setup: debug print full authenticator status when verification fails (#396 )

fix a potential panic when querying authenticator status (#395 )
fix new lints (#397 )
2024-07-16 20:32:18 -04:00 · 2024-07-16 20:13:39 -04:00 · 2024-07-16 20:07:33 -04:00 · 2024-06-02 18:21:36 -04:00 · 2024-06-02 21:59:36 +00:00 · 2024-06-02 14:12:44 -04:00
51 changed files with 2351 additions and 1341 deletions
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@ -10,7 +10,7 @@ body:
    id: version
    attributes:
      label: Version
-      description: What version of steamguard-cli are you running? You can find this by running `steamguard --version`.
+      description: What version of steamguard-cli are you running? You can find this by running `steamguard --version`. **Do NOT just say "latest", or your issue will be automatically closed.**
    validations:
      required: true
  - type: textarea
--- a/.github/workflows/aur-checker.yml
+++ b/.github/workflows/aur-checker.yml
@ -5,12 +5,13 @@ on:
    - cron: "32 5 */3 * *"
  push:
    branches: [ master, main ]
  workflow_dispatch:
 jobs:
  test-install:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
    - name: Install AUR package
      run: ./scripts/check-aur.sh
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@ -15,9 +15,9 @@ jobs:
    steps:
      - run: rustup component add clippy rustfmt
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Rust Cache
-        uses: Swatinem/rust-cache@v2.5.0
+        uses: Swatinem/rust-cache@v2
      - name: Check format
        run: cargo fmt --all -- --check
      - name: Check
@ -34,13 +34,13 @@ jobs:
      matrix:
        target: [x86_64-unknown-linux-musl, x86_64-pc-windows-gnu]
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Rust Cache
-        uses: Swatinem/rust-cache@v2.5.0
+        uses: Swatinem/rust-cache@v2
        with:
          prefix-key: v0-rust-${{ matrix.target }}
      - name: Install Cross
-        uses: baptiste0928/cargo-install@v1
+        uses: baptiste0928/cargo-install@v2
        with:
          crate: cross
      - name: Check
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -4,9 +4,9 @@ members = ["steamguard"]
 [package]
 name = "steamguard-cli"
-version = "0.10.5"
+version = "0.14.0"
 authors = ["dyc3 (Carson McManus) <carson.mcmanus1@gmail.com>"]
-edition = "2018"
+edition = "2021"
 description = "A command line utility to generate Steam 2FA codes and respond to confirmations."
 keywords = ["steam", "2fa", "steamguard", "authentication", "cli"]
 categories = ["command-line-utilities"]
@ -27,38 +27,43 @@ keyring = ["dep:keyring"]
 name = "steamguard"
 path = "src/main.rs"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 anyhow = "^1.0"
-base64 = "0.21.2"
+base64 = "0.22.1"
 text_io = "0.1.8"
-rpassword = "5.0"
+rpassword = "7.2.0"
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] }
+reqwest = { version = "0.12", default-features = false, features = [
 	"blocking",
 	"json",
 	"cookies",
 	"gzip",
 	"rustls-tls",
 ] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rsa = "0.9.2"
 rand = "0.8.5"
-standback = "0.2.17" # required to fix a compilation error on a transient dependency
+clap = { version = "4.5.4", features = ["derive", "cargo", "env"] }
-clap = { version = "3.1.18", features = ["derive", "cargo", "env"] }
+clap_complete = "4.5.2"
 clap_complete = "3.2.1"
 log = "0.4.19"
-stderrlog = "0.4"
+stderrlog = "0.6"
-cookie = "0.14"
+cookie = "0.18"
 regex = "1"
 lazy_static = "1.4.0"
-uuid = { version = "0.8", features = ["v4"] }
+uuid = { version = "1.8", features = ["v4"] }
-steamguard = { version = "^0.10.3", path = "./steamguard" }
+steamguard = { version = "^0.14.0", path = "./steamguard" }
-dirs = "3.0.2"
+dirs = "5.0.1"
 aes = { version = "0.8.3", features = ["zeroize"] }
-thiserror = "1.0.26"
+thiserror = "1.0.61"
 crossterm = { version = "0.23.2", features = ["event-stream"] }
-qrcode = { version = "0.12.0", optional = true }
+qrcode = { version = "0.14.0", optional = true }
 gethostname = "0.4.3"
 secrecy = { version = "0.8", features = ["serde"] }
 zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
 serde_path_to_error = "0.1.11"
-update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
+update-informer = { version = "1.0.0", optional = true, default-features = false, features = [
 	"github",
 ] }
 phonenumber = "0.3"
 cbc = { version = "0.1.2", features = ["std", "zeroize"] }
 inout = { version = "0.1.3", features = ["std"] }
@ -67,9 +72,11 @@ argon2 = { version = "0.5.0", features = ["std", "zeroize"] }
 pbkdf2 = { version = "0.12.1", features = ["parallel"] }
 sha1 = "0.10.5"
 rayon = "1.7.0"
 rqrr = "0.7.1"
 image = "0.25"
 [dev-dependencies]
-tempdir = "0.3"
+tempfile = "3"
 proptest = "1"
 [profile.release]
--- a/3
+++ b/3
@ -3,7 +3,7 @@
 _pkgname=steamguard-cli
 pkgname=${_pkgname}-git
-pkgver=0.8.1.r1.fe0d6e9a
+pkgver=0.14.0.r1.602acc66
 pkgrel=1
 pkgdesc="A command line utility to generate Steam 2FA codes and respond to confirmations."
 arch=('i686' 'x86_64' 'armv6h' 'armv7h')
@ -12,6 +12,7 @@ license=('GPL3')
 makedepends=('rust' 'cargo' 'git')
 source=("git+https://github.com/dyc3/steamguard-cli.git")
 sha256sums=('SKIP')
 options=(!lto)
 pkgver() {
    cd "${srcdir}/${_pkgname}"
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@
 [![Lint, Build, Test](https://github.com/dyc3/steamguard-cli/actions/workflows/rust.yml/badge.svg)](https://github.com/dyc3/steamguard-cli/actions/workflows/rust.yml)
 [![AUR Tester](https://github.com/dyc3/steamguard-cli/actions/workflows/aur-checker.yml/badge.svg)](https://github.com/dyc3/steamguard-cli/actions/workflows/aur-checker.yml)
-A command line utility for setting up and using Steam Mobile Authenticator (AKA Steam 2FA). It can also be used to respond to trade and market confirmations.
+A command line utility for setting up and using Steam Mobile Authenticator (AKA Steam 2FA). It can also be used to respond to trade, market, and any other steam mobile confirmations that you would normally get in the app.
 **The only legitimate place to download steamguard-cli binaries is through this repo's releases, or by any package manager that is linked in this document.**
--- a/rustfmt.toml
+++ b/rustfmt.toml
@ -1,3 +1,2 @@
 tab_spaces = 4
 hard_tabs = true
 normalize_comments = true
--- a/scripts/full-release.sh
+++ b/scripts/full-release.sh
@ -4,6 +4,7 @@ set -e
 DRY_RUN=true
 SKIP_CRATE_PUBLISH=false
 ALLOW_DIRTY=false
 POSITIONAL=()
 while [[ $# -gt 0 ]]; do
@ -23,6 +24,10 @@ while [[ $# -gt 0 ]]; do
      SKIP_CRATE_PUBLISH=true
      shift # past argument
      ;;
    --allow-dirty)
      ALLOW_DIRTY=true
      shift # past argument
      ;;
    *)    # unknown option
      POSITIONAL+=("$1") # save it in an array for later
      shift # past argument
@ -47,6 +52,21 @@ This will do everything needed to release a new version:
 - publish crates on crates.io
 - upload artifacts to a new release on github
 """
 echo "Previewing changes..."
 params=()
 if [[ $BUMP != "" ]]; then
 	params+=(--bump "$BUMP")
 	params+=(--bump-dependencies "$BUMP")
 fi
 if [[ $SKIP_CRATE_PUBLISH == true ]]; then
 	params+=(--no-publish)
 fi
 if [[ $ALLOW_DIRTY == true ]]; then
  params+=(--allow-dirty)
 fi
 cargo smart-release --update-crates-index --no-changelog --no-tag --no-push --no-publish "${params[@]}"
 if [ "$DRY_RUN" = true ]; then
 	echo "This is a dry run, nothing will be done. Artifacts will be built, but not published. Use --execute to do it for real."
 else
@ -55,17 +75,10 @@ fi
 echo "Press any key to continue..."
 read -n 1 -s -r
-params=()
+
 if [[ $DRY_RUN == false ]]; then
 	params+=(--execute)
 fi
 if [[ $BUMP != "" ]]; then
 	params+=(--bump "$BUMP")
 	params+=(--bump-dependencies "$BUMP")
 fi
 if [[ $SKIP_CRATE_PUBLISH == true ]]; then
 	params+=(--no-publish)
 fi
 cargo smart-release --update-crates-index --no-changelog --no-tag --no-push --no-publish "${params[@]}"
 #echo "Verify that the publish succeeded, and Press any key to continue..."
--- a/scripts/package-deb.sh
+++ b/scripts/package-deb.sh
@ -32,12 +32,12 @@ Depends:
 Version: $VERSION
 Section: base
 Priority: optional
-Architecture: x86-64
+Architecture: amd64
 Maintainer: Carson McManus <carson.mcmanus1@gmail.com>
 Description: steamguard-cli
 A command line utility to generate Steam 2FA codes and respond to confirmations.
 EOT
-dpkg-deb --build "$TEMP_PKG_PATH" "steamguard-cli_$VERSION-0.deb"
+dpkg-deb -Zxz --build "$TEMP_PKG_PATH" "steamguard-cli_$VERSION-0.deb"
 rm -rf "$TEMP_PKG_PATH"
--- a/src/accountmanager.rs
+++ b/src/accountmanager.rs
@ -15,6 +15,8 @@ use thiserror::Error;
 mod legacy;
 pub mod manifest;
 pub mod migrate;
 mod steamv2;
 mod winauth;
 pub use manifest::*;
@ -194,14 +196,14 @@ impl AccountManager {
 		Ok(())
 	}
-	pub fn remove_account(&mut self, account_name: String) {
+	pub fn remove_account(&mut self, account_name: &String) {
 		let index = self
 			.manifest
 			.entries
 			.iter()
-			.position(|a| a.account_name == account_name)
+			.position(|a| &a.account_name == account_name)
 			.unwrap();
-		self.accounts.remove(&account_name);
+		self.accounts.remove(account_name);
 		self.manifest.entries.remove(index);
 	}
@ -337,8 +339,9 @@ impl AccountManager {
 			debug!("Adding missing account names");
 			for i in 0..self.manifest.entries.len() {
 				let account = self.load_account_by_entry(&self.manifest.entries[i].clone())?;
-				self.manifest.entries[i].account_name =
+				self.manifest.entries[i]
-					account.lock().unwrap().account_name.clone();
+					.account_name
 					.clone_from(&account.lock().unwrap().account_name);
 			}
 			upgraded = true;
 		}
@ -468,19 +471,19 @@ pub enum ManifestAccountImportError {
 mod tests {
 	use super::*;
 	use steamguard::ExposeSecret;
-	use tempdir::TempDir;
+	use tempfile::TempDir;
 	#[test]
 	fn test_should_save_new_manifest() {
-		let tmp_dir = TempDir::new("steamguard-cli-test").unwrap();
+		let tmp_dir = TempDir::new().unwrap();
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let manager = AccountManager::new(manifest_path.as_path());
-		assert!(matches!(manager.save(), Ok(_)));
+		assert!(manager.save().is_ok());
 	}
 	#[test]
 	fn test_should_save_and_load_manifest() -> anyhow::Result<()> {
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		println!("tempdir: {}", manifest_path.display());
 		let mut manager = AccountManager::new(manifest_path.as_path());
@ -516,7 +519,7 @@ mod tests {
 	#[test]
 	fn test_should_save_and_load_manifest_encrypted() -> anyhow::Result<()> {
 		let passkey = Some(SecretString::new("password".into()));
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();
@ -528,7 +531,7 @@ mod tests {
 		manager.add_account(account);
 		manager.manifest.entries[0].encryption = Some(EncryptionScheme::generate());
 		manager.submit_passkey(passkey.clone());
-		assert!(matches!(manager.save(), Ok(_)));
+		assert!(manager.save().is_ok());
 		let mut loaded_manager = AccountManager::load(manifest_path.as_path()).unwrap();
 		loaded_manager.submit_passkey(passkey);
@ -541,7 +544,7 @@ mod tests {
 		if _r.is_err() {
 			eprintln!("{:?}", _r);
 		}
-		assert!(matches!(_r, Ok(_)));
+		assert!(_r.is_ok());
 		assert_eq!(
 			loaded_manager.manifest.entries.len(),
 			loaded_manager.accounts.len()
@ -565,7 +568,7 @@ mod tests {
 	#[test]
 	fn test_should_save_and_load_manifest_encrypted_longer() -> anyhow::Result<()> {
 		let passkey = Some(SecretString::new("password".into()));
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();
@ -612,7 +615,7 @@ mod tests {
 	#[test]
 	fn test_should_import() -> anyhow::Result<()> {
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();
@ -627,17 +630,16 @@ mod tests {
 		std::fs::remove_file(&manifest_path)?;
 		let mut loaded_manager = AccountManager::new(manifest_path.as_path());
-		assert!(matches!(
+		assert!(loaded_manager
-			loaded_manager.import_account(
+			.import_account(
 				&tmp_dir
 					.path()
 					.join("asdf1234.maFile")
 					.into_os_string()
 					.into_string()
 					.unwrap()
-			),
+			)
-			Ok(_)
+			.is_ok());
 		));
 		assert_eq!(
 			loaded_manager.manifest.entries.len(),
 			loaded_manager.accounts.len()
--- a/src/accountmanager/legacy.rs
+++ b/src/accountmanager/legacy.rs
@ -128,9 +128,11 @@ pub struct SdaAccount {
 	pub token_gid: String,
 	#[serde(with = "crate::secret_string")]
 	pub identity_secret: SecretString,
 	#[serde(default)]
 	pub server_time: u64,
 	#[serde(with = "crate::secret_string")]
 	pub uri: SecretString,
 	#[serde(default)]
 	pub fully_enrolled: bool,
 	pub device_id: String,
 	#[serde(with = "crate::secret_string")]
--- a/src/accountmanager/migrate.rs
+++ b/src/accountmanager/migrate.rs
@ -1,6 +1,6 @@
 use std::{fs::File, io::Read, path::Path};
