Skip to content

Adding Steam to Aegis using the 'steam' Python library

Jump to bottom Edit New page
Maurizio De Santis edited this page Mar 25, 2022 · 7 revisions

One of likely many ways to get your Steam second-factor into Aegis. Also see https://github.com/beemdevelopment/Aegis/wiki/Adding-Steam-to-Aegis-from-Steam-Desktop-Authenticator

Using ValvePython/steam

Overview

This might be a good method for you if you:

  • have some experience with Python
  • use Linux (or can translate these steps to Windows/Mac on your own)
  • like DIY solutions
  • can read :)
  • don't want to (and are okay with not having the option to) use the Steam app as an authenticator

If that last point is painful, check out steamctl and its authenticator subcommand here on GitHub. As of writing, the README shows a screenshot with the Steam app and Aegis generating the same codes.

The following steps assume that you have a working Python 3 installation on Linux.

Steps

  1. Install the steam package with pip install steam. If you want to avoid typing in long strings into Aegis, also feel free to grab qrcode. Feel free to use a virtual environment if you're into that
  2. From the Steam app, remove your existing authenticator
  3. Let's get down to business. Read, understand, and execute the following code. Ignore the comments at your own peril.

Be sure to provide your username to the MobileWebAuth call on line 3 and enter your SMS verification code in the finalize call near the end.

Because of that last part, it would likely be best to do this all from a REPL/interactive shell (i.e., python3 at the terminal, line-by-line).

from steam.webauth import MobileWebAuth # See https://steam.readthedocs.io/en/stable/api/steam.webauth.html
from steam.guard import SteamAuthenticator # See https://steam.readthedocs.io/en/stable/api/steam.guard.html
import json # For saving your authenticator details/secrets as a json file

wa = MobileWebAuth('YOUR-USERNAME-HERE') # Enter your username, keep the quotes ;)
wa.cli_login() # Will walk you through the login process interactively

sa = SteamAuthenticator(backend=wa) # We are using this to do Steam Authenticator stuff using our just-established login/session
sa.add() # This will result in an SMS verification being sent to your phone

# Don't skip this! The saved file is the basis of your "authenticator" and is the only non-volatile record of it (until we add it to Aegis, at least)
# Similarly, don't let the secrets file fall into the wrong hands! Don't lose it! Know where you put it!
# Anyone with this file (and a bit of know-how) can generate 2FA codes for your account or disable the authenticator using the included revocation code. 

json.dump(sa.secrets, open('./steam_auth_secrets.json', 'w')) # After this line, you should find steam_auth_secrets.json in your current working directory

At this point, you can use the URL included in the json file we made to create a qr code that we can scan with Aegis.

Do this from a separate terminal. Do NOT exit your interactive Python interpreter.

From the .json file, copy the value associated with the uri key. It should start with otpauth://. Paste it in the command below, and keep a single pair of quotation marks around the uri.

qr "PASTE-YOUR-URI-HERE" > qr.png

Now, just open the image using your preferred image viewer, scan it with Aegis, and make sure you change the type from TOTP to Steam.

Back to our REPL:

sa.get_code() # Does this match what shows on Aegis at the same time? If so, great! If not, something has gone wrong.

# Psst. If Aegis is generating a fully numerical one-time password, go and change its type from "TOTP" to "Steam" and try this line again to see if the output of get_code() and Aegis match

sa.finalize("YOUR-SMS-CODE") # If everything has gone smoothly, this will finalize your authenticator.

sa.status() # Optional. Output should look something like below if everything worked as inteded:
# {'state': 1, 'inactivation_reason': 0, 'authenticator_type': 1, 'authenticator_allowed': True, 'steamguard_scheme': 2, 'token_gid': 'XXXXXXXXXXXXXXXX', 'email_validated': True, 'device_identifier': 'android:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', 'time_created': 1627450000, 'revocation_attempts_remaining': 5, 'classified_agent': 'other', 'allow_external_authenticator': False}

exit() # You're done!

Troubleshooting

  • Issue: from steam.guard import SteamAuthenticator fails with the following error:

    >>> from steam.guard import SteamAuthenticator
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "python/3.9.12/lib/python3.9/site-packages/steam/guard.py", line 61, in <module>
    from steam.utils.proto import proto_to_dict
  File "python/3.9.12/lib/python3.9/site-packages/steam/utils/proto.py", line 4, in <module>
    from google.protobuf.message import Message as _ProtoMessageType
ModuleNotFoundError: No module named 'google'

    Solution: install the google-api-python-client package with pip install --upgrade google-api-python-client.

Questions

Q: Something went wrong! What do I do?

A: Among the more productive actions you could take, you could re-read the instructions to see if you missed anything, you could read the API docs for the steam package, you could try looking at other pages on this here wiki, or you can use your favorite search engine to attempt to investigate your specific error. You could also contact the person who wrote this guide (see the next section).

Q: Something about this section is (confusing/could be improved/didn't work/locked me out of my account/etc.). Who wrote this guide? Can I contact them?

A: That would be @ChanceHarrison. If you have feedback relevant to this guide, you could potentially open an issue on the repo and mention/assign me on it to get my attention. If there is interest in automating this process or making it more robust, I'd be eager to hear about it. You can also get in contact with me via Matrix (@chanceharrison:matrix.org).

Add a custom footer
Add a custom sidebar
Clone this wiki locally