def update_guard(self):
#Update active guard secrets, Steam name and reset our progress bar
self.activeSecrets = json.loads(self.conn.get_active_secrets())
self.apiKey = self.conn.get_api_key()
self.apiController = api(self.apiKey)
self.steamGuardController = SteamAuthenticator(
secrets=self.activeSecrets, medium=self.client)
self.steamName = self.activeSecrets["account_name"]
self.steamNameLabel.configure(text=self.steamName)
if self.progressBar["value"] <= 18:
self.barStyle.configure(
"blue.Horizontal.TProgressbar",
troughcolor=self.colorDic["progressBarBackground"],
background=self.colorDic["progressBarForeground"])
self.guardLabel.configure(fg=self.colorDic["guardCodeForeground"],
bg=self.colorDic["guardCodeBackground"])
self.steamNameLabel.config(fg=self.colorDic["steamNameForeground"],
bg=self.colorDic["guardCodeBackground"])
self.guardCodeHolder.config(
bg=self.colorDic["guardCodeBackground"])
#Cancel wait for updating progress bar. This way we don't call the same function twice doubling our speed.
if self.updateProgressBarID:
self.parent.after_cancel(self.updateProgressBarID)
self.progressBar["value"] = 0
self.update_progress_bar()
def cmd_authenticator_status(args):
account = args.account.lower().strip()
secrets_file = UserDataFile('authenticator/{}.json'.format(account))
sa = None
wa = BetterMWA(account)
if secrets_file.exists():
sa = SteamAuthenticator(secrets_file.read_json(), backend=wa)
try:
wa.bcli_login(sa_instance=sa)
except (KeyboardInterrupt, EOFError):
print("Login interrupted")
return 1 # error
if sa is None:
sa = SteamAuthenticator(backend=wa)
status = sa.status()
print("----- Status ------------")
mode = status['steamguard_scheme']
if mode == 0:
print("Steam Guard mode: disabled/insecure")
elif mode == 1:
print("Steam Guard mode: enabled (email)")
elif mode == 2:
print("Steam Guard mode: enabled (authenticator)")
else:
print("Steam Guard mode: unknown ({})".format(mode))
print("Authenticator enabled:", "Yes" if status['state'] == 1 else "No")
print("Authenticator allowed:", "Yes" if status['state'] else "No")
print("Email verified:", "Yes" if status['email_validated'] else "No")
print("External allowed:",
"Yes" if status['allow_external_authenticator'] else "No")
if status['state'] == 1:
print("----- Token details -----")
print("Token GID:", status['token_gid'])
print("Created at:", fmt_datetime(status['time_created']))
print("Device identifier:", status['device_identifier'])
print("Classified agent:", status['classified_agent'])
print("Revocation attempts remaining:",
status['revocation_attempts_remaining'])
def cmd_authenticator_code(args):
account = args.account.lower().strip()
secrets = UserDataFile('authenticator/{}.json'.format(account)).read_json()
if not secrets:
print("No authenticator for %r" % account)
return 1 # error
print(SteamAuthenticator(secrets).get_code())
def remove_guard(self, twofactor, activeSecrets):
#Query username and password
self.exec_query(
"SELECT steamuser, steampass FROM Secrets WHERE isactive ='1'")
username, password = self.response[0][0], self.response[0][1]
#Login like a mobile phone
medium = wa.MobileWebAuth(username, password)
medium.login(twofactor_code=twofactor)
sa = SteamAuthenticator(secrets=activeSecrets, medium=medium)
#Remove Steam Guard from the account and from the database
sa.remove()
self.exec_query("DELETE FROM Secrets WHERE isactive = '1'")
def __init__(self, username, password, secrets=None, deviceId=None):
self.user = wa.WebAuth(username, password)
if secrets is not None:
self.mobile = wa.MobileWebAuth(username, password)
self.sa = SteamAuthenticator(secrets)
else:
self.mobile = None
self.sa = None
self.deviceId = deviceId
self.login()
self.baseURL = 'https://steamcommunity.com'
self.urlToId = {}
self.SIDDB = requests.Session()
print(f'Steam User: {self.user.steam_id.as_64} Logged.')
