Steam登录Protobuf协议逆向分析教程<\/h1>

1. 目标分析<\/h2>

目标网站：Steam登录页面（已脱敏处理）
主要接口：<\/p>

GetPasswordRSAPublicKey\/v1<\/code> - 获取RSA公钥信息<\/li>

BeginAuthSessionViaCredentials\/v1<\/code> - 登录接口<\/li>
<\/ol>
2. Protobuf协议基础<\/h2>
Protocol Buffers (Protobuf) 是Google开发的一种数据序列化协议，特点：<\/p>

根据特定语法定义数据结构<\/li>
发送和接收数据需要预先约定数据字段<\/li>
体积小、解析速度快<\/li>
<\/ul>
常见数据类型：<\/p>



数据类型<\/th>
描述<\/th>
<\/tr>
<\/thead>


int32\/int64<\/td>
有符号整数<\/td>
<\/tr>

uint32\/uint64<\/td>
无符号整数<\/td>
<\/tr>

float\/double<\/td>
浮点数<\/td>
<\/tr>

bool<\/td>
布尔值<\/td>
<\/tr>

string<\/td>
字符串<\/td>
<\/tr>

bytes<\/td>
二进制数据<\/td>
<\/tr>

enum<\/td>
枚举类型<\/td>
<\/tr>

message<\/td>
消息类型（可嵌套）<\/td>
<\/tr>

map<\/td>
键值对映射<\/td>
<\/tr>

repeated<\/td>
数组\/列表<\/td>
<\/tr>
<\/tbody>
<\/table>
3. 第一个接口：GetPasswordRSAPublicKey\/v1<\/h2>
3.1 请求参数分析<\/h3>
请求参数为 input_protobuf_encoded<\/code>，其生成过程：<\/p>

