• What are you working on? January 2012
    3,401 replies, posted
[QUOTE=swift and shift;34408008][url]http://fiddler2.com/fiddler2/[/url][/QUOTE] It's HTTPS good luck with that. [editline]27th January 2012[/editline] [code] private static final String HTTP_PARAM_DEFAULT_PROXY = "proxy.valvesoftware.com"; private static final int HTTP_PARAM_DEFAULT_PROXY_PORT = 3128; [/code] Free proxy from Valve.
valve are a joke [editline]27th January 2012[/editline] [QUOTE=@@;34408034]It's HTTPS good luck with that.[/QUOTE] also fiddler can intercept HTTPS if you trust its certificate
[QUOTE=amcfaggot;34408001]What do the request and response structures look like, do you know?[/QUOTE] It looks like a HTTP request. [code] httppost.addHeader("Content-Type", "application/x-www-form-urlencoded"); ((HttpRequestBase) (obj)).addHeader("User-Agent", (new StringBuilder()).append("Steam App / Android / ").append(Config.APP_VERSION).append(" / ").append(Config.APP_VERSION_ID).toString()); [/code] POST methods are used to send data: [code] public static RequestForLogin GetRequestForLogin(String s, String s1, String s2) { StringBuilder stringbuilder = new StringBuilder(1024); stringbuilder.append("client_id="); stringbuilder.append(Config.WebAPI.OAUTH_CLIENT_ID); stringbuilder.append("&grant_type=password&username="); stringbuilder.append(Uri.encode(s)); stringbuilder.append("&password="); stringbuilder.append(Uri.encode(s1)); if(s2.length() != 0) { stringbuilder.append("&x_emailauthcode="); stringbuilder.append(Uri.encode(s2)); } stringbuilder.append("&scope=read_profile%20write_profile%20read_client%20write_client"); RequestForLogin requestforlogin = new RequestForLogin(); requestforlogin.SetPostData(stringbuilder.toString()); return requestforlogin; } [/code]
Perhaps I can build a simple console client the very same day they've released the app. Any information on what receiving chat messages looks like?
[QUOTE=amcfaggot;34408182]Perhaps I can build a simple console client the very same day they've released the app. Any information on what receiving chat messages looks like?[/QUOTE] everything is json encoded, I know that much. :> I'll try to search for some structures and will post 'em here.
[QUOTE=@@;34408192]everything is json encoded, I know that much. :> I'll try to search for some structures and will post 'em here.[/QUOTE] How lovely. Thanks!
[QUOTE=@@;34408071]It looks like a HTTP request. [code] httppost.addHeader("Content-Type", "application/x-www-form-urlencoded"); ((HttpRequestBase) (obj)).addHeader("User-Agent", (new StringBuilder()).append("Steam App / Android / ").append(Config.APP_VERSION).append(" / ").append(Config.APP_VERSION_ID).toString()); [/code] POST methods are used to send data: [code] public static RequestForLogin GetRequestForLogin(String s, String s1, String s2) { StringBuilder stringbuilder = new StringBuilder(1024); stringbuilder.append("client_id="); stringbuilder.append(Config.WebAPI.OAUTH_CLIENT_ID); stringbuilder.append("&grant_type=password&username="); stringbuilder.append(Uri.encode(s)); stringbuilder.append("&password="); stringbuilder.append(Uri.encode(s1)); if(s2.length() != 0) { stringbuilder.append("&x_emailauthcode="); stringbuilder.append(Uri.encode(s2)); } stringbuilder.append("&scope=read_profile%20write_profile%20read_client%20write_client"); RequestForLogin requestforlogin = new RequestForLogin(); requestforlogin.SetPostData(stringbuilder.toString()); return requestforlogin; } [/code][/QUOTE] If this uses OAuth, does that mean you could pull the secret token out of the app and gain access to anyone that has authorized the app's account?
[QUOTE=amcfaggot;34408219]How lovely. Thanks![/QUOTE] [lua] { "type": "chatmsg" "type": "personastate" "type": "personarelationship" "type": "umqstate" } [/lua] json encoded data will always have a "type" field which will be any one of those. a chatmsg: [lua] { "type": "chatmsg", "personaname": "string", "realname": "string", "avatar": "string", "personastate": int, "gameid": int, "gameextrainfo": "string", "lastlogoff": "string" } [/lua]
[t]http://i.imgur.com/W2tnD.png[/t] "Okay, let's have a field day with this one and intercept that traff- Oh."
