From 438c58e45a177437519dccf2a56f5b0d61acc7c1 Mon Sep 17 00:00:00 2001 From: Nephrite Date: Sun, 8 May 2016 19:02:46 +0300 Subject: [PATCH] Added 2FA token generation --- SteamItemDropIdler/README.txt | 2 +- SteamItemDropIdler/SteamItemDropIdler.cpp | 72 +++-- SteamItemDropIdler/SteamItemDropIdler.vcxproj | 6 + .../SteamItemDropIdler.vcxproj.filters | 18 ++ SteamItemDropIdler/token_generator/base64.c | 209 +++++++++++++ SteamItemDropIdler/token_generator/base64.h | 101 ++++++ SteamItemDropIdler/token_generator/sha1.c | 291 ++++++++++++++++++ SteamItemDropIdler/token_generator/sha1.h | 36 +++ .../token_generator/test.secret | 3 + SteamItemDropIdler/token_generator/tg_test.c | 54 ++++ .../token_generator/token_generator.c | 79 +++++ .../token_generator/token_generator.h | 9 + 12 files changed, 856 insertions(+), 24 deletions(-) create mode 100644 SteamItemDropIdler/token_generator/base64.c create mode 100644 SteamItemDropIdler/token_generator/base64.h create mode 100644 SteamItemDropIdler/token_generator/sha1.c create mode 100644 SteamItemDropIdler/token_generator/sha1.h create mode 100644 SteamItemDropIdler/token_generator/test.secret create mode 100644 SteamItemDropIdler/token_generator/tg_test.c create mode 100644 SteamItemDropIdler/token_generator/token_generator.c create mode 100644 SteamItemDropIdler/token_generator/token_generator.h diff --git a/SteamItemDropIdler/README.txt b/SteamItemDropIdler/README.txt index daf20d8..fe078ae 100644 --- a/SteamItemDropIdler/README.txt +++ b/SteamItemDropIdler/README.txt @@ -5,7 +5,7 @@ All this info available on: https://github.com/kokole/SteamItemDropIdler/wiki * Features - Works without Steam - Steam Guard support - - Steam Mobile Authenticator support + - Steam Mobile Authenticator support + 2FA token generation - Multiple instance support - Auto add free game license (for games that you idle only) - Auto reconnect if connection to Steam servers is lost diff --git a/SteamItemDropIdler/SteamItemDropIdler.cpp b/SteamItemDropIdler/SteamItemDropIdler.cpp index eea2aad..1c463c4 100644 --- a/SteamItemDropIdler/SteamItemDropIdler.cpp +++ b/SteamItemDropIdler/SteamItemDropIdler.cpp @@ -1,7 +1,15 @@ #include "stdafx.h" +#include "token_generator/token_generator.h" CSteamAPILoader g_steamAPILoader; +void shutdown() +{ + printf( "Press enter to exit...\n" ); + getchar(); + exit(0); +} + int main( int argc, char* argv[] ) //int CALLBACK WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow ) { @@ -50,75 +58,75 @@ int main( int argc, char* argv[] ) } char consoleTitle[256]; - sprintf_s( consoleTitle, "Steam Item Drop Idler (%s)", steamAccountName ); + sprintf_s( consoleTitle, sizeof(consoleTitle), "Steam Item Drop Idler (%s)", steamAccountName ); SetConsoleTitleA( consoleTitle ); // load steam stuff CreateInterfaceFn steam3Factory = g_steamAPILoader.GetSteam3Factory(); if ( !steam3Factory ) { printf( "GetSteam3Factory failed\n" ); - goto funcEnd; + shutdown(); } IClientEngine* clientEngine = (IClientEngine*)steam3Factory( CLIENTENGINE_INTERFACE_VERSION, NULL ); if ( !clientEngine ) { printf( "clientEngine is null\n" ); - goto funcEnd; + shutdown(); } ISteamClient017* steamClient = (ISteamClient017*)steam3Factory( STEAMCLIENT_INTERFACE_VERSION_017, NULL ); if ( !steamClient ) { printf( "steamClient is null\n" ); - goto funcEnd; + shutdown(); } HSteamPipe hSteamPipe; HSteamUser hSteamUser = clientEngine->CreateLocalUser( &hSteamPipe, k_EAccountTypeIndividual ); if ( !hSteamPipe || !hSteamUser ) { printf( "CreateLocalUser failed (1)\n" ); - goto funcEnd; + shutdown(); } IClientBilling* clientBilling = clientEngine->GetIClientBilling( hSteamUser, hSteamPipe, CLIENTBILLING_INTERFACE_VERSION ); if ( !clientBilling ) { printf( "clientBilling