Posted September 3, 200816 yr This program uses one function written by Luigi Auriemma, his function to parse the ClientRegistry.blob file and retrieve the stored encrypted password for the last saved login, and one function written by VALVe developers, SteamDecryptDataForThisMachine(). While both of these functions used are open source (thanks VALVe), this particular program is not as it contains some trade secrets, so credit is being given now for borrowed code. What GetSteamInfo does is simple, you run it on your machine if you forgot your Steam login credentials and it opens up a command-prompt style window and will display your login to you. Luigi has released several such programs over the last two years using one method or another to do this, here we just combine the password with the user name for you. GetSteamInfo only imports Steam's decryption function from Steam.dll and calls it on the encrypred pass phrase located in ClientRegistry.blob. It then parses SteamAppData.vdf to retrieve the user name set as "AutoLoginUser". It contains no actual code from VALVe's stolen source code which was released in 2003. If you are interested in learning more about Steam's login process I suggest you check out our forums and also Luigi Auriemma's. http://www.myg0t.com/sx/bin/GetSteamInfo.rar
September 3, 200816 yr So the only way to retrieve UN/PW would run it on a computer with a saved login? What happens if person never saved it.
September 3, 200816 yr So the only way to retrieve UN/PW would run it on a computer with a saved login? What happens if person never saved it. logkey or beat them up till they tell you.
September 3, 200816 yr hook a few functions and read stack then verify data at a later point of execution in steam, if they use command line you can hook a certain function in vac.
September 3, 200816 yr Author So the only way to retrieve UN/PW would run it on a computer with a saved login? What happens if person never saved it. With this particular release yes. There are many, many other ways to retrieve the stored or a typed login when it comes to Steam. As wav mentioned, hooking the Steam functions directly is another popular method. Both the username and password values are passed along as plain text when first submitted to Steam so there are many chances where you can simply grab them from memory. In other cases they may be encrypted but as I showed you with GetSteamInfo, there are several ways to have Steam do the work for you. Check out s0beit's Steam API Hook base I released a month or so ago, should be archived here in the news section. Edited September 3, 200816 yr by [myg0t]SourceX
September 3, 200816 yr SourceX;583191']With this particular release yes. There are many, many other ways to retrieve the stored or a typed login when it comes to Steam. As wav mentioned, hooking the Steam functions directly is another popular method. Both the username and password values are passed along as plain text when first submitted to Steam so there are many chances where you can simply grab them from memory. In other cases they may be encrypted but as I showed you with GetSteamInfo, there are several ways to have Steam do the work for you. Check out s0beit's Steam API Hook base I released a month or so ago, should be archived here in the news section. kik this is true findwindow check for verification purposes of login lolz
September 6, 200816 yr i am not a programmer or anything, but I got a hunch. if the 'encrypted pass phrase' is located in 'ClientRegistry.blob', then would it be possible to get someone elses 'ClientRegistry.blob'. Then overwrite my ClientRegistry.blob with his/hers and execute the GetSteamInfo program and get his/her password?
September 6, 200816 yr i am not a programmer or anything, but I got a hunch. if the 'encrypted pass phrase' is located in 'ClientRegistry.blob', then would it be possible to get someone elses 'ClientRegistry.blob'. Then overwrite my ClientRegistry.blob with his/hers and execute the GetSteamInfo program and get his/her password? no. you have to get three things for the registry and do some other shit Im not a programmer so I cant explain k.
September 7, 200816 yr Author i am not a programmer or anything, but I got a hunch. if the 'encrypted pass phrase' is located in 'ClientRegistry.blob', then would it be possible to get someone elses 'ClientRegistry.blob'. Then overwrite my ClientRegistry.blob with his/hers and execute the GetSteamInfo program and get his/her password? You can't just overwrite it with your own and have it work. However if you hijack someone's ClientRegistry.blob file and you also get the three registry values which combined make up the encryption key, you could decrypt the file on any machine at a later date either using Steam's own exported decryption function like GetSteamInfo does, by writing your own, or by using one of Luigi's already published decryption functions.
September 9, 200816 yr SourceX refers to the "SteamLogin" export in "Steam.dll", detour that and the data is yours. we lost the miles sound system in steam so there is no more automatic way to do it, you will either need to manually inject your code or find another hole.
September 10, 200816 yr Its wrong for me.. It shows one of my accounts username then another accounts password. So it can be like User: Account1 Pass: Account2
September 10, 200816 yr k0nspire;584374']SourceX refers to the "SteamLogin" export in "Steam.dll", detour that and the data is yours. we lost the miles sound system in steam so there is no more automatic way to do it, you will either need to manually inject your code or find another hole. yep I remember dilpo, spiff, SX, you and myself doing this same shit in 06
October 9, 200816 yr I am going to cum on my brothers face while he is asleep and take pictures and post them here. please tell me this will not get me vac banned or this is not a keylogger, if so I will not cum on his face and take pics.
October 9, 200816 yr I am going to cum on my brothers face while he is asleep and take pictures and post them here. please tell me this will not get me vac banned or this is not a keylogger, if so I will not cum on his face and take pics. How will it get you vac banned?
October 9, 200816 yr knobjockey;588953']How will it get you vac banned? I'm not sure, so it's not a keylogger either I am guessing
October 9, 200816 yr I'm not sure, so it's not a keylogger either I am guessing You can get off the forums now.
