-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Two factor authentication zh HK
Steam includes two-factor authentication system known as "Escrow" that requires extra details for various account-related activity. ่ฉณๆ ่ซ่ฆ**ใไบคๆ่ๅธๅ ด็ขบ่ชใๅไบคๆ่ๅธ้่จ็ฎก**ใ This page considers that 2FA system as well as our solution that integrates with it, called ASF 2FA.
Regardless if you use ASF 2FA or not, ASF includes proper logic and is fully aware of accounts protected by standard 2FA. ๅฎๆๅจ้่ฆๆใไพๅฆๅจ็ป้ๆ้ใๅๆจ่ซๆฑๆ้็่ฉณ็ดฐ่ณ่จใ However, those requests can be automated by using ASF 2FA, which will automatically generate required tokens, saving you hassle and enabling extra functionality (described below).
ASF 2FA is a built-in module responsible for providing 2FA features to the ASF process, such as generating tokens and accepting confirmations. It works by duplicating your existing authenticator details, so that you can use your current authenticator and ASF 2FA at the same time.
ๆจๅฏไปฅๅท่ก2fa
**ๅฝไปค**ไปฅๆชขๆฅๆฉๆขฐไบบๅธณๆถๆฏๅฆๅทฒๅ็จ2FAใ Unless you've already imported your authenticator as ASF 2FA, all standard 2fa
commands will be non-operative, which means that your account is not using ASF 2FA, therefore it's also unavailable for advanced ASF features that require the module to be operative.
There are a lot of ways to make ASF 2FA operative, here we include our recommendations based on your current situation:
- If you're already using SteamDesktopAuthenticator, WinAuth or any other third-party app that allows you to extract 2FA details with ease, just import those to ASF.
- If you're using official app and you don't mind resetting your 2FA credentials, the best way is to disable 2FA, then create new 2FA credentials by using joint authenticator, which will allow you to use official app and ASF 2FA. This method doesn't require root or advanced knowledge, barely following instructions.
- If you're using official app and don't want to recreate your 2FA credentials, your options are very limited, typically you'll need root and extra fiddling around to import those details, and even with that it might be impossible.
- If you're not using 2FA yet and don't care, you can use ASF 2FA with standalone authenticator, third-party app duplicating to ASF (recommendation #1), or joint authenticator with official app (recommendation #2).
Below we discuss all possible options and known to us methods.
In general, we strongly recommend duplicating your existing authenticator, since that's the main purpose ASF 2FA was designed for. However, ASF comes with an official MobileAuthenticator
plugin that further extends ASF 2FA, allowing you to link a completely new authenticator as well. This can be useful in case you're unable or unwilling to use other tools and do not mind ASF 2FA becoming your main (and maybe only) authenticator.
There are two possible scenarios for adding a two-factor authenticator with the MobileAuthenticator
plugin: standalone or joint with the official Steam mobile app. In the second scenario, you will end up with the same authenticator on both the ASF and mobile app; both will generate the same codes, and both will be able to confirm trade offers, Steam Community Market transactions, etc.
No matter if you plan to use ASF as the standalone authenticator or want the same authenticator on the official Steam mobile app, you need to do those initialization steps:
- Create an ASF bot for the target account, start it, and log in, which you probably already did.
- Optionally, assign a working and operational phone number to the account here to be used by the bot. This will allow you to receive SMS code and allow recovery if needed, but it's not mandatory.
- Ensure you're not using 2FA yet for your account, if you do, disable it first.
- Execute the
2fainit [Bot]
command, replacing[Bot]
with your bot's name.
Assuming you got a successful reply, the following two things have happened:
- A new
<Bot>.maFile.PENDING
file was generated by ASF in yourconfig
directory. - SMS was sent from Steam to the phone number you have assigned for the account above. If you didn't set a phone number, then an email was sent instead to the account e-mail address.
The authenticator details are not operational yet, however, you can review the generated file if you'd like to. If you want to be double safe, you can, for example, already write down the revocation code. The next steps will depend on your selected scenario.
If you want to use ASF as your main (or even only) authenticator, now you need to do the finalization step:
- Execute the
2fafinalize [Bot] <ActivationCode>
command, replacing[Bot]
with your bot's name and<ActivationCode>
with the code you've received through SMS or e-mail in the previous step.
