Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:46

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ] 
Author Message
 Post subject: Steam Password Decrypt [VB.net]
PostPosted: 19 Dec 2008 00:11 

Joined: 19 Dec 2008 00:01
Posts: 11
Hi i wanted to ask the original developer on the problem i have been having. I wanted to make a VB.net application which uses SteamDecryptDataForThisMachine function in steam.dll

I have come up with this code, (this is a console application POC)

[code changed]

It doesnt seem to work. Maybe i'm getting the error because my enc pwd is wrong or maybe steam changed the dll to prevent this method. It would be good if somone could help me get this code working. I'm using vista and even the password recovery tool doesnt work, it prompts me for the clientregistry.blob, i select my own and it keeps giving me errors. The error inlcudes: Error: The hmac checksum differs, the key is wrong.


Last edited by uzkingz on 22 Dec 2008 17:44, edited 1 time in total.

Top
 Profile  
 
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 19 Dec 2008 01:48 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm the main question is: are you 100% sure that the encrypted password works on your PC?
I mean, if it's located in clientregistry.blob can you login into steam with that saved password?

the error of steampwd means exactly that the key (your 3 registry values) is wrong because there is a checksum in that encrypted password and if differs means that you can't recover it


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 14:34 

Joined: 19 Dec 2008 00:01
Posts: 11
i'm 100% sure the encrypted password works. I start steam and it automaticlly logs me in and it has saved my password. Maybe i didnt enter my full encpwd in my code from registry but xp and vista work differently and i notice that your tool didnt read my registry properly Furthermore i tried running it as administrator because vista can be a bit of a pain when a program edits the registry and the program doesnt have admin rights. But the error still percists. I'm not sure what the problem is but i hope to resolve it. What do you think of my code, i understand your method of decryption and i implicated it to vb.net, i'm sure i can get this working but i'm not sure because even your program doesnt decrypt my password.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 15:50 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
vista is really a pain.
I don't have vista here but the last time an user tried steampwd on vista it worked so I thought the troubles were finished.

in the case of steampwd the retrieving of the key is performed in the following way:

- get HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId
- get HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
- get HKEY_CURRENT_USER\Software\Valve\Half-Life\Settings\io
(so if for example the "io" doesn't exist its field will be empty "")
- concatenate the 3 strings
- if the resulted merged string is empty ("") substituite it with NoMachineSpecificPassphraseAvailable

so when you launch steampwd and select the blob file or directly the encrypted string at command-line do you see all the 3 fields or there are some of them empty?

then you have talked about SteamDecryptDataForThisMachine, do you have problem to decrypt the string using that function too?
if Steam works (logins without problems) that function should work too.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 17:52 

Joined: 19 Dec 2008 00:01
Posts: 11
This is what i get:

Image

Quote:
- get HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId
- get HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
- get HKEY_CURRENT_USER\Software\Valve\Half-Life\Settings\io
(so if for example the "io" doesn't exist its field will be empty "")
- concatenate the 3 strings
- if the resulted merged string is empty ("") substituite it with NoMachineSpecificPassphraseAvailable


What do you mean by concatenate it?

Quote:
then you have talked about SteamDecryptDataForThisMachine, do you have problem to decrypt the string using that function too?
if Steam works (logins without problems) that function should work too.


Yes i know it should, perhaps it does work but i'm not imputing my encpwd properly. Could you elaborate what you mean by concatenate it.
Here is what i get in registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId = doesnt exist???
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid = 85bd3f1b-8ce0-40ec-b8aa-2e0ebcbf450e
HKEY_CURRENT_USER\Software\Valve\Half-Life\Settings\io = lol this has no value
so as you can see only one registry key exists on my computer, how can i now build my encrypted password?


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 18:38 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
concatenating means adding the strings consecutively in the order: ProductId, MachineGuid and io.
if your ProductId is "blablabla", your MachineGuid is "abcdef" and your io is "12345" your key is blablablaabcdef12345

luckily steampwd is built to work in command-line mode too so you can do various tests with various registry fields for finding your exact key (the alternative is debugging steam or monitoring the registry reads of Steam).
so the first thing you should test is finding another ProductId key (and optionally another "io" too) in the registry simply using regedit.

if you find the ProductId it's enough that you add it before your MachineGuid, so if your ProductId is "12345678901234567890" try using the key 1234567890123456789085bd3f1b-8ce0-40ec-b8aa-2e0ebcbf450e:

steampwd c:\clientregistry.blob "1234567890123456789085bd3f1b-8ce0-40ec-b8aa-2e0ebcbf450e"

the final check you can do if none of the previouses work is the following:

steampwd c:\clientregistry.blob NoMachineSpecificPassphraseAvailable

let me know if you have success with these tests.
for my curiosity: do you have vista 64 bits or the "normal" one?


