Skip to content

Two factor authentication sr CS

ArchiBot edited this page Feb 11, 2023 · 34 revisions

Dvofaktorska autentikacija

Steam includes two-factor authentication system known as "Escrow" that requires extra details for various account-related activity. O ovome možete pročitati više ovdje i odvje. This page considers that 2FA system as well as our solution that integrates with it, called ASF 2FA.


Logika ASF-a

Regardless if you use ASF 2FA or not, ASF includes proper logic and is fully aware of accounts protected by standard 2FA. Pitaće vas za potrebne informacije kada su potrebne (npr. kada se prijavljujete). However, those requests can be automated by using ASF 2FA, which will automatically generate required tokens, saving you hassle and enabling extra functionality (described below).


ASF 2FA

ASF 2FA is a built-in module responsible for providing 2FA features to the ASF process, such as generating tokens and accepting confirmations. It works by duplicating your existing authenticator details, so that you can use your current authenticator and ASF 2FA at the same time.

Možete provjeriti da li vaš bot nalog već koristi ASF 2FA izvršavanjem 2fakomandi. Unless you've already imported your authenticator as ASF 2FA, all standard 2fa commands will be non-operative, which means that your account is not using ASF 2FA, therefore it's also unavailable for advanced ASF features that require the module to be operative.


Creation

In general we strongly recommend to duplicate your existing authenticator, as after all, that's the main purpose ASF 2FA was designed for. However, ASF comes with official MobileAuthenticator plugin which further extends ASF 2FA allowing you to link completely new authenticator as well. This can be useful in case you're unable or unwilling to use other tools and you do not mind ASF 2FA to become your main (and maybe only) authenticator.

In order to assign new 2FA and automatically import it as ASF 2FA, you should do the following steps:

  1. Create ASF bot for the target account, start it and log in, which you probably already did.
  2. Assign working and operative phone number to the account used by the bot here. Phone number is absolutely required, there is no way to add 2FA without it.
  3. Execute 2fainit [Bot] command, replacing [Bot] with your bot's name.

Assuming you got a successful reply, the following two things have happened:

  • A new <Bot>.maFile.PENDING file was generated by ASF in your config directory.
  • SMS was sent from Steam to the phone number you have assigned for the account above.

The authenticator details are not operative yet, however, you can review the generated file if you'd like to. If you want to be double safe, you can for example already write down revocation code, which is normally explained further below.

  1. Once satisfied, execute 2fafinalize [Bot] <ActivationCode> command, replacing [Bot] with your bot's name and <ActivationCode> with the code you've received through SMS.

Assuming everything worked properly, previously generated <Bot>.maFile.PENDING file was renamed to <Bot>.maFile.NEW. This indicates that your 2FA credentials are now valid and active. We recommend you to create a copy of that file and keep it in secure and safe location. In addition to that, we recommend you to open it (it's a text file) and write down revocation_code which will allow you, as the name implies, to revoke the authenticator in case you lose it.

In regards to technical details, the generated maFile includes all details that we have received from Steam server during linking authenticator, and in addition to that device_id field which may be needed for other authenticators. The file follows and is fully compatible with SDA for import.

ASF automatically imports your authenticator once the procedure is done, therefore 2fa and other related commands should now be operative for the bot account you linked the authenticator to.


Unos

Import process requires already linked and operational authenticator that is supported by ASF. ASF currently supports a few different official and unofficial sources of 2FA - Android, iOS, SteamDesktopAuthenticator and WinAuth, on top of manual method which allows you to provide required credentials yourself. If you don't have any authenticator yet, you need to choose one of available apps and set it up firstly. Ako ne znate koji da izaberete, predlažmo vam WinAuth, ali bilo koji od ovih će raditi dobro ako pratite instrukcije.

Sva naredna uputstva zahtijevaju da već imate radni i operativni autentikator koji možete koristi sa aplikacijom. ASF 2FA neće raditi propisno ako unesete nepravilne podatke, pa zbog toga budite sigurni da vaš autentikator radi prije nego što pokušate da ga unesete. To podrazumijeva testiranje i verifikaciju pravilnog rada sledećih funkcija:

  • možete generisati tokene koje prihvata Steam network,
  • možete primati potvrde, i one će stizati na vašem mobilnom autentikatoru,
  • možete potvrditi te potvrde, i one će biti pravilno prepoznate od strane Steam-a kao potvrđene/nepotvrđene.

Potvrdite da vaš autentikator radi provjeravajući da li postupci gore navedeni rade - ako ne rade, onda neće raditi ni u ASF-u takođe, samo ćete trošiti vrijeme i zadavati sebi dodatnu brigu.