is null\n" ); - goto funcEnd; + shutdown(); } IClientFriends* clientFriends = clientEngine->GetIClientFriends( hSteamUser, hSteamPipe, CLIENTFRIENDS_INTERFACE_VERSION ); if ( !clientFriends ) { printf( "clientFriends is null\n" ); - goto funcEnd; + shutdown(); } IClientUser* clientUser = clientEngine->GetIClientUser( hSteamUser, hSteamPipe, CLIENTUSER_INTERFACE_VERSION ); if ( !clientUser ) { printf( "clientUser is null\n" ); - goto funcEnd; + shutdown(); } IClientUtils* clientUtils = clientEngine->GetIClientUtils( hSteamPipe, CLIENTUTILS_INTERFACE_VERSION ); if ( !clientUtils ) { printf( "clientUtils is null\n" ); - goto funcEnd; + shutdown(); } ISteamGameCoordinator001* steamGameCoordinator = (ISteamGameCoordinator001*)steamClient->GetISteamGenericInterface( hSteamUser, hSteamPipe, STEAMGAMECOORDINATOR_INTERFACE_VERSION_001 ); if ( !steamGameCoordinator ) { printf( "steamGameCoordinator is null\n" ); - goto funcEnd; + shutdown(); } ISteamInventory001* steamInventory = (ISteamInventory001*)steamClient->GetISteamInventory( hSteamUser, hSteamPipe, "STEAMINVENTORY_INTERFACE_V001" ); if ( !steamInventory ) { printf( "steamInventory is null\n" ); - goto funcEnd; + shutdown(); } ISteamUser017* steamUser = (ISteamUser017*)steamClient->GetISteamUser( hSteamUser, hSteamPipe, STEAMUSER_INTERFACE_VERSION_017 ); if ( !steamUser ) { printf( "steamUser is null\n" ); - goto funcEnd; + shutdown(); } clientUser->LogOnWithPassword( false, steamAccountName, steamAccountPassword ); @@ -151,7 +159,7 @@ int main( int argc, char* argv[] ) RequestFreeLicenseResponse_t requestFreeLicenseResponse; if ( !clientUtils->GetAPICallResult( hRequestFreeLicenseForApps, &requestFreeLicenseResponse, sizeof( RequestFreeLicenseResponse_t ), RequestFreeLicenseResponse_t::k_iCallback, &bFailed ) ) { printf( "GetAPICallResult failed\n" ); - goto funcEnd; + shutdown(); } if ( requestFreeLicenseResponse.m_EResult == k_EResultOK && requestFreeLicenseResponse.m_nGrantedAppIds == 1 ) { printf( "Added a free license\n" ); @@ -160,7 +168,7 @@ int main( int argc, char* argv[] ) } else { printf( "Failed to add a free license. You do not own this game\n" ); - goto funcEnd; + shutdown(); } } @@ -192,9 +200,29 @@ int main( int argc, char* argv[] ) case k_EResultAccountLogonDeniedNeedTwoFactorCode: { char steamMobileAuthenticatorCode[33]; - printf( "Enter the Steam Mobile Authenticator code: " ); - scanf( "%32s", steamMobileAuthenticatorCode ); - getchar(); + uint8_t secret[20] = {0}; + int ret = getSharedSecret(steamAccountName, secret); + switch (ret) + { + case 1: + printf("Secret file not found! Can not generate 2FA code.\n"); + break; + case 2: + printf("Secret file is invalid. Can not generate 2FA code.\n"); + break; + case 3: + printf("Secret is invalid. Can not generate 2FA code.\n"); + break; + default: + get2FACode(secret, steamMobileAuthenticatorCode); + break; + } + if (ret > 0) + { + printf( "Enter the Steam Mobile Authenticator code: " ); + scanf( "%32s", steamMobileAuthenticatorCode ); + getchar(); + } (*(void( __thiscall** )(IClientUser*, const char*))(*(DWORD*)clientUser + 196))(clientUser, steamMobileAuthenticatorCode); // SetTwoFactorCode clientUser->LogOnWithPassword( false, steamAccountName, steamAccountPassword ); @@ -277,13 +305,13 @@ int main( int argc, char* argv[] ) hSteamGameServerUser = steamClient->CreateLocalUser( &hSteamGameServerPipe, k_EAccountTypeGameServer ); if ( !hSteamGameServerPipe || !hSteamGameServerUser ) { printf( "CreateLocalUser failed (2)\n" ); - goto funcEnd; + shutdown(); } steamGameServer = (ISteamGameServer012*)steamClient->GetISteamGameServer( hSteamGameServerUser, hSteamGameServerPipe, STEAMGAMESERVER_INTERFACE_VERSION_012 ); if ( !steamGameServer ) { printf( "steamGameServer is null\n" ); - goto funcEnd; + shutdown(); } steamGameServer->InitGameServer( 0, 27015, MASTERSERVERUPDATERPORT_USEGAMESOCKETSHARE, k_unServerFlagSecure, 440, "3158168" ); @@ -368,8 +396,6 @@ int main( int argc, char* argv[] ) Sleep( 1000 ); } -funcEnd: - printf( "Press enter to exit...