构造包含账号信息的对象<\/li>
序列化为Protobuf二进制格式<\/li>
Base64编码<\/li>
<\/ol>
JavaScript关键代码：<\/p>
o<\/span> =<\/span> n<\/span>.SerializeBody<\/span>();
<\/span><\/span>a<\/span> =<\/span> r<\/span>.JQ<\/span>(o<\/span>); \/\/ Base64编码
<\/span><\/span><\/span><\/code><\/pre>3.2 Protobuf消息定义<\/h3>
账号请求消息结构：<\/p>
syntax =<\/span> "proto3"<\/span>;
<\/span><\/span><\/span>
<\/span><\/span><\/span><\/span>message<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest<\/span> {
<\/span><\/span><\/span><\/span>  string<\/span> account_name =<\/span> 1<\/span>;
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/span><\/code><\/pre>3.3 Python实现<\/h3>
生成Python代码：<\/p>
protoc --python_out=<\/span>. steam.proto
<\/span><\/span><\/code><\/pre>请求示例：<\/p>
import<\/span> base64
<\/span><\/span>from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest
<\/span><\/span>
<\/span><\/span>message =<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest(
<\/span><\/span>    account_name=<\/span>"a123456789"<\/span>
<\/span><\/span>)
<\/span><\/span>protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode()
<\/span><\/span><\/code><\/pre>3.4 响应解析<\/h3>
响应消息结构：<\/p>
message<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse<\/span> {
<\/span><\/span><\/span><\/span>  string<\/span> publickey_mod =<\/span> 1<\/span>;   \/\/ RSA模数
<\/span><\/span><\/span><\/span>  string<\/span> publickey_exp =<\/span> 2<\/span>;   \/\/ RSA指数
<\/span><\/span><\/span><\/span>  uint64<\/span> timestamp =<\/span> 3<\/span>;      \/\/ 时间戳
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/span><\/code><\/pre>Python解析响应：<\/p>
from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse
<\/span><\/span>
<\/span><\/span>response =<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse.<\/span>FromString(response.<\/span>content)
<\/span><\/span>print(response.<\/span>publickey_mod)
<\/span><\/span>print(response.<\/span>publickey_exp)
<\/span><\/span>print(response.<\/span>timestamp)
<\/span><\/span><\/code><\/pre>4. 第二个接口：BeginAuthSessionViaCredentials\/v1<\/h2>
4.1 请求参数分析<\/h3>
请求消息结构：<\/p>
message<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest<\/span> {
<\/span><\/span><\/span><\/span>  string<\/span> device_friendly_name =<\/span> 1<\/span>;
<\/span><\/span><\/span><\/span>  string<\/span> account_name =<\/span> 2<\/span>;
<\/span><\/span><\/span><\/span>  string<\/span> encrypted_password =<\/span> 3<\/span>;       \/\/ RSA加密后的密码
<\/span><\/span><\/span><\/span>  uint64<\/span> encryption_timestamp =<\/span> 4<\/span>;     \/\/ 时间戳
<\/span><\/span><\/span><\/span>  bool<\/span> remember_login =<\/span> 5<\/span>;
<\/span><\/span><\/span><\/span>  int32<\/span> platform_type =<\/span> 6<\/span>;
<\/span><\/span><\/span><\/span>  int32<\/span> persistence =<\/span> 7<\/span>;
<\/span><\/span><\/span><\/span>  string<\/span> website_id =<\/span> 8<\/span>;
<\/span><\/span><\/span><\/span>  DeviceDetails device_details =<\/span> 9<\/span>;    \/\/ 自定义类型
<\/span><\/span><\/span><\/span>  string<\/span> guard_data =<\/span> 10<\/span>;
