@ -4,73 +4,175 @@ One of likely many ways to get your Steam second-factor into Aegis. Also see htt
## Overview
This might be a good method for you if you:
* have some experience with Python
* use Linux (or can translate these steps to Windows/Mac on your own)
* like DIY solutions
* can read :)
* don't want to (and are okay with not having the option to) use the Steam app as an authenticator
This might be a good method for you if you are comfortable on the command line. The following steps assume that you have a working Python 3 installation on Linux (though the steps are largely platform-independent. If you can install the needed programs, it should be fine).
> If that last point is painful, check out `steamctl` and its `authenticator` subcommand [here on GitHub](https://github.com/ValvePython/steamctl/tree/master). As of writing, the README shows a screenshot with the Steam app and Aegis generating the same codes.
This method will allow you to use the Steam app while also having the raw secret data that can be loaded into Aegis. The best of both worlds!
The following steps assume that you have a working Python 3 installation on Linux.
> `steamctl` and its `authenticator` subcommand [here on GitHub](https://github.com/ValvePython/steamctl/tree/master) may be easier than this process and achieve similar results.
## Steps
## Prerequisites
1. Install the [steam](https://pypi.org/project/steam/) package with `pip install steam`. If you want to avoid typing in long strings into Aegis, also feel free to grab [qrcode](https://pypi.org/project/qrcode/). Feel free to use a virtual environment if you're into that
2. From the Steam app, [remove your existing authenticator](https://support.steampowered.com/kb_article.php?ref=8625-WRAH-9030#disable)
3. Let's get down to business. Read, understand, and execute the following code. Ignore the comments at your own peril.
1. Install the [steam](https://pypi.org/project/steam/) package and dependencies with `pip install steam google-api-python-client`. If you want to avoid typing long strings into Aegis, also feel free to grab [qrcode](https://pypi.org/project/qrcode/). Feel free to use a virtual environment if you don't want these programs and dependencies persisting on your system.
2. If you have an existing "Mobile Authenticator" configured, you will need to disable it to follow along. Some words on how to do so in the Steam app can be [found here](https://support.steampowered.com/kb_article.php?ref=8625-WRAH-9030#disable)
3. If your Steam account doesn't have a phone number, you will need to add and verify one before following along. If the previous step applied to you, this one probably doesn't (as you already have a phone number associated with your Steam account if you already had a Mobile Authenticator set up).
Be sure to **provide your username to the MobileWebAuth call on line 3 and enter your SMS verification code in the finalize call near the end**.
## Initial Steps: Log In and Create Authenticator
Because of that last part, it would likely be best to do this all from a REPL/interactive shell (i.e., `python3` at the terminal, line-by-line).
Run `python3` at your terminal to start a REPL/interactive Python interpreter. Type in the the following lines one at a time (no need to enter the comments, which are everything from the `#` character onward), pressing enter after each line. No output is a good sign.
```python3
from steam.webauth import MobileWebAuth # See https://steam.readthedocs.io/en/stable/api/steam.webauth.html
from steam.guard import SteamAuthenticator # See https://steam.readthedocs.io/en/stable/api/steam.guard.html
import json # For saving your authenticator details/secrets as a json file
```
In the next line, substitute `YOUR-USERNAME-HERE` below for your actual Steam account name, the one that you use to log in to Steam.
```python3
session = MobileWebAuth('YOUR-USERNAME-HERE') # Enter your username, keep the quotes
session.cli_login() # Will walk you through the login process interactively
authenticator = SteamAuthenticator(backend=session) # We are using this to do Steam Authenticator stuff using our just-established login/session
authenticator.add() # This will result in an text being sent to your phone with a verification code
```
## Finalizing the Authenticator
The authenticator that you have just "added" isn't really added yet. It needs to be confirmed/finalized first. You have two options for doing that. Which option you choose depends on how you answer the following question.
Do you want to use Steam Guard in the Steam mobile app?
> **Note**
> If not, you may not be able to confirm trade offers (effectively preventing you from trading at all)
### "Yes"
If you want to use Steam Guard in the Steam mobile app as well, you will need to continue setup there. Leave your terminal open as we aren't quite done with it.
After you click "Add Authenticator" in the Steam app, it will ask you to enter the code that was sent to your phone. You should have received a code when you did the previous step, the `authenticator.add()` call. Use that code.
> **Warning**
> If you get a new text code (or the Steam app doesn't accept your original text code), the authenticator that you set up in the terminal won't match the one being set up in the Steam app. Go down to the Troubleshooting section and follow the steps detailed under "The authenticator in my Steam app doesn't match the one I generated."
If the Steam app accepts the text code you originally received, that is a good sign.
wa = MobileWebAuth('YOUR-USERNAME-HERE') # Enter your username, keep the quotes ;)
wa.cli_login() # Will walk you through the login process interactively
Now, The Steam app should be showing you a six character code that starts with an `R` followed by 5 numbers. This is your revocation code. Before you worry about putting it somewhere safe, verify that the revocation code presented by the Steam app matches the one you generated in the Python interpreter. You can check that revocation code by running the following in your Python interpreter:
sa = SteamAuthenticator(backend=wa) # We are using this to do Steam Authenticator stuff using our just-established login/session
sa.add() # This will result in an SMS verification being sent to your phone
```python3
authenticator.secrets["revocation_code"]
```
If the two codes match, great! Carry on (and skip the `"No"` section below).
If the two codes *don't* match, go down to the Troubleshooting section and follow the steps detailed under "The authenticator in my Steam app doesn't match the one I generated."