If you want to have the same authenticator in both ASF and the official Steam mobile app, now you need to do the next steps:
- Ignore the SMS or e-mail code that you've received after the previous step.
- Install the Steam mobile app if it's not installed yet, and open it. Navigate to the Steam Guard tab and add a new authenticator by following the app's instructions.
- After your authenticator in the mobile app is added and working, return to ASF. You now need to tell ASF that finalization is done with the help of one of the two commands below:
- Wait until the next 2fa code is shown in the Steam mobile app, and use the command
2fafinalized [Bot] <2fa_code_from_app>
replacing[Bot]
with your bot's name and<2fa_code_from_app>
with the code you currently see in the Steam mobile app. If the code generated by ASF and the code you provided are the same, ASF assumes that an authenticator was added correctly and proceeds with importing your newly created authenticator. - We strongly recommend to do the above in order to ensure that your credentials are valid. However, if you don't want to (or can't) check if codes are the same and you know what you're doing, you can instead use the command
2fafinalizedforce [Bot]
, replacing[Bot]
with your bot's name. ASF will assume that the authenticator was added correctly and proceed with importing your newly created authenticator.
Assuming everything worked properly, the previously generated <Bot>.maFile.PENDING
file was renamed to <Bot>.maFile.NEW
. This indicates that your 2FA credentials are now valid and active. We recommend that you create a copy of that file and keep it in a secure and safe location. In addition to that, we recommend you open the file in your editor of choice and write down the revocation_code
, which will allow you to, as the name implies, revoke the authenticator in case you lose it.
In regard to technical details, the generated maFile
includes all details that we have received from the Steam server during linking the authenticator, and in addition to that, the device_id
field, which may be needed for other authenticators. The file is fully compatible with SDA for import.
ASF automatically imports your authenticator once the procedure is done, and therefore 2fa
and other related commands should now be operational for the bot account you linked the authenticator to.
Import process requires already linked and operational authenticator that is supported by ASF. ASF currently supports a few different official and unofficial sources of 2FA - Android, SteamDesktopAuthenticator and WinAuth, on top of manual method which allows you to provide required credentials yourself. If you don't have any authenticator yet, you need to choose one of available apps and set it up firstly. ๅฆๆๆจไธ็ฅ้้ธๆๅชไธๅ๏ผๆๅๆจ่ฆ WinAuth๏ผไฝๅช่ฆๆจๆ็ ง่ชชๆๆไฝ๏ผไธ่ฟฐไปปไฝไธ้ ้ฝๅฏไปฅๆญฃๅธธๅทฅไฝใ
ไปฅไธๆๆๆๅ้ฝ่ฆๆฑๆจๅทฒๆๆๅจไธ่ฟฐๅทฅๅ ท/ๆ็จ็จๅผไธญ ๅฏ้่ก็่บซไปฝ้ฉ่ญๅจใ ๅฆๆๅฐๅ ฅ็กๆ่ณๆ๏ผASF 2FAๅฐ็กๆณๆญฃๅธธ้่ก๏ผๅ ๆญคๅจๅ่ฉฆๅฐๅ ฅ่ณๆไนๅ๏ผ่ซ็ขบไฟๆจ็่บซไปฝ้ฉ่ญๅจ้่กๆญฃๅธธใ ้ๅ ๆฌๆธฌ่ฉฆๅ้ฉ่ญไปฅไธ่บซไปฝ้ฉ่ญๅจๅ่ฝ่ฝๅฆๆญฃๅธธ้่ก๏ผ
- ๆจๅฏไปฅ็ๆไปฃ็ขผ๏ผไธๅฎๅๅSteam็ถฒ็ตกๆฟ่ช
- ๆจๅฏไปฅ็ฑๆตๅ่บซไปฝ้ฉ่ญๅจ็ฒๅไบคๆ็ขบ่ช
- ๆจๅฏไปฅๆฅๅ้ไบไบคๆ็ขบ่ช๏ผไธฆไธๅฎๅ่ขซSteam็ถฒ็ตกๆญฃ็ขบๅฐ่ญๅฅ็บ็ขบ่ช/ๆ็ต
Ensure that your authenticator works by checking if above actions work - if they don't, then they won't work in ASF either, you'll only waste time and cause yourself additional trouble.