<\/span><\/span><\/span><\/span>  uint32<\/span> language =<\/span> 11<\/span>;
<\/span><\/span><\/span><\/span>  int32<\/span> qos_level =<\/span> 12<\/span>;
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/span>
<\/span><\/span><\/span><\/span>message<\/span> DeviceDetails<\/span> {
<\/span><\/span><\/span><\/span>  \/\/ 设备详情字段定义
<\/span><\/span><\/span><\/span>  \/\/ 根据实际JS代码补充具体字段
<\/span><\/span><\/span><\/span>}
<\/span><\/span><\/span><\/code><\/pre>4.2 密码加密过程<\/h3>
使用第一个接口返回的公钥信息进行RSA加密：<\/p>

使用 publickey_mod<\/code> 和 publickey_exp<\/code> 构造公钥<\/li>
对密码进行RSA加密<\/li>
将加密结果作为 encrypted_password<\/code> 字段<\/li>
<\/ol>
JavaScript加密代码：<\/p>
h<\/span>.IC<\/span>(a<\/span>, t<\/span>)  \/\/ a为密码明文，t为公钥信息
<\/span><\/span><\/span><\/code><\/pre>5. 完整Python实现<\/h2>
5.1 获取RSA公钥<\/h3>
import<\/span> base64
<\/span><\/span>import<\/span> requests
<\/span><\/span>from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest
<\/span><\/span>
<\/span><\/span>def<\/span> get_rsa_public_key<\/span>(username):
<\/span><\/span>    origin =<\/span> 'https:\/\/steamcommunity.com'<\/span>
<\/span><\/span>    message =<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest(
<\/span><\/span>        account_name=<\/span>username
<\/span><\/span>    )
<\/span><\/span>    protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode()
<\/span><\/span>    
<\/span><\/span>    url =<\/span> 'https:\/\/api.steampowered.com\/IAuthenticationService\/GetPasswordRSAPublicKey\/v1'<\/span>
<\/span><\/span>    params =<\/span> {
<\/span><\/span>        "origin"<\/span>: origin,
<\/span><\/span>        "input_protobuf_encoded"<\/span>: protobuf
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    response =<\/span> requests.<\/span>get(url, params=<\/span>params, headers=<\/span>headers)
<\/span><\/span>    return<\/span> response.<\/span>content
<\/span><\/span><\/code><\/pre>5.2 登录请求<\/h3>
from<\/span> steam_pb2 import<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest
<\/span><\/span>
<\/span><\/span>def<\/span> login<\/span>(username, encrypted_pwd, timestamp):
<\/span><\/span>    message =<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest(
<\/span><\/span>        account_name=<\/span>username,
<\/span><\/span>        encrypted_password=<\/span>encrypted_pwd,
<\/span><\/span>        encryption_timestamp=<\/span>timestamp,
<\/span><\/span>        # 其他必填字段...<\/span>
<\/span><\/span>    )
<\/span><\/span>    
<\/span><\/span>    protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode()
<\/span><\/span>    
<\/span><\/span>    url =<\/span> 'https:\/\/api.steampowered.com\/IAuthenticationService\/BeginAuthSessionViaCredentials\/v1'<\/span>
<\/span><\/span>    params =<\/span> {
<\/span><\/span>        "input_protobuf_encoded"<\/span>: protobuf
<\/span><\/span>    }
<\/span><\/span>    
<\/span><\/span>    response =<\/span> requests.<\/span>get(url, params=<\/span>params, headers=<\/span>headers)
<\/span><\/span>    return<\/span> response.<\/span>content
<\/span><\/span><\/code><\/pre>6. 关键点总结<\/h2>

