Skip to content

NPM package that makes the hassle with Steam Desktop Authenticator's generated maFiles easier. Note: this package is not a poor attempt to steal your maFiles, you can check the exact code that got downloaded via npm in your `node_modules` anytime.

Notifications You must be signed in to change notification settings

sentisso/node-mafiles

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

node-mafiles

npm version npm downloads

This package provides an easy interface for parsing maFiles generated by the Steam Desktop Authenticator (a.k.a. SDA, author: Jessecar96). SDA allows you to manage your steam account from your computer just as you would from your mobile phone (2FA code generation, confirming trades etc.)

maFile is a special file generated by the SDA, which stores necessary data about a steam account, that allow you to control your steam account fully automatically (such as confirming steam trades automatically without the need of manual confirmation in the SDA app or a passwordless login etc.)

This package also supports in-memory decryption of the maFile files (if they were encrypted using the SDA app), so now you can save your actual maFile files encrypted on your disk for more safety, but still be able to read them by your NodeJS program; by entering the encryption password in the STDIN or passing the password right away in the code.

Usage

import mafiles from 'mafiles';

// this will load the maFile data of the account "76561197960287930" (located at "./SDA/76561197960287930.maFile")
const maFileGaben = await mafiles("./SDA/manifest.json", "76561197960287930", {
    password: "3ncrypt10n_Passw0rd" // please use a git untracked config file or something, instead of passing the password like this
})

if (maFileGaben != null) console.log(maFileGaben.shared_secret) // 'shared_secret of the account'

or as a .then() callback, where the steamid64 is passed as a BigInt

// if the file is encrypted, the user will be prompted in the console to enter the password (on each execution of this function)
mafiles("./SDA/manifest.json", 76561197960287930n, {
    maFilePath: "./SDA/maFiles/account.maFile"
}).then(maFileGaben => {
    
  if (maFileGaben != null) console.log(maFileGaben.shared_secret) // 'shared_secret of the account'
  
})

Parameters and options

mafiles(manifestPath, steamid64, options)

  • manifestPath: string Path to the SDA manifest.json file containing metadata about the maFiles.
    • this file is needed for example for locating the account's maFile or for determining if the maFile is encrypted or not
  • steamid64: string | BigInt steamid64 of the steam account that we want the maFile of (only as a string or a native BigInt).
  • options: object These are optional.
    • password: string The password that was used for encryption in SDA. Define this for an instant decryption. If the maFile is encrypted and this is not defined, then the user will be prompted for the password via STDIN in the console.
    • maFilePath: string This allows you to directly specify where the targeted maFile is located. If this option is not defined then it is assumed that the associated maFile is located in the same folder as manifestPath and that its name is steamid64.maFile.

Return value

If the parsing (and decryption) of the specified maFile were successful, then the function will return a parsed JSON object that will have the same structure as a regular decrypted maFile:

{
    shared_secret: string,
    serial_number: string,
    revocation_code: string,
    uri: string,
    server_time: number,
    account_name: string,
    token_gid: string,
    identity_secret: string,
    secret_1: string,
    status: number,
    device_id: string,
    fully_enrolled: boolean,
    Session: {
        SessionID: string,
        SteamLogin: string,
        SteamLoginSecure: string,
        WebCookie: string,
        OAuthToken: string,
        SteamID: BigInt
    }
}

If something went wrong, then an error will be thrown (so don't forget to catch it). Otherwise the function will return null. Most common error scenarios:

  1. the specified manifest.json file wasn't found
  2. the maFile of the specified account wasn't found
  3. the given steamid64 is a regular number (76561197960287930), it has to be a string ("76561197960287930") or a native BigInt (76561197960287930n)
  4. incorrect decryption password was given
  5. the files are corrupted and couldn't be parsed, invalid JSON etc.

Contribution

Feel free to create a pull request!

About

NPM package that makes the hassle with Steam Desktop Authenticator's generated maFiles easier. Note: this package is not a poor attempt to steal your maFiles, you can check the exact code that got downloaded via npm in your `node_modules` anytime.

Topics

Resources

Stars

Watchers

Forks