-use log::debug;
+use log::*;
 use secrecy::SecretString;
 use serde::{de::Error, Deserialize};
 use steamguard::SteamGuardAccount;
@ -11,6 +11,8 @@ use crate::encryption::EncryptionScheme;
 use super::{
 	legacy::{SdaAccount, SdaManifest},
 	manifest::ManifestV1,
 	steamv2::SteamMobileV2,
 	winauth::parse_winauth_exports,
 	EntryLoader, Manifest,
 };
@ -145,7 +147,11 @@ impl MigratingManifest {
 						errors
 					));
 				}
-				accounts.into_iter().map(MigratingAccount::Sda).collect()
+				accounts
 					.into_iter()
 					.map(ExternalAccount::Sda)
 					.map(MigratingAccount::External)
 					.collect()
 			}
 			Self::ManifestV1(manifest) => {
 				let (accounts, errors) = manifest
@ -228,15 +234,16 @@ fn deserialize_manifest(
 }
 #[derive(Debug, Clone)]
 #[allow(clippy::large_enum_variant)]
 enum MigratingAccount {
-	Sda(SdaAccount),
+	External(ExternalAccount),
 	ManifestV1(SteamGuardAccount),
 }
 impl MigratingAccount {
 	pub fn upgrade(self) -> Self {
 		match self {
-			Self::Sda(sda) => Self::ManifestV1(sda.into()),
+			Self::External(account) => Self::ManifestV1(account.into()),
 			Self::ManifestV1(_) => self,
 		}
 	}
@ -255,19 +262,65 @@ impl From<MigratingAccount> for SteamGuardAccount {
 	}
 }
-pub fn load_and_upgrade_sda_account(path: &Path) -> anyhow::Result<SteamGuardAccount> {
+pub fn load_and_upgrade_external_accounts(path: &Path) -> anyhow::Result<Vec<SteamGuardAccount>> {
-	let file = File::open(path)?;
+	let mut file = File::open(path)?;
-	let account: SdaAccount = serde_json::from_reader(file)?;
+	let mut buf = vec![];
-	let mut account = MigratingAccount::Sda(account);
+	file.read_to_end(&mut buf)?;
 	let mut deser = serde_json::Deserializer::from_slice(&buf);
 	let accounts = match serde_path_to_error::deserialize(&mut deser) {
 		Ok(account) => {
 			vec![MigratingAccount::External(account)]
 		}
 		Err(json_err) => {
 			// the file is not JSON, so it's probably a winauth export
 			match parse_winauth_exports(buf) {
 				Ok(accounts) => accounts
 					.into_iter()
 					.map(MigratingAccount::External)
 					.collect(),
 				Err(winauth_err) => {
 					bail!(
 						"Failed to parse as JSON: {}\nFailed to parse as Winauth export: {}",
 						json_err,
 						winauth_err
 					)
 				}
 			}
 		}
 	};
 	Ok(accounts
 		.into_iter()
 		.map(|mut account| {
 			while !account.is_latest() {
 				account = account.upgrade();
 			}
 			account.into()
 		})
 		.collect())
 }
-	Ok(account.into())
+#[derive(Debug, Clone, Deserialize)]
 #[serde(untagged)]
 #[allow(clippy::large_enum_variant)]
 pub(crate) enum ExternalAccount {
 	Sda(SdaAccount),
 	SteamMobileV2(SteamMobileV2),
 }
 impl From<ExternalAccount> for SteamGuardAccount {
 	fn from(account: ExternalAccount) -> Self {
 		match account {
 			ExternalAccount::Sda(account) => account.into(),
 			ExternalAccount::SteamMobileV2(account) => account.into(),
 		}
 	}
 }
 #[cfg(test)]
 mod tests {
 	use tempfile::TempDir;
 	use crate::{accountmanager::CURRENT_MANIFEST_VERSION, AccountManager};
 	use super::*;
@ -308,6 +361,10 @@ mod tests {
 				manifest: "src/fixtures/maFiles/compat/difficult-migration/manifest.json",
 				passkey: None,
 			},
 			Test {
 				manifest: "src/fixtures/maFiles/compat/missing-unnecessary/manifest.json",
 				passkey: None,
 			},
 		];
 		for case in cases {
 			eprintln!("testing: {:?}", case);
@ -360,10 +417,26 @@ mod tests {
 				account_name: "example",
 				steam_id: 1234,
 			},
 			Test {
 				mafile: "src/fixtures/maFiles/compat/steamv2/sample.maFile",
 				account_name: "afarihm",
 				steam_id: 76561199441992970,
 			},
 			Test {
 				mafile: "src/fixtures/maFiles/compat/winauth/exports.txt",
 				account_name: "example",
 				steam_id: 1234,
 			},
 			Test {
 				mafile: "src/fixtures/maFiles/compat/missing-unnecessary/1234.maFile",
 				account_name: "example",
 				steam_id: 1234,
 			},
 		];
 		for case in cases {
 			eprintln!("testing: {:?}", case);
-			let account = load_and_upgrade_sda_account(Path::new(case.mafile))?;
+			let accounts = load_and_upgrade_external_accounts(Path::new(case.mafile))?;
 			let account = accounts[0].clone();
 			assert_eq!(account.account_name, case.account_name);
 			assert_eq!(account.steam_id, case.steam_id);
 		}
@ -406,7 +479,7 @@ mod tests {
 		];
 		for case in cases {
 			eprintln!("testing: {:?}", case);
-			let temp = tempdir::TempDir::new("steamguard-cli-test")?;
+			let temp = TempDir::new()?;
 			for file in std::fs::read_dir(case.dir)? {
 				let file = file?;
 				let path = file.path();
--- a/src/accountmanager/steamv2.rs
+++ b/src/accountmanager/steamv2.rs
@ -0,0 +1,73 @@
 use secrecy::SecretString;
 use serde::{Deserialize, Deserializer};
 use serde_json::Value;
 use steamguard::{token::TwoFactorSecret, SteamGuardAccount};
 use uuid::Uuid;
 /// Defines the schema for loading steamguard accounts extracted from backups of the official Steam app (v2).
 ///
 /// ```json
 /// {
 ///     "steamid": "X",
 ///     "shared_secret": "X",
 ///     "serial_number": "X",
 ///     "revocation_code": "X",
 ///     "uri": "otpauth:\/\/totp\/Steam:USERNAME?secret=X&issuer=Steam",
 ///     "server_time": "X",
 ///     "account_name": "USERNAME",
 ///     "token_gid": "X",
 ///     "identity_secret": "X",
 ///     "secret_1": "X",
 ///     "status": 1,
 ///     "steamguard_scheme": "2"
 /// }
 /// ```
 #[derive(Debug, Clone, Deserialize)]
 pub struct SteamMobileV2 {
 	#[serde(deserialize_with = "de_parse_number")]
 	pub steamid: u64,
 	pub shared_secret: TwoFactorSecret,
 	pub serial_number: String,
 	#[serde(with = "crate::secret_string")]
 	pub revocation_code: SecretString,
 	#[serde(with = "crate::secret_string")]
 	pub uri: SecretString,
 	pub server_time: Option<serde_json::Value>,
 	pub account_name: String,
 	pub token_gid: String,
 	#[serde(with = "crate::secret_string")]
 	pub identity_secret: SecretString,
 	#[serde(with = "crate::secret_string")]
 	pub secret_1: SecretString,
 	pub status: Option<serde_json::Value>,
 	pub steamguard_scheme: Option<serde_json::Value>,
 }
 impl From<SteamMobileV2> for SteamGuardAccount {
 	fn from(account: SteamMobileV2) -> Self {
 		Self {
 			shared_secret: account.shared_secret,
 			identity_secret: account.identity_secret,
 			revocation_code: account.revocation_code,
 			uri: account.uri,
 			account_name: account.account_name,
 			token_gid: account.token_gid,
 			serial_number: account.serial_number,
 			steam_id: account.steamid,
 			// device_id is unknown, so we just make one up
 			device_id: format!("android:{}", Uuid::new_v4()),
 			secret_1: account.secret_1,
 			tokens: None,
 		}
 	}
 }
 fn de_parse_number<'de, D: Deserializer<'de>>(deserializer: D) -> Result<u64, D::Error> {
 	Ok(match Value::deserialize(deserializer)? {
 		Value::String(s) => s.parse().map_err(serde::de::Error::custom)?,
 		Value::Number(num) => num
 			.as_u64()
 			.ok_or(serde::de::Error::custom("Invalid number"))?,
 		_ => return Err(serde::de::Error::custom("wrong type")),
 	})
 }
--- a/src/accountmanager/winauth.rs
+++ b/src/accountmanager/winauth.rs
@ -0,0 +1,50 @@
 //! Accounts exported from Winauth are in the following format:
 //!
 //! One account per line, with each account represented as a URL.
 //!
 //! ```ignore
 //! otpauth://totp/Steam:<steamaccountname>?secret=<ABCDEFG1234_secret_dunno_what_for>&digits=5&issuer=Steam&deviceid=<URL_Escaped_device_name>&data=<url_encoded_data_json>
 //! ```
 //!
 //! The `data` field is a URL encoded JSON object with the following fields:
 //!
 //! ```json
 //! {"steamid":"<steam_id>","status":1,"shared_secret":"<shared_secret>","serial_number":"<serial_number>","revocation_code":"<revocation_code>","uri":"<uri>","server_time":"<server_time>","account_name":"<steam_login_name>","token_gid":"<token_gid>","identity_secret":"<identity_secret>","secret_1":"<secret_1>","steamguard_scheme":"2"}
 //! ```
 use anyhow::Context;
 use log::*;
 use reqwest::Url;
 use super::migrate::ExternalAccount;
 pub(crate) fn parse_winauth_exports(buf: Vec<u8>) -> anyhow::Result<Vec<ExternalAccount>> {
 	let buf = String::from_utf8(buf)?;
 	let mut accounts = Vec::new();
 	for line in buf.split('\n') {
 		if line.is_empty() {
 			continue;
 		}
 		let url = Url::parse(line).context("parsing as winauth export URL")?;
 		let mut query = url.query_pairs();
 		let issuer = query
 			.find(|(key, _)| key == "issuer")
 			.context("missing issuer field")?
 			.1;
 		if issuer != "Steam" {
 			debug!("skipping non-Steam account: {}", issuer);
 			continue;
 		}
 		let data = query
 			.find(|(key, _)| key == "data")
 			.context("missing data field")?
 			.1;
 		trace!("data: {}", data);
 		let mut deser = serde_json::Deserializer::from_str(&data);
 		let account = serde_path_to_error::deserialize(&mut deser)?;
 		accounts.push(account);
 	}
 	Ok(accounts)
 }
--- a/src/commands.rs
+++ b/src/commands.rs
@ -1,6 +1,6 @@
 use std::sync::{Arc, Mutex};
-use clap::{clap_derive::ArgEnum, Parser};
+use clap::{Parser, Subcommand, ValueEnum};
 use clap_complete::Shell;
 use secrecy::SecretString;
 use std::str::FromStr;
@ -10,6 +10,7 @@ use crate::AccountManager;
 pub mod code;
 pub mod completions;
 pub mod confirm;
 pub mod debug;
 pub mod decrypt;
 pub mod encrypt;
@ -19,10 +20,10 @@ pub mod qr;
 pub mod qr_login;
 pub mod remove;
 pub mod setup;
 pub mod trade;
 pub use code::CodeCommand;
 pub use completions::CompletionsCommand;
 pub use confirm::ConfirmCommand;
 pub use debug::DebugCommand;
 pub use decrypt::DecryptCommand;
 pub use encrypt::EncryptCommand;
@ -32,7 +33,6 @@ pub use qr::QrCommand;
 pub use qr_login::QrLoginCommand;
 pub use remove::RemoveCommand;
 pub use setup::SetupCommand;
 pub use trade::TradeCommand;
 /// A command that does not operate on the manifest or individual accounts.
 pub(crate) trait ConstCommand {
@ -44,7 +44,12 @@ pub(crate) trait ManifestCommand<T>
 where
 	T: Transport,
 {
-	fn execute(&self, transport: T, manager: &mut AccountManager) -> anyhow::Result<()>;
+	fn execute(
 		&self,
 		transport: T,
 		manager: &mut AccountManager,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()>;
 }
 /// A command that operates on individual accounts.
@ -57,6 +62,7 @@ where
 		transport: T,
 		manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()>;
 }
@ -92,6 +98,13 @@ pub(crate) struct GlobalArgs {
 		long_help = "Select the account you want by steam username. Case-sensitive. By default, the first account in the manifest is selected."
 	)]
 	pub username: Option<String>,
 	#[clap(
 		long,
 		conflicts_with = "all",
 		help = "Steam account password. You really shouldn't use this if you can avoid it.",
 		env = "STEAMGUARD_CLI_STEAM_PASSWORD"
 	)]
 	pub password: Option<SecretString>,
 	#[clap(
 		short,
 		long,
@ -114,7 +127,7 @@ pub(crate) struct GlobalArgs {
 		help = "Specify your encryption passkey."
 	)]
 	pub passkey: Option<SecretString>,
-	#[clap(short, long, arg_enum, default_value_t=Verbosity::Info, help = "Set the log level. Be warned, trace is capable of printing sensitive data.")]
+	#[clap(short, long, value_enum, default_value_t=Verbosity::Info, help = "Set the log level. Be warned, trace is capable of printing sensitive data.")]
 	pub verbosity: Verbosity,
 	#[cfg(feature = "updater")]
@ -147,13 +160,14 @@ pub(crate) struct GlobalArgs {
 	pub danger_accept_invalid_certs: bool,
 }
-#[derive(Debug, Clone, Parser)]
+#[derive(Debug, Clone, Subcommand)]
 pub(crate) enum Subcommands {
 	Debug(DebugCommand),
 	Completion(CompletionsCommand),
 	Setup(SetupCommand),
 	Import(ImportCommand),
-	Trade(TradeCommand),
+	#[clap(alias = "trade")]
 	Confirm(ConfirmCommand),
 	Remove(RemoveCommand),
 	Encrypt(EncryptCommand),
 	Decrypt(DecryptCommand),
@ -163,7 +177,7 @@ pub(crate) enum Subcommands {
 	QrLogin(QrLoginCommand),
 }
-#[derive(Debug, Clone, Copy, ArgEnum)]
+#[derive(Debug, Clone, Copy, ValueEnum)]
 pub(crate) enum Verbosity {
 	Error = 0,
 	Warn = 1,
@ -209,3 +223,14 @@ impl From<Args> for CodeCommand {
 		args.code
 	}
 }
 #[cfg(test)]
 mod tests {
 	use super::*;
 	#[test]
 	fn verify_cli() {
 		use clap::CommandFactory;
 		Args::command().debug_assert()
 	}
 }
--- a/src/commands/code.rs
+++ b/src/commands/code.rs
@ -29,6 +29,7 @@ where
 		transport: T,
 		_manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		_args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		let server_time = if self.offline {
 			SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs()
--- a/src/commands/completions.rs
+++ b/src/commands/completions.rs
@ -5,7 +5,12 @@ use super::*;
 #[derive(Debug, Clone, Parser)]
 #[clap(about = "Generate shell completions")]
 pub struct CompletionsCommand {
-	#[clap(short, long, arg_enum, help = "The shell to generate completions for.")]
