search

Jessecar96 / SteamDesktopAuthenticator

Desktop implementation of Steam's mobile authenticator app
MIT License
3.39k stars 635 forks source link

New steam app and extracting maFile details #780

Open berkinkadiroglu opened 2 years ago

berkinkadiroglu commented 2 years ago

Today I've set up a new account on a rooted Android phone, but the file "Steamguard-7656119....." is not in the same place as it should be. (/data/data/com.valvesoftware.android.steam.community/files/). There are bunch of other files, I looked into every one of them and none are the files I'm looking for.

Did anyone ever extracted files from the newly updated steam app?

dyc3 commented 2 years ago

Probably not.

hubertsng commented 1 year ago

This isn't going to sound like I'm telling the truth, which I very well might not be. But I think I found a file similar to the unencrypted maFile when my steam 3.0 did NOT have steam guard and my only steam guard was on my PC. I was comparing the files within there against an encrypted maFile and trying to find something of comparable string length. It said something along the lines of shared secret which is why I compared its ~250 character count against the entire encrypted ~800 character count and then proceeded to toss it away.

This would be coming from a Steam app which never had steam guard on it and was upgraded from 2.x. I didn't even realize we could still do this since Jessecar said that it was removed due to being buggy but I just backed up my 3.0 w/ only steam guard to be safe, downgraded to 2.x with apkmirror and transferred the steam guard there, and then updated to 3.0 via play store. Obviously when at 2.x, I brought it over to my PC and verifies that it works and I was able to put listings (on hold) on the marketplace. So until Steam drops support for 2.x or does something else, this isn't required to even find out.

Silveere commented 1 year ago

I think the new Android app stores the keys in an encrypted form (in shared_prefs/SecureStore.xml). I was able to downgrade to Steam 2.x from APKMirror and transfer Steam Guard to the older version, which let me extract the keys from files/Steamguard-*. I was then able to upgrade the app again, and the keys stayed the same but I was able to keep using Steam Guard from the mobile app as well as my authenticator.

1RandomDev commented 1 year ago

the new Android app stores the keys in an encrypted form

But the real question is, which key is used for encryption? Looks like they're using the SecureStore APi of the Expo Framework (https://docs.expo.dev/versions/latest/sdk/securestore/) and the key is stored in the Android KeyStore. So can't it just be extracted?