Protobuf消息定义<\/strong>：必须严格按照JS代码中的字段定义<\/li>
序列化与编码<\/strong>：Protobuf序列化后需要Base64编码<\/li>
RSA加密<\/strong>：使用第一个接口返回的模数和指数构造公钥<\/li>
设备信息<\/strong>：device_details<\/code> 是自定义类型，需要根据实际情况定义<\/li>
响应解析<\/strong>：使用对应的Protobuf消息类解析响应内容<\/li>
<\/ol>
7. 注意事项<\/h2>

本教程仅供学习交流使用<\/li>
严禁用于商业用途和非法用途<\/li>
实际实现时需要补充完整的字段定义<\/li>
网站接口可能随时变更，需要动态调整<\/li>
<\/ol>
通过以上步骤，可以完整实现Steam登录的Protobuf协议逆向分析。实际应用中还需要处理加密、会话管理等其他细节。<\/p>

数据类型<\/th>	描述<\/th> <\/tr> <\/thead>
int32\/int64<\/td>	有符号整数<\/td> <\/tr>
uint32\/uint64<\/td>	无符号整数<\/td> <\/tr>
float\/double<\/td>	浮点数<\/td> <\/tr>
bool<\/td>	布尔值<\/td> <\/tr>
string<\/td>	字符串<\/td> <\/tr>
bytes<\/td>	二进制数据<\/td> <\/tr>
enum<\/td>	枚举类型<\/td> <\/tr>
message<\/td>	消息类型（可嵌套）<\/td> <\/tr>
map<\/td>	键值对映射<\/td> <\/tr>
repeated<\/td>	数组\/列表<\/td> <\/tr> <\/tbody> <\/table> 3. 第一个接口：GetPasswordRSAPublicKey\/v1<\/h2> 3.1 请求参数分析<\/h3> 请求参数为 `input_protobuf_encoded<\/code>，其生成过程：<\/p>` 构造包含账号信息的对象<\/li> 序列化为Protobuf二进制格式<\/li> Base64编码<\/li> <\/ol> JavaScript关键代码：<\/p> o<\/span> =<\/span> n<\/span>.SerializeBody<\/span>(); <\/span><\/span>a<\/span> =<\/span> r<\/span>.JQ<\/span>(o<\/span>); \/\/ Base64编码 <\/span><\/span><\/span><\/code><\/pre>3.2 Protobuf消息定义<\/h3> 账号请求消息结构：<\/p> syntax =<\/span> "proto3"<\/span>; <\/span><\/span><\/span> <\/span><\/span><\/span><\/span>message<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest<\/span> { <\/span><\/span><\/span><\/span> string<\/span> account_name =<\/span> 1<\/span>; <\/span><\/span><\/span><\/span>} <\/span><\/span><\/span><\/code><\/pre>3.3 Python实现<\/h3> 生成Python代码：<\/p> protoc --python_out=<\/span>. steam.proto <\/span><\/span><\/code><\/pre>请求示例：<\/p> import<\/span> base64 <\/span><\/span>from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest <\/span><\/span> <\/span><\/span>message =<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest( <\/span><\/span> account_name=<\/span>"a123456789"<\/span> <\/span><\/span>) <\/span><\/span>protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode() <\/span><\/span><\/code><\/pre>3.4 响应解析<\/h3> 响应消息结构：<\/p> message<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse<\/span> { <\/span><\/span><\/span><\/span> string<\/span> publickey_mod =<\/span> 1<\/span>; \/\/ RSA模数 <\/span><\/span><\/span><\/span> string<\/span> publickey_exp =<\/span> 2<\/span>; \/\/ RSA指数 <\/span><\/span><\/span><\/span> uint64<\/span> timestamp =<\/span> 3<\/span>; \/\/ 时间戳 <\/span><\/span><\/span><\/span>} <\/span><\/span><\/span><\/code><\/pre>Python解析响应：<\/p> from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse <\/span><\/span> <\/span><\/span>response =<\/span> CAuthenticationGetPasswordRsaPublicKeyResponse.<\/span>FromString(response.<\/span>content) <\/span><\/span>print(response.<\/span>publickey_mod) <\/span><\/span>print(response.<\/span>publickey_exp) <\/span><\/span>print(response.<\/span>timestamp) <\/span><\/span><\/code><\/pre>4. 第二个接口：BeginAuthSessionViaCredentials\/v1<\/h2> 4.1 请求参数分析<\/h3> 请求消息结构：<\/p> message<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest<\/span> { <\/span><\/span><\/span><\/span> string<\/span> device_friendly_name =<\/span> 1<\/span>; <\/span><\/span><\/span><\/span> string<\/span> account_name =<\/span> 2<\/span>; <\/span><\/span><\/span><\/span> string<\/span> encrypted_password =<\/span> 3<\/span>; \/\/ RSA加密后的密码 <\/span><\/span><\/span><\/span> uint64<\/span> encryption_timestamp =<\/span> 4<\/span>; \/\/ 时间戳 <\/span><\/span><\/span><\/span> bool<\/span> remember_login =<\/span> 5<\/span>; <\/span><\/span><\/span><\/span> int32<\/span> platform_type =<\/span> 6<\/span>; <\/span><\/span><\/span><\/span> int32<\/span> persistence =<\/span> 