guard¶

This submodule contains various functionality related to Steam Guard.

SteamAuthenticator provides methods for genereating codes and enabling 2FA on a Steam account. Operations managing the authenticator on an account require an instance of either MobileWebAuth or SteamClient. The instance needs to be logged in.

Adding an authenticator

wa = MobileWebAuth('steamuser')
wa.cli_login()

sa = SteamAuthenticator(backend=wa)
sa.add()    # SMS code will be send to the account's phone number
sa.secrets  # dict with authenticator secrets (SAVE THEM!!)

# save the secrets, for example to a file
json.dump(sa.secrets, open('./mysecrets.json', 'w'))

# HINT: You can stop here and add authenticator on your phone.
#       The secrets will be the same, and you will be able to
#       both use your phone and SteamAuthenticator.

sa.finalize('SMS CODE')  # activate the authenticator
sa.get_code()  # generate 2FA code for login
sa.remove()  # removes the authenticator from the account

Warning

Before you finalize the authenticator, make sure to save your secrets. Otherwise you will lose access to the account.

Once authenticator is enabled all you need is the secrets to generate codes.

secrets = json.load(open('./mysecrets.json'))

sa = SteamAuthenticator(secrets)
sa.get_code()

You can obtain the authenticator secrets from an Android device using extract_secrets_from_android_rooted(). See the function docstring for details on what is required for it to work.

Format of secrets.json file:

{
    "account_name": "<username>",               # account username
    "identity_secret": "<base64 encoded>",      # unknown
    "revocation_code": "R51234",                # revocation code
    "secret_1": "<base54 encoded>",             # unknown
    "serial_number": "1111222333344445555",     # serial number
    "server_time": "1600000000",                # creation timestamp
    "shared_secret": "<base65 encoded>",        # secret used for code generation
    "status": 1,                                # status, 1 = token active
    "token_gid": "a1a1a1a1a1a1a1a1",            # token gid
    "uri": "otpauth://totp/Steam:<username>?secret=<base32 encoded shared seceret>&issuer=Steam"
}

class steam.guard.SteamAuthenticator(secrets=None, backend=None)¶

Add/Remove authenticator from an account. Generate 2FA and confirmation codes.

Parameters:	secret (dict) – a dict of authenticator secrets backend (`MobileWebAuth`, `SteamClient`) – logged on session for steam user

steam_time_offset = None¶: offset from steam server time

align_time_every = 0¶: how often to align time with Steam (0 never, otherwise interval in seconds)

secrets = None¶: dict with authenticator secrets

backend = None¶: instance of MobileWebAuth or SteamClient

get_time()¶

Returns:	Steam aligned timestamp
Return type:	int

get_code(timestamp=None)¶

Parameters:	timestamp (int) – time to use for code generation
Returns:	two factor code
Return type:	str

get_confirmation_key(tag='', timestamp=None)¶

Parameters:	tag (str) – see `generate_confirmation_key()` for this value timestamp (int) – time to use for code generation
Returns:	trade confirmation key
Return type:	str

add()¶

Add authenticator to an account. The account’s phone number will receive a SMS code required for finalize().

Raises:	`SteamAuthenticatorError`

finalize(activation_code)¶

Finalize authenticator with received SMS code

Parameters:	activation_code (str) – SMS code
Raises:	`SteamAuthenticatorError`

remove(revocation_code=None)¶

Remove authenticator

Parameters:	revocation_code (str) – revocation code for account (e.g. R12345)

Note

After removing authenticator Steam Guard will be set to email codes

Warning

Doesn’t work via SteamClient. Disabled by Valve

Raises:	`SteamAuthenticatorError`

status()¶

Fetch authenticator status for the account

Raises:	`SteamAuthenticatorError`
Returns:	dict with status parameters
Return type:	dict

create_emergency_codes(code=None)¶

Generate emergency codes

Parameters:	code (str) – SMS code
Raises:	`SteamAuthenticatorError`
Returns:	list of codes
Return type:	list

