Meow Posted August 31, 2017 Report Posted August 31, 2017 I've been running my bot very well from a time but something unexpected happened last night. I check my bot before i sleep and when i woke up. I see that the bot has got 0 items. And when i checked the trades i see that a guy took away all the items from my bot. How come is it possible ? Quote
Meow Posted August 31, 2017 Author Report Posted August 31, 2017 also bot is sending double messages instead of 1 Quote
TheGoldenPotato Posted August 31, 2017 Report Posted August 31, 2017 Did you make this bot? Did you download it from github? Or did you buy it from a person? Quote
xLeeJYx Posted August 31, 2017 Report Posted August 31, 2017 (edited) If you build it yourself, it shouldnt have problems. If you bought it the seller might add some codes in the code and will accept any offer from a specific steam user Edited August 31, 2017 by xLeeJYx Quote
TheGoldenPotato Posted August 31, 2017 Report Posted August 31, 2017 Yeah, I thought that might be the cause. If you downloaded it from a site, and even worse if it was leaked, the author may have added a backdoor in the code, which allows him/her to extract the content of your bot with a simple command. Some even include advanced anti-theft in their code, which makes your bot message the owner if it was taken in use by someone who obtained it in an illegal way, leaking as an example. Quote
xLeeJYx Posted August 31, 2017 Report Posted August 31, 2017 Yeah, I thought that might be the cause. If you downloaded it from a site, and even worse if it was leaked, the author may have added a backdoor in the code, which allows him/her to extract the content of your bot with a simple command. Some even include advanced anti-theft in their code, which makes your bot message the owner if it was taken in use by someone who obtained it in an illegal way, leaking as an example.Weird if the code is leaked, how does he know this forum ? We just gotta wait for him to reply Quote
TheGoldenPotato Posted August 31, 2017 Report Posted August 31, 2017 Weird if the code is leaked, how does he know this forum ? We just gotta wait for him to reply Hmm. Good question. I didn't really think through that answer . But there must have been a backdoor in that bot, as someone cannot just extract your whole inventory, without you noticing. Quote
Meow Posted August 31, 2017 Author Report Posted August 31, 2017 i made it myself. and i've been using it from a long time without any problem but now suddenly it happened. if i give any item to the bot then it sends a trade offer directly to a person but not when i turnoff my bot. Quote
Meow Posted August 31, 2017 Author Report Posted August 31, 2017 and now i see that bot is simply sending trade offer to that same guy even if i turn off my bot. Quote
Meow Posted August 31, 2017 Author Report Posted August 31, 2017 and now i cannot even check my trade history. it always shows Sorry! An error was encountered while processing your request:There was an error retrieving your trade offers. Please try again later. Quote
TheGoldenPotato Posted August 31, 2017 Report Posted August 31, 2017 Well, this is really weird. Maybe some node modules might be doing this? I would make sure that you are only using official modules, like the ones made by DrMckay. Maybe you are using a node module which has a backdoor in it. I don't know if that is even possible, but someone more educated about Node.js might be able to tell Quote
xLeeJYx Posted August 31, 2017 Report Posted August 31, 2017 (edited) if you trust us, then show us the code. Post it at sites like pastebin (remember to hide your passwords, username, and secrets) Edited August 31, 2017 by xLeeJYx Quote