้ๅธธๆ ๆณไธ๏ผๆจ้่ฆ**root**ๆฌ้ไปฅๅพๆจ็Androidๆๆฉๅฐๅ ฅ่บซไปฝ้ฉ่ญๅจใ The below instructions require from you fairly decent knowledge in Android modding world, we're definitely not going to explain every step here, visit XDA and other resources for additional information/help with below.
Prerequisites:
- Install official Steam app from store, if you haven't yet.
- Assign authenticator to your account and ensure it works - generates valid tokens and can accept confirmations.
Extraction (requires rooting your device):
- Install Magisk and enable Zygisk in the settings.
- Install LSPosed (for Zygisk) and ensure it works.
- Install SteamGuardExtractor LSPosed module and enable it in LSPosed settings.
- Force kill Steam app, then open it, a window with extracted details should pop up, click copy.
Now that you've successfully extracted required details, disable the module to prevent the window from showing each time, then copy value of shared_secret
and identity_secret
of the account that you intend to add to ASF 2FA, into a new text file with below structure:
{
"shared_secret": "STRING",
"identity_secret": "STRING"
}
Replace each STRING
value with appropriate private key from extracted details. Once you do that, rename the file to BotName.maFile
, where BotName
is the name of your bot you're adding ASF 2FA to, and put it in ASF's config
directory if you haven't yet. Afterwards, launch ASF - it should notice the .maFile
and import it.
[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!
That's all, assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa
commands. If you made a mistake, you can always remove Bot.db
and start over if needed.
ๅฆๆๆจ็่บซไปฝ้ฉ่ญๅจๅทฒ็ถๅจSDAไธญ้่ก๏ผๆจๆ่ฉฒๆณจๆๅฐmaFiles
่ณๆๅคพไธญๅญๅจsteamID.maFile
ๆไปถใ Make sure that maFile
is in unencrypted form, as ASF can't decrypt SDA files - unencrypted file content should start with {
and end with }
character. If needed, you can remove the encryption from SDA settings first, and enable it again when you're done. Once the file is in unencrypted form, copy it to config
directory of ASF.
You can now rename steamID.maFile
to BotName.maFile
in ASF config directory, where BotName
is the name of your bot you're adding ASF 2FA to. ๆ่
ๆจๅฏไปฅไฟๆๅๆจฃ๏ผASFๆๅจ็ป้ๅพ่ชๅ่ญๅฅๅฎใ Renaming the file helps ASF by making it possible to use ASF 2FA before logging in, if you don't do that, then the file can be picked only after ASF successfully logs in (as ASF doesn't know steamID
of your account before in fact logging in).
ๅฆๆๆจๆญฃ็ขบๅท่กไบๆๆๆไฝ๏ผ่ซๅๅASF๏ผๆจๆ่ฉฒๆณจๆๅฐ๏ผ
[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!
ๅพ็พๅจ้ๅง๏ผๆจ็ASF 2FAๆ่ฉฒๅฏไปฅๅจๆญคๅธณๆถ้่กใ
Firstly create new empty BotName.maFile
in ASF config directory, where BotName
is the name of your bot you're adding ASF 2FA to. Remember that it should be BotName.maFile
and NOT BotName.maFile.txt
, Windows likes to hide known extensions by default. ๅฆๆๆจๆไพ็ๅ็จฑไธๆญฃ็ขบ๏ผASFๅฐไธๆ่ญๅฅๅฎใ
็พๅจๅๅพๅธธไธๆจฃๅๅWinAuthใ ๅณ้ตๅฎๆSteamๅๆจ๏ผ็ถๅพ้ธๆโ้กฏ็คบSteamGuardๅๆขๅพฉไปฃ็ขผโใ ็ถๅพ้ธๆโๅ
่จฑ่ค่ฃฝโใ You should notice familiar to you JSON structure on the bottom of the window, starting with {
. Copy whole text into a BotName.maFile
file created by you in previous step.
ๅฆๆๆจๆญฃ็ขบๅท่กไบๆๆๆไฝ๏ผ่ซๅๅASF๏ผๆจๆ่ฉฒๆณจๆๅฐ๏ผ
[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!
ๅพ็พๅจ้ๅง๏ผๆจ็ASF 2FAๆ่ฉฒๅฏไปฅๅจๆญคๅธณๆถ้่กใ
From this moment, all 2fa
commands will work as they'd be called on your classic 2FA device. You can use both ASF 2FA and your authenticator of choice (Android, SDA or WinAuth) to generate tokens and accept confirmations.