+	#[clap(
 		short,
 		long,
 		value_enum,
 		help = "The shell to generate completions for."
 	)]
 	pub shell: Shell,
 }
--- a/src/commands/confirm.rs
+++ b/src/commands/confirm.rs
@ -9,12 +9,12 @@ use crate::{tui, AccountManager};
 use super::*;
 #[derive(Debug, Clone, Parser)]
-#[clap(about = "Interactive interface for trade confirmations")]
+#[clap(about = "Interactive interface for steam mobile confirmations")]
-pub struct TradeCommand {
+pub struct ConfirmCommand {
 	#[clap(
 		short,
 		long,
-		help = "Accept all open trade confirmations. Does not open interactive interface."
+		help = "Accept all open mobile confirmations. Does not open interactive interface."
 	)]
 	pub accept_all: bool,
 	#[clap(
@ -25,7 +25,7 @@ pub struct TradeCommand {
 	pub fail_fast: bool,
 }
-impl<T> AccountCommand<T> for TradeCommand
+impl<T> AccountCommand<T> for ConfirmCommand
 where
 	T: Transport + Clone,
 {
@ -34,31 +34,32 @@ where
 		transport: T,
 		manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		for a in accounts {
 			let mut account = a.lock().unwrap();
 			if !account.is_logged_in() {
 				info!("Account does not have tokens, logging in");
-				crate::do_login(transport.clone(), &mut account)?;
+				crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 			}
-			info!("{}: Checking for trade confirmations", account.account_name);
+			info!("{}: Checking for confirmations", account.account_name);
 			let confirmations: Vec<Confirmation>;
 			loop {
 				let confirmer = Confirmer::new(transport.clone(), &account);
-				match confirmer.get_trade_confirmations() {
+				match confirmer.get_confirmations() {
 					Ok(confs) => {
 						confirmations = confs;
 						break;
 					}
 					Err(ConfirmerError::InvalidTokens) => {
 						info!("obtaining new tokens");
-						crate::do_login(transport.clone(), &mut account)?;
+						crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 					}
 					Err(err) => {
-						error!("Failed to get trade confirmations: {}", err);
+						error!("Failed to get confirmations: {}", err);
 						return Err(err.into());
 					}
 				}
--- a/src/commands/decrypt.rs
+++ b/src/commands/decrypt.rs
@ -12,7 +12,12 @@ impl<T> ManifestCommand<T> for DecryptCommand
 where
 	T: Transport,
 {
-	fn execute(&self, _transport: T, manager: &mut AccountManager) -> anyhow::Result<()> {
+	fn execute(
 		&self,
 		_transport: T,
 		manager: &mut AccountManager,
 		_args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		load_accounts_with_prompts(manager)?;
 		#[cfg(feature = "keyring")]
--- a/src/commands/encrypt.rs
+++ b/src/commands/encrypt.rs
@ -16,7 +16,12 @@ impl<T> ManifestCommand<T> for EncryptCommand
 where
 	T: Transport,
 {
-	fn execute(&self, _transport: T, manager: &mut AccountManager) -> anyhow::Result<()> {
+	fn execute(
 		&self,
 		_transport: T,
 		manager: &mut AccountManager,
 		_args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		if !manager.has_passkey() {
 			let passkey: Option<SecretString>;
 			loop {
@ -25,8 +30,7 @@ where
 					error!("Passkey cannot be empty, try again.");
 					continue;
 				}
-				let passkey_confirm =
+				let passkey_confirm = rpassword::prompt_password("Confirm encryption passkey: ")
 					rpassword::prompt_password_stdout("Confirm encryption passkey: ")
 					.map(SecretString::new)?;
 				if passkey1.expose_secret() == passkey_confirm.expose_secret() {
 					passkey = Some(passkey1);
--- a/src/commands/import.rs
+++ b/src/commands/import.rs
@ -11,9 +11,6 @@ use super::*;
 	about = "Import an account with steamguard already set up. It must not be encrypted. If you haven't used steamguard-cli before, you probably don't need to use this command."
 )]
 pub struct ImportCommand {
 	#[clap(long, help = "Whether or not the provided maFiles are from SDA.")]
 	pub sda: bool,
 	#[clap(long, help = "Paths to one or more maFiles, eg. \"./gaben.maFile\"")]
 	pub files: Vec<String>,
 }
@ -22,15 +19,15 @@ impl<T> ManifestCommand<T> for ImportCommand
 where
 	T: Transport,
 {
-	fn execute(&self, _transport: T, manager: &mut AccountManager) -> anyhow::Result<()> {
+	fn execute(
 		&self,
 		_transport: T,
 		manager: &mut AccountManager,
 		_args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		let mut accounts_added = 0;
 		for file_path in self.files.iter() {
 			debug!("loading entry: {:?}", file_path);
 			if self.sda {
 				let path = Path::new(&file_path);
 				let account = crate::accountmanager::migrate::load_and_upgrade_sda_account(path)?;
 				manager.add_account(account);
 				info!("Imported account: {}", &file_path);
 			} else {
 			match manager.import_account(file_path) {
 				Ok(_) => {
 					info!("Imported account: {}", &file_path);
@ -38,15 +35,34 @@ where
 				Err(ManifestAccountImportError::AlreadyExists { .. }) => {
 					warn!("Account already exists: {} -- Ignoring", &file_path);
 				}
-					Err(ManifestAccountImportError::DeserializationFailed(err)) => {
+				Err(ManifestAccountImportError::DeserializationFailed(orig_err)) => {
-						warn!("Failed to import account: {} {}", &file_path, err);
+					debug!("Falling back to external account import",);
-						warn!("If this file came from SDA, try using --sda");
+
 					let path = Path::new(&file_path);
 					let accounts =
 						match crate::accountmanager::migrate::load_and_upgrade_external_accounts(
 							path,
 						) {
 							Ok(accounts) => accounts,
 							Err(err) => {
 								error!("Failed to import account: {} {}", &file_path, err);
 								error!("The original error was: {}", orig_err);
 								continue;
 							}
 						};
 					for account in accounts {
 						manager.add_account(account);
 						info!("Imported account: {}", &file_path);
 						accounts_added += 1;
 					}
 				}
 				Err(err) => {
 					bail!("Failed to import account: {} {}", &file_path, err);
 				}
 			}
 		}
 		if accounts_added > 0 {
 			info!("Imported {} accounts", accounts_added);
 		}
 		manager.save()?;
--- a/src/commands/qr.rs
+++ b/src/commands/qr.rs
@ -27,6 +27,7 @@ where
 		_transport: T,
 		_manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		_args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		use anyhow::Context;
--- a/src/commands/qr_login.rs
+++ b/src/commands/qr_login.rs
@ -1,6 +1,10 @@
-use std::sync::{Arc, Mutex};
+use std::{
 	path::{Path, PathBuf},
 	sync::{Arc, Mutex},
 };
 use log::*;
 use rqrr::PreparedImage;
 use steamguard::{QrApprover, QrApproverError};
 use crate::AccountManager;
@ -10,11 +14,8 @@ use super::*;
 #[derive(Debug, Clone, Parser)]
 #[clap(about = "Log in to Steam on another device using the QR code that it's displaying.")]
 pub struct QrLoginCommand {
-	#[clap(
+	#[clap(flatten)]
-		long,
+	login_url_source: LoginUrlSource,
 		help = "The URL that would normally open in the Steam app. This is the URL that the QR code is displaying. It should start with \"https://s.team/...\""
 	)]
 	pub url: String,
 }
 impl<T> AccountCommand<T> for QrLoginCommand
@ -26,6 +27,7 @@ where
 		transport: T,
 		_manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		ensure!(
 			accounts.len() == 1,
@ -37,24 +39,29 @@ where
 		info!("Approving login to {}", account.account_name);
 		if account.tokens.is_none() {
-			crate::do_login(transport.clone(), &mut account)?;
+			crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 		}
 		let url = self.login_url_source.url()?;
 		debug!("Using login URL to approve: {}", url);
 		loop {
 			let Some(tokens) = account.tokens.as_ref() else {
-				error!("No tokens found for {}. Can't approve login if we aren't logged in ourselves.", account.account_name);
+				error!(
 					"No tokens found for {}. Can't approve login if we aren't logged in ourselves.",
 					account.account_name
 				);
 				return Err(anyhow!("No tokens found for {}", account.account_name));
 			};
 			let mut approver = QrApprover::new(transport.clone(), tokens);
-			match approver.approve(&account, &self.url) {
+			match approver.approve(&account, url.to_owned()) {
 				Ok(_) => {
 					info!("Login approved.");
 					break;
 				}
 				Err(QrApproverError::Unauthorized) => {
 					warn!("tokens are invalid. Attempting to log in again.");
-					crate::do_login(transport.clone(), &mut account)?;
+					crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 				}
 				Err(e) => {
 					error!("Failed to approve login: {}", e);
@ -66,3 +73,56 @@ where
 		Ok(())
 	}
 }
 #[derive(Debug, Clone, clap::Args)]
 #[group(required = true, multiple = false)]
 pub struct LoginUrlSource {
 	/// The URL that would normally open in the Steam app. This is the URL that the QR code is displaying. It should start with \"https://s.team/...\"
 	#[clap(long)]
 	url: Option<String>,
 	/// Path to an image file containing the QR code. The QR code will be scanned from this image.
 	#[clap(long)]
 	image: Option<PathBuf>,
 }
 impl LoginUrlSource {
 	fn url(&self) -> anyhow::Result<String> {
 		match self {
 			Self { url: Some(url), .. } => Ok(url.clone()),
 			Self {
 				image: Some(path), ..
 			} => read_qr_image(path),
 			_ => Err(anyhow!(
 				"You must provide either a URL with --url or an image file with --image."
 			)),
 		}
 	}
 }
 fn read_qr_image(path: &Path) -> anyhow::Result<String> {
 	use image::io::Reader as ImageReader;
 	let image = ImageReader::open(path)?.decode()?.to_luma8();
 	let mut img = PreparedImage::prepare(image);
 	let grids = img.detect_grids();
 	for grid in grids {
 		let (_meta, text) = grid.decode()?;
 		// a rough validation that the QR code is a Steam login code
 		if text.contains("s.team") {
 			return Ok(text);
 		}
 	}
 	Err(anyhow!("No Steam login url found in the QR code"))
 }
 #[cfg(test)]
 mod tests {
 	use super::*;
 	use std::path::Path;
 	#[test]
 	fn test_read_qr_image() {
 		let path = Path::new("src/fixtures/qr-codes/login-qr.png");
 		let url = read_qr_image(path).unwrap();
 		assert_eq!(url, "https://s.team/q/1/2372462679780599330");
 	}
 }
--- a/src/commands/remove.rs
+++ b/src/commands/remove.rs
@ -1,7 +1,7 @@
 use std::sync::{Arc, Mutex};
 use log::*;
-use steamguard::{steamapi::TwoFactorClient, transport::TransportError, RemoveAuthenticatorError};
+use steamguard::{accountlinker::RemoveAuthenticatorError, transport::TransportError};
 use crate::{errors::UserError, tui, AccountManager};
@ -20,6 +20,7 @@ where
 		transport: T,
 		manager: &mut AccountManager,
 		accounts: Vec<Arc<Mutex<SteamGuardAccount>>>,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		eprintln!(
 			"This will remove the mobile authenticator from {} accounts: {}",
@ -42,11 +43,10 @@ where
 		let mut successful = vec![];
 		for a in accounts {
 			let mut account = a.lock().unwrap();
 			let client = TwoFactorClient::new(transport.clone());
 			let mut revocation: Option<String> = None;
 			loop {
-				match account.remove_authenticator(&client, revocation.as_ref()) {
+				match account.remove_authenticator(transport.clone(), revocation.as_ref()) {
 					Ok(_) => {
 						info!("Removed authenticator from {}", account.account_name);
 						successful.push(account.account_name.clone());
@ -54,7 +54,7 @@ where
 					}
 					Err(RemoveAuthenticatorError::TransportError(TransportError::Unauthorized)) => {
 						error!("Account {} is not logged in", account.account_name);
-						crate::do_login(transport.clone(), &mut account)?;
+						crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 						continue;
 					}
 					Err(RemoveAuthenticatorError::IncorrectRevocationCode {
@ -68,17 +68,17 @@ where
 							error!("No attempts remaining, aborting!");
 							break;
 						}
-						eprint!("Enter the revocation code for {}: ", account.account_name);
+						let code = tui::prompt_non_empty(format!(
-						let code = tui::prompt();
+							"Enter the revocation code for {}: ",
 							account.account_name
 						));
 						revocation = Some(code);
 					}
 					Err(RemoveAuthenticatorError::MissingRevocationCode) => {
-						error!(
+						let code = tui::prompt_non_empty(format!(
-							"Account {} does not have a revocation code",
+							"Enter the revocation code for {}: ",
 							account.account_name
-						);
+						));
 						eprint!("Enter the revocation code for {}: ", account.account_name);
 						let code = tui::prompt();
 						revocation = Some(code);
 					}
 					Err(err) => {
@ -93,7 +93,7 @@ where
 		}
 		for account_name in successful {
-			manager.remove_account(account_name);
+			manager.remove_account(&account_name);
 		}
 		manager.save()?;
--- a/src/commands/setup.rs
+++ b/src/commands/setup.rs
@ -2,8 +2,11 @@ use log::*;
 use phonenumber::PhoneNumber;
 use secrecy::ExposeSecret;
 use steamguard::{
-	accountlinker::AccountLinkSuccess, phonelinker::PhoneLinker, steamapi::PhoneClient,
+	accountlinker::{AccountLinkConfirmType, AccountLinkSuccess, RemoveAuthenticatorError},
-	token::Tokens, AccountLinkError, AccountLinker, FinalizeLinkError,
+	phonelinker::PhoneLinker,
 	steamapi::PhoneClient,
 	token::Tokens,
 	AccountLinkError, AccountLinker, FinalizeLinkError,
 };
 use crate::{tui, AccountManager};
@ -18,7 +21,12 @@ impl<T> ManifestCommand<T> for SetupCommand
 where
 	T: Transport + Clone,
 {
-	fn execute(&self, transport: T, manager: &mut AccountManager) -> anyhow::Result<()> {
+	fn execute(
 		&self,
 		transport: T,
 		manager: &mut AccountManager,
 		args: &GlobalArgs,
 	) -> anyhow::Result<()> {
 		eprintln!("Log in to the account that you want to link to steamguard-cli");
 		eprint!("Username: ");
 		let username = tui::prompt().to_lowercase();
@ -30,19 +38,18 @@ where
 			);
 		}
 		info!("Logging in to {}", username);
-		let tokens = crate::do_login_raw(transport.clone(), username)
+		let tokens = crate::do_login_raw(transport.clone(), username, args.password.clone())
 			.expect("Failed to log in. Account has not been linked.");
 		info!("Adding authenticator...");
 		let mut linker = AccountLinker::new(transport.clone(), tokens);
 		let link: AccountLinkSuccess;
 		loop {
 			match linker.link() {
-				Ok(a) => {
+				Ok(link) => {
-					link = a;
+					return Self::add_new_account(link, manager, account_name, linker);
 					break;
 				}
 				Err(AccountLinkError::MustProvidePhoneNumber) => {
 					// As of Dec 12, 2023, Steam no longer appears to require a phone number to add an authenticator. Keeping this code here just in case.
