Ben Posted December 12, 2020 Report Posted December 12, 2020 I know this it not the rigth topic for this forum. But i thought you ,McKay or somebody else could help me. I try to login to steam via httprequest. For examlpe to emulate a login to a third party site to get the cookies for the site. I got everythink working so far but when i do the login i get invalid pw or username. I think the error is that I dont encrypt the password right. But i cant find a solution online. There are some topics in forums but nobody answers them. Here are some post that you know what i mean. https://stackoverflow.com/questions/27090326/php-steam-bot-how-to-login-to-page-using-rsa Quote
Dr. McKay Posted December 12, 2020 Report Posted December 12, 2020 I would just look at what node-steamcommunity does to login: https://github.com/DoctorMcKay/node-steamcommunity/blob/master/index.js#L57 Quote
Ben Posted December 13, 2020 Author Report Posted December 13, 2020 Thank you so much. I sat on this for the past 5 days and bearly slept. But now it works i dont know why i just did everythink all over again and used your code as an example. I love you so much Quote
Ben Posted December 13, 2020 Author Report Posted December 13, 2020 I guess it dosnt work that well xD. In the brwoser steam does these transver requests and i also found them in the java script i got from steam but i cant understand the functions. Can someone help me maybe you see somethink i didnt get. these are the requests from the browser and here are the methodes CLoginPromptManager.TransferLogin = function( rgURLs, parameters, fnOnComplete ) { var bOnCompleteFired = false; var fnFireOnComplete = function( bSuccess ) { if ( !bOnCompleteFired ) fnOnComplete( bSuccess ); bOnCompleteFired = true; } var cResponsesExpected = rgURLs.length; $J(window).on( 'message', function() { if ( --cResponsesExpected == 0 ) fnFireOnComplete( true ); }); for ( var i = 0 ; i < rgURLs.length; i++ ) { var $IFrame = $J('<iframe>', {id: 'transfer_iframe' } ).hide(); $J(document.body).append( $IFrame ); var doc = $IFrame[0].contentWindow.document; doc.open(); doc.write( '<form method="POST" action="' + rgURLs[i] + '" name="transfer_form">' ); for ( var param in parameters ) { doc.write( '<input type="hidden" name="' + param + '" value="' + V_EscapeHTML( parameters[param] ) + '">' ); } doc.write( '</form>' ); doc.write( '<script>window.onload = function(){ document.forms["transfer_form"].submit(); }</script>' ); doc.close(); } // after 10 seconds, give up on waiting for transfer window.setTimeout( function() { fnFireOnComplete( false ); }, 10000 ); }; CLoginPromptManager.prototype.OnTransferComplete = function() { if ( !this.m_bLoginTransferInProgress ) return; this.m_bLoginTransferInProgress = false; if ( !this.m_bInEmailAuthProcess && !this.m_bInTwoFactorAuthProcess ) this.LoginComplete(); else if ( this.m_bEmailAuthSuccessfulWantToLeave || this.m_bTwoFactorAuthSuccessfulWantToLeave) this.LoginComplete(); }; Quote
Dr. McKay Posted December 13, 2020 Report Posted December 13, 2020 The transfer requests are just to set cookies on all the Steam domains, so logging in on community also logs you in on store and vice versa. But it's the same cookies on all domains. Quote
Ben Posted December 18, 2020 Author Report Posted December 18, 2020 (edited) It worked for a while but now i get the invalid pw error again. Am i doing something wrong? function get_rsa_key(){ return new Promise((resolve,reject)=>{ fetch("https://steamcommunity.com/login/getrsakey/", { "headers": { "accept": "*/*", "accept-language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7", "content-type": "application/x-www-form-urlencoded; charset=UTF-8", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-requested-with": "XMLHttpRequest", "cookie": sessionid+"; "+steamCountry+"; "+sessionidSecureOpenIDNonce }, "referrer": "https://steamcommunity.com/openid/login?openid.ns=......., "referrerPolicy": "strict-origin-when-cross-origin", "body": "donotcache="+Date.now()+"&username=****", "method": "POST", "mode": "cors" }) .then(res => res.json()) .then(json => { var key = new RSA(); key.setPublic(json.publickey_mod, json.publickey_exp); pw= hex2b64(key.encrypt("*********")) resolve(pw) }) }) } function do_login(encryptedPassword,steamguard_code){ return new