If you have authenticator on your phone, you can optionally remove SteamDesktopAuthenticator and/or WinAuth, as we won't need it anymore. However, I suggest to keep it just in case, not to mention that it's more handy than normal steam authenticator. Just keep in mind that ASF 2FA is NOT a general purpose authenticator, it doesn't include all data that authenticator should have, but limited subset of original maFile
. It's not possible to convert ASF 2FA back to original authenticator, therefore always make sure that you have general-purpose authenticator or maFile
in other place, such as in WinAuth/SDA, or on your phone.
ๅฆๆASF 2FAๅฏ็จ๏ผASFๅฐไฝฟ็จๅฎ่ชๅ็ขบ่ช็ฑASF็ผ้/ๆฅๅ็ไบคๆใ ๅฎ้ๅฏไปฅๆ นๆ้่ฆ่ชๅ็ๆ2FAไปฃ็ขผ๏ผไพๅฆ็บไบ็ป้ใ ้คๆญคไนๅค๏ผ้ๅฏไปฅๅท่ก2fa
ๅฝไปคไปฅไฝฟ็จASF 2FAใ That should be all for now, if I didn't forget about anything - basically ASF uses 2FA module on as-needed basis.
ๆจ้่ฆ2FAไปฃ็ขผๆ่ฝ่จชๅๅ2FAไฟ่ญท็ๅธณๆถ๏ผๅ
ถไธญๅ
ๆฌๅ
ทๆASF 2FA็ๆฏๅๅธณๆถใ ๆจๆ่ฉฒๅจ็จๆผๅฐๅ
ฅ็่บซไปฝ้ฉ่ญๅจไธญ็ๆไปฃ็ขผ๏ผไฝๆจไนๅฏไปฅ้้่ๅคฉๅ็ตฆๅฎๆฉๅจไบบ็็ผ้2fa
ๅฝไปค็ๆ่จๆไปฃ็ขผใ ๆจ้ๅฏไปฅไฝฟ็จ2fa <BotNames>
ๅฝไปค็บ็ตฆๅฎ็ๆฉๆขฐไบบๅฏฆไพ็ๆ่จๆไปฃ็ขผใ This should be enough for you to access bot accounts through e.g. browser, but as noted above - you should use your friendly authenticator (Android, SDA or WinAuth) instead.
ๆฏ็๏ผๆจ็ๅๅง้ฉ่ญๅจไป็ถๅฏ็จไธฆๅฏไปฅ่ASF 2FAไธ่ตทไฝฟ็จใ ้ๅฐฑๆฏๆดๅ้็จโโๆๅๅฐๆจ็่บซไปฝ้ฉ่ญๅจๆๆๅฐๅ ฅASF๏ผๅ ๆญคASFๅฏไปฅไฝฟ็จๅฎๅไธฆไปฃ่กจๆจๆฅๅ้ธๅฎ็็ขบ่ชใ
ASFๆตๅ้ฉ่ญๅจไปฅๅ่็ตฆๅฎๅธณๆถ็ธ้็ๅ
ถไป้้ตๆธๆไฟๅญๅจ้
็ฝฎ็ฎ้ไธญ็BotName.db
ๆชๆกไธญใ ๅฆๆๆจๆณ็งป้คASF 2FA๏ผ่ซ้ฑ่ฎไปฅไธๅ
งๅฎนใ
Simply stop ASF and remove associated BotName.db
of the bot with linked ASF 2FA you want to remove. This option will remove associated imported 2FA with ASF, but will NOT delink your authenticator. If you instead want to delink your authenticator, apart from removing it from ASF (firstly), you should delink it in authenticator of your choice (Android, SDA or WinAuth), or - if you can't for some reason, use revocation code that you received during linking that authenticator, on the Steam website. It's not possible to unlink your authenticator through ASF, this is what general-purpose authenticator that you already have should be used for.
