CS.RIN.RU - Steam Underground Community

NOTE THAT I HAVE PROBABLY NO IDEA WTF I AM TALKING ABOUT AND THIS MIGHT BE A LOT OF BS. THX

I read the technial Q/A by hcup on the ticket thing. It was pretty good, where did the post go? Anyways, from what I understand, the way the ticket works is

1) You get a ticket from steam after logging on
Client <--> Steam Auth


When you play on a server:

Client --(2)-> Server --(3)--> Steam Auth
<--(4)--
2) You send the ticket to a server for verification
3) The server sends the ticket to steam for verification
4) The steam server sends the verification

So we have 3 was to attacking at step 2), 3), and 4).

Step 2:
Well, it would be nice to find out the format of the ticket, like what's the information in the ticket. I realize that it is digitally signed (what algorithm btw?) and there is little change for modifiction. But still, the less info in the ticket, the more breathing room.

Suppose we create game servers that record all tickets from "legit" users in some database somewhere. And then, "illegit" users just get a real ticket from the database and uses it. Kind of like what the mIRC method. However, steam just needs to put some client unique informatioin into the ticket (like ur ip) and then you are screwed.


The other method is using some kind of ticket that can't be verified. Either it's corrupted, in the wrong format, or somehow doesn't make sense. Steam just needs to deny access to tickets like this (probably a game server update).

Step 3:
Well, if we were really desprate, I guess we could flood the valve server and cause some kind of a DoS effect (well spoofed of course). And then they will have to get rid of the ticketing thing because nobody can play games.

Or maybe we can find clever ways to inject packets. RST hijacking or connection desychronization to screw up validation requests. Is this step TCP or UDP?

Step 4:
Well, I haven't tried this yet, but how predictable is the valve server? Any chance of spoofing replies or is everything digitally signed? Maybe if we know the reponse to certain tickets, we can spoof that reponse to those tickets.

Or if we are really desperate, we could made fake invalidation requests for "legit" tickets and flood servers with them. And then they will have to get rid of the ticketing thing because nobody can play games.


Of couse for step 3 and step 4, they would be pretty complex hacks and quite a few timing issues. Or maybe find some hole in the server like making the server think you are someone that it already has verified a tickets for. Well, i dunno what i am talking about and i'll shut up now.

It WOULD be great if we could crack the digital signature that Valve signs the tickets with, then get a close look inside the tickets. After that, it wouldn't be too hard to emulate or at least make false tickets and sign them using the same signature.

That, or to create a whole seporate network in which we don't need tickets anymore. Only downside of such option is that we would lose the ability to play on legit servers, but personnally I think that the goal (to play on legit servers) is currently set too high to achieve in one step . . .

_________________

Take my love, take my land, take me where I cannot stand
I don't care, I'm still free. You can't take the sky from me
Take me out to the black, tell them I ain't comin' back
Burn the land and boil the sea, you can't take the sky from me

Mmm, that's not what a digital signature is.

Digital signature is made like this:

1) You have the original message
2) You make a hash of the message (like MD5 or SHA1)
3) You use a private public key encryption of the hash (like RSA) using your private key. This is the digital signature. It is transmitted with the original message.

The reciever does this:
1) Calculates the hash of the message he received using the same algorithym
2) Decrypts the digital signature using the public key
3) Compares the hash of the message he got and the hash of the digital signature

Since no one know your private key or can figure it out analytically, no one can forge digital signatures (unless you convince the reciver that the public key is something else but that's an whole other business). Therefore noone can forge messages from you.

The digital signature verifies that it came from you and that the message has been unmolesteted (authenticity). It's not used to encrypt a message and hide it from prying eyes.

booo

_________________

Ok, so what are our options?

1. Learn to live without STEAM online servers forever.
2. Those who have some knowledge of the way STEAM program get together and talk to one another.
3. Be patient as there is always a possibility it can be fixed.
4. By the game.

_________________
I am 66% addicted to Counterstrike (28/43 Yes'). What about you?
I am 75% addicted to Porn (was watching porn whilst filling this in). What about you?

I think those 2 are the only ones.

_________________
red_skull666
watch your back maggot!

Yeah, probably...

_________________
I am 66% addicted to Counterstrike (28/43 Yes'). What about you?
I am 75% addicted to Porn (was watching porn whilst filling this in). What about you?

i am NOT going to buy that game. Hackers will beat the steam.