Steam.dll Passworddecrypt and IDA Pro

purple · **Joined:** 13 Jan 2009 13:09 **Posts:** 5

hi,

i want to decrypt my steam password with the SteamDecryptDataForThisMachine function out of the dll.
my code is from a snippet i found somewhere. it is bad programmed, cause i run this program step by step in the debugger to find my error, so it doesnt matter if i check if if a variable is NULL.

my code:

Code:

typedef int (__cdecl *SteamDecryptDataForThisMachine_t)(char *a, int b, char *c, int d, int *e);
SteamDecryptDataForThisMachine_t SteamDecryptDataForThisMachine;

HANDLE  hSteamDll;
int     len, a;
char   pwd[100], *encpwd;


encpwd = "9AFABD9620CEC491F83DCE12633D9CDAADE0B6FFA2BBE012E89273695257CDCE9572A7088B2CAC037DC833633355";

hSteamDll = LoadLibrary("D:\\Steam\\STEAM.DLL");
// is 0x300000 -> okay

SteamDecryptDataForThisMachine = (SteamDecryptDataForThisMachine_t) GetProcAddress(hSteamDll, "SteamDecryptDataForThisMachine");
// is 0x30128BD0 or something -> okay

a = SteamDecryptDataForThisMachine (encpwd, strlen(encpwd), pwd, sizeof(pwd), &len);
// a is 1 => okay

this code doesnt work for me. the 3rd parameter pwd is still empty after the call.

so i opened ida pro and looked at the function. it says that all the parameters are int.

like:

Code:

__cdecl *SteamDecryptDataForThisMachine_t(int,int,int,int,int);

but i use:

Code:

__cdecl *SteamDecryptDataForThisMachine_t(char*,int,char*,int,int*);

maybe thats okay. but it doesnt work for me so i ask u if u maybe have a hint why i dont get it.
greetz

aluigi · **Posted:** 13 Jan 2009 15:01

if the return value from the function is non-zero means that there were problems with the retrieved key (for example it's invalid for the provided password).

is that encpwd yours? (for excluding problems with invalid keys)
what operating system are you using?

purple · **Joined:** 13 Jan 2009 13:09 **Posts:** 5

ty for the answer! dont know why i thought a=1 means its okay....

no its not mine, i took it out of the example. but i tried it with mine too and i still got the same problem...
maybe u have another one? maybe my encpwd is too long cause i searched it manually!

im using win xp, no vista or sth!

Edit: tried 3 other encoded pwds too, and i always get a=1; if i use encpwd=""; i get a=8...

aluigi · **Posted:** 13 Jan 2009 18:24

your code is correct (checked it here) so it's not the cause of the problem.

have you tried to use my steampwd with your encrypted password?
is it converted correctly with the key calculated by the tool? (steampwd tries automatically the retrieved key and the nomachine key if the first fails)
are you running your code with the same user and privileges of the one for which was created the encrypted password by Steam?

purple · **Joined:** 13 Jan 2009 13:09 **Posts:** 5

i tried this pwd: E73A8D102B3CDD771A32F4BEF742ED54508F29C831DD93C9BB1183500A3BA636F978657ED490C61B16336DDD7CDC

and a lot others, they all look like this. mine too.... and it works with your steampwd. but i cant recompile it, i use codegear c++ builder.

user privileges ar the same. maybe u can compile to a binary and i try it on my computer? maybe thats theres another problem....

aluigi · **Posted:** 14 Jan 2009 17:17

uhmmm if that encrypted password works with my steampwd means that it has been created on your computer and the key is right... have you already tried the executable available here?

post3679.html#p3679

first try that executable (so without recompiling it) and if works try to compile that source code and check if the new compiled executable is still able to decrypt your password, it could be a problem caused by your compiler although it's very very strange

purple · **Joined:** 13 Jan 2009 13:09 **Posts:** 5

first thank you for your great help =)

this is what i got:

Code:

D:\Steam>steampwddll.exe E73A8D102B3CDD771A32F4BEF742ED54508F29C831DD93C9BB11835
00A3BA636F978657ED490C61B16336DDD7CDC

Error: you can't decrypt this encrypted password

D:\Steam>

really strange... maybe its my steam.dll. dont know...

aluigi · **Posted:** 14 Jan 2009 20:23

very strange, anyway the latest steam.dll still work because I tested it just yesterday and today after having updated Steam for excluding that your problem was caused by a new version of the dll.

I can also exclude the problem of the lack of the UAC manifest (affecting vista when accessing the registry keys, reported by Henderson) because my steampwd decrypted your password correctly so it's not this one the cause.

for the moment the only suggestion I have is to update your Steam client ("Check for Steam client updates...") and re-verify if with the new dll there are still problems, if the problem continues I don't have other ideas

purple · **Joined:** 13 Jan 2009 13:09 **Posts:** 5

erm i made a steam update, 12mb, and got the newest steam.dll

but i still got the same error. i will now try it on other computers. anyway thx for your help!

greetz

Luigi Auriemma

Steam.dll Passworddecrypt and IDA Pro