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 19:22 

Joined: 19 Dec 2008 00:01
Posts: 11
I will try testing this, i'm running on windows vista home premium 32 bit.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 19:52 

Joined: 19 Dec 2008 00:01
Posts: 11
The problem is i cannot find my product id. That registry string:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId
it doesnt exist


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 20:47 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I meant searching it in all the registry with regedit using Find (CTRL-F)


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 22:09 

Joined: 19 Dec 2008 00:01
Posts: 11
ok i tried using the cmd line with the encrypted pass and tried getting the registry strings which i did manage to get but it was still showing me the problem. Then i used this:
steampwd c:\clientregistry.blob NoMachineSpecificPassphraseAvailable

And it worked perfectly. Now i'm happy but i have no idea how to use this NoMachineSpecificPassphraseAvailable in my vb.net application. Could you suggest how to implicate this to my code or could you post how you programed this feature in C++


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 22:29 

Joined: 19 Dec 2008 00:01
Posts: 11
I also work with delphi so if theres anyway this method for NoMachineSpecificPassPhraseAvailable can be transalted to delphi, vb6 or vb.net?


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 20 Dec 2008 23:29 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ok I understand and I have an idea.
I have made a micro modification to the function which reads the values from the registry where I have added the same "check" performed also by Steam if the type is not REG_SZ (because all the rest is correct, NoMachineSpecificPassPhraseAvailable is used only if the total concatenated string is empty).

so try the following beta and let me know if this one works in the "normal" way (without specifying the key at command-line):

http://aluigi.org/beta/steampwd.zip


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 21 Dec 2008 02:12 

Joined: 19 Dec 2008 00:01
Posts: 11
the "normal" way still doesnt work, you should get a virtual machine (Vmware) install vista on it and then test it, it should be easier for you. Can you tell me how this NoMachineSpecificPassPhraseAvaliable works in technical details. I'm trying to make this on vb.net
hopefully can get it working


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 21 Dec 2008 03:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's simple, instead of building the key from the registry you use directly the key "NoMachineSpecificPassPhraseAvaliable".
in steam this key is used if the final concatenated string (the key calculated through the registry) is empty.

so in your case this method is not enabled because machineguid is not empty (I will make 2 definitive tests tomorrow to solve the problem).


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 21 Dec 2008 04:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
tests done and I think to have solved the problem.
in short Steam tries a read/write access on the keys of the registry and probably the restrictions existent on Vista don't allow to have a write access to an important component like MachineGuid (seems a possible victim from viruses and other security problems, that's the reason of the restriction).

and so this explains why my steampwd got this value and Steam didn't.

in any case I have added the testing of the NoMachineSpecificPassPhraseAvaliable key in ANY case if the original retrieved one is wrong.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 22 Dec 2008 15:32 

Joined: 19 Dec 2008 00:01
Posts: 11
i see. So this method NoMachineSpecificPassPhraseAvaliable uses the direct encrypted password from the blob file and encrypts it?
But how can i use this in my code, i know vb6, vb.net and delphi so how can i use this in other languages.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 22 Dec 2008 15:52 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
NoMachineSpecificPassPhraseAvaliable is not a "method", it's only a default key used in case the key got from the concatenation of the 3 registry values is empty (something like "if the system key is empty use the nomachine one").

naturally if you use the SteamDecryptDataForThisMachine method for decrypting the password you don't need to think to this "default key" because it's all handled automatically by that function of the dll.

in my opinion the only reason for which the SteamDecryptDataForThisMachine called by your code doesn't work on Vista is probably a matter of permissions (but it's only an hypothesis!), so try to run your code with a lower and then higher permission and check if something changes (because your code seems correct).
at the moment I don't have other ideas because the only things I did with that SteamDecryptDataForThisMachine was the retrieving of the needed parameters and nothing else (lack of interest since steampwd uses the full method).


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 22 Dec 2008 17:41 

Joined: 19 Dec 2008 00:01
Posts: 11
AHH FINALLY GOT IT WORKING!!!
i had to include some more lines of code and now everything's working. The only weird thing is that when i run the application as administartor the application fails to decrypt password, but when i run it normally it works perfectly.


Top
 Profile  
 
 Post subject: Re: Steam Password Decrypt [VB.net]
PostPosted: 22 Dec 2008 17:43 

Joined: 19 Dec 2008 00:01
Posts: 11
Thanks for your help


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: