CS.RIN.RU - Steam Underground Community

I noticed many people screaming the biggest non-sense about how steam works and how the ticket is is caused or prevented.

It seems its a good idea to finally explain how exactly steam works.
All current solutions are using my emulator anyways, yes, even Emporio uses the 2.63 emulator. They just ripped the DLL and patched it to work without the .ini file, even the linux .so was copied.
So there's no need to fight over GCF / non-gcf methods as there is no difference.

Q: So what was changed client side during the last steam update which caused the ticket error?
A: Nothing, code-flow wise the client side is not doing anything different at all.

Q: Why do I suddenly get a ticket error then?
A: Tickets are now checked more thoroughly on the Valve authentication server, there is nothing you can do about that.

Q: So how does it work technically then?
A: The process is divided in a few steps

• The client requests an encrypted user ID ticket using SteamGetEncryptedUserIdTicket from steam.dll, this gives back a ticket which has been digitally signed and encrypted. The ticket contains information such as the client ip, expiration date etc.
  
  Now, since the last update it would seem that the ticket is immediately expired if you do not have any registered games on your account.
  
• The ticket itself is game independant, so essentially a ticket requested for a Half-Life 1 game is valid to play with on Source games too.
  
• When a client logs on to a server, it sends the ticket to the server.
  The server calls SteamOnlineTicketValidator() which forwards the ticket (unchanged) to the authentication server and then the server waits for the result.
  
• Since this validation is server-side it means you cannot do anything about it client-side.

Q: If tickets are game independant, why not just request a ticket from the valve authentication server for like Codename: Gordon, or Half-Life 2 demo?
A: All of the free games on the steam game list are blocked from requesting tickets since the last update.

Q: But I read about some people being able to play online just fine without ticket error? Does this have to do with their clientregistry.blob?
A: Yes, some people have corrupted tickets, which have expiration dates still in the future, somehow the validation still lets these through, i.e. it checks the expiration date first, and only if its nearly expired the rest of the ticket. This is why some people can play online.

Q: I read that someone did "trick X" and he said it worked, but it doesn't work for me?
A: The ticket validation process goes over UDP, which means its a non-reliable protocol. Now if the server you are trying does not get a reply from the valve authentication server in time, due to the authentication server being busy for example, or the server being in some distant location and unable to connect to the master server, then the server will let you on regardless of the ticket.
This is how most games work, otherwise no-one would be able to play if the valve authentication servers were down.
So if the authentication servers are down, everyone can play.

Q: Can this not be fixed by a new ppatcher?
A: No ppatcher can only change things clientside, and the ticket check as explained as totally server side.

Q: The trick I read a lot about, that mIRC trick, how does it work?
A: The clientregistry.blob contains dates about when a ticket was last updated, when server addresses and ports were last stored etc. Now the mirc patch changes these dates into the future constantly. Funnily enough, its not the date changing that causes this trick to work for some. Its actually the client being unable to access the clientregistry.blob because its clashing with mirc, this makes the chance of the server remote timeout happening slightly bigger. This might be expoitable temporarely by causing the client wait all the time instead of just when it clashes with mirc.

Q: So whats the only 100% working solution for now?
A: Cracked servers are the only 100% working solution, as a cracked server will not disconnect clients with invalid tickets, nor will it send them to the master server to check.
This means valve has no direct influence to do anything about it.

Q: What is the best thing to do now?
A: Well I have been reading Hellbosses idea, and its technically possible to extend the Steam emulator to emulate steam even more fully. This will mean that you can actually use the normal steam client on the emulator, and everything would work like normal. Though obviously you can only play on emulated/cracked servers then.

Q: Does the new ticket fix trick where you have to register with a HL2 key work?
A: Yes, as it obviously uses the same trick as using a valid HL1 key.
Steam will register you as having purchased the game, and thus you will receive a valid ticket. This will mean however your ip most likely pops up in red in the valve logs. And it is fixable on their side.

P.S. I hope this will clean up a lot of misunderstandings, and a myriad of posts.

However, if you do have a method which you have thoroughly tested, and want me to help and/or put it into more usable code, just let me know.

nice i say this deseveres a sticky, very useful for n00bs like me

_________________

lol, great, this should be sticky

edit: damn it, just missed the first reply

Very well done, I believe noobs should read this before posting. Nothing is impossible, it just takes time. SO we all gotta wait or play on nice cracked servers.

Steve

Sticky, please...

umm.... Thats a bunch of bullcrap! Fine most of it is great, though some of it is just shit! It is possible, people probobly cracked it already...

wtf?! are you saying you don't trust hCUPa?!?!!! then what verson of game are you using? it's most probably a crack from hCUPa

You think that LOSER!

@ Vasis2evil,

STFU, do you have something better?

If so like said discuss maybe you will be given gratitude for a fix instead of my middle finger for being a faggot :middle finger to gaylord: now piss off this thread stinks because of you.

_________________
I am 66% addicted to Counterstrike (28/43 Yes'). What about you?
I am 75% addicted to Porn (was watching porn whilst filling this in). What about you?

And who are you to say such things?
If you didn't know hCUPa is the maker of steamemu. And one of the pioneers in cracking HalfLife 2.

_________________
“Итс дангероус то бе ригхт вхен тхе говернмент ис вронг!” - Волтаире

do i understand it right, that there's no way to crack it?
so, the emporio update 9 is also useless, i guess

damn, just downloaded emporio + update 5-9 =P

nice post though.

@ hCUPa,

It was said;
“Some people have corrupted tickets, which have expiration dates still in the future, somehow the validation still lets these through, i.e. it checks the expiration date first, and only if it’s nearly expired the rest of the ticket. This is why some people can play online”.

Does this mean that these people (which I am one of) will also have the problem in the near future? Possibly by Steam’s February update they have in store?
It may sound stupid but sometimes stupid questions get the mind thinking, is there anyway to corrupt a ticket then or is this all server side and nothing can be done on our side?
You spoke about Authentication servers, any way to bypass these from our side?
This would sound way off, but could a new PPatcher or some app make multiple attempts to get thru at once to the server side in an attempt to stop the authentication server getting a reply in time? In hope of allowing us into the STEAM servers no matter what ticket? (Did that make sense?)
Last question, you mentioned reading Hellbosses idea, but said that this would allow play on emulated/cracked servers, so does this mean most hope is lost for us to return to playing on STEAM servers online like prior Jan19th?

Thank you for your time.

_________________
I am 66% addicted to Counterstrike (28/43 Yes'). What about you?
I am 75% addicted to Porn (was watching porn whilst filling this in). What about you?

Chopz:

It could indeed be an idea to corrupt tickets manually and see if that works, but I'd assume a new steam update would block that.

The other idea I had is the same as yours, automating the password entry when connecting to a server, effectively flooding the authentication server in order to get through.

And lastly, as valve controls all the server and authentication code, and we cannot touch that remotely its obviously a battle you can never win. Its just that valve messed up their Steam protocol design that this all could happen in the first place. (It never did on other games).

Can't we create servers that block the authentication server but it still shows up in the steam server list.
I think that many servers don't want to go cracked because that they will lose many players. It can't be hard to setup iptables to block the right ports?

_________________
“Итс дангероус то бе ригхт вхен тхе говернмент ис вронг!” - Волтаире

every useful thx

_________________

emacs!