def cmd_authenticator_remove(args):
account = args.account.lower().strip()
secrets_file = UserDataFile('authenticator/{}.json'.format(account))
secrets = secrets_file.read_json()
if not secrets:
print("No authenticator found for %r" % account)
return 1 #error
if args.force:
secrets_file.remove()
print("Forceful removal of %r successful" % account)
return
print("To remove an authenticator, first we need to login to Steam")
print("Account name:", account)
wa = BetterMWA(account)
sa = SteamAuthenticator(secrets, backend=wa)
try:
wa.bcli_login(sa_instance=sa)
except (KeyboardInterrupt, EOFError):
print("Login interrupted")
return 1 # error
print("Login successful.")
print("Steam Guard will be set to email, after removal.")
while True:
if not pmt_confirmation("Proceed with removing Steam Authenticator?"):
break
else:
try:
sa.remove()
except SteamAuthenticatorError as exp:
print("Removal error: %s" % exp)
continue
except (EOFError, KeyboardInterrupt):
break
else:
secrets_file.remove()
print("Removal successful!")
return
print("Removal cancelled.")
def login_account(self):
#Login to steam with provided credentials
self.userObject = clientData(self.userNameEntry.get(),
self.passwordEntry.get(), None, None)
self.userObject.login()
#If password is invalid
if self.userObject.loginResult == EResult.InvalidPassword:
#Show error stating password is incorrect
self.rootClassRef.show_message(
None, "error", "Your password is incorrect. Please try again.")
else:
#If email code is required
if self.userObject.loginResult in (EResult.AccountLogonDenied,
EResult.InvalidLoginAuthCode):
self.authWindow = promptFor2FA(self.parent, self.colorDic,
True, self.rootClassRef)
#If 2FA code is required
elif self.userObject.loginResult in (
EResult.AccountLoginDeniedNeedTwoFactor,
EResult.TwoFactorCodeMismatch):
self.authWindow = promptFor2FA(self.parent, self.colorDic,
False, self.rootClassRef)
#If email or 2FA code was required
if self.authWindow:
#Start 2FA prompt window
self.authWindow.geometry("400x250")
self.authWindow.resizable(0, 0)
self.authWindow.configure(bg=self.colorDic["appBackground"])
guiController(self.authWindow).center()
self.authWindow.wait_window()
#If auth code was set
if self.authWindow.guardCode:
#If auth code was sent to email
if self.authWindow.isEmail:
self.userObject = clientData(self.userNameEntry.get(),
self.passwordEntry.get(),
self.authWindow.guardCode,
None)
else:
#If auth code was sent to mobile
self.userObject = clientData(self.userNameEntry.get(),
self.passwordEntry.get(),
None,
self.authWindow.guardCode)
self.userObject.login()
#If login and code is correct
if self.userObject.loginResult == EResult.OK:
self.steamGuardController = SteamAuthenticator(
medium=self.userObject.client)
if self.steamGuardController.status(
)['steamguard_scheme'] != 2:
#If account has a phone number
if self.steamGuardController.has_phone_number():
#Add steam guard
self.steamGuardController.add()
#Start 2FA prompt window to get phone confirmation
self.authWindow = promptFor2FA(self.parent,
self.colorDic, False,
self.rootClassRef)
self.authWindow.geometry("400x250")
self.authWindow.resizable(0, 0)
self.authWindow.configure(
bg=self.colorDic["appBackground"])
guiController(self.authWindow).center()
self.authWindow.title("Steam Guardian - Mobile")
self.authWindow.windowTitle.configure(
text="Enter Text Sent to Phone")
self.authWindow.wait_window()
#If phone code is set
if self.authWindow.guardCode:
try:
self.steamGuardController.finalize(
self.authWindow.guardCode)
except:
#If phone code is incorrect show an error
self.rootClassRef.show_message(
None, "error",
"Couldn't confirm your phone. Code is incorrect!"