Android telefoni

The below instructions apply to Steam app in version 2.X, there are currently no resources on extracting required details from version 3.0 onwards. We'll update this section once generally-available method is found. As of today, a workaround would be to intentionally install older version of Steam app, register 2FA and extract the required details first, after which it's possible to update the application to latest version - existing authenticator will continue to work.

Generalno, za ubacanje autentikatora sa vašeg Android telefona morate imati root privilegije. Root je različit od telefona do telefona, pa vam ne mogu reći kako da rootujete vaš uređaj. Posjetite XDA forum radi odličnih uputstava o načinu kako to da uradite, kao i o uobičajenim informacijama o rootovanju. Ako ne možete da pronađete vaš uređaj ili uputstvo koje vam treba, pokušajte da tražite na Google-u.

Oficijalno, nije moguće da pristupite zaštićenim Steam fajlovima bez root-a. Jedini oficijalni bez-rootni način da dođete to Steam fajlova jeste da kreirate nezaštićenu /data kopiju na neki način i da ručno tražite potrebne fajlove u njoj na PC-u, ali pošto ta funkcija zavisi o vašeg proizvođaća uređaja i nije standardno na Android-u, nećemo o tome govoriti. Ako se zadesi da imate tu funkcijonalnost, možete je koristiti, ali najčešće korisnici to nemaju.

Unofficially, it is possible to extract the needed files without root access, by installing or downgrading your Steam app to version 2.1 (or earlier), setting up mobile authenticator and then creating a snapshot of the app (together with the data files that we need) through adb backup. Ali pošto je ove ozbiljan sigurnosni problem i skroz nepodržan način da se izvuku fajlovi, ne možemo govoriti dalje o tome, Valve je onemogućijo ovo s razlogom, a mi ga pominjemo jedino kao mogućnosti. Still, it might be possible to do a clean install of that version, link new authenticator, extract the required files, and then upgrade the app, which should be just enough, but you're on your own with this method anyway.

Pretpostavljajući da ste već uspješno root-ovali vaš uređaj, trebate nakon toga preuzeti root pretraživač koji je dosupan Play prodavnici, kao što je ovaj (ili bilo koji drugi u zavisnosti od vašeg izbora). Takođe možete doći to zaštićenih fajlova pomoću ADB (Android Debug Bridge) ili drugog vama dostupnog metoda, mi ćemo objasniti pomoću pretraživača, pošto je to najdostupniji način za koristike.

Kad otvorite root pretraživač, idite u folder /data/data. Još jednom napominjemo da je direktorijum /data/data zaštićen i da mu ne možete pristupiti bez root privilegija. Kada ste u ovom direktorijumu, pronađite folder com.valvesoftware.android.steam.community i kopirajte ga na vašu /sdcard, koja je na vašoj internoj memoriji. Nakon toga, imate mogućnost da konektujete uređaj na vaš PC i kopirate folder za vaše interne memorije kao i obično. Ako je nekim slučajom folder nevidljiv i pored toga što ste ga kopirali na pravo mjesto, pokušajte restartovati uređaj prvo.

Sada možete odlučiti da li želite da ubacite vaš autentikator prvo u WinAuth, pa u ASF, ili direktno u ASF. Prvo opcija je lakša i omogućava vam da duplirate autentikator na vašem PC, što vam omogućava da prihvatate potvrde i generišete tokene sa tri različita mjesta - vašeg telefona, PC-a i ASF-a. Ako želite da to uradite, otvorite WinAuth, dodajte novi Steam autentikator i izaberite opciju "importing from Android(unesite sa Android-a)", zatim pratite instrukcije i izaberite fajlove koje ste preuzeli ranije. Kada završite, možete da dodate ovaj autentikator iz WinAuth-a u ASF, a ovo je objašnjeno ispod u WinAuth odjeljku.

If you don't want to or don't need to go through WinAuth, then simply copy files/Steamguard-<SteamID> file from our protected directory, where SteamID is your 64-bit Steam identificator of the account that you want to add (if more than one, because if you have only one account then this will be the only file). Treba da premjestite ovaj fajl in ASF-ov config direktorijum. Kada to uradite, promijenite ime fajla sa BotName.maFile, gdje je BotName isto kao ime kojim ste nazvali bota tokom konfiguracije i kojem dodajete ASF 2FA. Nakon ovog koraka, pokrenite ASF - on će zapaziti .maFile i iskoristiti ga.

[*] INFO: PreuzimanjeAutentikatora() <1> Mijenjanje .maFile-a u ASF format...
[*] INFO: PreuzimanjeAutentikatora() <1> Uspješno završeno preuzimanje mobilnog autentikatora!