\n" ); - getchar(); + shutdown(); return 0; -} \ No newline at end of file +} diff --git a/SteamItemDropIdler/SteamItemDropIdler.vcxproj b/SteamItemDropIdler/SteamItemDropIdler.vcxproj index d6ca975..0f285d1 100644 --- a/SteamItemDropIdler/SteamItemDropIdler.vcxproj +++ b/SteamItemDropIdler/SteamItemDropIdler.vcxproj @@ -90,6 +90,9 @@ + + + @@ -97,6 +100,9 @@ Create + + + diff --git a/SteamItemDropIdler/SteamItemDropIdler.vcxproj.filters b/SteamItemDropIdler/SteamItemDropIdler.vcxproj.filters index 4baefc1..40c2d5c 100644 --- a/SteamItemDropIdler/SteamItemDropIdler.vcxproj.filters +++ b/SteamItemDropIdler/SteamItemDropIdler.vcxproj.filters @@ -24,6 +24,15 @@ Header Files + + Header Files + + + Header Files + + + Header Files + @@ -32,5 +41,14 @@ Source Files + + Source Files + + + Source Files + + + Source Files + \ No newline at end of file diff --git a/SteamItemDropIdler/token_generator/base64.c b/SteamItemDropIdler/token_generator/base64.c new file mode 100644 index 0000000..5c0b136 --- /dev/null +++ b/SteamItemDropIdler/token_generator/base64.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* ==================================================================== + * Copyright (c) 1995-1999 The Apache Group. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * 4. The names "Apache Server" and "Apache Group" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache" + * nor may "Apache" appear in their names without prior written + * permission of the Apache Group. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Group and was originally based + * on public domain software written at the National Center for + * Supercomputing Applications, University of Illinois, Urbana-Champaign. + * For more information on the Apache Group and the Apache HTTP server + * project, please see . + * + */ + +/* Base64 encoder/decoder. Originally Apache file ap_base64.c + */ + +#include + +#include "base64.h" + +/* aaaack but it's fast and const should make it shared text page. */ +static const unsigned char pr2six[256] = +{ + /* ASCII table */ + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64, + 64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64, + 64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64 +}; + +int Base64decode_len(const char *bufcoded) +{ + int nbytesdecoded; + register const unsigned char *bufin; + register int nprbytes; + + bufin = (const unsigned char *) bufcoded; + while (pr2six[*(bufin++)] <= 63); + + nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; + nbytesdecoded = ((nprbytes + 3) / 4) * 3; + + return nbytesdecoded + 1; +} + +int Base64decode(char *bufplain, const char *bufcoded) +{ + int nbytesdecoded; + register const unsigned char *bufin; + register unsigned char *bufout; + register int nprbytes; + + bufin = (const unsigned char *) bufcoded; + while (pr2six[*(bufin++)] <= 63); + nprbytes = (bufin - (const unsigned char *) bufcoded) - 1; + nbytesdecoded = ((nprbytes + 3) / 4) * 3; + + bufout = (unsigned char *) bufplain; + bufin = (const unsigned char *) bufcoded; + + while (nprbytes > 4) { + *(bufout++) = + (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); + *(bufout++) = + (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); + *(bufout++) = + (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); + bufin += 4; + nprbytes -= 4; + } + + /* Note: (nprbytes == 1) would be an error, so just ingore that case */ + if (nprbytes > 