)
else:
#Update data and gui
self.conn.create_user(
str(
json.dumps(self.steamGuardController.
secrets)),
str(self.userObject.client.user.steam_id),
self.userNameEntry.get(),
self.passwordEntry.get())
self.rootClassRef.update_guard()
#We destroy our window here because Steam loves to rate limit if you retry too fast
self.destroy()
else:
#If account doesn't have phone number show an error
self.rootClassRef.show_message(
None, "error",
"Your account is missing a phone number to confirm.\nPlease add one and try again!"
)
webbrowser.open(
"https://store.steampowered.com/phone/manage")
else:
#If account already has 2FA (email is fine) show an error
self.rootClassRef.show_message(
None, "error",
"Your account already has Steam Guard Mobile.\nPlease disable it and try again."
)
else:
#If steam guard code was incorrect.
self.rootClassRef.show_message(None, "error",
"Login or code was incorrect.")
def getSteamKey():
mnjson = app.config['STEAM_KEY']
mjson = json.loads(mnjson)
authbean = SteamAuthenticator(mjson)
steamcode = authbean.get_code()
return steamcode
def cmd_authenticator_add(args):
account = args.account.lower().strip()
secrets_file = UserDataFile('authenticator/{}.json'.format(account))
sa = None
if secrets_file.exists():
if not args.force:
print(
"There is already an authenticator for that account. Use --force to overwrite"
)
return 1 # error
sa = SteamAuthenticator(secrets_file.read_json())
print("To add an authenticator, first we need to login to Steam")
print("Account name:", account)
wa = BetterMWA(account)
try:
wa.bcli_login(sa_instance=sa)
except (KeyboardInterrupt, EOFError):
print("Login interrupted")
return 1 # error
print("Login successful. Checking pre-conditions...")
sa = SteamAuthenticator(backend=wa)
status = sa.status()
_LOG.debug("Authenticator status: %s", status)
if not status['email_validated']:
print("Account needs a verified email address")
return 1 # error
if status['state'] == 1:
print("This account already has an authenticator.")
print("You need to remove it first, before proceeding")
return 1 # error
if not status['authenticator_allowed']:
print("This account is now allowed to have authenticator")
return 1 # error
# check phone number, and add one if its missing
if not sa.has_phone_number():
print("No phone number on this account. This is required.")
if pmt_confirmation("Do you want to add a phone number?",
default_yes=True):
print("Phone number need to include country code and no spaces.")
while True:
phnum = pmt_input("Enter phone number:",
regex=r'^(\+|00)[0-9]+$')
resp = sa.validate_phone_number(phnum)
_LOG.debug("Phone number validation for %r: %s", phnum, resp)
if not resp.get('is_valid', False):
print("That number is not valid for Steam.")
continue
if not sa.add_phone_number(phnum):
print("Failed to add phone number!")
continue
print("Phone number added. Confirmation SMS sent.")
while not sa.confirm_phone_number(
pmt_input("Enter SMS code:", regex='^[0-9]+$')):
print("Code was incorrect. Try again.")
break
else:
# user declined adding a phone number, we cant proceed
return 1 # error
# being adding authenticator setup
sa.add()
_LOG.debug("Authenticator secrets obtained. Saving to disk")
secrets_file.write_json(sa.secrets)
# Setup Steam app in conjuction
if pmt_confirmation("Do you want to use Steam app too?",
default_yes=False):
print("Great! Go and setup Steam Guard in your app.")
print("Once completed, generate a code and enter it below.")
showed_fail_info = False
fail_counter = 0
while True:
code = pmt_input(
"Steam Guard code:",
regex='^[23456789BCDFGHJKMNPQRTVWXYbcdfghjkmnpqrtvwxy]{5}$')
# code match
if sa.get_code() == code.upper():
break # success
# code do not match
else:
fail_counter += 1
if fail_counter >= 3 and not showed_fail_info:
showed_fail_info = True
print("The codes do not match. This can be caused by:")
print("* The code was not entered correctly")
print("* Your system time is not synchronized")
print("* Steam has made changes to their backend")
if not pmt_confirmation("Code mismatch. Try again?",
default_yes=True):
_LOG.debug("Removing secrets file")
secrets_file.remove()
return 1 # failed, exit
# only setup steamctl 2fa
else:
print(
"Authenticator secrets obtained. SMS code for finalization sent.")
