// _ _ _ ____ _ _____ // / \ _ __ ___ | |__ (_)/ ___| | |_ ___ __ _ _ __ ___ | ___|__ _ _ __ _ __ ___ // / _ \ | '__|/ __|| '_ \ | |\___ \ | __|/ _ \ / _` || '_ ` _ \ | |_ / _` || '__|| '_ ` _ \ // / ___ \ | | | (__ | | | || | ___) || |_| __/| (_| || | | | | || _|| (_| || | | | | | | | // /_/ \_\|_| \___||_| |_||_||____/ \__|\___| \__,_||_| |_| |_||_| \__,_||_| |_| |_| |_| // | // Copyright 2015-2020 Łukasz "JustArchi" Domeradzki // Contact: JustArchi@JustArchi.net // | // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // | // http://www.apache.org/licenses/LICENSE-2.0 // | // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. using System; using System.Collections.Generic; using System.Collections.Immutable; using System.ComponentModel; using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Security.Cryptography; using System.Text; using System.Threading; using System.Threading.Tasks; using AngleSharp.Dom; using ArchiSteamFarm.Helpers; using ArchiSteamFarm.Localization; using JetBrains.Annotations; using Newtonsoft.Json; namespace ArchiSteamFarm { [SuppressMessage("ReSharper", "ClassCannotBeInstantiated")] public sealed class MobileAuthenticator : IDisposable { internal const byte BackupCodeDigits = 7; internal const byte CodeDigits = 5; private const byte CodeInterval = 30; // For how many hours we can assume that SteamTimeDifference is correct private const byte SteamTimeTTL = 24; internal static readonly ImmutableSortedSet CodeCharacters = ImmutableSortedSet.Create('2', '3', '4', '5', '6', '7', '8', '9', 'B', 'C', 'D', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'P', 'Q', 'R', 'T', 'V', 'W', 'X', 'Y'); private static readonly SemaphoreSlim TimeSemaphore = new(1, 1); private static DateTime LastSteamTimeCheck; private static int? SteamTimeDifference; private readonly ArchiCacheable CachedDeviceID; [JsonProperty(PropertyName = "identity_secret", Required = Required.Always)] private readonly string IdentitySecret = ""; [JsonProperty(PropertyName = "shared_secret", Required = Required.Always)] private readonly string SharedSecret = ""; private Bot? Bot; [JsonConstructor] private MobileAuthenticator() => CachedDeviceID = new ArchiCacheable(ResolveDeviceID); public void Dispose() => CachedDeviceID.Dispose(); internal async Task GenerateToken() { if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } uint time = await GetSteamTime().ConfigureAwait(false); if (time == 0) { throw new InvalidOperationException(nameof(time)); } return GenerateTokenForTime(time); } internal async Task?> GetConfirmations() { if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } (bool success, string? deviceID) = await CachedDeviceID.GetValue().ConfigureAwait(false); if (!success || string.IsNullOrEmpty(deviceID)) { Bot.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.WarningFailedWithError, nameof(deviceID))); return null; } uint time = await GetSteamTime().ConfigureAwait(false); if (time == 0) { throw new InvalidOperationException(nameof(time)); } string? confirmationHash = GenerateConfirmationHash(time, "conf"); if (string.IsNullOrEmpty(confirmationHash)) { Bot.ArchiLogger.LogNullError(nameof(confirmationHash)); return null; } await LimitConfirmationsRequestsAsync().ConfigureAwait(false); using IDocument? htmlDocument = await Bot.ArchiWebHandler.GetConfirmationsPage(deviceID!, confirmationHash!, time).ConfigureAwait(false); if (htmlDocument == null) { return null; } HashSet result = new(); List confirmationNodes = htmlDocument.SelectNodes("//div[@class='mobileconf_list_entry']"); if (confirmationNodes.Count == 0) { return result; } foreach (IElement confirmationNode in confirmationNodes) { string? idText = confirmationNode.GetAttribute("data-confid"); if (string.IsNullOrEmpty(idText)) { Bot.ArchiLogger.LogNullError(nameof(idText)); return null; } if (!ulong.TryParse(idText, out ulong id) || (id == 0)) { Bot.ArchiLogger.LogNullError(nameof(id)); return null; } string? keyText = confirmationNode.GetAttribute("data-key"); if (string.IsNullOrEmpty(keyText)) { Bot.ArchiLogger.LogNullError(nameof(keyText)); return null; } if (!ulong.TryParse(keyText, out ulong key) || (key == 0)) { Bot.ArchiLogger.LogNullError(nameof(key)); return null; } string? creatorText = confirmationNode.GetAttribute("data-creator"); if (string.IsNullOrEmpty(creatorText)) { Bot.ArchiLogger.LogNullError(nameof(creatorText)); return null; } if (!ulong.TryParse(creatorText, out ulong creator) || (creator == 0)) { Bot.ArchiLogger.LogNullError(nameof(creator)); return null; } string? typeText = confirmationNode.GetAttribute("data-type"); if (string.IsNullOrEmpty(typeText)) { Bot.ArchiLogger.LogNullError(nameof(typeText)); return null; } if (!Enum.TryParse(typeText, out Confirmation.EType type) || (type == Confirmation.EType.Unknown)) { Bot.ArchiLogger.LogNullError(nameof(type)); return null; } if (!Enum.IsDefined(typeof(Confirmation.EType), type)) { Bot.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.WarningUnknownValuePleaseReport, nameof(type), type)); return null; } result.Add(new Confirmation(id, key, creator, type)); } return result; } internal async Task HandleConfirmations(IReadOnlyCollection confirmations, bool accept) { if ((confirmations == null) || (confirmations.Count == 0)) { throw new ArgumentNullException(nameof(confirmations)); } if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } (bool success, string? deviceID) = await CachedDeviceID.GetValue().ConfigureAwait(false); if (!success || string.IsNullOrEmpty(deviceID)) { Bot.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.WarningFailedWithError, nameof(deviceID))); return false; } uint time = await GetSteamTime().ConfigureAwait(false); if (time == 0) { throw new InvalidOperationException(nameof(time)); } string? confirmationHash = GenerateConfirmationHash(time, "conf"); if (string.IsNullOrEmpty(confirmationHash)) { Bot.ArchiLogger.LogNullError(nameof(confirmationHash)); return false; } bool? result = await Bot.ArchiWebHandler.HandleConfirmations(deviceID!, confirmationHash!, time, confirmations, accept).ConfigureAwait(false); if (!result.HasValue) { // Request timed out return false; } if (result.Value) { // Request succeeded return true; } // Our multi request failed, this is almost always Steam issue that happens randomly // In this case, we'll accept all pending confirmations one-by-one, synchronously (as Steam can't handle them in parallel) // We totally ignore actual result returned by those calls, abort only if request timed out foreach (Confirmation confirmation in confirmations) { bool? confirmationResult = await Bot.ArchiWebHandler.HandleConfirmation(deviceID!, confirmationHash!, time, confirmation.ID, confirmation.Key, accept).ConfigureAwait(false); if (!confirmationResult.HasValue) { return false; } } return true; } internal void Init(Bot bot) => Bot = bot ?? throw new ArgumentNullException(nameof(bot)); private string? GenerateConfirmationHash(uint time, string? tag = null) { if (time == 0) { throw new ArgumentOutOfRangeException(nameof(time)); } if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } if (string.IsNullOrEmpty(IdentitySecret)) { throw new InvalidOperationException(nameof(IdentitySecret)); } byte[] identitySecret; try { identitySecret = Convert.FromBase64String(IdentitySecret!); } catch (FormatException e) { Bot.ArchiLogger.LogGenericException(e); Bot.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.ErrorIsInvalid, nameof(IdentitySecret))); return null; } byte bufferSize = 8; if (!string.IsNullOrEmpty(tag)) { bufferSize += (byte) Math.Min(32, tag!.Length); } byte[] timeArray = BitConverter.GetBytes((ulong) time); if (BitConverter.IsLittleEndian) { Array.Reverse(timeArray); } byte[] buffer = new byte[bufferSize]; Array.Copy(timeArray, buffer, 8); if (!string.IsNullOrEmpty(tag)) { Array.Copy(Encoding.UTF8.GetBytes(tag!), 0, buffer, 8, bufferSize - 8); } byte[] hash; #pragma warning disable CA5350 using (HMACSHA1 hmac = new(identitySecret)) { hash = hmac.ComputeHash(buffer); } #pragma warning restore CA5350 return Convert.ToBase64String(hash); } private string? GenerateTokenForTime(uint time) { if (time == 0) { throw new ArgumentOutOfRangeException(nameof(time)); } if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } if (string.IsNullOrEmpty(SharedSecret)) { throw new InvalidOperationException(nameof(SharedSecret)); } byte[] sharedSecret; try { sharedSecret = Convert.FromBase64String(SharedSecret!); } catch (FormatException e) { Bot.ArchiLogger.LogGenericException(e); Bot.