Jump to content
McKay Development

shared_secret changing when first logging into mobile app after enabling two factor?


spock

Recommended Posts

I'm using steam-totp to automate logging in like so...  and it's prompting me for a steam guard code:

user.logOn({
    accountName: 'user',
    password: 'pass',
    twoFactorCode: SteamTotp.generateAuthCode(this.shared_secret)
});

I first used 

user.createAccount()

Then I used

user.enableTwoFactor()

and saved the response from calling enable two factor.

{ shared_secret: '***',
  serial_number: '***',
  revocation_code: '***',
  uri: '***',
  server_time: '***',
  account_name: 'user',
  token_gid: '***',
  identity_secret: '***',
  secret_1: '***=',
  status: 1 }

I then finalized my two factor 

user.finalizeTwoFactor(shared_secret, smsCode)

After this I logged into the steam mobile app - it prompted me for a steamguard code... so i clicked send SMS code to use this device and when I entered the code it allowed me to log into the steam mobile...

 

I have a feeling that this overrode my enableTwoFactor details I saved earlier...

 

Can anybody comment on this?

 

Link to comment
Share on other sites

It works with another account I have that I pulled the shared secret from my phone. I'll try the offset

 

edit: didn't have an offset. 

 

I'll check my shared secret on my phone and see if they match with what was generated with enableTwoFactor

Edited by spock
Link to comment
Share on other sites

So the codes are different. I tried disabling two factor on my phone and re-ran the steps I mentioned above and it worked.

 

It appears if I want to have twoFactor enabled on my phone I need pull my shared and identity secret off my phone. Does this make sense?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...