 					eprintln!("Looks like you don't have a phone number on this account.");
 					do_add_phone_number(transport.clone(), linker.tokens())?;
 				}
@ -50,6 +57,49 @@ where
 					println!("Check your email and click the link.");
 					tui::pause();
 				}
 				Err(AccountLinkError::AuthenticatorPresent) => {
 					eprintln!("It looks like there's already an authenticator on this account. If you want to link it to steamguard-cli, you'll need to remove it first. If you remove it using your revocation code (R#####), you'll get a 15 day trade ban.");
 					eprintln!("However, you can \"transfer\" the authenticator to steamguard-cli if you have access to the phone number associated with your account. This will cause you to get only a 2 day trade ban.");
 					eprintln!("If you were using SDA or WinAuth, you can import it into steamguard-cli with the `import` command, and have no trade ban.");
 					eprintln!("You can't have the same authenticator on steamguard-cli and the steam mobile app at the same time.");
 					eprintln!("\nHere are your options:");
 					eprintln!("[T] Transfer authenticator to steamguard-cli (2 day trade ban)");
 					eprintln!("[R] Revoke authenticator with revocation code (15 day trade ban)");
 					eprintln!("[A] Abort setup");
 					let answer = tui::prompt_char("What would you like to do?", "Tra");
 					match answer {
 						't' => return Self::transfer_new_account(linker, manager),
 						'r' => {
 							loop {
 								let revocation_code =
 									tui::prompt_non_empty("Enter your revocation code (R#####): ");
 								match linker.remove_authenticator(Some(&revocation_code)) {
 									Ok(_) => break,
 									Err(RemoveAuthenticatorError::IncorrectRevocationCode {
 										attempts_remaining,
 									}) => {
 										error!(
 											"Revocation code was incorrect ({} attempts remaining)",
 											attempts_remaining
 										);
 										if attempts_remaining == 0 {
 											error!("No attempts remaining, aborting!");
 											bail!("Failed to remove authenticator: no attempts remaining")
 										}
 									}
 									Err(err) => {
 										error!("Failed to remove authenticator: {}", err);
 									}
 								}
 							}
 						}
 						_ => {
 							info!("Aborting account linking.");
 							return Err(AccountLinkError::AuthenticatorPresent.into());
 						}
 					}
 				}
 				Err(err) => {
 					error!(
 						"Failed to link authenticator. Account has not been linked. {}",
@ -59,8 +109,23 @@ where
 				}
 			}
 		}
 	}
 }
 impl SetupCommand {
 	/// Add a new account to the manifest after linking has started.
 	fn add_new_account<T>(
 		link: AccountLinkSuccess,
 		manager: &mut AccountManager,
 		account_name: String,
 		mut linker: AccountLinker<T>,
 	) -> Result<(), anyhow::Error>
 	where
 		T: Transport + Clone,
 	{
 		let mut server_time = link.server_time();
 		let phone_number_hint = link.phone_number_hint().to_owned();
 		let confirm_type = link.confirm_type();
 		manager.add_account(link.into_account());
 		match manager.save() {
 			Ok(_) => {}
@ -73,25 +138,35 @@ where
 				return Err(err);
 			}
 		}
 		let account_arc = manager
 			.get_account(&account_name)
 			.expect("account was not present in manifest");
 		let mut account = account_arc.lock().unwrap();
 		eprintln!("Authenticator has not yet been linked. Before continuing with finalization, please take the time to write down your revocation code: {}", account.revocation_code.expose_secret());
 		tui::pause();
 		debug!("attempting link finalization");
-		println!(
+		let confirm_code = match confirm_type {
 			AccountLinkConfirmType::Email => {
 				eprintln!(
 					"A code has been sent to the email address associated with this account."
 				);
 				tui::prompt_non_empty("Enter email code: ")
 			}
 			AccountLinkConfirmType::SMS => {
 				eprintln!(
 					"A code has been sent to your phone number ending in {}.",
 					phone_number_hint
 				);
-		print!("Enter SMS code: ");
+				tui::prompt_non_empty("Enter SMS code: ")
-		let sms_code = tui::prompt();
+			}
 			AccountLinkConfirmType::Unknown(t) => {
 				error!("Unknown link confirm type: {}", t);
 				bail!("Unknown link confirm type: {}", t);
 			}
 		};
 		let mut tries = 0;
 		loop {
-			match linker.finalize(server_time, &mut account, sms_code.clone()) {
+			match linker.finalize(server_time, &mut account, confirm_code.clone()) {
 				Ok(_) => break,
 				Err(FinalizeLinkError::WantMore { server_time: s }) => {
 					server_time = s;
@ -109,8 +184,20 @@ where
 			}
 		}
 		let revocation_code = account.revocation_code.clone();
-		drop(account); // explicitly drop the lock so we don't hang on the mutex
+		drop(account);
-
+		info!("Verifying authenticator status...");
 		let status =
 			linker.query_status(&manager.get_account(&account_name).unwrap().lock().unwrap())?;
 		if status.state() == 0 {
 			debug!(
 				"authenticator state: {} -- did not actually finalize",
 				status.state()
 			);
 			debug!("full status: {:#?}", status);
 			manager.remove_account(&account_name);
 			manager.save()?;
 			bail!("Authenticator finalization was unsuccessful. You may have entered the wrong confirm code in the previous step. Try again.");
 		}
 		info!("Authenticator finalized.");
 		match manager.save() {
 			Ok(_) => {}
@ -122,12 +209,52 @@ where
 				return Err(err);
 			}
 		}
 		eprintln!(
 			"Authenticator has been finalized. Please actually write down your revocation code: {}",
 			revocation_code.expose_secret()
 		);
 		Ok(())
 	}
 	/// Transfer an existing authenticator to steamguard-cli.
 	fn transfer_new_account<T>(
 		mut linker: AccountLinker<T>,
 		manager: &mut AccountManager,
 	) -> anyhow::Result<()>
 	where
 		T: Transport + Clone,
 	{
 		info!("Transferring authenticator to steamguard-cli");
 		linker.transfer_start()?;
 		let account: SteamGuardAccount;
 		loop {
 			let sms_code = tui::prompt_non_empty("Enter SMS code: ");
 			match linker.transfer_finish(sms_code) {
 				Ok(acc) => {
 					account = acc;
 					break;
 				}
 				Err(err) => {
 					error!("Failed to transfer authenticator: {}", err);
 				}
 			}
 		}
 		info!("Transfer successful, adding account to manifest");
 		let revocation_code = account.revocation_code.clone();
 		eprintln!(
 			"Take a moment to write down your revocation code: {}",
 			revocation_code.expose_secret()
 		);
 		manager.add_account(account);
 		manager.save()?;
 		eprintln!(
 			"Make sure you have your revocation code written down: {}",
 			revocation_code.expose_secret()
 		);
 		Ok(())
 	}
 }
--- a/src/fixtures/maFiles/compat/missing-unnecessary/1234.maFile
+++ b/src/fixtures/maFiles/compat/missing-unnecessary/1234.maFile
@ -0,0 +1 @@
 {"shared_secret":"zvIayp3JPvtvX/QGHqsqKBk/44s=","serial_number":"kljasfhds","revocation_code":"R12345","uri":"otpauth://totp/Steam:example?secret=ASDF&issuer=Steam","account_name":"example","token_gid":"jkkjlhkhjgf","identity_secret":"kjsdlwowiqe=","secret_1":"sklduhfgsdlkjhf=","status":1,"device_id":"android:99d2ad0e-4bad-4247-b111-26393aae0be3","Session":{"SessionID":"a;lskdjf","SteamLogin":"983498437543","SteamLoginSecure":"dlkjdsl;j%7C%32984730298","WebCookie":";lkjsed;klfjas98093","OAuthToken":"asdk;lf;dsjlkfd","SteamID":1234}}
--- a/src/fixtures/maFiles/compat/missing-unnecessary/manifest.json
+++ b/src/fixtures/maFiles/compat/missing-unnecessary/manifest.json
@ -0,0 +1 @@
 {"encrypted":false,"first_run":true,"entries":[{"encryption_iv":null,"encryption_salt":null,"filename":"1234.maFile","steamid":1234}],"periodic_checking":false,"periodic_checking_interval":5,"periodic_checking_checkall":false,"auto_confirm_market_transactions":false,"auto_confirm_trades":false}
--- a/src/fixtures/maFiles/compat/steamv2/sample.maFile
+++ b/src/fixtures/maFiles/compat/steamv2/sample.maFile
@ -0,0 +1,14 @@
 {
 	"steamid": "76561199441992970",
 	"shared_secret": "kSJa7hfbr8IvReG9/1Ax13BhTJA=",
 	"serial_number": "5182004572898897156",
 	"revocation_code": "R52260",
 	"uri": "otpauth://totp/Steam:afarihm?secret=SERFV3QX3OX4EL2F4G676UBR25YGCTEQ&issuer=Steam",
 	"server_time": "123",
 	"account_name": "afarihm",
 	"token_gid": "2d5a1b6cdbbfa9cc",
 	"identity_secret": "f62XbJcml4r1j3NcFm0GGTtmcXw=",
 	"secret_1": "BEelQHBr74ahsgiJbGArNV62/Bs=",
 	"status": 1,
 	"steamguard_scheme": "2"
 }
--- a/src/fixtures/maFiles/compat/winauth/exports.txt
+++ b/src/fixtures/maFiles/compat/winauth/exports.txt
@ -0,0 +1,2 @@
 otpauth://totp/Steam:example?secret=ASDF&issuer=Steam&data=%7B%22shared%5Fsecret%22%3A%22zvIayp3JPvtvX%2FQGHqsqKBk%2F44s%3D%22%2C%22serial%5Fnumber%22%3A%22kljasfhds%22%2C%22revocation%5Fcode%22%3A%22R12345%22%2C%22uri%22%3A%22otpauth%3A%2F%2Ftotp%2FSteam%3Aexample%3Fsecret%3DASDF%26issuer%3DSteam%22%2C%22server%5Ftime%22%3A1602522478%2C%22account%5Fname%22%3A%22example%22%2C%22token%5Fgid%22%3A%22jkkjlhkhjgf%22%2C%22identity%5Fsecret%22%3A%22kjsdlwowiqe%3D%22%2C%22secret%5F1%22%3A%22sklduhfgsdlkjhf%3D%22%2C%22status%22%3A1%2C%22device%5Fid%22%3A%22android%3A99d2ad0e%2D4bad%2D4247%2Db111%2D26393aae0be3%22%2C%22fully%5Fenrolled%22%3Atrue%2C%22Session%22%3A%7B%22SessionID%22%3A%22a%3Blskdjf%22%2C%22SteamLogin%22%3A%22983498437543%22%2C%22SteamLoginSecure%22%3A%22dlkjdsl%3Bj%257C%2532984730298%22%2C%22WebCookie%22%3A%22%3Blkjsed%3Bklfjas98093%22%2C%22OAuthToken%22%3A%22asdk%3Blf%3Bdsjlkfd%22%2C%22SteamID%22%3A1234%7D%7D
 otpauth://totp/Steam:example2?secret=ASDF&issuer=Steam&data=%7B%22shared%5Fsecret%22%3A%22zvIayp3JPvtvX%2FQGHqsqKBk%2F44s%3D%22%2C%22serial%5Fnumber%22%3A%22kljasfhds%22%2C%22revocation%5Fcode%22%3A%22R56789%22%2C%22uri%22%3A%22otpauth%3A%2F%2Ftotp%2FSteam%3Aexample%3Fsecret%3DASDF%26issuer%3DSteam%22%2C%22server%5Ftime%22%3A1602522478%2C%22account%5Fname%22%3A%22example2%22%2C%22token%5Fgid%22%3A%22jkkjlhkhjgf%22%2C%22identity%5Fsecret%22%3A%22kjsdlwowiqe%3D%22%2C%22secret%5F1%22%3A%22sklduhfgsdlkjhf%3D%22%2C%22status%22%3A1%2C%22device%5Fid%22%3A%22android%3A99d2ad0e%2D4bad%2D4247%2Db111%2D26393aae0be3%22%2C%22fully%5Fenrolled%22%3Atrue%2C%22Session%22%3A%7B%22SessionID%22%3A%22a%3Blskdjf%22%2C%22SteamLogin%22%3A%22983498437543%22%2C%22SteamLoginSecure%22%3A%22dlkjdsl%3Bj%257C%2532984730298%22%2C%22WebCookie%22%3A%22%3Blkjsed%3Bklfjas98093%22%2C%22OAuthToken%22%3A%22asdk%3Blf%3Bdsjlkfd%22%2C%22SteamID%22%3A5678%7D%7D
--- a/src/fixtures/qr-codes/login-qr.png
+++ b/src/fixtures/qr-codes/login-qr.png
--- a/src/login.rs
+++ b/src/login.rs
@ -8,6 +8,7 @@ use steamguard::{
 	steamapi::{self, AuthenticationClient},
 	token::Tokens,
 	transport::Transport,
 	userlogin::UpdateAuthSessionError,
 	DeviceDetails, LoginError, SteamGuardAccount, UserLogin,
 };
@ -17,6 +18,7 @@ use crate::tui;
 pub fn do_login<T: Transport + Clone>(
 	transport: T,
 	account: &mut SteamGuardAccount,
 	password: Option<SecretString>,
 ) -> anyhow::Result<()> {
 	if let Some(tokens) = account.tokens.as_mut() {
 		info!("Refreshing access token...");
@ -44,7 +46,11 @@ pub fn do_login<T: Transport + Clone>(
 		account.account_name = tui::prompt();
 	}
 	let _ = std::io::stdout().flush();
-	let password = tui::prompt_password()?;
+	let password = if let Some(p) = password {
 		p
 	} else {
 		tui::prompt_password()?