Glad to see our data is safe though. :P
[code]HTTP/1.1 200 OK expires: Fri, 27 Jan 2012 02:29:26 GMT content-type: application/json; charset=UTF-8 Via: 1.1 api.steampowered.com Content-Length: 31811 Date: Fri, 27 Jan 2012 02:43:28 GMT X-Varnish: 2988880957 Age: 0 Via: 1.1 varnish Connection: keep-alive { "pollid": 0, "messages": [ { "type": "personastate", "timestamp": 26910732, "steamid_from": "76561198041546169", "status_flags": 863, "persona_state": 1, "persona_name": "Andrew McWatters" } ] , "messagelast": 1395, "timestamp": 26910884, "messagebase": 1222, "sectimeout": 1, "error": "OK" } [/code] Sample data structures [editline]26th January 2012[/editline] More stuff, is typing structure: [code]HTTP/1.1 200 OK expires: Fri, 27 Jan 2012 02:30:49 GMT content-type: application/json; charset=UTF-8 Via: 1.1 api.steampowered.com Content-Length: 248 Date: Fri, 27 Jan 2012 02:44:51 GMT X-Varnish: 2988932096 Age: 0 Via: 1.1 varnish Connection: keep-alive { "pollid": 0, "messages": [ { "type": "typing", "timestamp": 26993412, "steamid_from": "76561197996859119", "text": "" } ] , "messagelast": 1396, "timestamp": 26993412, "messagebase": 1395, "sectimeout": 2, "error": "OK" } [/code] [editline]26th January 2012[/editline] Seems the messages are in the HTTPS bit: [code]HTTP/1.1 200 OK expires: Fri, 27 Jan 2012 02:30:51 GMT content-type: application/json; charset=UTF-8 Via: 1.1 api.steampowered.com Content-Length: 264 Date: Fri, 27 Jan 2012 02:44:53 GMT X-Varnish: 2988934393 Age: 0 Via: 1.1 varnish Connection: keep-alive { "pollid": 0, "messages": [ { "type": "saytext", "timestamp": 26994162, "steamid_from": "76561197996859119", "secure_message_id": 1396 } ] , "messagelast": 1396, "timestamp": 26995488, "messagebase": 1396, "sectimeout": 1, "error": "OK" } [/code]
[quote]Via: 1.1 api.steampowered.com[/quote] that's interesting... I thought they were using vitalyi7. [editline]ff[/editline] Oh god, obfuscated code. It should of been: [url]https://api.steampowered.com:443[/url]
Persona change: [code]HTTP/1.1 200 OK expires: Fri, 27 Jan 2012 02:37:01 GMT content-type: application/json; charset=UTF-8 Via: 1.1 api.steampowered.com Content-Length: 320 Date: Fri, 27 Jan 2012 02:51:03 GMT X-Varnish: 2989169733 Age: 0 Via: 1.1 varnish Connection: keep-alive { "pollid": 0, "messages": [ { "type": "personastate", "timestamp": 27365698, "steamid_from": "76561198049505546", "status_flags": 863, "persona_state": 0, "persona_name": "Sgt. Rarity" } ] , "messagelast": 1750, "timestamp": 27365698, "messagebase": 1749, "sectimeout": 7, "error": "OK" } [/code] Sorry if these seem spammy. Yell at me if they do. [editline]26th January 2012[/editline] [QUOTE=@@;34409249]that's interesting... I thought they were using vitalyi7.[/QUOTE] Nope. That's something else that we're not yet aware of.
[QUOTE=amcfaggot;34409250][code] "persona_name": "Sgt. Rarity" [/code][/QUOTE] :rolleyes: [editline]27th January 2012[/editline] [QUOTE=amcfaggot;34409046][t]http://i.imgur.com/W2tnD.png[/t] "Okay, let's have a field day with this one and intercept that traff- Oh."[/QUOTE] you could probably swap out its copy of steam's public key for fiddler's public key or perhaps just install fiddler's certificate locally on your phone
[QUOTE=amcfaggot;34409046][t]http://i.imgur.com/W2tnD.png[/t] "Okay, let's have a field day with this one and intercept that traff- Oh."[/QUOTE] How did you manage to do this? I installed Fiddler's root certificate and HTTPS pages won't load at all on my emulator :(
[QUOTE=swift and shift;34409272]or perhaps just install fiddler's certificate locally on your phone[/QUOTE] Eh, somehow I doubt that's gonna work out as smooth as it sounds. [editline]26th January 2012[/editline] [QUOTE=synthiac;34409325]log ssl send function calls with gdb maybes?[/QUOTE] Nice thinking, but it wouldn't provide much more information than we're getting now.