1) { + *(bufout++) = + (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4); + } + if (nprbytes > 2) { + *(bufout++) = + (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2); + } + if (nprbytes > 3) { + *(bufout++) = + (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]); + } + + *(bufout++) = '\0'; + nbytesdecoded -= (4 - nprbytes) & 3; + return nbytesdecoded; +} + +static const char basis_64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +int Base64encode_len(int len) +{ + return ((len + 2) / 3 * 4) + 1; +} + +int Base64encode(char *encoded, const char *string, int len) +{ + int i; + char *p; + + p = encoded; + for (i = 0; i < len - 2; i += 3) { + *p++ = basis_64[(string[i] >> 2) & 0x3F]; + *p++ = basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = basis_64[((string[i + 1] & 0xF) << 2) | + ((int) (string[i + 2] & 0xC0) >> 6)]; + *p++ = basis_64[string[i + 2] & 0x3F]; + } + if (i < len) { + *p++ = basis_64[(string[i] >> 2) & 0x3F]; + if (i == (len - 1)) { + *p++ = basis_64[((string[i] & 0x3) << 4)]; + *p++ = '='; + } + else { + *p++ = basis_64[((string[i] & 0x3) << 4) | + ((int) (string[i + 1] & 0xF0) >> 4)]; + *p++ = basis_64[((string[i + 1] & 0xF) << 2)]; + } + *p++ = '='; + } + + *p++ = '\0'; + return p - encoded; +} diff --git a/SteamItemDropIdler/token_generator/base64.h b/SteamItemDropIdler/token_generator/base64.h new file mode 100644 index 0000000..6c955e7 --- /dev/null +++ b/SteamItemDropIdler/token_generator/base64.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* ==================================================================== + * Copyright (c) 1995-1999 The Apache Group. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * 4. The names "Apache Server" and "Apache Group" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache" + * nor may "Apache" appear in their names without prior written + * permission of the Apache Group. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the Apache Group + * for use in the Apache HTTP server project (http://www.apache.org/)." + * + * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Group and was originally based + * on public domain software written at the National Center for + * Supercomputing Applications, University of Illinois, Urbana-Champaign. + * For more information on the Apache Group and the Apache HTTP server + * project, please see . + * + */ + + + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +int Base64encode_len(int len); +int Base64encode(char * coded_dst, const char *plain_src,int len_plain_src); + +int Base64decode_len(const char * coded_src); +int Base64decode(char * plain_dst, const char *coded_src); + +#ifdef __cplusplus +} +#endif + +#endif //_BASE64_H_ diff --git a/SteamItemDropIdler/token_generator/sha1.c b/SteamItemDropIdler/token_generator/sha1.c new file mode 100644 index 0000000..bcbd92f --- /dev/null +++ b/SteamItemDropIdler/token_generator/sha1.c @@ -0,0 +1,291 @@ +/* This code is public-domain - it is based on libcrypt + * placed in the public domain by Wei Dai and other contributors. + */ +// gcc -Wall -DSHA1TEST -o sha1test sha1.c && ./sha1test + +#include + + +#ifdef __BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +#elif defined __LITTLE_ENDIAN__ +/* override */ +#elif defined __BYTE_ORDER +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +# endif +#else // ! defined __LITTLE_ENDIAN__ +# include // machine/endian.h +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +# endif +#endif + + +#include "sha1.h" + + +/* code */ +#define SHA1_K0 0x5a827999 +#define SHA1_K20 0x6ed9eba1 +#define SHA1_K40 0x8f1bbcdc +#define SHA1_K60 0xca62c1d6 + +void sha1_init(sha1nfo *s) { + s->state[0] = 0x67452301; + s->state[1] = 0xefcdab89; + s->state[2] = 