Skip to content

canoon/steam_mobile_protocol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

proxy

proxy

 
 

simple-client

simple-client

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Steam mobile app protocol

This is the data structure of the steam mobile app's protocl

This could be useful for implementing the protcol in another messaging program.

Inside the proxy folder there are commands to record the traffic from the phone.

Structure

There seems to be three (maybe more) main groups of functions.

  • ISteamOAuth2: Main authentication functions
  • ISteamWebAPIUtil: Useless stuff but might be useful for testing
  • ISteamUserOAuth: Querying for friends list
  • ISteamWebUserPresenceOAuth: Used for chatting

Structure of calls

Each method is either a get or post method which are used as in http (i.e. get methods just return data and wont update anything)

The path is https://api.steampowered.com/<main group>/<method>/<version string (always v0001)>

Data is passed for get as a standard query string and for post it is the same (the actual client adds a ? on the front of the post data despite this actually not being required)

All methods return json

Common fields

  • steamid: this is the users account can be retrieved with ISteamOAuth2/GetTokenWithCredentials
  • access_token: authentication token retrieved with ISteamOAuth2/GetTokenWithCredentials
  • umqid: as far as I can tell this is just a random number to differenciate between clients just pass to ISteamWebUserPresenceoAuth/Logon
  • message: used for polling the server for new messages
  • messages: list of messages

Message format

  • type - "saytext" or "typing". saytext sends a message while typing is just for an indication they are typing (probably more)
  • timestamp
  • steamid_from - who sent it
  • secure_message_id - as the PollStatus can be accessed over http when a message comes in the client will then fetch the message over https from Poll
  • text - actual text

Calls

ISteamOAuth2

GET /ISteamOAuth2/GetTokenWithCredentials

To login gets access_token

Parameters

  • client_id - use DE45CD61
  • grant_type - use password
  • username - the username
  • password - the password
  • x_emailauthcode - if the user is using two factor authentication you will have to try once without this and then again with this after they receive a code in an email
  • scope - use 'read_profile write_profile read_client write_client'

Returns

  • access_token
  • x_webcookie - presumably used to access steam webpages without logging in again
  • x_steamid

ISteamWebAPIUtil

GET /ISteamWebAPIUtil/GetServerInfo/v0001

Gives you the time

Parameters

none

Returns

  • servertime
  • servertimestring

ISteamUserOAuth

GET /ISteamUserOAuth/GetFriendList/v0001

Gets your friend list

Parameters

  • access_token
  • steamid

Returns

  • friends - a list of:
    • steamid
    • relationship - "friend"?
    • friend_since

Example

GET
/ISteamUserOAuth/GetFriendList/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamid=XXXXXXXXXXXXXXX79
HTTP/1.1
User-Agent: Steam App / Android / 1.0 / 1297579
Host: api.steampowered.com:443
Connection: Keep-Alive

HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 1642

{
"friends": [
{
	"steamid": "XXXXXXXXXXXXXXX77",
		"relationship": "friend",
		"friend_since": 0
},
{
	"steamid": "XXXXXXXXXXXXXXX52",
	"relationship": "friend",
	"friend_since": XXXXXXXX73
}
]

}

GET /ISteamUserOAuth/GetGroupList/v0001

GET /ISteamUserOAuth/GetUserSummaries/v0001

Gets extra information on users

Parameters

  • access_token
  • steamids - comma seperated list of the ids to look up

Returns

  • players - list of
    • steamid
    • communityvisibilitystate - always 3?
    • profilestate - always 1?
    • personaname - seems to be the name set
    • profileurl
    • avatar
    • avatarmedium
    • avatarfull
    • personastate
    • primaryclanid
    • timecreated
    • some extra attributes sometimes...

Example

GET
/ISteamUserOAuth/GetUserSummaries/v0001?access_token=c1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamids=XXXXXXXXXXXXXXX79,XXXXXXXXXXXXXXX55
HTTP/1.1
User-Agent: Steam App / Android / 1.0 / 1297579
Host: api.steampowered.com:443
Connection: Keep-Alive

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 13433

{
"players": [
{
	"steamid": "XXXXXXXXXXXXXXX79",
		"communityvisibilitystate": 3,
		"profilestate": 1,
		"personaname": "XXXXXX",
		"lastlogoff": XXXXXXXX60,
		"profileurl":
			"http:\/\/steamcommunity.com\/profiles\/XXXXXXXXXXXXXXX79\/",
		"avatar":
			"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb.jpg",
		"avatarmedium":
			"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_medium.jpg",
		"avatarfull":
			"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/fe\/feXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb_full.jpg",
		"personastate": 1,
		"primaryclanid": "XXXXXXXXXXXXXXXX69",
		"timecreated": XXXXXXXX79
},
{
	"steamid": "XXXXXXXXXXXXXXX55",
	"communityvisibilitystate": 3,
	"profilestate": 1,
	"personaname": "XXXXXX",
	"lastlogoff": XXXXXXXX48,
	"profileurl":
		"http:\/\/steamcommunity.com\/id\/XXXXXX\/",
	"avatar":
		"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe.jpg",
	"avatarmedium":
		"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_medium.jpg",
	"avatarfull":
		"http:\/\/media.steampowered.com\/steamcommunity\/public\/images\/avatars\/26\/26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe_full.jpg",
	"personastate": 0,
	"realname": "XXXXXX",
	"primaryclanid": "XXXXXXXXXXXXXXXX87",
	"timecreated": XXXXXXXX33,
	"loccountrycode": "US",
	"locstatecode": "CA",
	"loccityid": XXX
}
]

}

ISteamWebUserPresenceOAuth

POST /ISteamWebUserPresenceOAuth/Logon/v0001

Connects to chat

Parameters

  • access_token
  • umqid - just make up a number for this

Returns

  • steamid
  • umqid
  • timestamp
  • message - last message use for polling
  • push - ??

POST /ISteamWebUserPresenceOAuth/PollStatus/v0001

To check for new messages (can be used over http and when a message comes in it can be fetched over https)

Parameters

  • steamid
  • umqid
  • message - id of last message recieved used to check for newer mesages

Returns

  • pollid - always 0?

  • messages - a list of new messages (only if new messages)

  • messagelast - last message id used to poll for new messages (only if new mesages)

  • messagebase - message id you sent (only if new messages)

  • timestamp - (only if new messages)

  • sectimeout - 20 if no new messages less otherwise

  • error - "OK" for new messages otherwise "Timeout"

Example

POST /ISteamWebUserPresenceOAuth/PollStatus/v0001 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Steam App / Android / 1.0 / 1297579
Content-Length: 64
Host: api.steampowered.com:80
Connection: Keep-Alive

?steamid=XXXXXXXXXXXXXXX79&umqid=XXXXXXXXXXXXXXXXX27&message=334

HTTP/1.1 200 OK

{
	"pollid": 0,
		"messages": [
		{
			"type": "typing",
			"timestamp": XXXXXXX38,
			"steamid_from": "XXXXXXXXXXXXXXX70",
			"text": ""
		}
	]
		,
		"messagelast": 335,
		"timestamp": XXXXXXX38,
		"messagebase": 334,
		"sectimeout": 11,
		"error": "OK"
}

POST /ISteamWebUserPresenceOAuth/Poll/v0001

Recieves messages

Same as previous just with access_token and over https

POST /ISteamWebUserPresenceOAuth/Message/v0001

Sends a message

Parameters

  • access_token

  • umqid

  • type - see message format

  • text - (optional) see message format

  • steamid_dst

  • cameron@shptech.com

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

29 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages