add working RSA encryption for password during login

This commit is contained in:
Carson McManus 2021-03-24 17:49:09 -04:00
parent 5b8d581a48
commit 142f394d98
4 changed files with 1760 additions and 3 deletions

1598
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -9,3 +9,10 @@ edition = "2018"
[dependencies] [dependencies]
hmac-sha1 = "^0.1" hmac-sha1 = "^0.1"
base64 = "0.13.0" base64 = "0.13.0"
text_io = "0.1.8"
rpassword = "5.0"
reqwest = { version = "0.11", features = ["blocking", "json", "cookies", "gzip"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
rsa = "0.3"
rand = "0.7.3" # rsa is not compatible with rand 0.8: https://github.com/RustCrypto/RSA/issues/81

View file

@ -1,11 +1,29 @@
extern crate rpassword;
use io::Write;
use steamguard_cli::*; use steamguard_cli::*;
use ::std::*;
use text_io::read;
mod steamapi;
fn main() { fn main() {
println!("Hello, world!"); println!("Hello, world!");
let server_time = steamapi::get_server_time();
println!("server time: {}", server_time);
let mut account = SteamGuardAccount::new(); let mut account = SteamGuardAccount::new();
account.shared_secret = parse_shared_secret(String::from("K5I0Fmm+sN0yF41vIslTVm+0nPE=")); account.shared_secret = parse_shared_secret(String::from("K5I0Fmm+sN0yF41vIslTVm+0nPE="));
let code = account.generate_code(93847539487i64); let code = account.generate_code(server_time);
println!("{}", code) println!("{}", code);
print!("Username: ");
let _ = std::io::stdout().flush();
let username: String = read!("{}\n");
let password = rpassword::prompt_password_stdout("Password: ").unwrap();
// println!("{}:{}", username, password);
let login = steamapi::UserLogin::new(username, password);
let result = login.login();
println!("result: {:?}", result);
} }

136
src/steamapi.rs Normal file
View file

@ -0,0 +1,136 @@
use std::collections::HashMap;
use reqwest::{Url, cookie::CookieStore, header::COOKIE, header::USER_AGENT};
use rsa::{PublicKey, RSAPublicKey};
use std::time::{SystemTime, UNIX_EPOCH};
use serde::{Serialize, Deserialize};
use rand::rngs::OsRng;
#[derive(Debug, Deserialize)]
struct LoginResponse {
success: bool,
login_complete: bool,
oauth_data_string: String,
}
#[derive(Debug, Deserialize)]
struct RsaResponse {
success: bool,
publickey_exp: String,
publickey_mod: String,
timestamp: String,
token_gid: String,
}
#[derive(Debug)]
pub enum LoginResult {
Ok,
BadRSA,
BadCredentials,
NeedCaptcha,
Need2FA,
NeedEmail,
OtherFailure,
}
#[derive(Debug)]
pub struct UserLogin {
pub username: String,
pub password: String,
pub captcha_text: String,
pub twofactor_code: String,
pub email_code: String,
cookies: reqwest::cookie::Jar,
// cookies: Arc<reqwest::cookie::Jar>,
client: reqwest::blocking::Client,
}
impl UserLogin {
pub fn new(username: String, password: String) -> UserLogin {
return UserLogin {
username,
password,
captcha_text: String::from(""),
twofactor_code: String::from(""),
email_code: String::from(""),
cookies: reqwest::cookie::Jar::default(),
// cookies: Arc::<reqwest::cookie::Jar>::new(reqwest::cookie::Jar::default()),
client: reqwest::blocking::ClientBuilder::new()
.cookie_store(true)
.build()
.unwrap(),
}
}
fn update_session(&self) {
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
self.cookies.add_cookie_str("mobileClientVersion=0 (2.1.3)", &url);
self.cookies.add_cookie_str("mobileClient=android", &url);
self.cookies.add_cookie_str("Steam_Language=english", &url);
let _ = self.client
.get("https://steamcommunity.com/login?oauth_client_id=DE45CD61&oauth_scope=read_profile%20write_profile%20read_client%20write_client".parse::<Url>().unwrap())
.header("X-Requested-With", "com.valvesoftware.android.steam.community")
.header(USER_AGENT, "Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; Google Nexus 4 - 4.1.1 - API 16 - 768x1280 Build/JRO03S) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30")
// .header(COOKIE, "mobileClientVersion=0 (2.1.3)")
// .header(COOKIE, "mobileClient=android")
// .header(COOKIE, "Steam_Language=english")
.header(COOKIE, self.cookies.cookies(&url).unwrap())
.send();
}
pub fn login(&self) -> LoginResult {
let url = "https://steamcommunity.com".parse::<Url>().unwrap();
if self.cookies.cookies(&url) == Option::None {
self.update_session()
}
let mut params = HashMap::new();
params.insert("donotcache", format!("{}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() * 1000));
params.insert("username", self.username.clone());
let resp = self.client
.post("https://steamcommunity.com/login/getrsakey")
.form(&params)
.send()
.unwrap();
let encrypted_password: String;
match resp.json::<RsaResponse>() {
Ok(rsa_resp) => {
// println!("rsa: {:?}", rsa_resp);
let rsa_exponent = rsa::BigUint::parse_bytes(rsa_resp.publickey_exp.as_bytes(), 16).unwrap();
let rsa_modulus = rsa::BigUint::parse_bytes(rsa_resp.publickey_mod.as_bytes(), 16).unwrap();
let public_key = RSAPublicKey::new(rsa_modulus, rsa_exponent).unwrap();
// println!("public key: {:?}", public_key);
let mut rng = OsRng;
let padding = rsa::PaddingScheme::new_pkcs1v15_encrypt();
encrypted_password = base64::encode(public_key.encrypt(&mut rng, padding, self.password.as_bytes()).unwrap());
println!("encrypted_password: {:?}", encrypted_password);
}
Err(error) => {
println!("rsa error: {:?}", error);
return LoginResult::BadRSA
}
}
let mut params = HashMap::new();
params.insert("donotcache", format!("{}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() * 1000));
params.insert("username", self.username.clone());
return LoginResult::OtherFailure
}
}
pub fn get_server_time() -> i64 {
let client = reqwest::blocking::Client::new();
let resp = client
.post("https://api.steampowered.com/ITwoFactorService/QueryTime/v0001")
.body("steamid=0")
.send();
let value: serde_json::Value = resp.unwrap().json().unwrap();
// println!("{}", value["response"]);
return String::from(value["response"]["server_time"].as_str().unwrap()).parse().unwrap();
}