0x98badcfe; + s->state[3] = 0x10325476; + s->state[4] = 0xc3d2e1f0; + s->byteCount = 0; + s->bufferOffset = 0; +} + +uint32_t sha1_rol32(uint32_t number, uint8_t bits) { + return ((number << bits) | (number >> (32-bits))); +} + +void sha1_hashBlock(sha1nfo *s) { + uint8_t i; + uint32_t a,b,c,d,e,t; + + a=s->state[0]; + b=s->state[1]; + c=s->state[2]; + d=s->state[3]; + e=s->state[4]; + for (i=0; i<80; i++) { + if (i>=16) { + t = s->buffer[(i+13)&15] ^ s->buffer[(i+8)&15] ^ s->buffer[(i+2)&15] ^ s->buffer[i&15]; + s->buffer[i&15] = sha1_rol32(t,1); + } + if (i<20) { + t = (d ^ (b & (c ^ d))) + SHA1_K0; + } else if (i<40) { + t = (b ^ c ^ d) + SHA1_K20; + } else if (i<60) { + t = ((b & c) | (d & (b | c))) + SHA1_K40; + } else { + t = (b ^ c ^ d) + SHA1_K60; + } + t+=sha1_rol32(a,5) + e + s->buffer[i&15]; + e=d; + d=c; + c=sha1_rol32(b,30); + b=a; + a=t; + } + s->state[0] += a; + s->state[1] += b; + s->state[2] += c; + s->state[3] += d; + s->state[4] += e; +} + +void sha1_addUncounted(sha1nfo *s, uint8_t data) { + uint8_t * const b = (uint8_t*) s->buffer; +#ifdef SHA_BIG_ENDIAN + b[s->bufferOffset] = data; +#else + b[s->bufferOffset ^ 3] = data; +#endif + s->bufferOffset++; + if (s->bufferOffset == BLOCK_LENGTH) { + sha1_hashBlock(s); + s->bufferOffset = 0; + } +} + +void sha1_writebyte(sha1nfo *s, uint8_t data) { + ++s->byteCount; + sha1_addUncounted(s, data); +} + +void sha1_write(sha1nfo *s, const char *data, size_t len) { + for (;len--;) sha1_writebyte(s, (uint8_t) *data++); +} + +void sha1_pad(sha1nfo *s) { + // Implement SHA-1 padding (fips180-2 ยง5.1.1) + + // Pad with 0x80 followed by 0x00 until the end of the block + sha1_addUncounted(s, 0x80); + while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00); + + // Append length in the last 8 bytes + sha1_addUncounted(s, 0); // We're only using 32 bit lengths + sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths + sha1_addUncounted(s, 0); // So zero pad the top bits + sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8 + sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as + sha1_addUncounted(s, s->byteCount >> 13); // byte. + sha1_addUncounted(s, s->byteCount >> 5); + sha1_addUncounted(s, s->byteCount << 3); +} + +uint8_t* sha1_result(sha1nfo *s) { + // Pad to complete the last block + sha1_pad(s); + +#ifndef SHA_BIG_ENDIAN + // Swap byte order back + int i; + for (i=0; i<5; i++) { + s->state[i]= + (((s->state[i])<<24)& 0xff000000) + | (((s->state[i])<<8) & 0x00ff0000) + | (((s->state[i])>>8) & 0x0000ff00) + | (((s->state[i])>>24)& 0x000000ff); + } +#endif + + // Return pointer to hash (20 characters) + return (uint8_t*) s->state; +} + +#define HMAC_IPAD 0x36 +#define HMAC_OPAD 0x5c + +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength) { + uint8_t i; + memset(s->keyBuffer, 0, BLOCK_LENGTH); + if (keyLength > BLOCK_LENGTH) { + // Hash long keys + sha1_init(s); + for (;keyLength--;) sha1_writebyte(s, *key++); + memcpy(s->keyBuffer, sha1_result(s), HASH_LENGTH); + } else { + // Block length keys are used as is + memcpy(s->keyBuffer, key, keyLength); + } + // Start inner hash + sha1_init(s); + for (i=0; ikeyBuffer[i] ^ HMAC_IPAD); + } +} + +uint8_t* sha1_resultHmac(sha1nfo *s) { + uint8_t i; + // Complete inner hash + memcpy(s->innerHash,sha1_result(s),HASH_LENGTH); + // Calculate outer hash + sha1_init(s); + for (i=0; ikeyBuffer[i] ^ HMAC_OPAD); + for (i=0; iinnerHash[i]); + return sha1_result(s); +} + +/* self-test */ + +#if SHA1TEST +#include + +uint8_t hmacKey1[]={ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f, + 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f, + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f +}; +uint8_t hmacKey2[]={ + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f, + 0x40,0x41,0x42,0x43 +}; +uint8_t hmacKey3[]={ + 0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f, + 0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f, + 0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f, + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f, + 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf, + 0xb0,0xb1,0xb2,0xb3 +}; +uint8_t hmacKey4[]={ + 0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f, + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f, + 0xa0 +}; + +void printHash(uint8_t* hash) { + int i; + for (i=0; i<20; i++) { + printf("%02x", hash[i]); + } + printf("\n"); +} + + +int main (int argc, char **argv) { + uint32_t a; + sha1nfo s; + + // SHA tests + printf("Test: FIPS 180-2 C.1 and RFC3174 7.3 TEST1\n"); + printf("Expect:a9993e364706816aba3e25717850c26c9cd0d89d\n"); + printf("Result:"); + sha1_init(&s); + sha1_write(&s, "abc", 3); + printHash(sha1_result(&s)); + printf("\n\n"); + + printf("Test: FIPS 180-2 C.2 and RFC3174 7.3 TEST2\n"); + printf("Expect:84983e441c3bd26ebaae4aa1f95129e5e54670f1\n"); + printf("Result:"); + sha1_init(&s); + sha1_write(&s, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56); + printHash(sha1_result(&s)); + printf("\n\n"); + + printf("Test: RFC3174 7.3 TEST4\n"); + printf("Expect:dea356a2cddd90c7a7ecedc5ebb563934f460452\n"); + printf("Result:"); + sha1_init(&s); + for (a=0; a<80; a++) sha1_write(&s, "01234567", 8); + printHash(sha1_result(&s)); + printf("\n\n"); + + // HMAC tests + printf("Test: FIPS 198a A.1\n"); + printf("Expect:4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey1, 64); + sha1_write(&s, "Sample #1", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.2\n"); + printf("Expect:0922d3405faa3d194f82a45830737d5cc6c75d24\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey2, 20); + sha1_write(&s, "Sample #2", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.3\n"); + printf("Expect:bcf41eab8bb2d802f3d05caf7cb092ecf8d1a3aa\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey3, 100); + sha1_write(&s, "Sample #3", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.4\n"); + printf("Expect:9ea886efe268dbecce420c7524df32e0751a2a26\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey4, 49); + sha1_write(&s, "Sample #4", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + // Long tests + printf("Test: FIPS 180-2 C.3 and RFC3174 7.3 TEST3\n"); + printf("Expect:34aa973cd4c4daa4f61eeb2bdbad27316534016f\n"); + printf("Result:"); + sha1_init(&s); + for (a=0; a<1000000; a++) sha1_writebyte(&s, 'a'); + printHash(sha1_result(&s)); + + return 0; +} +#endif /* self-test */ diff --git a/SteamItemDropIdler/token_generator/sha1.h b/SteamItemDropIdler/token_generator/sha1.h new file mode 100644 index 0000000..522b890 --- /dev/null +++ b/SteamItemDropIdler/token_generator/sha1.h @@ -0,0 +1,36 @@ +#include + +/* header */ + +#define HASH_LENGTH 20 +#define BLOCK_LENGTH 64 + +typedef struct sha1nfo { + uint32_t buffer[BLOCK_LENGTH/4]; + uint32_t state[HASH_LENGTH/4]; + uint32_t byteCount; + uint8_t bufferOffset; + uint8_t keyBuffer[BLOCK_LENGTH]; + uint8_t innerHash[HASH_LENGTH]; +} sha1nfo; + +/* public API - prototypes - TODO: doxygen*/ + +/** + */ +void sha1_init(sha1nfo *s); +/** + */ +void sha1_writebyte(sha1nfo *s, uint8_t data); +/** + */ +void sha1_write(sha1nfo *s, const char *data, size_t len); +/** + */ +uint8_t* sha1_result(sha1nfo *s); +/** + */ +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength); +/** + */ +uint8_t* sha1_resultHmac(sha1nfo *s); diff --git a/SteamItemDropIdler/token_generator/test.secret b/SteamItemDropIdler/token_generator/test.secret new file mode 100644 index 0000000..e2b4fb4 --- /dev/null +++ b/SteamItemDropIdler/token_generator/test.secret @@ -0,0 +1,3 @@ +MTIzNDU2Nzg5MHF3ZXJ0eXVpb3A= + +// Top secret comment \ No newline at end of file diff --git a/SteamItemDropIdler/token_generator/tg_test.c b/SteamItemDropIdler/token_generator/tg_test.c new file mode 100644 index 0000000..a7ff926 --- /dev/null +++ b/SteamItemDropIdler/token_generator/tg_test.c @@ -0,0 +1,54 @@ +// gcc -Wall -D__LITTLE_ENDIAN__ -lws2_32 tg_test.c base64.c sha1.c token_generator.c -o tg_test +// ./tg_test +// Enter: test + +#include +#include +#include +#include "token_generator.h" + +int main(void) +{ + uint8_t secret[20] = {0}; + char steamAccountName[33]; + char twoFactorCode[6]; + int ret; + + printf("Enter your Steam account name: "); + scanf("%32s", steamAccountName); + getchar(); + + ret = getSharedSecret(steamAccountName, secret); + switch (ret) + { + case 1: + printf("Secret file not found! Can not generate 2FA code.\n"); + break; + case 2: + printf("Secret file is invalid. Can not generate 2FA code.\n"); + break; + case 3: + printf("Secret is invalid. Can not generate 2FA code.\n"); + break; + default: + // OK + break; + } + + if (ret == 0) + { + printf("\nPress Ctrl+C to exit...\n"); + + while (1) + { + get2FACode(secret, twoFactorCode); + + printf("\n2FA code : %s\n", twoFactorCode); + printf("Expiring in %ld seconds\n", 30 - time(NULL) % 30); + + Sleep(5000); + } + } + + return ret; +} diff --git a/SteamItemDropIdler/token_generator/token_generator.c b/SteamItemDropIdler/token_generator/token_generator.c new file mode 100644 index 0000000..2312173 --- /dev/null +++ b/SteamItemDropIdler/token_generator/token_generator.c @@ -0,0 +1,79 @@ +#include +#include +#include +#include "sha1.h" +#include "base64.h" + +const char chars[] = { + '2', '3', '4', '5', '6', '7', '8', '9', + 'B', 'C', 'D', 'F', 'G', 'H', 'J', 'K', 'M', + 'N', 'P', 'Q', 'R', 'T', 'V', 'W', 'X', 'Y' +}; + +uint32_t swap_uint32(uint32_t val) +{ + val = ((val << 8) & 0xFF00FF00) | ((val >> 8) & 0xFF00FF); + return (val << 16) | (val >> 16); +} + +int getSharedSecret(const char *accountName, uint8_t *secret) +{ + uint8_t shared_secret[30] = {0}; + char secretFileName[40]; + FILE *pFile; + int ret; + + strcpy(secretFileName, accountName); + strcat(secretFileName, ".secret"); + + pFile = fopen(secretFileName, "r"); + + if (pFile != NULL) + { + ret = fscanf(pFile, "%28s", shared_secret); + fclose(pFile); + if (!ret || shared_secret[27] != '=') + { + return 2; + } + } + else + { + return 1; + } + + ret = Base64decode(/*out*/(char *)shared_secret, /*in*/(char *)shared_secret); + if (ret != HASH_LENGTH) + { + return 3; + } + + memcpy(secret, shared_secret, HASH_LENGTH); + + return 0; +} + +void get2FACode(const uint8_t *secret, char *code) +{ + sha1nfo s; + uint8_t *hmac; + uint32_t timeBuffer[2]; + uint32_t codePoint; + int i; + + timeBuffer[0] = 0; // This will stop working in 2038! + timeBuffer[1] = swap_uint32(time(NULL) / 30); + + sha1_initHmac(&s, secret, 20); + sha1_write(&s, (char *)timeBuffer, 8); + hmac = sha1_resultHmac(&s); + + codePoint = swap_uint32(*(uint32_t *)(hmac + (hmac[19] & 0x0F))) & 0x7FFFFFFF; + + for (i = 0; i < 5; ++i) + { + code[i] = chars[codePoint % sizeof(chars)]; + codePoint /= sizeof(chars); + } + code[5] = '\0'; +} diff --git a/SteamItemDropIdler/token_generator/token_generator.h b/SteamItemDropIdler/token_generator/token_generator.h new file mode 100644 index 0000000..e07281c --- /dev/null +++ b/SteamItemDropIdler/token_generator/token_generator.h @@ -0,0 +1,9 @@ +#ifndef _TOKEN_GENERATOR_H_ +#define _TOKEN_GENERATOR_H_ + +#include + +int getSharedSecret(const char *accountName, uint8_t *secret); +void get2FACode(const uint8_t *secret, char *code); + +#endif //_TOKEN_GENERATOR_H_