam-user sends 0 unless you change the logonID value in the logOn method. You need to encode your desired internal IP as a 32-bit int, then xor it with 0xBAADF00D. For example, encodes to 3232235778, then xor that by doing 3232235778 ^ 0xBAADF00D and you get 2158493696, which is what you should use for your logonID. Yes, ownership tickets are cached in userdata/your_account_id/config/localconfig.vdf under apptickets. Not as far as I'm aware You can use NetHook for that. When you inject it, you'll need to provide the filename of the game process you want to inject into.
  17. Earlier
  18. It seems it's currently impossible to sign up for this site in Firefox unless I set `network.cookie.cookieBehavior` in `about:config` to 0. The hCaptcha will not show if this setting has the default value of 5. https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning I also tried signing up in Chromium, I also couldn't see the hCaptcha there.
  19. I was wondering whether the protobufs in https://github.com/DoctorMcKay/node-steam-user/tree/b67302eb6eae12e358d444ee6f237ec393ab1833/protobufs were reverse-engineered by DoctorMcKay or whether they were obtained from some other source.
  20. A game I was playing was updated recently, and the backend server started to reject the ticket returned from createAuthSessionTicket. There is no change in the payload format, so I'm confused what could possibly cause this. The backend accepts the session ticket only if it was generated via the game's launcher, and the ticket stops working once the game is closed. If I login and request an new app ticket via node-steam-user after the game launcher generated its own ticket and BEFORE submitting to the game backend, then the backend server rejects both tickets. Simplified code example: // Flow 1: User login user.on("loggedOn", (details, parental) => { // user.setPersona(SteamUser.EPersonaState.Invisible); user.gamesPlayed([APP_ID]); }); // Prints "Ticket xxx validated by [I:1:1]: OK" when POST request to backend is made user.on('authTicketStatus', details => { logger.info(`Ticket ${details.ticketGcToken} validated by ${details.steamID.steam3()}: ${SteamUser.EAuthSessionResponse[details.authSessionResponse]}`); }); user.on('appLaunched', appID => { if (appID != APP_ID) { return; } resolve(user); // resolves the promise for Flow 1 }) user.logOn(creds); // ======== Flow 2 ========= // // Create app ticket and auth with backend const user = await loginSteamUserFlow1(); const {sessionTicket} = await user.createAuthSessionTicket(APP_ID); payload.token = sessionTicket.toString('hex').toUpperCase(); // Backend rejects this call with some vague error message "OAuth exception" const resp = await client.post(`${GAME_HOST}/session`, {json: payload}) Parsed tickets: // valid ticket, generated by game // sessionExternalIP is some random IP everytime // ownershipTicketExternalIP is not exactly my external IP, but it probably is a previously held IP // tokenGenerated doesnt seem to be anywhere near the current time { authTicket: <Buffer 14 00 00 00 b4 truncated... 2 more bytes>, gcToken: 'xxxx', tokenGenerated: 2023-06-02T02:22:25.000Z, sessionExternalIP: '', clientConnectionTime: 2734877, clientConnectionCount: 4, version: 4, steamID: SteamID { universe: 1, type: 1, instance: 1, accountid: xxxx }, appID: 958260, ownershipTicketExternalIP: 'xxx.xxx.xxx.xx', ownershipTicketInternalIP: '', ownershipFlags: 0, ownershipTicketGenerated: 2023-05-24T02:05:48.000Z, ownershipTicketExpires: 2023-06-14T02:05:48.000Z, licenses: [ 313233 ], dlc: [], signature: <Buffer 31 74 f0 b7 truncated... 78 more bytes>, isExpired: false, hasValidSignature: true, isValid: true } // generated by node-steam-user, rejected by backend { authTicket: <Buffer 14 00 00 00 b1 truncated ... 2 more bytes>, gcToken: 'xxxx', tokenGenerated: 2023-06-02T03:28:41.000Z, sessionExternalIP: 'xxx.xxx.xxx.xxx', clientConnectionTime: 101, clientConnectionCount: 1, version: 4, steamID: SteamID { universe: 1, type: 1, instance: 1, accountid: xxxxx }, appID: 958260, ownershipTicketExternalIP: 'xxx.xxx.xxx.xxx', ownershipTicketInternalIP: '', ownershipFlags: 0, ownershipTicketGenerated: 2023-06-01T07:30:15.000Z, ownershipTicketExpires: 2023-06-22T07:30:15.000Z, licenses: [ 313233 ], dlc: [], signature: <Buffer 5c 7d 7c 8f truncated ... 78 more bytes>, isExpired: false, hasValidSignature: true, isValid: true } Reading the README for node-steam-appticket, it seems that some fields can be spoofed. Can we specify our own `sessionExternalIP` when requesting & activating app tickets? Can we specify our own `ownershipTicketInternalIP` as well? Why is the `ownershipTicketGenerated` by the game launcher so old compared to node-steam-user? Is it cached locally by the Steam client? Does `user.gamesPlayed([APP_ID])` do anything to affect the validity of the app ticket? How should I go about reversing the communication of the game <-> Steam ?
  21. Browser script: document.cookie = 'steamLoginSecure=xxxxxxxxxxxxxxxxxxxxxxx; expires=Fri, 02 Jun 2023 10:14:12 GMT; path=/'; Node script with steam-session log(`Generating cookie: ${token}`, 'info', 'steam-session', true, id) const session = new LoginSession(EAuthTokenPlatformType.WebBrowser) session.refreshToken = token const cookie = await session.getWebCookies() log(`Cookie: ${cookie}`, 'info', 'steam-session', true, id)
  22. I am trying to put cookies that i got from webSession event in browser but they don’t authorize me there, however they work if i use setCookies in node steamcommunity.
  23. 4.28.4 still leaked memory unfortunately. Running a test currently with the following handlers disabled: EMsg.ClientPersonaState EMsg.ClientClanState EMsg.ClientFriendsList It's been looking good so far no memory leak yet (running for 4+ days now)
  24. It looks like Steam might have changed how product info data is sent. Update to 4.28.5 and it should be fixed for you.
  25. Fixed error when calling getProductInfo due to Steam changes Fixed endAuthSessions not working properly, thanks to @Sadzurami in #436 Full Changelog: v4.28.4...v4.28.5 View on GitHub
  1. Load more activity
  • Create New...