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.ErrorIsInvalid, nameof(SharedSecret))); return null; } byte[] timeArray = BitConverter.GetBytes((ulong) (time / CodeInterval)); if (BitConverter.IsLittleEndian) { Array.Reverse(timeArray); } byte[] hash; #pragma warning disable CA5350 using (HMACSHA1 hmac = new(sharedSecret)) { hash = hmac.ComputeHash(timeArray); } #pragma warning restore CA5350 // The last 4 bits of the mac say where the code starts int start = hash[^1] & 0x0f; // Extract those 4 bytes byte[] bytes = new byte[4]; Array.Copy(hash, start, bytes, 0, 4); if (BitConverter.IsLittleEndian) { Array.Reverse(bytes); } uint fullCode = BitConverter.ToUInt32(bytes, 0) & 0x7fffffff; // Build the alphanumeric code char[] code = new char[CodeDigits]; for (byte i = 0; i < CodeDigits; i++) { code[i] = CodeCharacters[(byte) (fullCode % CodeCharacters.Count)]; fullCode /= (byte) CodeCharacters.Count; } return new string(code); } private async Task GetSteamTime() { if (Bot == null) { throw new InvalidOperationException(nameof(Bot)); } if (SteamTimeDifference.HasValue && (DateTime.UtcNow.Subtract(LastSteamTimeCheck).TotalHours < SteamTimeTTL)) { return (uint) (Utilities.GetUnixTime() + SteamTimeDifference.Value); } await TimeSemaphore.WaitAsync().ConfigureAwait(false); try { if (SteamTimeDifference.HasValue && (DateTime.UtcNow.Subtract(LastSteamTimeCheck).TotalHours < SteamTimeTTL)) { return (uint) (Utilities.GetUnixTime() + SteamTimeDifference.Value); } uint serverTime = await Bot.ArchiWebHandler.GetServerTime().ConfigureAwait(false); if (serverTime == 0) { return Utilities.GetUnixTime(); } SteamTimeDifference = (int) (serverTime - Utilities.GetUnixTime()); LastSteamTimeCheck = DateTime.UtcNow; return (uint) (Utilities.GetUnixTime() + SteamTimeDifference.Value); } finally { TimeSemaphore.Release(); } } private static async Task LimitConfirmationsRequestsAsync() { if (ASF.ConfirmationsSemaphore == null) { throw new InvalidOperationException(nameof(ASF.ConfirmationsSemaphore)); } byte confirmationsLimiterDelay = ASF.GlobalConfig?.ConfirmationsLimiterDelay ?? GlobalConfig.DefaultConfirmationsLimiterDelay; if (confirmationsLimiterDelay == 0) { return; } await ASF.ConfirmationsSemaphore.WaitAsync().ConfigureAwait(false); Utilities.InBackground( async () => { await Task.Delay(confirmationsLimiterDelay * 1000).ConfigureAwait(false); ASF.ConfirmationsSemaphore.Release(); } ); } private async Task<(bool Success, string? Result)> ResolveDeviceID() { if (Bot == null) { throw new ArgumentNullException(nameof(Bot)); } string? deviceID = await Bot.ArchiHandler.GetTwoFactorDeviceIdentifier(Bot.SteamID).ConfigureAwait(false); if (string.IsNullOrEmpty(deviceID)) { Bot.ArchiLogger.LogGenericWarning(Strings.WarningFailed); return (false, null); } return (true, deviceID); } public sealed class Confirmation { internal readonly ulong Creator; internal readonly ulong ID; internal readonly ulong Key; internal readonly EType Type; internal Confirmation(ulong id, ulong key, ulong creator, EType type) { ID = id > 0 ? id : throw new ArgumentOutOfRangeException(nameof(id)); Key = key > 0 ? key : throw new ArgumentOutOfRangeException(nameof(key)); Creator = creator > 0 ? creator : throw new ArgumentOutOfRangeException(nameof(creator)); Type = Enum.IsDefined(typeof(EType), type) ? type : throw new InvalidEnumArgumentException(nameof(type), (int) type, typeof(EType)); } // REF: Internal documentation [PublicAPI] public enum EType : byte { Unknown, Generic, Trade, Market, // We're missing information about definition of number 4 type PhoneNumberChange = 5, AccountRecovery = 6 } } } }