 	};
 	if !password.expose_secret().is_empty() {
 		debug!("password is present");
 	} else {
@ -65,9 +71,14 @@ pub fn do_login<T: Transport + Clone>(
 pub fn do_login_raw<T: Transport + Clone>(
 	transport: T,
 	username: String,
 	password: Option<SecretString>,
 ) -> anyhow::Result<Tokens> {
 	let _ = std::io::stdout().flush();
-	let password = tui::prompt_password()?;
+	let password = if let Some(p) = password {
 		p
 	} else {
 		tui::prompt_password()?
 	};
 	if !password.expose_secret().is_empty() {
 		debug!("password is present");
 	} else {
@ -82,6 +93,7 @@ fn do_login_impl<T: Transport + Clone>(
 	password: SecretString,
 	account: Option<&SteamGuardAccount>,
 ) -> anyhow::Result<Tokens> {
 	debug!("starting login");
 	let mut login = UserLogin::new(transport.clone(), build_device_details());
 	let mut password = password;
@ -108,6 +120,12 @@ fn do_login_impl<T: Transport + Clone>(
 		}
 	}
 	debug!(
 		"got {} confirmation methods: {:#?}",
 		confirmation_methods.len(),
 		confirmation_methods
 	);
 	for method in confirmation_methods {
 		match method.confirmation_type {
 			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceConfirmation => {
@ -124,21 +142,52 @@ fn do_login_impl<T: Transport + Clone>(
 				eprintln!("Press enter when you have confirmed.");
 				tui::pause();
 			}
-			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode => {
+			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode
 			| EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {
 				let prompt = if method.confirmation_type
 					== EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode
 				{
 					"Enter the 2fa code from your device: "
 				} else {
 					"Enter the 2fa code sent to your email: "
 				};
 				let mut attempts = 0;
 				loop {
 					let code = if let Some(account) = account {
 						debug!("Generating 2fa code...");
-					let time = steamapi::get_server_time(transport)?.server_time();
+						let time = steamapi::get_server_time(transport.clone())?.server_time();
 						account.generate_code(time)
 					} else {
-					eprint!("Enter the 2fa code from your device: ");
+						tui::prompt_non_empty(prompt).trim().to_owned()
 					tui::prompt().trim().to_owned()
 					};
-				login.submit_steam_guard_code(method.confirmation_type, code)?;
+
 					match login.submit_steam_guard_code(method.confirmation_type, code) {
 						Ok(_) => break,
 						Err(err) => {
 							error!("Failed to submit code: {}", err);
 							match err {
 								UpdateAuthSessionError::TooManyAttempts
 								| UpdateAuthSessionError::SessionExpired
 								| UpdateAuthSessionError::InvalidGuardType => {
 									error!("Error is unrecoverable. Aborting.");
 									return Err(err.into());
 								}
-			EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {
+								_ => {}
-				eprint!("Enter the 2fa code sent to your email: ");
+							}
-				let code = tui::prompt().trim().to_owned();
+							attempts += 1;
-				login.submit_steam_guard_code(method.confirmation_type, code)?;
+							debug!("Attempts: {}/3", attempts);
 							if attempts >= 3 {
 								error!("Too many failed attempts. Aborting.");
 								return Err(err.into());
 							}
 						}
 					}
 				}
 			}
 			EAuthSessionGuardType::k_EAuthSessionGuardType_None => {
 				debug!("No login confirmation required. Proceeding with login.");
 				continue;
 			}
 			_ => {
 				warn!("Unknown confirmation method: {:?}", method);
--- a/src/main.rs
+++ b/src/main.rs
@ -86,7 +86,7 @@ fn run(args: commands::Args) -> anyhow::Result<()> {
 		Subcommands::Import(args) => CommandType::Manifest(Box::new(args)),
 		Subcommands::Encrypt(args) => CommandType::Manifest(Box::new(args)),
 		Subcommands::Decrypt(args) => CommandType::Manifest(Box::new(args)),
-		Subcommands::Trade(args) => CommandType::Account(Box::new(args)),
+		Subcommands::Confirm(args) => CommandType::Account(Box::new(args)),
 		Subcommands::Remove(args) => CommandType::Account(Box::new(args)),
 		Subcommands::Code(args) => CommandType::Account(Box::new(args)),
 		#[cfg(feature = "qr")]
@ -232,7 +232,7 @@ fn run(args: commands::Args) -> anyhow::Result<()> {
 	let transport = WebApiTransport::new(http_client);
 	if let CommandType::Manifest(cmd) = cmd {
-		cmd.execute(transport, &mut manager)?;
+		cmd.execute(transport, &mut manager, &globalargs)?;
 		return Ok(());
 	}
@ -269,7 +269,7 @@ fn run(args: commands::Args) -> anyhow::Result<()> {
 	);
 	if let CommandType::Account(cmd) = cmd {
-		return cmd.execute(transport, &mut manager, selected_accounts);
+		return cmd.execute(transport, &mut manager, selected_accounts, &globalargs);
 	}
 	Ok(())
--- a/src/tui.rs
+++ b/src/tui.rs
@ -1,3 +1,4 @@
 use anyhow::Context;
 use crossterm::{
 	cursor,
 	event::{Event, KeyCode, KeyEvent, KeyModifiers},
@ -6,6 +7,7 @@ use crossterm::{
 	terminal::{Clear, ClearType, EnterAlternateScreen, LeaveAlternateScreen},
 	QueueableCommand,
 };
 use log::debug;
 use secrecy::SecretString;
 use std::collections::HashSet;
 use std::io::{stderr, stdout, Write};
@ -32,9 +34,20 @@ pub(crate) fn prompt() -> String {
 	line
 }
 pub(crate) fn prompt_non_empty(prompt_text: impl AsRef<str>) -> String {
 	loop {
 		eprint!("{}", prompt_text.as_ref());
 		let input = prompt();
 		if !input.is_empty() {
 			return input;
 		}
 	}
 }
 /// Prompt the user for a single character response. Useful for asking yes or no questions.
 ///
 /// `chars` should be all lowercase characters, with at most 1 uppercase character. The uppercase character is the default answer if no answer is provided.
 /// The selected character returned will always be lowercase.
 pub(crate) fn prompt_char(text: &str, chars: &str) -> char {
 	loop {
 		let _ = stderr().queue(Print(format!("{} [{}] ", text, chars)));
@ -46,10 +59,7 @@ pub(crate) fn prompt_char(text: &str, chars: &str) -> char {
 	}
 }
-fn prompt_char_impl<T>(input: T, chars: &str) -> anyhow::Result<char>
+fn prompt_char_impl(input: impl Into<String>, chars: &str) -> anyhow::Result<char> {
 where
 	T: Into<String>,
 {
 	let uppers = chars.replace(char::is_lowercase, "");
 	if uppers.len() > 1 {
 		panic!("Invalid chars for prompt_char. Maximum 1 uppercase letter is allowed.");
@ -245,18 +255,21 @@ pub(crate) fn pause() {
 	}
 }
-pub(crate) fn prompt_passkey() -> std::io::Result<SecretString> {
+pub(crate) fn prompt_passkey() -> anyhow::Result<SecretString> {
 	debug!("prompting for passkey");
 	loop {
-		let raw = rpassword::prompt_password_stdout("Enter encryption passkey: ")?;
+		let raw = rpassword::prompt_password("Enter encryption passkey: ")
 			.context("prompting for passkey")?;
 		if !raw.is_empty() {
 			return Ok(SecretString::new(raw));
 		}
 	}
 }
-pub(crate) fn prompt_password() -> std::io::Result<SecretString> {
+pub(crate) fn prompt_password() -> anyhow::Result<SecretString> {
 	debug!("prompting for password");
 	loop {
-		let raw = rpassword::prompt_password_stdout("Password: ")?;
+		let raw = rpassword::prompt_password("Password: ").context("prompting for password")?;
 		if !raw.is_empty() {
 			return Ok(SecretString::new(raw));
 		}
@ -288,7 +301,7 @@ mod prompt_char_tests {
 	#[test]
 	fn test_should_not_give_invalid() {
 		let answer = prompt_char_impl("g", "yn");
-		assert!(matches!(answer, Err(_)));
+		assert!(answer.is_err());
 		let answer = prompt_char_impl("n", "yn").unwrap();
 		assert_eq!(answer, 'n');
 	}
@ -296,6 +309,6 @@ mod prompt_char_tests {
 	#[test]
 	fn test_should_not_give_multichar() {
 		let answer = prompt_char_impl("yy", "yn");
-		assert!(matches!(answer, Err(_)));
+		assert!(answer.is_err());
 	}
 }
--- a/steamguard/Cargo.toml
+++ b/steamguard/Cargo.toml
@ -1,31 +1,34 @@
 [package]
 name = "steamguard"
-version = "0.10.3"
+version = "0.14.0"
 authors = ["Carson McManus <carson.mcmanus1@gmail.com>"]
-edition = "2018"
+edition = "2021"
 description = "Library for generating 2fa codes for Steam and responding to mobile confirmations."
 keywords = ["steam", "2fa", "steamguard", "authentication"]
 repository = "https://github.com/dyc3/steamguard-cli/tree/master/steamguard"
 license = "MIT OR Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 anyhow = "^1.0"
 sha1 = "^0.10"
-base64 = "^0.21"
+base64 = "^0.22.1"
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
+reqwest = { version = "0.12", default-features = false, features = [
 	"blocking",
 	"json",
 	"cookies",
 	"gzip",
 	"rustls-tls",
 	"multipart",
 ] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rsa = "0.9.2"
 rand = "0.8.4"
-standback = "0.2.17" # required to fix a compilation error on a transient dependency
+cookie = "0.18"
 cookie = "0.14"
 regex = "1"
 lazy_static = "1.4.0"
-uuid = { version = "0.8", features = ["v4"] }
+uuid = { version = "1.8", features = ["v4"] }
 log = "0.4.19"
 scraper = "0.12.0"
 maplit = "1.0.2"
 thiserror = "1.0.26"
 secrecy = { version = "0.8", features = ["serde"] }
@ -36,6 +39,7 @@ phonenumber = "0.3"
 serde_path_to_error = "0.1.11"
 hmac = "^0.12"
 sha2 = "^0.10"
 num_enum = "0.7.2"
 [build-dependencies]
 anyhow = "^1.0"
--- a/steamguard/protobufs/custom.proto
+++ b/steamguard/protobufs/custom.proto
@ -19,5 +19,3 @@ message CAuthentication_BeginAuthSessionViaCredentials_Request_BinaryGuardData {
  optional uint32 language = 11;
  optional int32 qos_level = 12 [default = 2, (description) = "[ENetQOSLevel] client-specified priority for this auth attempt"];
 }
 message CTwoFactor_Time_Request {}
--- a/steamguard/protobufs/enums.proto
+++ b/steamguard/protobufs/enums.proto
@ -59,9 +59,10 @@ enum EPersonaStateFlag {
 enum EContentCheckProvider {
 	k_EContentCheckProvider_Invalid = 0;
-	k_EContentCheckProvider_Google = 1;
+	k_EContentCheckProvider_Google_DEPRECATED = 1;
 	k_EContentCheckProvider_Amazon = 2;
 	k_EContentCheckProvider_Local = 3;
 	k_EContentCheckProvider_GoogleVertexAI = 4;
 }
 enum EProfileCustomizationType {
@ -89,6 +90,7 @@ enum EProfileCustomizationType {
 	k_EProfileCustomizationTypeLoyaltyRewardReactions = 21;
 	k_EProfileCustomizationTypeSingleArtworkShowcase = 22;
 	k_EProfileCustomizationTypeAchievementsCompletionist = 23;
 	k_EProfileCustomizationTypeReplay = 24;
 }
 enum EPublishedFileStorageSystem {
@ -113,17 +115,32 @@ enum ESDCardFormatStage {
 	k_ESDCardFormatStage_Finalizing = 5;
 }
 enum EStorageFormatStage {
 	k_EStorageFormatStage_Invalid = 0;
 	k_EStorageFormatStage_NotRunning = 1;
 	k_EStorageFormatStage_Starting = 2;
 	k_EStorageFormatStage_Testing = 3;
 	k_EStorageFormatStage_Rescuing = 4;
 	k_EStorageFormatStage_Formatting = 5;
 	k_EStorageFormatStage_Finalizing = 6;
 }
 enum ESystemFanControlMode {
 	k_SystemFanControlMode_Invalid = 0;
 	k_SystemFanControlMode_Disabled = 1;
 	k_SystemFanControlMode_Default = 2;
 }
-enum EColorProfile {
+enum EStartupMovieVariant {
-	k_EColorProfile_Invalid = 0;
+	k_EStartupMovieVariant_Invalid = 0;
-	k_EColorProfile_Native = 1;
+	k_EStartupMovieVariant_Default = 1;
-	k_EColorProfile_Standard = 2;
+	k_EStartupMovieVariant_Orange = 2;
-	k_EColorProfile_Vivid = 3;
+}
 enum EColorGamutLabelSet {
 	k_ColorGamutLabelSet_Default = 0;
 	k_ColorGamutLabelSet_sRGB_Native = 1;
 	k_ColorGamutLabelSet_Native_sRGB_Boosted = 2;
 }
 enum EBluetoothDeviceType {
@ -206,6 +223,52 @@ enum EScalingFilter {
 	k_EScalingFilter_NIS = 5;
 }
 enum ESplitScalingFilter {
 	k_ESplitScalingFilter_Invalid = 0;
 	k_ESplitScalingFilter_Linear = 1;
 	k_ESplitScalingFilter_Nearest = 2;
 	k_ESplitScalingFilter_FSR = 3;
 	k_ESplitScalingFilter_NIS = 4;
 }
 enum ESplitScalingScaler {
 	k_ESplitScalingScaler_Invalid = 0;
 	k_ESplitScalingScaler_Auto = 1;
 	k_ESplitScalingScaler_Integer = 2;
 	k_ESplitScalingScaler_Fit = 3;
 	k_ESplitScalingScaler_Fill = 4;
 	k_ESplitScalingScaler_Stretch = 5;
 }
 enum EGamescopeBlurMode {
 	k_EGamescopeBlurMode_Disabled = 0;
 	k_EGamescopeBlurMode_IfOccluded = 1;
 	k_EGamescopeBlurMode_Always = 2;
 }
 enum ESLSHelper {
 	k_ESLSHelper_Invalid = 0;
 	k_ESLSHelper_Minidump = 1;
 	k_ESLSHelper_Kdump = 2;
 	k_ESLSHelper_Journal = 3;
 	k_ESLSHelper_Gpu = 4;
 	k_ESLSHelper_SystemInfo = 5;
 }
 enum EHDRVisualization {
 	k_EHDRVisualization_None = 0;
 	k_EHDRVisualization_Heatmap = 1;
 	k_EHDRVisualization_Analysis = 2;
 	k_EHDRVisualization_HeatmapExtended = 3;
 	k_EHDRVisualization_HeatmapClassic = 4;
 }
 enum EHDRToneMapOperator {
 	k_EHDRToneMapOperator_Invalid = 0;
 	k_EHDRToneMapOperator_Uncharted = 1;
 	k_EHDRToneMapOperator_Reinhard = 2;
 }
 enum ECPUGovernor {
 	k_ECPUGovernor_Invalid = 0;
 	k_ECPUGovernor_Perf = 1;
@ -249,6 +312,20 @@ enum EStorageBlockFileSystemType {
 	k_EStorageBlockFileSystemType_Ext4 = 3;
 }
 enum EStorageDriveMediaType {
 	k_EStorageDriveMediaType_Invalid = 0;
 	k_EStorageDriveMediaType_Unknown = 1;
 	k_EStorageDriveMediaType_HDD = 2;
 	k_EStorageDriveMediaType_SSD = 3;
 	k_EStorageDriveMediaType_Removable = 4;
 }
 enum ESystemDisplayCompatibilityMode {
 	k_ESystemDisplayCompatibilityMode_Invalid = 0;
 	k_ESystemDisplayCompatibilityMode_None = 1;
 	k_ESystemDisplayCompatibilityMode_MinimalBandwith = 2;
 }
 enum ESteamDeckCompatibilityCategory {
 	k_ESteamDeckCompatibilityCategory_Unknown = 0;
 	k_ESteamDeckCompatibilityCategory_Unsupported = 1;
@ -285,6 +362,7 @@ enum EOSBranch {
 	k_EOSBranch_Beta = 3;
 	k_EOSBranch_BetaCandidate = 4;
 	k_EOSBranch_Main = 5;
 	k_EOSBranch_Staging = 6;
 }
 enum ECommunityItemClass {
@ -305,6 +383,7 @@ enum ECommunityItemClass {
 	k_ECommunityItemClass_AvatarFrame = 14;
 	k_ECommunityItemClass_AnimatedAvatar = 15;