Note

A confirmation code is required to generate emergency codes and this method needs to be called twice as shown below.

sa.create_emergency_codes()              # request a SMS code
sa.create_emergency_codes(code='12345')  # creates emergency codes

destroy_emergency_codes()¶

Destroy all emergency codes

Raises:	`SteamAuthenticatorError`

add_phone_number(phone_number)¶

Add phone number to account

Steps:

Call add_phone_number() then check email_confirmation key in the response
1. On True, user needs to click link in email, then step 2
2. On False, SMS code is sent, go to step 3
Confirm email via confirm_email(), SMS code is sent
Finalize phone number with SMS code confirm_phone_number(sms_code)()

Parameters:	phone_number (`str`) – phone number with country code
Returns:	see example below
Return type:	`dict`

{'success': True,
 'email_confirmation': True,
 'error_text': '',
 'fatal': False}

confirm_email()¶

Confirm email confirmation. See add_phone_number()

Note

If email_confirmation is True, then user hasn’t clicked the link yet.

Returns:	see example below
Return type:	`dict`

{'success': True,
 'email_confirmation': True,
 'error_text': '',
 'fatal': False}

confirm_phone_number(sms_code)¶

Confirm phone number with the recieved SMS code. See add_phone_number()

Parameters:	sms_code (`str`) – sms code
Returns:	see example below
Return type:	`dict`

{'success': True,
 'error_text': '',
 'fatal': False}

has_phone_number()¶

Check whether the account has a verified phone number

Returns:	see example below
Return type:	`dict`

{'success': True,
 'has_phone': True,
 'error_text': '',
 'fatal': False}

validate_phone_number(phone_number)¶

Test whether phone number is valid for Steam

Parameters:	phone_number (`str`) – phone number with country code
Returns:	see example below
Return type:	`dict`

{'is_fixed': False,
 'is_valid': False,
 'is_voip': True,
 'number': '+1 123-555-1111',
 'success': True}

exception steam.guard.SteamAuthenticatorError¶

steam.guard.generate_twofactor_code(shared_secret)¶

Generate Steam 2FA code for login with current time

Parameters:	shared_secret (bytes) – authenticator shared shared_secret
Returns:	steam two factor code
Return type:	str

steam.guard.generate_twofactor_code_for_time(shared_secret, timestamp)¶

Generate Steam 2FA code for timestamp

Parameters:	shared_secret (bytes) – authenticator shared secret timestamp (int) – timestamp to use, if left out uses current time
Returns:	steam two factor code
Return type:	str

steam.guard.generate_confirmation_key(identity_secret, tag, timestamp)¶

Generate confirmation key for trades. Can only be used once.

Parameters:	identity_secret (bytes) – authenticator identity secret tag (str) – tag identifies what the request, see list below timestamp (int) – timestamp to use for generating key
Returns:	confirmation key
Return type:	bytes

Tag choices:

conf to load the confirmations page

details to load details about a trade

allow to confirm a trade

cancel to cancel a trade

steam.guard.get_time_offset()¶

Get time offset from steam server time via WebAPI

Returns:	time offset (`None` when Steam WebAPI fails to respond)
Return type:	`int`, `None`

steam.guard.generate_device_id(steamid)¶

Generate Android device id

Parameters:	steamid (`SteamID`, `int`) – Steam ID
Returns:	android device id
Return type:	str

steam.guard.extract_secrets_from_android_rooted(adb_path='adb')¶

Extract Steam Authenticator secrets from a rooted Android device

Prerequisite for this to work:

rooted android device

adb binary

device in debug mode, connected and paired

Note

If you know how to make this work, without requiring the device to be rooted, please open a issue on github. Thanks

Parameters:	adb_path (str) – path to adb binary
Raises:	When there is any problem
Returns:	all secrets from the device, steamid as key
Return type:	dict