ๆๅฐ่บซไปฝ้ฉ่ญๅจ้ๆฅๅฐSDA/WinAuth๏ผ็ถๅพๅฐๅ ฅๅฐASFใ ๆ็พๅจๅฏไปฅๅๆถ้ๆฅไธฆๅจๆๆฉไธๅๆฌก้ๆฅๅ๏ผ
ๅพๆชใ ASF ๅฐๅ ฅๆจ็่บซไปฝ้ฉ่ญๅจๆธๆไปฅไพฟไฝฟ็จๅฎใ ๅฆไธๆ่ฟฐ๏ผๅฆๆๆจไฝฟ็จ่บซไปฝ้ฉ่ญๅจ๏ผ้ฃ้บผๆจไนๆๅฐ่ดASF 2FAๅๆญข้่ก๏ผ็ก่ซๆจๆฏๅฆ้ฆๅ ๅฐๅ ถ็งป้คใ ๅฆๆๆจๆณๅจๆๆฉๅASFไธไฝฟ็จ่บซไปฝ้ฉ่ญๅจ๏ผๅ ไธSDA/WinAuthไธญ็่บซไปฝ้ฉ่ญๅจ๏ผ๏ผ้ฃ้บผๆจ้่ฆๅพๆๆฉไธญๅฐๅ ฅๆจ็่บซไปฝ้ฉ่ญๅจ๏ผ่ไธๆฏๅจSDA/WinAuthไธญๅตๅปบๆฐ่บซไปฝ้ฉ่ญๅจใ ๆจๅช่ฝๆๆไธๅ้ๆฅ่บซไปฝ้ฉ่ญๅจ๏ผ้ๅฐฑๆฏASF ๅฐๅ ฅ่ฉฒ่บซไปฝ้ฉ่ญๅจๅๅ ถๆธๆ็ๅๅ ๏ผไปฅไพฟๅฐๅ ถ็จไฝASF 2FAโโๅฎ่ๅๆฌ็่บซไปฝ้ฉ่ญๅจ็ธๅ๏ผๅชๆฏๅญๅจๆผๅ ฉๅๅฐๆนใ If you decide to delink your mobile authenticator credentials - regardless in which way, ASF 2FA will stop working, as previously copied mobile authenticator credentials will no longer be valid. In order to use ASF 2FA together with authenticator on your phone, you must import it from Android, which is described above.
ๆฏ็๏ผๆๅนพๅๅๅ ใ First and most important one - using ASF 2FA significantly increases your security, as ASF 2FA module ensures that ASF will only accept automatically its own confirmations, so even if attacker does request a trade that is harmful, ASF 2FA will not accept such trade, as it was not generated by ASF. In addition to security part, using ASF 2FA also brings performance/optimization benefits, as ASF 2FA fetches and accepts confirmations immediately after they're generated, and only then, as opposed to inefficient polling for confirmations each X minutes done e.g. by SDA or WinAuth. In short, there is no reason to use third-party authenticator over ASF 2FA, if you plan on automating confirmations generated by ASF - that's exactly what ASF 2FA is for, and using it does not conflict with you confirming everything else in authenticator of your choice. We strongly recommend to use ASF 2FA for entire ASF activity - this is much more secure than any other solution.
ๅฆๆๆจๆฏ้ซ็ด็จๆถ๏ผ้ๅฏไปฅๆๅ็ๆmaFileใ This can be used in case you'd want to import authenticator from other sources than the ones we've described above. ๅฎๆๆ็**ๆๆJSON็ตๆง**ๅฆไธ๏ผ
{
"shared_secret": "STRING",
"identity_secret": "STRING"
}
ๆจๆบ้ฉ่ญๅจๆธๆๆๆดๅคๅญๆฎตโโๅจๅฐๅ
ฅๆ้ๅฎๅๅฎๅ
จ่ขซASFๅฟฝ็ฅ๏ผๅ ็บๅฎๅไธๆฏๅฟ
้็ใ You don't have to remove them - ASF only requires valid JSON with 2 mandatory fields described above, and will ignore additional fields (if any). Of course, you need to replace STRING
placeholder in the example above with valid values for your account. Each STRING
should be base64-encoded representation of bytes the appropriate private key is made of.
- ๐ก Home
- ๐ง Configuration
- ๐ฌ FAQ
- โ๏ธ Setting up (start here)
- ๐ฅ ๅพๅฐๅบ่ๅๅๅจ
- ๐ข Commands
- ๐ ๏ธ Compatibility
- ๐งฉ ItemsMatcherPlugin
- ๐ Management
- โฑ๏ธ Performance
- ๐ก Remote communication
- ๐ช Steam ่ฆชๅๅไบซ
- ๐ Trading