[code] http://api.steampowered.com:80/ISteamWebUserPresenceOAuth/PollStatus/v0001 https://api.steampowered.com:443/ISteamWebUserPresenceOAuth/Logon/v0001 https://api.steampowered.com:443/ISteamWebUserPresenceOAuth/Poll/v0001 https://api.steampowered.com:443/ISteamWebUserPresenceOAuth/Message/v0001 https://api.steampowered.com:443/ISteamWebUserPresenceOAuth/Logoff/v0001 https://api.steampowered.com:443/ISteamWebUserPresenceOAuth/DeviceInfo/v0001 https://api.steampowered.com:443/ISteamWebAPIUtil/GetServerInfo/v0001 https://api.steampowered.com:443/ISteamOAuth2/GetTokenWithCredentials/v0001 [/code] List of URIs. [editline]sneaky valve[/editline] those sneaky valve, the URIs keep returning 404's until you match the parameters perfectly! D:
[QUOTE=amcfaggot;34403985] [editline]26th January 2012[/editline] I wish I knew what Voidy's process was for reverse engineering these structures or I'd attempt to do it myself.[/QUOTE] I mash random keys on my keyboard and pray it works.
[QUOTE=VoiDeD;34409505]I mash random keys on my keyboard and pray it works.[/QUOTE] take off your fennec paws first, maybe that'll improve your efficiency
[img]http://puu.sh/eInF[/img] [media]http://www.youtube.com/watch?v=P3ALwKeSEYs[/media]
oAuth client ID's: [quote] Public: DE45CD61 Beta: 7DC60112 Dev: E77327FA [/quote] I don't know if these are like secret salts or anything? [code] Uri uri = new Uri("https://api.steampowered.com/ISteamOAuth2/GetTokenWithCredentials/v0001/"); WebRequest http = HttpWebRequest.Create(uri); ((HttpWebRequest)http).UserAgent = "Steam App / Android / 1337 / 1337"; http.Method = "POST"; http.ContentType = "application/x-www-form-urlencoded"; string postdata = "client_id=DE45CD61&grant_type=password&username=USERNAME&password=PASSWORD&scope=read_profile%20write_profile%20read_client%20write_client"; http.ContentLength = postdata.Length; StreamWriter stOut = new StreamWriter(http.GetRequestStream(), System.Text.Encoding.ASCII); stOut.Write(postdata); stOut.Close(); HttpWebResponse response = (HttpWebResponse)http.GetResponse(); Stream stream = response.GetResponseStream(); [/code] login code.
Great job everyone, tomorrow we begin work on a Lua library on the work we've found. [editline]1[/editline] that wasn't suppose to be a joke [editline]26th January 2012[/editline] not 24 hours since the app's release and we've already started documenting the api; kinda nice if you ask me
Tip for everyone working with OSW: don't set your status id to 11. It crashes everyone you're chatting with and fucks up your Steam: [img]http://puu.sh/eIlo[/img] As discovered by Olivia :v: e: Clarification: the people you crash can start Steam fine, it's just your own Steam that's fucked up.
someone set up a website for this so we don't have to go trapsing through pages of forum posts to find this info.
[QUOTE=raBBish;34410050]Tip for everyone working with OSW: don't set your status id to 11. It crashes everyone you're chatting with and fucks up your Steam: [img]http://puu.sh/eIlo[/img] As discovered by Olivia :v: e: Clarification: the people you crash can start Steam fine, it's just your own Steam that's fucked up.[/QUOTE] Just fixed it! You go to Steam\userdata\{numbers}\config\localconfig.vdf [code] "PersonaStateDesired" "10" [/code] to [code] "PersonaStateDesired" "1" [/code]
[QUOTE=supersnail11;34410071]someone set up a website for this so we don't have to go trapsing through pages of forum posts to find this info.[/QUOTE] Overv will be documenting the API alongside myself and we'll be throwing up information on github within the library tomorrow.
[QUOTE=amcfaggot;34410193]Overv will be documenting the API alongside myself and we'll be throwing up information on github within the library tomorrow.[/QUOTE] [img]http://sae.tweek.us/static/images/emoticons/emot-love.gif[/img]
[QUOTE=amcfaggot;34410193]Overv will be documenting the API alongside myself and we'll be throwing up information on github within the library tomorrow.[/QUOTE] Or you could just update [url=https://developer.valvesoftware.com/wiki/Steam_Web_API]this page[/url].
This is fun [img]http://puu.sh/eIz3[/img]
[img]http://puu.sh/eIzN[/img] Documenting time.
Sorry, you need to Log In to post a reply to this thread.