Meow Posted August 31, 2017 Author Report Posted August 31, 2017 i was about to do that only. here's my code for bot.js var SteamCommunity = require('steamcommunity');var SteamTotp = require('steam-totp');var mysql = require('mysql');var log4js = require('log4js');var SteamTradeOffers = require('steam-tradeoffers');var async = require('async'); var pool = mysql.createPool({connectionLimit : 10,database: 'csgo',host: 'localhost',user: 'root',password: 'Tome'}); var community = new SteamCommunity();var offers = new SteamTradeOffers();log4js.configure({appenders: [{ type: 'console' },{ type: 'file', filename: 'logs/bot_'+process.argv[2]+'.log' }]});var logger = log4js.getLogger(); var express = require('express');var app = express(); app.get('/sendTrade/', function (req, res) {var assetids = req.query['assetids'];assetids = assetids.split(',');var partner = req.query['partner'];var token = req.query['token'];var checksum = req.query['checksum'];var steamid = req.query['steamid'];var senditems = [];for(var i = 0; i < assetids.length; i++) {if(assetids == "") continue;senditems.push({appid: 730,contextid: 2, assetid: assetids});}var code = makecode();console.log(partner, token, checksum, assetids, senditems);offers.makeOffer({partnerAccountId: partner,accessToken: token,itemsFromThem: senditems,itemsFromMe: [],message: 'Code: '+code}, function(err, r) {if(err) {logger.error('Error sending trade');logger.debug(err);res.json({success: false,error: err.toString()});} else {offers.loadPartnerInventory({partnerSteamId: steamid,tradeOfferId: r.tradeofferid,appId: 730,contextId: 2,language: 'russian'}, function(err, rr) {if(err) {logger.debug(err);res.json({success: false,error: err.toString()});} else {var names = [];for(var i = 0; i < senditems.length; i++) {for(var a = 0; a < rr.length; a++) {if((senditems.assetid == rr[a].id) && (!rr[a].ss)) {names.push({market_hash_name: rr[a].market_hash_name, icon_url: rr[a].icon_url});rr[a].ss = 1;continue;}}}res.json({success: true,code: code,amount: checksum,tid: r.tradeofferid,items: names});}});}});}); app.get('/sendTradeMe/', function (req, res) {var names = req.query['names'];names = names.split(',');var partner = req.query['partner'];var token = req.query['token'];var checksum = req.query['checksum'];offers.loadMyInventory({appId: 730,contextId: 2}, function(err, items) {if(err) {logger.error('Error sending trade');logger.debug(err);res.json({success: false,error: err.toString()}); } else {var senditems = [];for(var i = 0; i < names.length; i++) {for(var a = 0; a < items.length; a++) {if((names == items[a].market_hash_name) && (!items[a].ss)) {senditems.push({appid: 730,contextid: 2, assetid: items[a].id});if(senditems.length == names.length-1) break;items[a].ss = 1;continue;}if(senditems.length == names.length-1) break;}};var code = makecode();console.log(partner, token, checksum, names, senditems);offers.makeOffer({partnerAccountId: partner,accessToken: token,itemsFromThem: [],itemsFromMe: senditems,message: 'Code: '+code}, function(err, r) {if(err) {logger.error('Error sending trade');logger.debug(err);res.json({success: false,error: err.toString()});} else {res.json({success: true,code: code,amount: -checksum,tid: r.tradeofferid,state: 2});}});}});}); app.get('/checkTrade/', function (req, res) {var tid = req.query['tid'];offers.getOffer({tradeofferid: tid}, function(err, trade) {if(err) {logger.error('Error checking trade');logger.debug(err);res.json({success: false,error: err.toString()});} else {logger.debug(trade);if(trade.response.offer.trade_offer_state == 3) {res.json({success: true,action: 'accept',result: 'Coins have been added to your balance'});} else if(trade.response.offer.trade_offer_state == 7) {res.json({success: true,result: 'You are declined trade',action: 'cross'});} else {res.json({success: false,error: 'You are not accept trade'});}}});}); function cancelTrade(offerid) {offers.declineOffer({tradeOfferId: offerid}, function(err, log) {if (err) {logger.error('Ðе Ñмогли отменить трейд #'+offerid);logger.debug(err);return;}logger.debug(log);logger.trace('Offer #'+offerid+' canceled');});} query('SELECT * FROM `bots` WHERE `id` = '+pool.escape(process.argv[2]), function(err, res) {if((err) || (!res[0])) {logger.error('Cant find account');process.exit(0);return;}account = res[0];app.listen(3000+account.id);logger.trace('We got account info');account.twoFactorCode = SteamTotp.generateAuthCode(account.shared_secret);account.auth = false;logger.debug(account);community.login(account, login);}); community.on('confKeyNeeded', function(tag, callback) { callback(null, time, SteamTotp.getConfirmationKey(account.identity_secret, time(), tag));}); community.on('newConfirmation', function(confirmation) {var time = time();var key = SteamTotp.getConfirmationKey(account.identity_secret, time, 'allow');confirmation.respond(time, key, true, function(err) {if(err) {logger.error('Error on