7<\/span>; <\/span><\/span><\/span><\/span> string<\/span> website_id =<\/span> 8<\/span>; <\/span><\/span><\/span><\/span> DeviceDetails device_details =<\/span> 9<\/span>; \/\/ 自定义类型 <\/span><\/span><\/span><\/span> string<\/span> guard_data =<\/span> 10<\/span>; <\/span><\/span><\/span><\/span> uint32<\/span> language =<\/span> 11<\/span>; <\/span><\/span><\/span><\/span> int32<\/span> qos_level =<\/span> 12<\/span>; <\/span><\/span><\/span><\/span>} <\/span><\/span><\/span> <\/span><\/span><\/span><\/span>message<\/span> DeviceDetails<\/span> { <\/span><\/span><\/span><\/span> \/\/ 设备详情字段定义 <\/span><\/span><\/span><\/span> \/\/ 根据实际JS代码补充具体字段 <\/span><\/span><\/span><\/span>} <\/span><\/span><\/span><\/code><\/pre>4.2 密码加密过程<\/h3> 使用第一个接口返回的公钥信息进行RSA加密：<\/p> 使用 publickey_mod<\/code> 和 publickey_exp<\/code> 构造公钥<\/li> 对密码进行RSA加密<\/li> 将加密结果作为 encrypted_password<\/code> 字段<\/li> <\/ol> JavaScript加密代码：<\/p> h<\/span>.IC<\/span>(a<\/span>, t<\/span>) \/\/ a为密码明文，t为公钥信息 <\/span><\/span><\/span><\/code><\/pre>5. 完整Python实现<\/h2> 5.1 获取RSA公钥<\/h3> import<\/span> base64 <\/span><\/span>import<\/span> requests <\/span><\/span>from<\/span> steam_pb2 import<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest <\/span><\/span> <\/span><\/span>def<\/span> get_rsa_public_key<\/span>(username): <\/span><\/span> origin =<\/span> 'https:\/\/steamcommunity.com'<\/span> <\/span><\/span> message =<\/span> CAuthenticationGetPasswordRsaPublicKeyRequest( <\/span><\/span> account_name=<\/span>username <\/span><\/span> ) <\/span><\/span> protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode() <\/span><\/span> <\/span><\/span> url =<\/span> 'https:\/\/api.steampowered.com\/IAuthenticationService\/GetPasswordRSAPublicKey\/v1'<\/span> <\/span><\/span> params =<\/span> { <\/span><\/span> "origin"<\/span>: origin, <\/span><\/span> "input_protobuf_encoded"<\/span>: protobuf <\/span><\/span> } <\/span><\/span> <\/span><\/span> response =<\/span> requests.<\/span>get(url, params=<\/span>params, headers=<\/span>headers) <\/span><\/span> return<\/span> response.<\/span>content <\/span><\/span><\/code><\/pre>5.2 登录请求<\/h3> from<\/span> steam_pb2 import<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest <\/span><\/span> <\/span><\/span>def<\/span> login<\/span>(username, encrypted_pwd, timestamp): <\/span><\/span> message =<\/span> CAuthenticationBeginAuthSessionViaCredentialsRequest( <\/span><\/span> account_name=<\/span>username, <\/span><\/span> encrypted_password=<\/span>encrypted_pwd, <\/span><\/span> encryption_timestamp=<\/span>timestamp, <\/span><\/span> # 其他必填字段...<\/span> <\/span><\/span> ) <\/span><\/span> <\/span><\/span> protobuf =<\/span> base64.<\/span>b64encode(message.<\/span>SerializeToString()).<\/span>decode() <\/span><\/span> <\/span><\/span> url =<\/span> 'https:\/\/api.steampowered.com\/IAuthenticationService\/BeginAuthSessionViaCredentials\/v1'<\/span> <\/span><\/span> params =<\/span> { <\/span><\/span> "input_protobuf_encoded"<\/span>: protobuf <\/span><\/span> } <\/span><\/span> <\/span><\/span> response =<\/span> requests.<\/span>get(url, params=<\/span>params, headers=<\/span>headers) <\/span><\/span> return<\/span> response.<\/span>content <\/span><\/span><\/code><\/pre>6. 关键点总结<\/h2> Protobuf消息定义<\/strong>：必须严格按照JS代码中的字段定义<\/li> 序列化与编码<\/strong>：Protobuf序列化后需要Base64编码<\/li> RSA加密<\/strong>：使用第一个接口返回的模数和指数构造公钥<\/li> 设备信息<\/strong>：device_details<\/code> 是自定义类型，需要根据实际情况定义<\/li> 响应解析<\/strong>：使用对应的Protobuf消息类解析响应内容<\/li> <\/ol> 7. 注意事项<\/h2> 本教程仅供学习交流使用<\/li> 严禁用于商业用途和非法用途<\/li> 实际实现时需要补充完整的字段定义<\/li> 网站接口可能随时变更，需要动态调整<\/li> <\/ol> 通过以上步骤，可以完整实现Steam登录的Protobuf协议逆向分析。实际应用中还需要处理加密、会话管理等其他细节。<\/p>