# Don't skip this! The saved file is the basis of your "authenticator" and is the only non-volatile record of it (until we add it to Aegis, at least)
# Similarly, don't let the secrets file fall into the wrong hands! Don't lose it! Know where you put it!
# Anyone with this file (and a bit of know-how) can generate 2FA codes for your account or disable the authenticator using the included revocation code.
If you want to be extra sure that the authenticator is active, you can optionally run the following line in the Python interpreter:
json.dump(sa.secrets, open('./steam_auth_secrets.json', 'w')) # After this line, you should find steam_auth_secrets.json in your current working directory
```python3
authenticator.status()
```
At this point, you can use the URL included in the json file we made to create a qr code that we can scan with Aegis.
The output should look something like below if everything worked as intended:
Do this from a separate terminal. **Do NOT exit** your interactive Python interpreter.
From the .json file, copy the value associated with the `uri` key. It should start with `otpauth://`. Paste it in the command below, and keep a single pair of quotation marks around the uri.
If it didn't work, it will probably look something like this:
Now, just open the image using your preferred image viewer, scan it with Aegis, and **make sure you change the type from TOTP to Steam**.
### "No"
If you *don't* want to use Steam Guard in the Steam mobile app (and are okay with the implications of such), you can finalize the authenticator as follows:
> **Warning**
> If you followed the steps from the above "Yes" section, please skip to the next section, `Saving the Authenticator`
```python3
authenticator.finalize("YOUR-SMS-CODE")
authenticator.status()
```
The output should look something like below if everything worked as intended:
After running this, you should find steam_auth_secrets.json in your current working directory.
Back to our REPL:
> **Warning**
> The file that you just saved *is* your "authenticator"
> Treat this file as you would a password/passphrase or any other sensitive digital data. In more specific terms, keep the file somewhere where it will be sufficiently safe from loss and from others.
> Notably, this file includes your `recovation_code` that can be used to disable the authenticator and the `uri`/`shared_secret` that can be used to generate Steam Guard codes (e.g., by adding it to Aegis).
## Adding the Authenticator to Aegis
At this point, you can add your Steam authenticator to Aegis.
In your Python interpreter, run:
```python3
sa.get_code() # Does this match what shows on Aegis at the same time? If so, great! If not, something has gone wrong.
authenticator.secrets["uri"]
```
(or, open the JSON file that you saved in the previous section and look for the `uri` key)
# Psst. If Aegis is generating a fully numerical one-time password, go and change its type from "TOTP" to "Steam" and try this line again to see if the output of get_code() and Aegis match
and copy the value *without the quotes* (or you can remove them before you run the command to generate the QR code)
sa.finalize("YOUR-SMS-CODE") # If everything has gone smoothly, this will finalize your authenticator.
In a *separate* terminal (leave your Python interpreter running), run the following: `qr "PASTE-YOUR-URI-HERE" > qr.png`
sa.status() # Optional. Output should look something like below if everything worked as inteded:
Now, just open the image using your preferred image viewer, scan it with Aegis, and **make sure you change the type from TOTP to Steam**.
exit() # You're done!
Aegis should be generating Steam Guard codes now! Let's make sure they are correct. Back in your Python interpreter, run:
```python3
authenticator.get_code()
```
The code generated in the Python interpreter should match what is shown in Aegis and (if applicable) what is shown in the Steam mobile app.
- If so, great! You are done!
- If not, something has gone wrong.
- If Aegis is generating a fully numerical one-time password, go and change its type from "TOTP" to "Steam" and try this line again to see if the output of get_code() and Aegis match.
## Summary
If all has gone well, you have:
- created a Steam authenticator
- finalized (either via the Steam app or via `authenticator.finalize()`) the authenticator
- saved the details of your authenticator as a JSON file
- and added the authenticator to Aegis
👏
## Troubleshooting
- Issue: `from steam.guard import SteamAuthenticator` fails with the following error:
### Issue: "The authenticator in my Steam app doesn't match the one I generated."
Solution: Fear not! You don't even need to start from scratch if you still have your Python interpreter running from your initial attempt.
All that happened most likely was that too much time elapsed between running `authenticator.add()` (which starts the process w/ Steam, results in you receiving a text verification code) and trying to configure
Run `authenticator.remove()`, followed by another `authenticator.add()` and continue on from `Finalizing the Authenticator`.
### Issue: "`from steam.guard import SteamAuthenticator` fails with this ModuleNotFoundError"
```
>>> from steam.guard import SteamAuthenticator
@ -83,13 +185,19 @@ exit() # You're done!
ModuleNotFoundError: No module named 'google'
```
Solution: install the [google-api-python-client](https://pypi.org/project/google-api-python-client/) package with`pip install --upgrade google-api-python-client`.
Solution: Double-check that you have installed the [google-api-python-client](https://pypi.org/project/google-api-python-client/) package. It won't hurt to run`pip install --upgrade google-api-python-client` again.
## Questions
Q: Something went wrong! What do I do?
> A: Among the more productive actions you could take, you could re-read the instructions to see if you missed anything, you could read the API docs for the `steam` package, you could try looking at other pages on this here wiki, or you can use your favorite search engine to attempt to investigate your specific error. You could also contact the person who wrote this guide (see the next section).
> A: In no particular order, you could:
>- re-read the instructions to see if you missed anything
>- try the process starting from scratch
>- read the API docs for the `steam` package
>- read other pages on this GitHub wiki (there may be a different process that works for you)
>- use your favorite search engine to attempt to investigate your specific error
>- you could contact the person who wrote this guide (see the next section).
Q: Something about this section is (confusing/could be improved/didn't work/locked me out of my account/etc.). Who (originally) wrote this guide? Can I contact them?
Chance Harrison
3 years ago