Jump to content
McKay Development

Dr. McKay

Administrator
  • Content Count

    2243
  • Joined

  • Last visited


Reputation Activity

  1. Like
    Dr. McKay reacted to venfiw in how can i input my username&password like SteamGuard   
    hello every one i made it now, here is my code

  2. Like
    Dr. McKay got a reaction from Ino in question about the method logOn   
    If you just use node-steamcommunity without any special parameters, it will act as if it's a mobile login.
  3. Like
    Dr. McKay reacted to Acorn Eyes in I have no idea where else to ask this, I have no clue how to find the request CS:GO sends when renaming a weapon   
    I just tried it, and it works flawlessly, I submitted a pull request.
  4. Like
    Dr. McKay got a reaction from anupkrbid-dev in getProductInfo is giving error   
    Please double-check the docs. Argument 2 to getProductInfo is an array of packages, not the callback. Pass an empty array if you don't care about any packages.
     
    Also, it doesn't return the data; the data is passed to the callback.
  5. Like
    Dr. McKay got a reaction from HighTech in Amount of gems added to the trade offer   
    You're setting the amount property on an array of CEconItem objects. It needs to be set on the objects themselves.
  6. Like
    Dr. McKay got a reaction from ArturkA in What's in a SteamID?   
    Ever wondered what's behind that big long number that we call a "SteamID"? It isn't just random; there are actually four numbers packed into it.
     
    A SteamID has four parts:
    Universe - The "instance of Steam" in which this ID is used. There is only one public Steam instance. Its name is "public", and its number is 1. The other universes are used internally at Valve for testing. Type - A SteamID can actually stand for several different types of accounts. The most common is individual, which is an individual user account. There are also types for clans (Steam groups), gameservers, anonymous gameservers, anonymous users, and more. Instance - This number is a bit finnicky. For the most part it's just a static number. For example, for individual SteamIDs the instance is pretty much always 1 (for desktop). Account ID - This is the actual ID of the account. Account IDs increment over time. If you know what universe, type, and instance an ID is for, then this is all you need to uniquely identify the account. As I mentioned previously, a 64-bit SteamID is actually broken down into four parts:
    8 bits for the universe 4 bits for the type 20 bits for the instance 32 bits for the account ID This means that in order to get an account ID out of a 64-bit SteamID, all you need to do is steamID & 0xFFFFFFFF.
     
    Warning: The Steam WebAPI and Steam Community website actually don't care about the instance as long as you've set the type and universe correctly. This means that if you're taking user input for SteamIDs, you could end up with duplicate accounts. For example, the SteamIDs 76561198006409530 and 76561202301376826 are considered identical because the universe, type, and accountids are the same. Try it for yourself: https://steamcommunity.com/profiles/76561198006409530 https://steamcommunity.com/profiles/76561202301376826
     
    Failure to take this into account can result in such exploits as this:
     

     
    (Yes, those are actually the same Steam account)
     
    Common SteamID Confusion
    SteamID aspects are a common source of confusion. For starters, what do you call various SteamID formats?
    This is the 64-bit SteamID (or just SteamID) format: 76561198006409530 This is the Steam3 format: [u:1:46143802] This is the Steam2 format: STEAM_0:0:23071901 (or the newer Steam2 format: STEAM_1:0:23071901) The "partner ID" in trade offer URLs is actually the account's account ID.
     
    Reading Rendered IDs
    Here's how to interpret the rendered ID formats.
     
    Steam3 Format
     
    [T:U:A] or [T:U:A:I]
    T - This is a single letter (case-sensitive) which tells you what type of account this is. The characters are documented on the Valve developer wiki. U - This is the universe to which this SteamID belongs. Unless you work for Valve, this will always be 1. A - This is the account ID for this SteamID. I - This is the SteamID's instance number. May be omitted if the instance is the default for that ID type or can be determined in other ways. Steam2 Format
     
    The Steam2 rendered format can only be used for individual SteamIDs.
     
    STEAM_X:Y:Z
    X - This is the universe to which this SteamID belongs. Older games use 0 to stand for public, newer ones use 1. Y - This is the SteamID's accountid modulo 2. Z - This is the SteamID's accountid halved and rounded down. Working with SteamIDs in code
    If you're using Node.js, you can use node-steamid to parse, create, and deal with SteamIDs.
    If you're using PHP, you can use php-steamid.
    If you're using C#, SteamKit has a SteamID class.
  7. Like
    Dr. McKay got a reaction from ArturkA in Cookies   
    Every website out there (that doesn't use HTTP authentication) uses cookies to identify user sessions. Cookies usually contain session IDs, which are looked up on the server in order to determine who the session belongs to. Steam is no different.
     