To je sve, pretpostavljajući da se izabrali tačan važeći fajl, sve bi trebalo da bude u redu, a to možete provjeriti koristeći 2fa komande. Ako nešto pogriješite, uvijek možete izbrisati Bot.db i početi ponovo ako je potrebno.


iOS

Na iOS-u možete koristiti ios-steamguard-extractor. Ovo je moguće zahvaljujući činjenici da možete praviti nešifrovanu rezervnu kopiju, prebaciti je na PC i koristiti alaktu da bi ekstraktovali Steam podatke koje bi inače bilo nemoguće dobiti (ako vaš uređaj nije jailbreak-ovan, zato što je iOS enkriptovan).

Otiđite na poslednje izdanje da bi preuzeli program. Kada ekstrakujete podatke možete ih dodati u WinAuth, onda iz WinAuth-a u ASF (ali možete i jednostavno kopirati napravljeni json od { do } u BotName.ma fajl i nastaviti uobičajeno). If you ask me, I strongly recommend to import to WinAuth first, then making sure that both generating tokens as well as accepting confirmations work properly, so you can be sure that everything is alright. If your credentials are invalid, ASF 2FA will not work properly, so it's much better to make ASF import step your last one.

Za pitanja/probleme posjetite issues.

Keep in mind that above tool is unofficial, you're using it at your own risk. We do not offer technical support if it doesn't work properly - we got a few signals that it's exporting invalid 2FA credentials - verify that confirmations work in authenticator like WinAuth prior to importing that data to ASF!


SteamDesktopAuthenticator

If you have your authenticator running in SDA already, you should notice that there is steamID.maFile file available in maFiles folder. Make sure that maFile is in unencrypted form, as ASF can't decrypt SDA files - unencrypted file content should start with { and end with } character. If needed, you can remove the encryption from SDA settings first, and enable it again when you're done. Once the file is in unencrypted form, copy it to config directory of ASF.

You can now rename steamID.maFile to BotName.maFile in ASF config directory, where BotName is the name of your bot you're adding ASF 2FA to. Alternatively you can leave it as it is, ASF will then pick it automatically after logging in. Renaming the file helps ASF by making it possible to use ASF 2FA before logging in, if you don't do that, then the file can be picked only after ASF successfully logs in (as ASF doesn't know steamID of your account before in fact logging in).

Ako ste sve pravilno napravili, pokrenite ASF, i trebali bi onda da primijetite:

[*] INFO: PreuzimanjeAutentikatora() <1> Mijenjanje .maFile-a u ASF format...
[*] INFO: ImportAuthenticator() <1> Uspješno završeno unošenje mobilnog autentikatora!

Od sada bi vaš ASF 2FA trebao da bude u upotrebi na vašem nalogu.


WinAuth

Firstly create new empty BotName.maFile in ASF config directory, where BotName is the name of your bot you're adding ASF 2FA to. Remember that it should be BotName.maFile and NOT BotName.maFile.txt, Windows likes to hide known extensions by default. If you provide incorrect name, it won't be picked by ASF.

Now launch WinAuth as usual. Right click on Steam icon and select "Show SteamGuard and Recovery Code". Then check "Allow copy". You should notice familiar to you JSON structure on the bottom of the window, starting with {. Copy whole text into a BotName.maFile file created by you in previous step.

Ako ste sve pravilno napravili, pokrenite ASF, i trebali bi onda da primijetite:

[*] INFO: PreuzimanjeAutentikatora() <1> Mijenjanje .maFile-a u ASF format...
[*] INFO: PreuzimanjeAutentikatora() <1> Uspješno završeno preuzimanje mobilnog autentikatora!

Od sada bi vaš ASF 2FA trebao da bude u upotrebi na vašem nalogu.


Gotovo

From this moment, all 2fa commands will work as they'd be called on your classic 2FA device. You can use both ASF 2FA and your authenticator of choice (Android, iOS, SDA or WinAuth) to generate tokens and accept confirmations.

If you have authenticator on your phone, you can optionally remove SteamDesktopAuthenticator and/or WinAuth, as we won't need it anymore. However, I suggest to keep it just in case, not to mention that it's more handy than normal steam authenticator. Just keep in mind that ASF 2FA is NOT a general purpose authenticator, it doesn't include all data that authenticator should have, but limited subset of original maFile. It's not possible to convert ASF 2FA back to original authenticator, therefore always make sure that you have general-purpose authenticator or maFile in other place, such as in WinAuth/SDA, or on your phone.


