Generates encrypted app tickets for Steam games through multiple authentication methods.
| File | Method | Description |
|---|---|---|
client.py |
DLL | Uses steam_api64.dll to request tickets from the running Steam client. Fast, no credentials needed, but requires Steam desktop app running on Windows. |
network.py |
CM Network | Connects directly to Steam's CM servers with username/password via the ValvePython/steam library. Requires manually typing Steam Guard codes. No DLL needed. |
mobile.py |
Mobile Route | Uses Valve's IAuthenticationService Web API to authenticate via credentials (with phone approval or guard code) or QR code scan. Bridges the resulting token into a CM session to fetch the encrypted app ticket. No DLL needed. |
The mobile route (mobile.py) is named after its key feature: leveraging the Steam mobile app for authentication. Instead of requiring the Steam desktop client or manually typing 2FA codes, it uses Valve's modern IAuthenticationService API to:
- Phone Nudge: Send an approve/deny prompt to the Steam mobile app
- QR Login: Display a QR code that the Steam mobile app can scan — no password entry needed
- Guard Code Fallback: Accept typed Steam Guard codes when mobile confirmation isn't available
All three flows produce a refresh_token JWT which is then used to authenticate a CM (Connection Manager) session and request an encrypted app ticket — the same ticket that the DLL method produces.
The key technical challenge is bridging web auth tokens into a CM session. The refresh token from IAuthenticationService is set as the access_token field on CMsgClientLogon. Critical requirements:
platform_type=1(SteamClient) during auth — ensures the token has"client"audience- Real SteamID on the header — decoded from the JWT's
subclaim, not a generic SteamID - No
account_nameorpassword— these must be omitted for token-based CM login
See AUTH_METHODS.md for detailed documentation of all authentication flows and implementation details.
See spacewar.py for a usage example of the DLL client.