    All Steam websites (the store, community, the help site) use the same cookies to identify user sessions. There are four cookies which are required to identify a Steam session:
    sessionid steamLogin steamLoginSecure* steamMachineAuth* * = this cookie should only be sent over HTTPS
     
    Despite its name, the sessionid cookie is merely a CSRF token. Its value can be anything, as long as it matches the sessionid POST parameter in your POST requests. Steam will randomly assign you one the first time you hit one of the websites without already having one, even if you aren't logged in. They are not tied to accounts or to sessions.
     
    steamLogin and steamLoginSecure are the actual session cookies. Their format is: (your 64-bit SteamID + two pipe characters, percent encoded as %7C + a 40-character uppercase hexadecimal token). The hexadecimal token will differ between the two cookies, but the SteamID will be the same. steamLoginSecure should be sent with all HTTPS requests, and only for HTTPS requests. These cookies are short-lived and once invalidated (the exact circumstances that cause them to be invalidated are unclear), you will be logged out.
     
    steamMachineAuth is your Steam Guard identification cookie. You should replace with your actual 64-bit SteamID, so for example the name of my cookie would be steamMachineAuth76561198006409530. This cookie's value is simply a 40-character uppercase hexadecimal token. The cookie identifies a "machine" for Steam Guard, so that you don't have to provide an email code every time. This cookie is still present if you're using the mobile authenticator, even though you have to provide a code for every login. This cookie's issue date is also used as the "first sign in" date for purposes of determining trade restrictions. This cookie effectively lasts forever, so you should save it and reuse it between sessions. This cookie is required for trade offers to work.
     
    Note: Since Steam switched to HTTPS-only, steamLogin appears to no longer be necessary and is therefore no longer issued to web logins. It does seem to still be issued to Steam client-based logins.
     
    How to Get Cookies
     
    You can get Steam login cookies in one of three ways.
    You can log in to any Steam site in a browser, which will issue you cookies for that domain (and also do some JavaScript to set those cookies for other Steam domains). node-steamcommunity can do this for you. You can use the undocumented IMobileAuthService/GetWGToken WebAPI method with an oAuth token. node-steamcommunity can do this for you. You can use the ISteamUserAuth/AuthenticateUser WebAPI method with a nonce (loginkey) received from the CM. Sessions negotiated this way will have no steamMachineAuth cookie, and that cookie is unneeded for these sessions (trade offers will still work). Sessions negotiated this way will be invalidated as soon as the client session which received the CM nonce disconnects. node-steam-user can do this for you. Once you have cookies, you can use them with any of a number of modules, e.g. node-steam-trade, node-steamcommunity, node-steamstore, etc.
     

    Cookie Expiration
     
    Cookies expire and become invalid at seemingly-random times. There seems to be no real rhyme or reason as to when it happens, but it generally does happen whenever an account is logged in somewhere else, and on some unspecific time interval.
     
    If you log in to Steam using node-steam-user, you will be issued cookies, but they are only linked to the CM session in that they will expire if the session disconnects. They also follow normal expiration rules, meaning that even if your Steam client session is still connected, your cookies might have expired and thus your web requests will indicate that you aren't logged in. If this happens, you'll need to use webLogOn() to get new cookies.
     

    Cookie Usage
     
    I'll briefly explain how cookies and sessions work in my libraries. A quick overview on statefulness: HTTP is stateless. Each request is distinct from every other request, and thus there is no way to link two requests together (except by using cookies). For this reason, to keep track of which user is logged in, every site on the planet uses cookies. Typically, cookies contain an opaque session ID which the server looks up to see which account you're using. Steam is no exception. TCP is stateful. Each message sent over a TCP connection belongs to that connection and thus it's easy to link two messages together.
    node-steam-user connects to the CM using TCP (or optionally UDP, but it acts like TCP anyway). This is a stateful connection, and there is no need to use cookies to identify it.  Therefore, node-steam-user has no need for cookies. While it is capable of producing cookies, it does not save them and doesn't use them in any way except to make them available to the end-user for use elsewhere. node-steamcommunity communicates with Steam over HTTP, which is stateless. Thus, cookies are required in order to authenticate your requests to your account. node-steamcommunity can either accept cookies using the setCookies method (which can accept cookies obtained by any means, including node-steam-user), or it can produce cookies using the login method. Either method will save the cookies internally in the SteamCommunity object and those cookies will be used to authenticate every HTTP request. node-steamstore is identical to node-steamcommunity, although it cannot create cookies (i.e. it can only accept them using setCookies). node-steam-tradeoffer-manager is identical to node-steamstore, except it uses node-steamcommunity under the hood for its HTTP communication. Thus, if you instantiate TradeOfferManager and pass a community instance to the constructor, calling setCookies on the TradeOfferManager will also call setCookies on the SteamCommunity, and therefore you need not call setCookies on SteamCommunity (although it doesn't hurt anything, either). In list form, where a producer can create cookies and a consumer can use cookies:
    steam-user: producer steamcommunity: producer, consumer steamstore: consumer steam-tradeoffer-manager: consumer steam: producer steam-trade: consumer
  8. Like
    Dr. McKay got a reaction from ArturkA in Auth secret   
    When using Steam in-home streaming, network communication is encrypted with the auth secret. It's called a pre-shared key because it's an encryption key that is shared with both parties (in this instance, the machine the games are getting streamed from and the machine they're getting played on) by Steam, before the in-home connection is established.
  9. Like
    Dr. McKay got a reaction from RedyyPT in Error ReferenceError: community is not defined   
    You never defined any variable named community.
  10. Like
    Dr. McKay got a reaction from RedyyPT in various custom games   
    Set up a timer, and call gamesPlayed with the next string in the rotation each time it fires.
  11. Like
    Dr. McKay got a reaction from Royalgamer06 in Will the new steam chat / group chats be supported in steam-user?   
    As an update, I've gotten very basic support working in the v4 branch. Hopefully I'll be able to finish up v4 soon, at which point new chat support can be fleshed out further.
  12. Like
    Dr. McKay got a reaction from Royalgamer06 in Auto-Download games functionality, posible?   
    Without knowing exactly what depot you're trying to download, all I can tell you is to check each file entry in the manifest to see if flags & EDepotFileFlag.Directory.
  13. Like
    Dr. McKay got a reaction from Royalgamer06 in App token & depot key dumper   
    One of the files in your local cache appears to be corrupted. I'll push a fix to handle this case.
  14. Like
    Dr. McKay got a reaction from fletch in Get Steam profile comments   
    Yeah, that's still the only way.
  15. Like
    Dr. McKay reacted to PonyExpress in User Comment Limit   
    I found the answer myself:Limit always = 1000,
    but when using any emoticon, need to add +2: I will leave examples to make this clearer:
    12345=5 aBcDe=5 :::::=5 :rc:=4+2 :tumble:=8+2 :bumble:=8 (because it's not a emoticon, it does not exist on Steam)It is absolutely not important whether you have emoticons in your inventory or not. It is important only whether they exist in Steam or not.
  16. Like
    Dr. McKay reacted to T1MOXA in Error: Already logged on, cannot log on again   
    I so understand I need to remove "client.logOn" so as there is "autoRelogin" option
  17. Like
    Dr. McKay got a reaction from Rules in Parsing Users' Rich Presence   
    This is incredibly nooby but hey, we all start somewhere, right? Props for wanting to learn and not wanting everything just handed to you.
     
