PHP Steam bot - 如何使用 RSA 登录页面 - PHP Steam bot - How to login to page using RSA

我一直在尝试制作简单的 Steam 机器人，通过登录 Steam 页面然后发送公告来向 Steam 群组发送公告。我在登录时卡住了。这是我所拥有的：

include('Math/BigInteger.php');    
include('Crypt/RSA.php');
$url = 'http://store.steampowered.com/login/getrsakey/';    // here I get public key
$data = array('username' => 'user');         // I'm sending username by POST method
$options = array(
    'http' => array(
        'header'  => "Content-type: application/x-www-form-urlencoded'r'n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$result = json_decode($result)
// And this is part that don't work:
$rsa = new Crypt_RSA();
$key = array(
    'n' => new Math_BigInteger($result->publickey_mod,16),
    'e' => new Math_BigInteger($result->publickey_exp,2)
);
$rsa->loadKey($key);
$password = $rsa->encrypt("password");    // encrypting password
$data = array(
    'username' => 'user',
    'password' => $password,
    'twofactorcode'=> "",
    'emailauth'=> "", 
    'loginfriendlyname'=> "", 
    'captchagid'=> "", 
    'captcha_text'=> "", 
    'emailsteamid'=> "", 
    'rsatimestamp'=> $result->timestamp, 
    'remember_login'=> "false" 
);
$options = array(
    'http' => array(
        'header'  => "Content-type: application/x-www-form-urlencoded'r'n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);

结果是：

{"success":false}

问题是加密的密码看起来与我使用 Steam 使用的 javascript 函数加密时不同。所以我尝试在javascript中加密密码，然后将其粘贴到PHP代码中，但这也没有用。

任何帮助将不胜感激。

最初，我来这里是为了寻找我自己问题的答案，但我很失望地看到没有人正式提供答案。所以，在使用这里的信息为自己指出正确的方向之后，我已经削减了大约一个小时，终于让它为自己工作了。

为了使其正常工作，您所要做的就是在此处下载.zip文件：https://github.com/phpseclib/phpseclib。将其解压缩到服务器/应用程序目录，然后使用以下代码。

<?php
include('Math/BigInteger.php');    
include('Crypt/RSA.php');
define('CRYPT_RSA_PKCS15_COMPAT', true);  // May not be necessary, but never hurts to be sure.
$url_rsa = 'https://steamcommunity.com/login/getrsakey/?username=';
$username = "";  // Insert bot's username here.
$password = "";  // Insert bot's password here.

// Skip the extra work of POST'ing the data, just GET'ing the url works fine and saves space
$result = file_get_contents($url_rsa . $username);
$result = json_decode($result);
/*if ($result->success){
    echo "Got Info!<br/><br/>";
} else if (!$result->success){            // Remove comment markers during testing
    echo "Unable to grab Info<br/><br/>"; // You can also use this to log errors to a database or email you if needed.
}*/
//echo var_dump($result);
// More testing code, just to help you see what's going on.
//echo "<br/><br/>";
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$key = array(
    'n' => new Math_BigInteger($result->publickey_mod,16),
    'e' => new Math_BigInteger($result->publickey_exp,16) // Fixed base :)
);
$rsa->loadKey($key);
$password = base64_encode($rsa->encrypt($password)); // Steam uses Base64_Encode()
//echo "Password Encrypted: " . $password . "<br/><br/>";
// Should look like numbers and letters, any 'weird' characters shouldn't be here
$data = array(
    'username' => $username,
    'password' => $password,
    'twofactorcode'=> "",
    'emailauth'=> "", 
    'loginfriendlyname'=> "", 
    'captchagid'=> "",         // If all goes well, you shouldn't need to worry
    'captcha_text'=> "",       // about Captcha.
    'emailsteamid'=> "", 
    'rsatimestamp'=> $result->timestamp, 
    'remember_login'=> "false" 
);
$options = array(
    'http' => array(
        'header'  => "Content-type: application/x-www-form-urlencoded'r'n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);
$url="https://steamcommunity.com/login/dologin/";
$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$result = json_decode($result);
//echo var_dump($result);
// Hopefully everything went O.K. and you should be able pull out tokens
// for usage in your application.
?>

结果应类似于以下内容：

{
    "success":true,
    "requires_twofactor":false,
    "login_complete":true,
    "transfer_urls":["https:'/'/store.steampowered.com'/login'/transfer","https:'/'/help.steampowered.com'/login'/transfer"],
    "transfer_parameters":{
        "steamid":"XXXXXXXXXXXXXXXXX",
        "token":"Combination of Letters and Numbers",
        "auth":"Looks like a Hash Here",
        "remember_login":false,
        "token_secure":"More Letters and Numbers"
    }
}

在创建机器人时，尤其是可能被委托保存人们贵重物品的机器人（就像大多数机器人一样），最好使用非常安全的密码。

一个好的格式是大约 20 个字符长的密码，包含数字、字母和一些符号。一个在客户端生成密码的好网站是 http://passwordsgenerator.net。请遵循网站上列出的建议，以确保您的帐户安全。