authpass icon indicating copy to clipboard operation
authpass copied to clipboard

Published 20 hours ago verified publisher icon authpass

Support the steam totp

Open offlineface opened this issue 3 years ago • 4 comments

Please add support for steam totp. Giving a good example: https://github.com/Jessecar96/SteamDesktopAuthenticator

offlineface avatar Jul 29 '21 14:07 offlineface

what is so special about steam totp? is there some spec or anything?

hpoul avatar Jul 29 '21 16:07 hpoul

Sure, a Steam totp represented as a string of five digits and letters, such as 5AKL8, which is definitely generated by a special algorithm. And the specific github repo in my first reply is a good demo.

offlineface avatar Jul 30 '21 01:07 offlineface

fwiw, this looks like a simpler implementation.. https://github.com/DoctorMcKay/node-steam-totp/blob/master/index.js

150 lines of readable JavaScript instead of a whole project where i have no idea what else it is doing..

Anyway, let's see if anyone else wants this..

hpoul avatar Jul 30 '21 07:07 hpoul

Just to add a view extra informations regarding this issue. The steam algorithm is the same as the standard totp (with timestep 30s and SHA1). The only difference comes in the format shown to the user. Instead of a X digits format ( the Snum mod 10^Digit in RFC 4226 section 5.3), it performs a 26 base 5 digits with little-endian representation. The 26 chosen characters are : "23456789BCDFGHJKMNPQRTVWXY" (that is 0 leads to char "2", 1 leads to char "3", ..., 25 leads to char "Y").

As an example in C (S is RFC Snum and output is the resulting string):

char *p = output;
char steam_encoding[26] = "23456789BCDFGHJKMNPQRTVWXY";
for(int i = 0; i < 5; i++)
{
  *p++ = steam_encoding[S % 26];
  S = S / 26;
}
*p = '\0';

Calipsiens avatar Apr 28 '23 08:04 Calipsiens