    You'd want to create an object and store it in a variable (e.g. let richPresence = {};), then loop over the array and set properties in that object (using bracket notation). So, this:
    let richPresence = {}; // create a new, empty object (sClient.users[sID].rich_presence || []).forEach((element) => { // Loop over the rich_presence array. If it happens to be missing, substitute it using || for // an empty array so we don't end up crashing by trying to reference forEach on undefined/null. richPresence[element.key] = element.value; }); console.log(richPresence.status); // Playing CS:GO
  18. Like
    Dr. McKay reacted to Rules in Parsing Users' Rich Presence   
    I wrote a whole 'lil DiscordJS//steam-user bot to tell the homies the score of the match and then discovered the globaloffensive module. Now I'm delving down the hole of all the information I can retrieve from that. This is quite the learning experience. I really should've started with some Node tutorials    
  19. Like
    Dr. McKay reacted to neverhood in acceptConfirmationForObject   
    oh I get it now, thank you
    if (status == 'pending') { // We need to confirm it console.log(`Offer #${offer.id} sent, but requires confirmation`); community.acceptConfirmationForObject(config.identitySecret, offer.id, function(err) { if (err) { console.log(err); } else { console.log("Offer confirmed"); } }); } else { console.log(`Offer #${offer.id} sent successfully`); } used this and works good! 
  20. Like
    Dr. McKay got a reaction from TomYoki in Server   
    Unfortunately not. I might have worked on reverse-engineering the Source protocol to join a game server, but to join any useful server you'd have to implement VAC which is just insane enough that I'm not touching it.
  21. Like
    Dr. McKay got a reaction from TomYoki in How would you calculate the amount of metal to add to trade offers?   
    You would probably want to do something like this:
    Initialize a variable to 0 to count the user's owned metal Loop over the user's inventory, and add 9 to that variable for every refined, 3 for every reclaimed, and 1 for every scrap If that variable is If it's >=, then loop over their inventory again, starting with refined and add ref until they don't have any more or the amount you need Keep going with rec and eventually scrap If, at the end, you're short a bit, add the smallest currency unit to go above your required price
  22. Like
    Dr. McKay got a reaction from typelover in Typescript?   
    Not as far as I'm aware.
  23. Like
    Dr. McKay reacted to frej4189 in RateLimitExceeded when promptSteamGuardCode is false   
    Welp, I'm stupid.

    This is caused by me attempting to call the callback of the main function, but it obviously calls the callback of the steamGuard event, causing yet another steamGuard event, and then looping until I get RateLimited.
  24. Like
    Dr. McKay got a reaction from TomYoki in Is my bot being Attacked?   
    You're probably running out of memory.
  25. Like
    Dr. McKay got a reaction from nikikiker in Explanation of EFriendRelationship enums   
    I'm not 100% certain, but I think:
    Blocked = You blocked them IgnoredFriend = They're a friend, and you blocked them SuggestedFriend = Dunno, maybe unused Max = Not a real value, just the maximum that enum goes up to
×
×
  • Create New...