mobile auth');logger.debug(err);return;}logger.trace('Trade sucesfully confirmed');});}); function query(sql, callback) {if (typeof callback === 'undefined') {callback = function() {};}pool.getConnection(function(err, connection) {if(err) return callback(err);logger.info('DB connection ID: '+connection.threadId);connection.query(sql, function(err, rows) {if(err) return callback(err);connection.release();return callback(null, rows);});});} function login(err, sessionID, cookies, steamguard) {if(err) {logger.error('Auth error');logger.debug(err);if(err.message == "SteamGuardMobile") {account.twoFactorCode = SteamTotp.generateAuthCode(account.shared_secret);logger.warn('Error in auth: '+account.twoFactorCode);setTimeout(function() {community.login(account, login);}, 5000);return;}process.exit(0);}logger.trace('Sucesfully auth');account.sessionID = sessionID;account.cookies = cookies;community.getWebApiKey('csgobananas.com', webApiKey);community.startConfirmationChecker(10000, account.identity_secret);} function webApiKey(err, key) {if(err) {logger.error('Cant make apikey')logger.debug(err);process.exit(0);return;}account.key = key;logger.trace('API key bot '+account.accountName+' '+account.key);offersSetup();community.loggedIn(checkLoggedIn);} function offersSetup() {logger.trace('Loaded steam-tradeoffers');offers.setup({sessionID: account.sessionID,webCookie: account.cookies,APIKey: account.key});} function checkLoggedIn(err, loggedIn, familyView) {if((err) || (!loggedIn)) {logger.error('We arent logged in')process.exit(0);} else {logger.trace('Logged in');account.auth = true;}} function makecode() { var text = ""; var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; for(var i=0; i < 5; i++) text += possible.charAt(Math.floor(Math.random() * possible.length)); return text;} function time() {return parseInt(new Date().getTime()/1000)} and for bot_manager.js var forever = require('forever-monitor');var mysql = require('mysql'); var pool = mysql.createPool({connectionLimit : 10,database: 'csgo',host: 'localhost',user: 'root',password: 'Tome'}); query('SELECT * FROM `bots`', function(err, row) {if((err) || (!row.length)) {console.log('Failed request or empty bot table');console.log(err);return process.exit(0);}console.log('List of bots:');row.forEach(function(itm) {console.log('Launching bot# '+itm.id);var bot = new (forever.Monitor)('bot.js', {args: [itm.id]});bot.on('start', function(process, data) {console.log('Bot with ID '+itm.id+' started');});bot.on('exit:code', function(code) { console.log('Bot stopped with code '+code);});bot.on('stdout', function(data) {console.log(data);});bot.start();});}); function query(sql, callback) {if (typeof callback === 'undefined') {callback = function() {};}pool.getConnection(function(err, connection) {if(err) return callback(err);console.info('Database connection ID: '+connection.threadId);connection.query(sql, function(err, rows) {if(err) return callback(err);connection.release();return callback(null, rows);});});} Quote
xLeeJYx Posted August 31, 2017 Report Posted August 31, 2017 you are using node-steam-tradeoffers not node-steam-tradeoffer-manager. Not sure if Dr.McKay can help Quote
Enemtia Posted August 31, 2017 Report Posted August 31, 2017 Did not the client page have any settings on the bot? I think that the browser has entered and sends the offers from there. Quote
TheGoldenPotato Posted September 3, 2017 Report Posted September 3, 2017 Do you use SDA, (Steam Desktop Authenticator) ?. If so, do you have the File -> Settings -> Auto-Confirm trades enabled? Quote
TomYoki Posted September 5, 2017 Report Posted September 5, 2017 Do you use SDA, (Steam Desktop Authenticator) ?. If so, do you have the File -> Settings -> Auto-Confirm trades enabled? How is that supposed to change a single thing? The code literally states that on new confirmation it will auto confirm it. Quote
ZeCjy Posted September 17, 2017 Report Posted September 17, 2017 (edited) It's really ridiculous how your pasting the old poly/double leaked bot straight without even the passwords of the dB unchanged.The code is 1:1 pasted and not at all done by yourself and the script behind this is full of backdoors so maybe even your account got hacked. Edited September 18, 2017 by ZeCjy Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.