 	k_ECommunityItemClass_SteamDeckKeyboardSkin = 16;
 	k_ECommunityItemClass_SteamDeckStartupMovie = 17;
 }
 enum ESteamDeckCompatibilityFeedback {
@ -342,3 +421,54 @@ enum ESessionPersistence {
 	k_ESessionPersistence_Ephemeral = 0;
 	k_ESessionPersistence_Persistent = 1;
 }
 enum ENewSteamAnnouncementState {
 	k_ENewSteamAnnouncementState_Invalid = 0;
 	k_ENewSteamAnnouncementState_AllRead = 1;
 	k_ENewSteamAnnouncementState_NewAnnouncement = 2;
 	k_ENewSteamAnnouncementState_FeaturedAnnouncement = 3;
 }
 enum ECommentThreadType {
 	k_ECommentThreadTypeInvalid = 0;
 	k_ECommentThreadTypeScreenshot_Deprecated = 1;
 	k_ECommentThreadTypeWorkshopAccount_Developer = 2;
 	k_ECommentThreadTypeWorkshopAccount_Public = 3;
 	k_ECommentThreadTypePublishedFile_Developer = 4;
 	k_ECommentThreadTypePublishedFile_Public = 5;
 	k_ECommentThreadTypeTest = 6;
 	k_ECommentThreadTypeForumTopic = 7;
 	k_ECommentThreadTypeRecommendation = 8;
 	k_ECommentThreadTypeVideo_Deprecated = 9;
 	k_ECommentThreadTypeProfile = 10;
 	k_ECommentThreadTypeNewsPost = 11;
 	k_ECommentThreadTypeClan = 12;
 	k_ECommentThreadTypeClanAnnouncement = 13;
 	k_ECommentThreadTypeClanEvent = 14;
 	k_ECommentThreadTypeUserStatusPublished = 15;
 	k_ECommentThreadTypeUserReceivedNewGame = 16;
 	k_ECommentThreadTypePublishedFile_Announcement = 17;
 	k_ECommentThreadTypeModeratorMessage = 18;
 	k_ECommentThreadTypeClanCuratedApp = 19;
 	k_ECommentThreadTypeQAndASession = 20;
 	k_ECommentThreadTypeMax = 21;
 }
 enum EBroadcastPermission {
 	k_EBroadcastPermissionDisabled = 0;
 	k_EBroadcastPermissionFriendsApprove = 1;
 	k_EBroadcastPermissionFriendsAllowed = 2;
 	k_EBroadcastPermissionPublic = 3;
 	k_EBroadcastPermissionSubscribers = 4;
 }
 enum EBroadcastEncoderSetting {
 	k_EBroadcastEncoderBestQuality = 0;
 	k_EBroadcastEncoderBestPerformance = 1;
 }
 enum ECloudGamingPlatform {
 	k_ECloudGamingPlatformNone = 0;
 	k_ECloudGamingPlatformValve = 1;
 	k_ECloudGamingPlatformNVIDIA = 2;
 }
--- a/steamguard/protobufs/service_twofactor.proto
+++ b/steamguard/protobufs/service_twofactor.proto
@ -38,20 +38,13 @@ message CTwoFactor_AddAuthenticator_Response {
 	optional bytes secret_1 = 9;
 	optional int32 status = 10;
 	optional string phone_number_hint = 11;
-}
+	optional int32 confirm_type = 12;
 message CTwoFactor_CreateEmergencyCodes_Request {
 	optional string code = 1;
 }
 message CTwoFactor_CreateEmergencyCodes_Response {
 	repeated string codes = 1;
 }
 message CTwoFactor_DestroyEmergencyCodes_Request {
 	optional fixed64 steamid = 1;
 }
 message CTwoFactor_DestroyEmergencyCodes_Response {
 }
@ -132,6 +125,10 @@ message CTwoFactor_Status_Response {
 	optional uint32 version = 14;
 }
 message CTwoFactor_Time_Request {
 	optional uint64 sender_time = 1;
 }
 message CTwoFactor_Time_Response {
 	optional uint64 server_time = 1;
 	optional uint64 skew_tolerance_seconds = 2;
@ -153,25 +150,21 @@ message CTwoFactor_UpdateTokenVersion_Request {
 message CTwoFactor_UpdateTokenVersion_Response {
 }
 message CTwoFactor_ValidateToken_Request {
 	optional string code = 1;
 }
 message CTwoFactor_ValidateToken_Response {
 	optional bool valid = 1;
 }
 service TwoFactor {
 	rpc AddAuthenticator (.CTwoFactor_AddAuthenticator_Request) returns (.CTwoFactor_AddAuthenticator_Response);
-	rpc CreateEmergencyCodes (.CTwoFactor_CreateEmergencyCodes_Request) returns (.CTwoFactor_CreateEmergencyCodes_Response);
+	rpc CreateEmergencyCodes (.NotImplemented) returns (.CTwoFactor_CreateEmergencyCodes_Response);
-	rpc DestroyEmergencyCodes (.CTwoFactor_DestroyEmergencyCodes_Request) returns (.CTwoFactor_DestroyEmergencyCodes_Response);
+	rpc DestroyEmergencyCodes (.NotImplemented) returns (.CTwoFactor_DestroyEmergencyCodes_Response);
 	rpc FinalizeAddAuthenticator (.CTwoFactor_FinalizeAddAuthenticator_Request) returns (.CTwoFactor_FinalizeAddAuthenticator_Response);
 	rpc QueryStatus (.CTwoFactor_Status_Request) returns (.CTwoFactor_Status_Response);
-	rpc QueryTime (.NotImplemented) returns (.CTwoFactor_Time_Response);
+	rpc QueryTime (.CTwoFactor_Time_Request) returns (.CTwoFactor_Time_Response);
 	rpc RemoveAuthenticator (.CTwoFactor_RemoveAuthenticator_Request) returns (.CTwoFactor_RemoveAuthenticator_Response);
 	rpc RemoveAuthenticatorViaChallengeContinue (.CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request) returns (.CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response);
 	rpc RemoveAuthenticatorViaChallengeStart (.CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request) returns (.CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response);
 	rpc SendEmail (.CTwoFactor_SendEmail_Request) returns (.CTwoFactor_SendEmail_Response);
 	rpc UpdateTokenVersion (.CTwoFactor_UpdateTokenVersion_Request) returns (.CTwoFactor_UpdateTokenVersion_Response);
-	rpc ValidateToken (.CTwoFactor_ValidateToken_Request) returns (.CTwoFactor_ValidateToken_Response);
+	rpc ValidateToken (.NotImplemented) returns (.CTwoFactor_ValidateToken_Response);
 }
--- a/steamguard/protobufs/steammessages_auth.steamclient.proto
+++ b/steamguard/protobufs/steammessages_auth.steamclient.proto
@ -28,12 +28,20 @@ enum EAuthSessionSecurityHistory {
 	k_EAuthSessionSecurityHistory_NoPriorHistory = 2;
 }
 enum ETokenRenewalType {
 	k_ETokenRenewalType_None = 0;
 	k_ETokenRenewalType_Allow = 1;
 }
 enum EAuthTokenRevokeAction {
 	k_EAuthTokenRevokeLogout = 0;
 	k_EAuthTokenRevokePermanent = 1;
 	k_EAuthTokenRevokeReplaced = 2;
 	k_EAuthTokenRevokeSupport = 3;
 	k_EAuthTokenRevokeConsume = 4;
 	k_EAuthTokenRevokeNonRememberedLogout = 5;
 	k_EAuthTokenRevokeNonRememberedPermanent = 6;
 	k_EAuthTokenRevokeAutomatic = 7;
 }
 enum EAuthTokenState {
@ -62,6 +70,8 @@ message CAuthentication_DeviceDetails {
 	optional .EAuthTokenPlatformType platform_type = 2 [default = k_EAuthTokenPlatformType_Unknown, (description) = "EAuthTokenPlatformType, claimed, of device"];
 	optional int32 os_type = 3 [(description) = "EOSType, claimed, of authorized device"];
 	optional uint32 gaming_device_type = 4 [(description) = "EGamingDeviceType, claimed, of authorized device for steam client-type devices"];
 	optional uint32 client_count = 5 [(description) = "For desktop clients, quantized number of users in history"];
 	optional bytes machine_id = 6 [(description) = "Additional device context"];
 }
 message CAuthentication_BeginAuthSessionViaQR_Request {
@ -173,10 +183,12 @@ message CAuthentication_UpdateAuthSessionWithSteamGuardCode_Response {
 message CAuthentication_AccessToken_GenerateForApp_Request {
 	optional string refresh_token = 1;
 	optional fixed64 steamid = 2;
 	optional .ETokenRenewalType renewal_type = 3 [default = k_ETokenRenewalType_None];
 }
 message CAuthentication_AccessToken_GenerateForApp_Response {
 	optional string access_token = 1;
 	optional string refresh_token = 2;
 }
 message CAuthentication_RefreshToken_Enumerate_Request {
@ -228,6 +240,14 @@ message CAuthentication_MigrateMobileSession_Response {
 	optional string access_token = 2;
 }
 message CAuthentication_Token_Revoke_Request {
 	optional string token = 1;
 	optional .EAuthTokenRevokeAction revoke_action = 2 [default = k_EAuthTokenRevokePermanent, (description) = "Select between logout and logout-and-forget-machine"];
 }
 message CAuthentication_Token_Revoke_Response {
 }
 message CAuthentication_RefreshToken_Revoke_Request {
 	optional fixed64 token_id = 1;
 	optional fixed64 steamid = 2 [(description) = "Token holder if an admin action on behalf of another user"];
@ -373,6 +393,10 @@ service Authentication {
 		option (method_description) = "Migrates a WG token to an access and refresh token using a signature generated with the user's 2FA secret";
 	}
 	rpc RevokeToken (.CAuthentication_Token_Revoke_Request) returns (.CAuthentication_Token_Revoke_Response) {
 		option (method_description) = "Revoke a single token immediately, making it unable to renew or generate new access tokens";
 	}
 	rpc RevokeRefreshToken (.CAuthentication_RefreshToken_Revoke_Request) returns (.CAuthentication_RefreshToken_Revoke_Response) {
 		option (method_description) = "Mark the given refresh token as revoked";
 	}
--- a/steamguard/protobufs/steammessages_base.proto
+++ b/steamguard/protobufs/steammessages_base.proto
@ -92,6 +92,11 @@ message CMsgGCRoutingProtoBufHeader {
 }
 message CMsgProtoBufHeader {
 	enum ESessionDisposition {
 		k_ESessionDispositionNormal = 0;
 		k_ESessionDispositionDisconnect = 1;
 	}
 	optional fixed64 steamid = 1;
 	optional int32 client_sessionid = 2;
 	optional uint32 routing_appid = 3;
@ -120,6 +125,10 @@ message CMsgProtoBufHeader {
 	optional uint32 debug_source_string_index = 35;
 	optional uint64 token_id = 36;
 	optional .CMsgGCRoutingProtoBufHeader routing_gc = 37;
 	optional .CMsgProtoBufHeader.ESessionDisposition session_disposition = 38 [default = k_ESessionDispositionNormal];
 	optional string wg_token = 39;
 	optional string webui_auth_key = 40;
 	repeated int32 exclude_client_sessionids = 41;
 	oneof ip_addr {
 		uint32 ip = 15;
@ -145,6 +154,7 @@ message CMsgAuthTicket {
 	optional uint32 ticket_crc = 6;
 	optional bytes ticket = 7;
 	optional bytes server_secret = 8;
 	optional uint32 ticket_type = 9;
 }
 message CCDDBAppDetailCommon {
@ -302,6 +312,8 @@ message CPackageReservationStatus {
 	optional bool expired = 6;
 	optional uint32 time_expires = 7;
 	optional uint32 time_reserved = 8;
 	optional uint32 rtime_estimated_notification = 9;
 	optional string notificaton_token = 10;
 }
 message CMsgKeyValuePair {
@ -312,3 +324,12 @@ message CMsgKeyValuePair {
 message CMsgKeyValueSet {
 	repeated .CMsgKeyValuePair pairs = 1;
 }
 message UserContentDescriptorPreferences {
 	message ContentDescriptor {
 		optional uint32 content_descriptorid = 1;
 		optional uint32 timestamp_added = 2;
 	}
 	repeated .UserContentDescriptorPreferences.ContentDescriptor content_descriptors_to_exclude = 1;
 }
--- a/steamguard/protobufs/steammessages_clientserver_login.proto
+++ b/steamguard/protobufs/steammessages_clientserver_login.proto
@ -99,11 +99,11 @@ message CMsgClientLogonResponse {
 	optional string email_domain = 8;
 	optional bytes steam2_ticket = 9;
 	optional int32 eresult_extended = 10;
 	optional string webapi_authenticate_user_nonce = 11;
 	optional uint32 cell_id_ping_threshold = 12;
 	optional bool deprecated_use_pics = 13;
 	optional string vanity_url = 14;
 	optional .CMsgIPAddress public_ip = 15;
 	optional string user_country = 16;
 	optional fixed64 client_supplied_steamid = 20;
 	optional string ip_country_code = 21;
 	optional bytes parental_settings = 22;
--- a/steamguard/src/accountlinker.rs
+++ b/steamguard/src/accountlinker.rs
@ -1,9 +1,12 @@
 use crate::protobufs::service_twofactor::{
 	CTwoFactor_AddAuthenticator_Request, CTwoFactor_FinalizeAddAuthenticator_Request,
 	CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
 	CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
 	CTwoFactor_RemoveAuthenticator_Request, CTwoFactor_Status_Request, CTwoFactor_Status_Response,
 };
 use crate::steamapi::twofactor::TwoFactorClient;
 use crate::token::TwoFactorSecret;
-use crate::transport::Transport;
+use crate::transport::{Transport, TransportError};
 use crate::{steamapi::EResult, token::Tokens, SteamGuardAccount};
 use anyhow::Context;
 use base64::Engine;
@ -85,6 +88,7 @@ where
 			account,
 			server_time: resp.server_time(),
 			phone_number_hint: resp.take_phone_number_hint(),
 			confirm_type: resp.confirm_type().into(),
 		};
 		Ok(success)
 	}
@ -94,7 +98,7 @@ where
 		&mut self,
 		time: u64,
 		account: &mut SteamGuardAccount,
-		sms_code: String,
+		confirm_code: String,
 	) -> anyhow::Result<(), FinalizeLinkError> {
 		let code = account.generate_code(time);
@ -105,7 +109,8 @@ where
 		req.set_steamid(steam_id);
 		req.set_authenticator_code(code);
 		req.set_authenticator_time(time);
-		req.set_activation_code(sms_code);
+		req.set_activation_code(confirm_code);
 		req.set_validate_sms_code(true);
 		let resp = self.client.finalize_authenticator(req, token)?;
@ -124,6 +129,105 @@ where
 		self.finalized = true;
 		Ok(())
 	}
 	pub fn query_status(
 		&self,
 		account: &SteamGuardAccount,
 	) -> anyhow::Result<CTwoFactor_Status_Response> {
 		let mut req = CTwoFactor_Status_Request::new();
 		req.set_steamid(account.steam_id);
 		let resp = self.client.query_status(req, self.tokens.access_token())?;
 		Ok(resp.into_response_data())
 	}
 	pub fn remove_authenticator(
 		&self,
 		revocation_code: Option<&String>,
 	) -> Result<(), RemoveAuthenticatorError> {
 		let Some(revocation_code) = revocation_code else {
 			return Err(RemoveAuthenticatorError::MissingRevocationCode);
 		};
 		if revocation_code.is_empty() {
 			return Err(RemoveAuthenticatorError::MissingRevocationCode);
 		}
 		let mut req = CTwoFactor_RemoveAuthenticator_Request::new();
 		req.set_revocation_code(revocation_code.clone());
 		let resp = self
 			.client
 			.remove_authenticator(req, self.tokens.access_token())?;
 		// returns EResult::TwoFactorCodeMismatch if the revocation code is incorrect
 		if resp.result != EResult::OK && resp.result != EResult::TwoFactorCodeMismatch {
 			return Err(resp.result.into());
 		}
 		let resp = resp.into_response_data();
 		if !resp.success() {
 			return Err(RemoveAuthenticatorError::IncorrectRevocationCode {
 				attempts_remaining: resp.revocation_attempts_remaining(),
 			});
 		}
 		Ok(())
 	}
 	/// Begin the process of "transfering" a mobile authenticator from a different device to this device.