while True:
code = pmt_input("Enter SMS code:", regex='^[0-9]+$')
try:
sa.finalize(code)
except SteamAuthenticatorError as exp:
print("Finalization error: %s", exp)
continue
else:
break
# finish line
print("Authenticator added successfully!")
print("Get a code: {} authenticator code {}".format(__appname__, account))
print("Or QR code: {} authenticator qrcode {}".format(
__appname__, account))
def get_code():
secrets = json.load(open('./mysecrets.json'))
sa = SteamAuthenticator(secrets)
TFAcode = sa.get_code()
return TFAcode
def cmd_authenticator_add(args):
account = args.account.lower().strip()
secrets_file = UserDataFile('authenticator/{}.json'.format(account))
if secrets_file.exists():
print("There is already an authenticator for that account")
return 1 # error
print("To add an authenticator, first we need to login to Steam")
print("Account name:", account)
wa = BetterMWA(account)
try:
wa.bcli_login()
except (KeyboardInterrupt, EOFError):
print("Login interrupted")
return 1 # error
print("Login successful. Checking pre-conditions...")
sa = SteamAuthenticator(backend=wa)
# check phone number, and add one if its missing
if not sa.has_phone_number():
print("No phone number on this account. This is required.")
if pmt_confirmation("Do you want to add a phone number?", default_yes=True):
print("Phone number need to include country code and no spaces.")
while True:
phnum = pmt_input("Enter phone number:", regex=r'^(\+|00)[0-9]+$')
resp = sa.validate_phone_number(phnum)
_LOG.debug("Phone number validation for %r: %s", phnum, resp)
if not resp.get('is_valid', False):
print("That number is not valid for Steam.")
continue
if not sa.add_phone_number(phnum):
print("Failed to add phone number!")
continue
print("Phone number added. Confirmation SMS sent.")
while not sa.confirm_phone_number(pmt_input("Enter SMS code:", regex='^[0-9]+$')):
print("Code was incorrect. Try again.")
break
else:
# user declined adding a phone number, we cant proceed
return 1 # error
# being adding authenticator setup
sa.add()
_LOG.debug("Authenticator secrets obtained. Saving to disk")
secrets_file.write_json(sa.secrets)
print("Authenticator secrets obtained. SMS code for finalization sent.")
while True:
code = pmt_input("Enter SMS code:", regex='^[0-9]+$')
try:
sa.finalize(code)
except SteamAuthenticatorError as exp:
print("Finalization error: %s", exp)
continue
else:
break
# finish line
print("Authenticator added successfully!")
print("To get a code run: {} authenticator code {}".format(__appname__, account))
from steam import SteamClient
from steam.enums import EResult
from steam.guard import SteamAuthenticator
client = SteamClient()
result = client.cli_login()
if result != EResult.OK:
print("Failed to login: %s" % repr(result))
raise SystemExit
print("Logged on as:", client.user.name)
credentials_file = path.expanduser('~/.config/steam-totp/%s.secrets.json' % username)
with open(credentials_file, 'w') as f:
pass
sa = SteamAuthenticator(medium=client)
sa.add()
code = raw_input("Enter SMS code: ")
sa.finalize(code)
json.dump(sa.secrets, open(credentials_file))
client.logout()
import json
import sys
from os import path
from steam.guard import SteamAuthenticator
if len(sys.argv) < 2:
print("Usage: ", sys.argv[0], " username")
sys.exit(1)
username = sys.argv[1]
data = json.load(
open(path.expanduser('~/.config/steam-totp/%s.secrets.json' % username)))
sa = SteamAuthenticator(secrets=data)
print(sa.get_code())