[BUG] Program stops with `(EResult.AccessDenied) Failed to acquire manifest code` error

[nisehime]

Description When requesting depot info for app with --skip-licenses argument, the program stops with a single line of (EResult.AccessDenied) Failed to acquire manifest code error for depots that specified user doesn't have rights to access, while depots that user has rights to are skipped. Even if you can't request manifest code, you still can get some data about existing depots such as their ID, latest manifest GID, etc, but steamctl won't display them because it couldn't get (unnecessary) request code. For this reason --skip-licenses + --skip-login also fails. In fact, it doesn't look like you need to request manifest codes for depot info command at all, since you're not accessing files themselves here anyway, right?

Steps to Reproduce the behavior steamctl --anonymous depot info -a 1289310 --skip-licenses

Expected behavior Available infos (ID, name, GID, etc) about depots are displayed.

What actually happend Execution ends with a (EResult.AccessDenied) Failed to acquire manifest code error while skipping anything else.

[rossengeorgiev]

depot info commands displays info about manifests. To do that it needs to downloaded them. To downloaded them it needs a manifest request code. To get the code, the account needs to own a license for the app/depot. Thus, here we have anonymous who doesn't have license for the that app.

The info you are looking for you can grab from product info, although I don't think you get depot names if the account doesn't have a license. steamctl --anonymous apps product_info --skip-licenses 1289310 | jq .depots

[nisehime]

Hm, but it seems steamdb is able to show the same info without owning the app? For example: https://steamdb.info/depot/2141641/ - the app is released today.

Considering it needs a decryption key steamdb doesn't own the app, but the file list itself is here along with all the metadata.

Also, what's the point of skip-licenses in depot info then? It basically doesn't make any difference. In the output there's Encrypted filenames: false line, but since you're required to own the license it's always going to be false anyway. So I naturally thought that depot info is about depots, not just manifests.

[rossengeorgiev]

Technically, steamdb shouldn't be able to access the manifest, because it requires a license to get manifest request code. See https://steamdb.info/donate. The implement behaviour is correct unfortunately.

skip-licenses is as the name suggests, skips license checks. So if you have already downloaded the manifest and decryption key in cache, then you can use the flag to skip the checks. If they are not in cache, then it has to go online and attempt to get them. Cache can also be used to run commands without login into Steam, make things faster.

[nisehime]

Technically, steamdb shouldn't be able to access the manifest, because it requires a license to get manifest request code.

I know, but it seems it does access it without the license somehow.

Manifest file contains the info about the number of chunks, compressed/uncompressed size, creation date, checksums, etc and encrypted list of files, right? To get the manifest you need to get manifest request code which requires owning a license. Also you need a decryption key to decrypt filenames, right? To request a decryption key you also need to own a license. So basically if you got the manifest code it means you can get the decryption key as well. But on steamdb there are depot entries with all the manifest metadata but with encrypted filenames. And it's not only some old depots before manifest codes were enforced, but new releases as well.

[nisehime]

And I still don't understand in which situation Encrypted filenames might be true. Cached manifests from steamctl are saved with decrypted filenames already. Same with steam's depotcache

[rossengeorgiev]

Manifest request codes were added recently to combat free download of manifests. Prevent leaks. Product info now also returns different information depending on whether you own a license.

Depot key is for the depot, decrypting the file names and their content, which has existed for a long time.

steamdb uses all kind of tricks to get the info, and this current trick will eventually go away. That is the difference. Replicating steamdb from scratch is practically impossible today.