 	///
 	/// "Transfering" does not actually literally transfer the secrets from one device to another. Instead, it generates a new set of secrets on this device, and invalidates the old secrets on the other device. Call [`Self::transfer_finish`] to complete the process.
 	pub fn transfer_start(&mut self) -> Result<(), TransferError> {
 		let req = CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request::new();
 		let resp = self
 			.client
 			.remove_authenticator_via_challenge_start(req, self.tokens().access_token())?;
 		if resp.result != EResult::OK {
 			return Err(resp.result.into());
 		}
 		// the success field in the response is always None, so we can't check that
 		// it appears to not be used at all
 		Ok(())
 	}
 	/// Completes the process of "transfering" a mobile authenticator from a different device to this device.
 	pub fn transfer_finish(
 		&mut self,
 		sms_code: impl AsRef<str>,
 	) -> Result<SteamGuardAccount, TransferError> {
 		let access_token = self.tokens.access_token();
 		let steam_id = access_token
 			.decode()
 			.context("decoding access token")?
 			.steam_id();
 		let mut req = CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request::new();
 		req.set_sms_code(sms_code.as_ref().to_owned());
 		req.set_generate_new_token(true);
 		let resp = self
 			.client
 			.remove_authenticator_via_challenge_continue(req, access_token)?;
 		if resp.result != EResult::OK {
 			return Err(resp.result.into());
 		}
 		let resp = resp.into_response_data();
 		let mut resp = resp.replacement_token.clone().unwrap();
 		let account = SteamGuardAccount {
 			account_name: resp.take_account_name(),
 			steam_id,
 			serial_number: resp.serial_number().to_string(),
 			revocation_code: resp.take_revocation_code().into(),
 			uri: resp.take_uri().into(),
 			shared_secret: TwoFactorSecret::from_bytes(resp.take_shared_secret()),
 			token_gid: resp.take_token_gid(),
 			identity_secret: base64::engine::general_purpose::STANDARD
 				.encode(resp.take_identity_secret())
 				.into(),
 			device_id: self.device_id.clone(),
 			secret_1: base64::engine::general_purpose::STANDARD
 				.encode(resp.take_secret_1())
 				.into(),
 			tokens: Some(self.tokens.clone()),
 		};
 		Ok(account)
 	}
 }
 #[derive(Debug)]
@ -131,6 +235,7 @@ pub struct AccountLinkSuccess {
 	account: SteamGuardAccount,
 	server_time: u64,
 	phone_number_hint: String,
 	confirm_type: AccountLinkConfirmType,
 }
 impl AccountLinkSuccess {
@ -149,6 +254,28 @@ impl AccountLinkSuccess {
 	pub fn phone_number_hint(&self) -> &str {
 		&self.phone_number_hint
 	}
 	pub fn confirm_type(&self) -> AccountLinkConfirmType {
 		self.confirm_type
 	}
 }
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 #[repr(i32)]
 pub enum AccountLinkConfirmType {
 	SMS = 1,
 	Email = 3,
 	Unknown(i32),
 }
 impl From<i32> for AccountLinkConfirmType {
 	fn from(i: i32) -> Self {
 		match i {
 			1 => AccountLinkConfirmType::SMS,
 			3 => AccountLinkConfirmType::Email,
 			_ => AccountLinkConfirmType::Unknown(i),
 		}
 	}
 }
 fn generate_device_id() -> String {
@ -212,3 +339,44 @@ impl From<EResult> for FinalizeLinkError {
 		}
 	}
 }
 #[derive(Debug, thiserror::Error)]
 pub enum RemoveAuthenticatorError {
 	#[error("Missing revocation code")]
 	MissingRevocationCode,
 	#[error("Incorrect revocation code, {attempts_remaining} attempts remaining")]
 	IncorrectRevocationCode { attempts_remaining: u32 },
 	#[error("Transport error: {0}")]
 	TransportError(#[from] TransportError),
 	#[error("Steam returned an enexpected result: {0:?}")]
 	UnknownEResult(EResult),
 	#[error("Unexpected error: {0}")]
 	Unknown(#[from] anyhow::Error),
 }
 impl From<EResult> for RemoveAuthenticatorError {
 	fn from(e: EResult) -> Self {
 		Self::UnknownEResult(e)
 	}
 }
 #[derive(Error, Debug)]
 pub enum TransferError {
 	#[error("Provided SMS code was incorrect.")]
 	BadSmsCode,
 	#[error("Failed to send request to Steam: {0:?}")]
 	Transport(#[from] crate::transport::TransportError),
 	#[error("Steam returned an unexpected error code: {0:?}")]
 	UnknownEResult(EResult),
 	#[error(transparent)]
 	Unknown(#[from] anyhow::Error),
 }
 impl From<EResult> for TransferError {
 	fn from(result: EResult) -> Self {
 		match result {
 			EResult::SMSCodeFailed => TransferError::BadSmsCode,
 			r => TransferError::UnknownEResult(r),
 		}
 	}
 }
--- a/steamguard/src/api_responses/login.rs
+++ b/steamguard/src/api_responses/login.rs
@ -1,6 +1,7 @@
 use serde::Deserialize;
 #[derive(Debug, Clone, Deserialize)]
 #[allow(dead_code)]
 pub struct OAuthData {
 	pub oauth_token: String,
 	pub steamid: String,
--- a/steamguard/src/api_responses/mod.rs
+++ b/steamguard/src/api_responses/mod.rs
@ -3,5 +3,3 @@ mod login;
 mod phone_ajax;
 pub use i_authentication_service::*;
 pub use login::*;
 pub use phone_ajax::*;
--- a/steamguard/src/confirmation.rs
+++ b/steamguard/src/confirmation.rs
@ -82,7 +82,7 @@ where
 		cookies
 	}
-	pub fn get_trade_confirmations(&self) -> Result<Vec<Confirmation>, ConfirmerError> {
+	pub fn get_confirmations(&self) -> Result<Vec<Confirmation>, ConfirmerError> {
 		let cookies = self.build_cookie_jar();
 		let client = self.transport.innner_http_client()?;
@ -109,7 +109,11 @@ where
 			return Err(ConfirmerError::InvalidTokens);
 		}
 		if !body.success {
-			return Err(anyhow!("Server responded with failure.").into());
+			if let Some(msg) = body.message {
 				return Err(ConfirmerError::RemoteFailureWithMessage(msg));
 			} else {
 				return Err(ConfirmerError::RemoteFailure);
 			}
 		}
 		Ok(body.conf)
 	}
@ -162,7 +166,11 @@ where
 			return Err(ConfirmerError::InvalidTokens);
 		}
 		if !body.success {
-			return Err(anyhow!("Server responded with failure.").into());
+			if let Some(msg) = body.message {
 				return Err(ConfirmerError::RemoteFailureWithMessage(msg));
 			} else {
 				return Err(ConfirmerError::RemoteFailure);
 			}
 		}
 		Ok(())
@ -237,7 +245,11 @@ where
 			return Err(ConfirmerError::InvalidTokens);
 		}
 		if !body.success {
-			return Err(anyhow!("Server responded with failure.").into());
+			if let Some(msg) = body.message {
 				return Err(ConfirmerError::RemoteFailureWithMessage(msg));
 			} else {
 				return Err(ConfirmerError::RemoteFailure);
 			}
 		}
 		Ok(())
@ -316,6 +328,10 @@ pub enum ConfirmerError {
 	NetworkFailure(#[from] reqwest::Error),
 	#[error("Failed to deserialize response: {0}")]
 	DeserializeError(#[from] serde_path_to_error::Error<serde_json::Error>),
 	#[error("Remote failure: Valve's server responded with a failure and did not elaborate any further. This is likely not a steamguard-cli bug, Steam's confirmation API is just unreliable. Wait a bit and try again.")]
 	RemoteFailure,
 	#[error("Remote failure: Valve's server responded with a failure and said: {0}")]
 	RemoteFailureWithMessage(String),
 	#[error("Unknown error: {0}")]
 	Unknown(#[from] anyhow::Error),
 }
@ -351,34 +367,27 @@ impl Confirmation {
 	}
 }
-#[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize)]
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize, num_enum::FromPrimitive)]
 #[repr(u32)]
 #[serde(from = "u32")]
-/// Source: <https://github.com/SteamDatabase/SteamTracking/blob/6e7797e69b714c59f4b5784780b24753c17732ba/Structs/enums.steamd#L1607-L1616>
+/// Source: https://github.com/SteamDatabase/SteamTracking/blob/6e7797e69b714c59f4b5784780b24753c17732ba/Structs/enums.steamd#L1607-L1616
 /// There are also some additional undocumented types.
 pub enum ConfirmationType {
 	Test = 1,
 	/// Occurs when sending a trade offer or accepting a received trade offer, only when there is items on the user's side
 	Trade = 2,
 	/// Occurs when selling an item on the Steam community market
 	MarketSell = 3,
 	FeatureOptOut = 4,
 	/// Occurs when changing the phone number associated with the account
 	PhoneNumberChange = 5,
 	AccountRecovery = 6,
 	/// Occurs when a new web API key is created via https://steamcommunity.com/dev/apikey
 	ApiKeyCreation = 9,
 	#[num_enum(catch_all)]
 	Unknown(u32),
 }
 impl From<u32> for ConfirmationType {
 	fn from(text: u32) -> Self {
 		match text {
 			1 => ConfirmationType::Test,
 			2 => ConfirmationType::Trade,
 			3 => ConfirmationType::MarketSell,
 			4 => ConfirmationType::FeatureOptOut,
 			5 => ConfirmationType::PhoneNumberChange,
 			6 => ConfirmationType::AccountRecovery,
 			v => ConfirmationType::Unknown(v),
 		}
 	}
 }
 #[derive(Debug, Deserialize)]
 pub struct ConfirmationListResponse {
 	pub success: bool,
@ -386,13 +395,17 @@ pub struct ConfirmationListResponse {
 	pub needauth: Option<bool>,
 	#[serde(default)]
 	pub conf: Vec<Confirmation>,
 	#[serde(default)]
 	pub message: Option<String>,
 }
-#[derive(Debug, Clone, Copy, Deserialize)]
+#[derive(Debug, Clone, Deserialize)]
 pub struct SendConfirmationResponse {
 	pub success: bool,
 	#[serde(default)]
 	pub needsauth: Option<bool>,
 	#[serde(default)]
 	pub message: Option<String>,
 }
 fn build_time_bytes(time: u64) -> [u8; 8] {
--- a/steamguard/src/lib.rs
+++ b/steamguard/src/lib.rs
@ -1,6 +1,5 @@
-use crate::protobufs::service_twofactor::CTwoFactor_RemoveAuthenticator_Request;
+use crate::token::TwoFactorSecret;
-use crate::steamapi::EResult;
+use accountlinker::RemoveAuthenticatorError;
 use crate::{steamapi::twofactor::TwoFactorClient, token::TwoFactorSecret};
 pub use accountlinker::{AccountLinkError, AccountLinker, FinalizeLinkError};
 pub use confirmation::*;
 pub use qrapprover::{QrApprover, QrApproverError};
@ -96,56 +95,21 @@ impl SteamGuardAccount {
 	/// Removes the mobile authenticator from the steam account. If this operation succeeds, this object can no longer be considered valid.