Promise((resolve,reject)=>{ var code = steamguard_code || "" fetch("https://steamcommunity.com/login/dologin/", { "headers": { "accept": "*/*", "accept-language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7", "content-type": "application/x-www-form-urlencoded; charset=UTF-8", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-requested-with": "XMLHttpRequest", "cookie": sessionid+"; "+steamCountry+"; "+sessionidSecureOpenIDNonce+"; timezoneOffset=3600,0" }, "referrer": "https://steamcommunity.com/openid/login?openid.ns=.........", "referrerPolicy": "strict-origin-when-cross-origin", "body": "donotcache="+Date.now()+"&password="+encryptedPassword+"&username=****&twofactorcode="+code+"&emailauth=&loginfriendlyname=&captchagid=-1&captcha_text=&emailsteamid=&rsatimestamp="+timestamp+"&remember_login=false", "method": "POST", "mode": "cors" }) .then(res => res.json()) .then(json => { timestamp=json.timestamp console.log(json) //steamLoginSecure = json.headers['set-cookie'][0].slice(0,json.headers['set-cookie'][0].indexOf(";")) //console.log("Do login : "+JSON.stringify(json)) resolve() }) .catch(error=>{ console.log(error) reject(error) }) }) } Edited December 18, 2020 by Ben Quote
Ben Posted December 22, 2020 Author Report Posted December 22, 2020 (edited) Hi so finally found what i was looking for. I just need the Cookies you get from oAuthLogin() but for that i need steamguard and the oAuthToken but those i get from the login methode. But i dont login via Community. I log in via node steam user and than do the setCookies(). Is there a way to do it the other way? Login via Community and set Cookies in User? Or is there an other way to get the Cookies? Edited December 22, 2020 by Ben Quote
Dr. McKay Posted December 23, 2020 Report Posted December 23, 2020 I don't see why you'd want to specifically use the oauthlogin method. What's wrong with logging in via community or user normally? Quote
Ben Posted December 23, 2020 Author Report Posted December 23, 2020 I want the Cookies for a third party site login method but i just realised that i probably cant use the same. Quote
Ben Posted December 24, 2020 Author Report Posted December 24, 2020 Is there anythink special about the rsa key request? specially with the dates? I still get the invalid password or username error. But the encrypted password looks fine. I was wondering if the rsa key was correct and tryed to play around with the donotcache dates. (UTC or my local time etc.) But sadly still no luck Quote
Dr. McKay Posted December 24, 2020 Report Posted December 24, 2020 There shouldn't be any special considerations with the rsa key request. Quote
Ben Posted December 24, 2020 Author Report Posted December 24, 2020 But the error must be there. I recreated the Browser requests using Postman and let everything the same exept of the password. This i encryted again with the new rsa key and than pasted this together with the new timestamp in the body of the dologin request. I know i am probably annoying you but i have been working on this for so long. Once it worked a little bit. I just used your code and added in the cookies that i had to sent with the rsa- and loginrequests. But i only got the steamLoginSecure and steamMachineAuth but not the steamRememberLogin Cookie. And i had another Question i never tried it but can you just use the cookies u got from the steam Login for the 3rd party login? Since they are also for every steamsite the same Quote
Dr. McKay Posted December 27, 2020 Report Posted December 27, 2020 Your issue is probably that you aren't urlencoding the payload. I'm not super familiar with the fetch API you're using but I would be very surprised if it didn't have a mechanism to send an application/x-www-form-urlencoded request payload without having to encode it manually as you're doing. And yes, Steam login cookies that you acquire from any source can be used on all Steam properties. Quote
Ben Posted January 5, 2021 Author Report Posted January 5, 2021 Hi so I know I probybly annoy you with this loggin questions but do you know anythink about this login request: and espacially about the parameters it contains? I really hope you can help me since this is probably the last and biggest challenge i have got left Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.