Najčešće postavljana pitanja (FAQ)

Kako ASF koristi 2FA modul?

If ASF 2FA is available, ASF will use it for automatic confirmation of trades that are being sent/accepted by ASF. It will also be capable of automatically generating 2FA tokens on as-needed basis, for example in order to log in. In addition to that, having ASF 2FA also enables 2fa commands for you to use. That should be all for now, if I didn't forget about anything - basically ASF uses 2FA module on as-needed basis.


Šta ako mi je potreban 2FA token?

You will need 2FA token to access 2FA-protected account, that includes every account with ASF 2FA as well. You should generate tokens in authenticator that you used for import, but you can also generate temporary tokens through 2fa command sent via the chat to given bot. You can also use 2fa <BotNames> command to generate temporary token for given bot instances. This should be enough for you to access bot accounts through e.g. browser, but as noted above - you should use your friendly authenticator (Android, iOS, SDA or WinAuth) instead.


Da li mogu koristiti moj originalni autentikator nakog što je premjestim u ASF 2FA?

Da, originalni autentikator ostaje funkcionalan i vi ga možete koristiti zajedno sa ASF 2FA. To je cijela svrha ovog procesa - mi kopiramo vaše autentikatorske kredencijale u ASF, da bi ASF mogao da ih koristi i da prihvata određene potvrde u vaše ime.


Gdje je ASF mobilna autentikacija sačuvana?

ASF mobilni autentikator je sačuvan u BotName.db fajlu u config direktorijumu, zajedno sa ostalim značajnim podacima povezanim sa vašim nalogom. Ako želite da uklonite ASF 2FA, pročitajte ovo ispod.


Kako da uklonite ASF 2FA?

Jednostavno isključite ASF i uklonite BotName.db vašeg bota koji posjeduje ASF 2FA a kome želite da ga uklonite. Ova opcija će ukloniti asocirani 2FA od ASF-a, ali NEĆE razdvojiti vaš autentikator. If you instead want to delink your authenticator, apart from removing it from ASF (firstly), you should delink it in authenticator of your choice (Android, iOS, SDA or WinAuth), or - if you can't for some reason, use revocation code that you received during linking that authenticator, on the Steam website. It's not possible to unlink your authenticator through ASF, this is what general-purpose authenticator that you already have should be used for.


I linked authenticator in SDA/WinAuth, then imported to ASF. Can I now unlink it and link it again on my phone?

Ne. ASF imports your authenticator data in order to use it. If you delink your authenticator then you'll also cause ASF 2FA to stop functioning, regardless if you remove it firstly like stated in above question or not. If you want to use your authenticator on both your phone and ASF (plus optionally in SDA/WinAuth), then you'll need to import your authenticator from your phone, and not create new one in SDA/WinAuth. You can have only one linked authenticator, that's why ASF imports that authenticator and its data in order to use it as ASF 2FA - it's the same authenticator, just existing in two places. If you decide to delink your mobile authenticator credentials - regardless in which way, ASF 2FA will stop working, as previously copied mobile authenticator credentials will no longer be valid. In order to use ASF 2FA together with authenticator on your phone, you must import it from Android/iOS, which is described above.


Is using ASF 2FA better than WinAuth/SDA/Other authenticator set to accept all confirmations?

Yes, in several ways. First and most important one - using ASF 2FA significantly increases your security, as ASF 2FA module ensures that ASF will only accept automatically its own confirmations, so even if attacker does request a trade that is harmful, ASF 2FA will not accept such trade, as it was not generated by ASF. In addition to security part, using ASF 2FA also brings performance/optimization benefits, as ASF 2FA fetches and accepts confirmations immediately after they're generated, and only then, as opposed to inefficient polling for confirmations each X minutes done e.g. by SDA or WinAuth. In short, there is no reason to use third-party authenticator over ASF 2FA, if you plan on automating confirmations generated by ASF - that's exactly what ASF 2FA is for, and using it does not conflict with you confirming everything else in authenticator of your choice. We strongly recommend to use ASF 2FA for entire ASF activity - this is much more secure than any other solution.


Napredno

If you're advanced user, you can also generate maFile manually. This can be used in case you'd want to import authenticator from other sources than the ones we've described above. It should have a valid JSON structure of:

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

Standard authenticator data has more fields - they're entirely ignored by ASF during import, as they're not needed. You don't have to remove them - ASF only requires valid JSON with 2 mandatory fields described above, and will ignore additional fields (if any). Of course, you need to replace STRING placeholder in the example above with valid values for your account. Each STRING should be base64-encoded representation of bytes the appropriate private key is made of.

Clone this wiki locally