js encrypted steam login

1. url:  https://store.steampowered.com/login/?redir=&redir_ssl=1

2. target: Login


3. analysis

3.1 as usual, grab the bag and find js.

Just type in an account password and click log in to see what requests have been sent.


One login sends two requests. The result of the first request is a json. There are two parameters in it, which are needed in the second request. You can directly add the user name and a timestamp to send the post, regardless of it. Look at dologin.

3.2 one of the password parameters is encrypted, and the other two do not seem to be very important. The next step is to decrypt this parameter.


3.3 copy the encryption parameter to find out where it appears. It looks like this.


Then hit breakpoint debugging, find dependent functions, variables, and finally deduct the executable js code.

4. python code:

from afterWork.config import proxies, userAgent
import requests
import json
import time
import re
import execjs

def getModExp(data):
    res = requests.post(url='https://store.steampowered.com/login/getrsakey/',
                        headers={'User-Agent': userAgent.random()})
    # print(res.text)
    jsonInfo = json.loads(res.text)
    mod = jsonInfo['publickey_mod']
    exp = jsonInfo['publickey_exp']
    return mod, exp

def getData(userName, donotcache):
    data = {
        'donotcache': donotcache,
        'username': userName
    return json.loads(json.dumps(data))

def accountInfo():
    userName = 'Your user name'
    pw = 'Your password'
    donotcache = re.sub(r'\.', '', str(time.time()))[:-4]
    # print(donotcache)
    # print('1577238990888')

    return userName, pw, donotcache

def getJsCode():
    with open('jsCode.js', 'r') as f:
        jsCode = f.read()
        return jsCode

def getLoginData(username, pw, donotcache):
    loginData = {
                'donotcache': donotcache,
                'password': pw,
                'username': username,
                'twofactorcode': '',
                'emailauth': '',
                'loginfriendlyname': '',
                'captchagid': '-1',
                'captcha_text': '',
                'emailsteamid': '',
                'rsatimestamp': '111645050000',
                'remember_login': 'false'
    return json.loads(json.dumps(loginData))

def login(loginData):
    res = requests.post(url='https://store.steampowered.com/login/dologin/',
                        headers={'User-Agent': userAgent.random()})

def mainFun():
    userName, pw, donotcache = accountInfo()
    data = getData(userName, donotcache)
    # print(type(data))
    mod, exp = getModExp(data)
    jsCode = getJsCode()
    ctx = execjs.compile(jsCode)
    result = ctx.call('getPW', pw, mod, exp)
    # print(result)
    loginData = getLoginData(userName, result, donotcache)
    # print(type(loginData))

if __name__ == '__main__':

As a result, the login successfully returns these things:


Learn to communicate, not for other purposes.

Keywords: Python JSON

Added by ReDucTor on Wed, 25 Dec 2019 20:44:05 +0200