Nightfirecat
commented
9 years ago tl;dr, PR looks good from me. Ready to pull! (@atomizer)
Closed ebf34e12952930cf closed 8 years ago
Nightfirecat
commented
9 years ago tl;dr, PR looks good from me. Ready to pull! (@atomizer)
Nightfirecat
commented
8 years ago P.S. Fixes #48, but more documentation (and visual/video examples) will be necessary to make this end-user usable.
atomizer
commented
8 years ago Someone should write them docs for this...
Took some time to chat with @BlackRayquaza over Skype and get a good idea of how Steam login for Realm works, and we came to the following conclusions:
secret(wheresecretis their Steam secret string)steamidas their account namesteamid+secretWith that in mind, I was only able to test cases (1) and (2), and can confirm both of those behaviors. I'm fine with trusting that (3) works from @BlackRayquaza's testing.
Besides the interesting behavior difference depending on web-connection, the other concern with this feature is that it is unusually difficult to obtain the
secretkey. To get it via sniffing, you need to sniff the/chars/listrequest made over HTTPS from the Steam client. To get the information programmatically, we'd need to spoof asessionticketvalue, which appears to be some kind of base16 timestamp, which I wasn't able to get responses to via browser requests. @BlackRayquaza did some digging through the Steam client, but given its obsfucation, that was largely inconclusive.As such, while this PR enables viewing of Steam accounts, the method to actually get the secret key is notably more complex. For now I'd advise leaving it off of the readme until a programmatic approach can be developed, or a clear instruction (video?) can be publicized to document the process.