 	/// Returns whether or not the operation was successful.
-	pub fn remove_authenticator<T: Transport>(
+	///
 	/// A convenience method for [`AccountLinker::remove_authenticator`].
 	pub fn remove_authenticator(
 		&self,
-		client: &TwoFactorClient<T>,
+		transport: impl Transport,
 		revocation_code: Option<&String>,
 	) -> Result<(), RemoveAuthenticatorError> {
 		if !matches!(revocation_code, Some(_)) && self.revocation_code.expose_secret().is_empty() {
 			return Err(RemoveAuthenticatorError::MissingRevocationCode);
 		}
 		let Some(tokens) = &self.tokens else {
-			return Err(RemoveAuthenticatorError::TransportError(TransportError::Unauthorized));
+			return Err(RemoveAuthenticatorError::TransportError(
 				TransportError::Unauthorized,
 			));
 		};
-		let mut req = CTwoFactor_RemoveAuthenticator_Request::new();
+		let revocation_code =
-		req.set_revocation_code(
+			Some(revocation_code.unwrap_or_else(|| self.revocation_code.expose_secret()));
-			revocation_code
+		let linker = AccountLinker::new(transport, tokens.clone());
-				.unwrap_or(self.revocation_code.expose_secret())
+		linker.remove_authenticator(revocation_code)
 				.to_owned(),
 		);
 		let resp = client.remove_authenticator(req, tokens.access_token())?;
 		// returns EResult::TwoFactorCodeMismatch if the revocation code is incorrect
 		if resp.result != EResult::OK && resp.result != EResult::TwoFactorCodeMismatch {
 			return Err(resp.result.into());
 		}
 		let resp = resp.into_response_data();
 		if !resp.success() {
 			return Err(RemoveAuthenticatorError::IncorrectRevocationCode {
 				attempts_remaining: resp.revocation_attempts_remaining(),
 			});
 		}
 		Ok(())
 	}
 }
 #[derive(Debug, thiserror::Error)]
 pub enum RemoveAuthenticatorError {
 	#[error("Missing revocation code")]
 	MissingRevocationCode,
 	#[error("Incorrect revocation code, {attempts_remaining} attempts remaining")]
 	IncorrectRevocationCode { attempts_remaining: u32 },
 	#[error("Transport error: {0}")]
 	TransportError(#[from] TransportError),
 	#[error("Steam returned an enexpected result: {0:?}")]
 	UnknownEResult(EResult),
 	#[error("Unexpected error: {0}")]
 	Unknown(#[from] anyhow::Error),
 }
 impl From<EResult> for RemoveAuthenticatorError {
 	fn from(e: EResult) -> Self {
 		Self::UnknownEResult(e)
 	}
 }
--- a/steamguard/src/steamapi.rs
+++ b/steamguard/src/steamapi.rs
@ -4,7 +4,6 @@ pub mod twofactor;
 use crate::transport::Transport;
 use crate::{protobufs::service_twofactor::CTwoFactor_Time_Response, token::Jwt};
 use reqwest::Url;
 use serde::Deserialize;
 pub use self::authentication::AuthenticationClient;
@ -12,7 +11,6 @@ pub use self::phone::PhoneClient;
 pub use self::twofactor::TwoFactorClient;
 lazy_static! {
 	static ref STEAM_COOKIE_URL: Url = "https://steamcommunity.com".parse::<Url>().unwrap();
 	static ref STEAM_API_BASE: String = "https://api.steampowered.com".into();
 }
--- a/steamguard/src/steamapi/authentication.rs
+++ b/steamguard/src/steamapi/authentication.rs
@ -11,7 +11,7 @@ const SERVICE_NAME: &str = "IAuthenticationService";
 use super::{ApiRequest, ApiResponse, BuildableRequest};
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct AuthenticationClient<T>
 where
 	T: Transport,
--- a/steamguard/src/steamapi/twofactor.rs
+++ b/steamguard/src/steamapi/twofactor.rs
@ -3,7 +3,6 @@ use crate::transport::{Transport, TransportError};
 use super::{ApiRequest, ApiResponse, BuildableRequest};
 use crate::protobufs::custom::CTwoFactor_Time_Request;
 use crate::protobufs::service_twofactor::*;
 const SERVICE_NAME: &str = "ITwoFactorService";
@ -70,6 +69,45 @@ where
 		Ok(resp)
 	}
 	pub fn remove_authenticator_via_challenge_start(
 		&self,
 		req: CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
 		access_token: &Jwt,
 	) -> Result<ApiResponse<CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response>, TransportError>
 	{
 		let req = ApiRequest::new(SERVICE_NAME, "RemoveAuthenticatorViaChallengeStart", 1, req)
 			.with_access_token(access_token);
 		let resp = self
 			.transport
 			.send_request::<CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request, CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response>(
 				req,
 			)?;
 		Ok(resp)
 	}
 	pub fn remove_authenticator_via_challenge_continue(
 		&self,
 		req: CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
 		access_token: &Jwt,
 	) -> Result<
 		ApiResponse<CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response>,
 		TransportError,
 	> {
 		let req = ApiRequest::new(
 			SERVICE_NAME,
 			"RemoveAuthenticatorViaChallengeContinue",
 			1,
 			req,
 		)
 		.with_access_token(access_token);
 		let resp = self
 			.transport
 			.send_request::<CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request, CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response>(
 				req,
 			)?;
 		Ok(resp)
 	}
 	pub fn query_status(
 		&self,
 		req: CTwoFactor_Status_Request,
@ -109,5 +147,13 @@ macro_rules! impl_buildable_req {
 impl_buildable_req!(CTwoFactor_AddAuthenticator_Request, true);
 impl_buildable_req!(CTwoFactor_FinalizeAddAuthenticator_Request, true);
 impl_buildable_req!(CTwoFactor_RemoveAuthenticator_Request, true);
 impl_buildable_req!(
 	CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
 	true
 );
 impl_buildable_req!(
 	CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
 	true
 );
 impl_buildable_req!(CTwoFactor_Status_Request, true);
 impl_buildable_req!(CTwoFactor_Time_Request, false);
--- a/steamguard/src/transport/webapi.rs
+++ b/steamguard/src/transport/webapi.rs
@ -1,15 +1,10 @@
 use log::{debug, trace};
 use protobuf::MessageFull;
-use reqwest::{blocking::multipart::Form, Url};
+use reqwest::blocking::multipart::Form;
 use super::{Transport, TransportError};
 use crate::steamapi::{ApiRequest, ApiResponse, BuildableRequest, EResult};
 lazy_static! {
 	static ref STEAM_COOKIE_URL: Url = "https://steamcommunity.com".parse::<Url>().unwrap();
 	static ref STEAM_API_BASE: String = "https://api.steampowered.com".into();
 }
 #[derive(Debug, Clone)]
 pub struct WebApiTransport {
 	client: reqwest::blocking::Client,
--- a/steamguard/src/userlogin.rs
+++ b/steamguard/src/userlogin.rs
@ -13,10 +13,12 @@ use crate::protobufs::steammessages_auth_steamclient::{
 	CAuthentication_UpdateAuthSessionWithSteamGuardCode_Request,
 	CAuthentication_UpdateAuthSessionWithSteamGuardCode_Response, EAuthTokenPlatformType,
 };
 use crate::refresher::TokenRefresher;
 use crate::steamapi::authentication::AuthenticationClient;
 use crate::steamapi::EResult;
 use crate::token::Tokens;
 use crate::transport::Transport;
 use anyhow::Context;
 use base64::Engine;
 use log::*;
 use rsa::{Pkcs1v15Encrypt, RsaPublicKey};
@ -82,7 +84,7 @@ impl BeginQrLoginResponse {
 #[derive(Debug)]
 pub struct UserLogin<T>
 where
-	T: Transport,
+	T: Transport + Clone,
 {
 	client: AuthenticationClient<T>,
 	device_details: DeviceDetails,
@ -92,7 +94,7 @@ where
 impl<T> UserLogin<T>
 where
-	T: Transport,
+	T: Transport + Clone,
 {
 	pub fn new(transport: T, device_details: DeviceDetails) -> Self {
 		Self {
@ -214,11 +216,29 @@ where
 		loop {
 			let mut next_poll = self.poll_until_info()?;
-			if next_poll.has_access_token() {
+			if next_poll.has_access_token() || next_poll.has_refresh_token() {
-				return Ok(Tokens::new(
+				// On 2023-09-12, Steam stopped issuing access tokens alongside refresh tokens for newly authenticated sessions.
 				// If they decide to revert this change, we'll accept the access token if it's present.
 				let access_token = next_poll.take_access_token();
 				if access_token.is_empty() {
 					// Let's go ahead an fetch the access token, because we are going to need it anyway.
 					let mut refresher = TokenRefresher::new(self.client.clone());
 					let mut tokens = Tokens::new(
 						next_poll.take_access_token(),
 						next_poll.take_refresh_token(),
-				));
+					);
 					let steamid = tokens
 						.refresh_token()
 						.decode()
 						.context("decoding refresh token for steam id")?
 						.steam_id();
 					let access_token = refresher.refresh(steamid, &tokens)?;
 					tokens.set_access_token(access_token);
 					return Ok(tokens);
 				} else {
 					return Ok(Tokens::new(access_token, next_poll.take_refresh_token()));
 				};
 			}
 		}
 	}
		`@ -0,0 +1 @@`
							{"shared_secret":"zvIayp3JPvtvX/QGHqsqKBk/44s=","serial_number":"kljasfhds","revocation_code":"R12345","uri":"otpauth://totp/Steam:example?secret=ASDF&issuer=Steam","account_name":"example","token_gid":"jkkjlhkhjgf","identity_secret":"kjsdlwowiqe=","secret_1":"sklduhfgsdlkjhf=","status":1,"device_id":"android:99d2ad0e-4bad-4247-b111-26393aae0be3","Session":{"SessionID":"a;lskdjf","SteamLogin":"983498437543","SteamLoginSecure":"dlkjdsl;j%7C%32984730298","WebCookie":";lkjsed;klfjas98093","OAuthToken":"asdk;lf;dsjlkfd","SteamID":1234}}
		`@ -0,0 +1 @@`
							`{"encrypted":false,"first_run":true,"entries":[{"encryption_iv":null,"encryption_salt":null,"filename":"1234.maFile","steamid":1234}],"periodic_checking":false,"periodic_checking_interval":5,"periodic_checking_checkall":false,"auto_confirm_market_transactions":false,"auto_confirm_trades":false}`
		`@ -0,0 +1,2 @@`
							otpauth://totp/Steam:example?secret=ASDF&issuer=Steam&data=%7B%22shared%5Fsecret%22%3A%22zvIayp3JPvtvX%2FQGHqsqKBk%2F44s%3D%22%2C%22serial%5Fnumber%22%3A%22kljasfhds%22%2C%22revocation%5Fcode%22%3A%22R12345%22%2C%22uri%22%3A%22otpauth%3A%2F%2Ftotp%2FSteam%3Aexample%3Fsecret%3DASDF%26issuer%3DSteam%22%2C%22server%5Ftime%22%3A1602522478%2C%22account%5Fname%22%3A%22example%22%2C%22token%5Fgid%22%3A%22jkkjlhkhjgf%22%2C%22identity%5Fsecret%22%3A%22kjsdlwowiqe%3D%22%2C%22secret%5F1%22%3A%22sklduhfgsdlkjhf%3D%22%2C%22status%22%3A1%2C%22device%5Fid%22%3A%22android%3A99d2ad0e%2D4bad%2D4247%2Db111%2D26393aae0be3%22%2C%22fully%5Fenrolled%22%3Atrue%2C%22Session%22%3A%7B%22SessionID%22%3A%22a%3Blskdjf%22%2C%22SteamLogin%22%3A%22983498437543%22%2C%22SteamLoginSecure%22%3A%22dlkjdsl%3Bj%257C%2532984730298%22%2C%22WebCookie%22%3A%22%3Blkjsed%3Bklfjas98093%22%2C%22OAuthToken%22%3A%22asdk%3Blf%3Bdsjlkfd%22%2C%22SteamID%22%3A1234%7D%7D
							otpauth://totp/Steam:example2?secret=ASDF&issuer=Steam&data=%7B%22shared%5Fsecret%22%3A%22zvIayp3JPvtvX%2FQGHqsqKBk%2F44s%3D%22%2C%22serial%5Fnumber%22%3A%22kljasfhds%22%2C%22revocation%5Fcode%22%3A%22R56789%22%2C%22uri%22%3A%22otpauth%3A%2F%2Ftotp%2FSteam%3Aexample%3Fsecret%3DASDF%26issuer%3DSteam%22%2C%22server%5Ftime%22%3A1602522478%2C%22account%5Fname%22%3A%22example2%22%2C%22token%5Fgid%22%3A%22jkkjlhkhjgf%22%2C%22identity%5Fsecret%22%3A%22kjsdlwowiqe%3D%22%2C%22secret%5F1%22%3A%22sklduhfgsdlkjhf%3D%22%2C%22status%22%3A1%2C%22device%5Fid%22%3A%22android%3A99d2ad0e%2D4bad%2D4247%2Db111%2D26393aae0be3%22%2C%22fully%5Fenrolled%22%3Atrue%2C%22Session%22%3A%7B%22SessionID%22%3A%22a%3Blskdjf%22%2C%22SteamLogin%22%3A%22983498437543%22%2C%22SteamLoginSecure%22%3A%22dlkjdsl%3Bj%257C%2532984730298%22%2C%22WebCookie%22%3A%22%3Blkjsed%3Bklfjas98093%22%2C%22OAuthToken%22%3A%22asdk%3Blf%3Bdsjlkfd%22%2C%22SteamID%22%3A5678%7D%7D