SteamKit icon indicating copy to clipboard operation
SteamKit copied to clipboard

Published 20 hours ago verified publisher icon SteamRE

ISteamUser.GetAuthSessionTicket implementation

Open jesterret opened this issue 5 years ago • 1 comments

Implements generating auth token, which can be used by games to authenticate user.

Would welcome feedback, as I'm not sure about some stuff.

jesterret avatar Nov 16 '19 02:11 jesterret

Codecov Report

Merging #789 into master will decrease coverage by 0.25%. The diff coverage is 7.87%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #789      +/-   ##
==========================================
- Coverage   22.77%   22.51%   -0.26%     
==========================================
  Files          95       98       +3     
  Lines        9329     9494     +165     
  Branches      772      781       +9     
==========================================
+ Hits         2125     2138      +13     
- Misses       7069     7221     +152     
  Partials      135      135
Impacted Files Coverage Δ
...amKit2/Steam/Handlers/SteamAuthTicket/Callbacks.cs 0% <0%> (ø)
...mKit2/Steam/Handlers/SteamAuthTicket/TicketInfo.cs 0% <0%> (ø)
...eamKit2/SteamKit2/Steam/SteamClient/SteamClient.cs 47.34% <100%> (+0.25%) :arrow_up:
.../Steam/Handlers/SteamAuthTicket/SteamAuthTicket.cs 9.75% <9.75%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update cffac80...de3d705. Read the comment docs.

codecov[bot] avatar Nov 16 '19 02:11 codecov[bot]

After recent updates tokens generated with the GetAuthSessionTicket are not valid. Looks like the process was changed a little. Now it doesn't accept obfuscated ip addressess, but requires some "random" value. It worked if zeros were set, but now the value is validated on steam side, if it is 0 or any random value, the token is considered to be invalid. Here is the steam response if such a token is sent to steam via BeginAuthSession: OnValidateAuthTicketResponse -> (m_eAuthSessionResponse == k_EAuthSessionResponseAuthTicketInvalid).

I opened steamclient.dll and steamclient.so in IDA and the lines for appending ip addresses, which looked like this (F5 in IDA):

sub_6DFC90((int)&v23, 0x18u);
sub_6DFC90((int)&v23, 1u); // write 1
sub_6DFC90((int)&v23, 2u); // write 2
v10 = sub_33F16C(v19); // get IP1
sub_6DFC90((int)&v23, v10); // write IP1
v11 = sub_33F142(v19); // get IP2
sub_6DFC90((int)&v23, v11); // write IP2
v12 = sub_86E550();  // Plat_MSTime

now look like this:

sub_388CC050((int)&v26, 0x18u);
sub_388CC050((int)&v26, 1u); //write 1
sub_388CC050((int)&v26, 2u); //write 2
SecureRandomBytes((int)&v29, 8); //?
sub_388CB300(&v26, (int)&v29, 8); //?
v15 = Plat_MSTime();

The function can be found by scanning the *.dll and *.so for these text lines in IDA:

"GetAuthSessionTicket called but no app ownership ticket available " "GetAuthSessionTicket called with buffer too small for ticket " "Assertion Failed: k_EBeginAuthSessionResultOK == eResult"

Here are 5 valid tokens generated via game client for 730 appid: valid_tokens.txt The tokens were generated from the same game client with interval of ~10-15 seconds. Note, what was IP-addresses is now random bytes.

Alexeyt89 avatar Aug 16 '21 19:08 Alexeyt89