2FA code not being accepted.

[dilydaly]

Possible issue with 2FA on fresh install.

Running Steamdeck OLED Arch -> git clone repo -> "scsd -a name" -> password

After, email code is requested and even when typed all caps with or without spaces it fails to login.

log:

2023-12-03 09:45:05 [INFO] scsd-v0.0.61 started
2023-12-03 09:45:05 [INFO] Files will be saved to './data'
2023-12-03 09:45:05 [ERROR] No session found. Please re-run the program with -a first
2023-12-03 09:45:09 [INFO] scsd-v0.0.61 started
2023-12-03 09:45:09 [INFO] Files will be saved to './data'
2023-12-03 09:45:15 [ERROR] Login fail, please try again
2023-12-03 09:45:18 [INFO] scsd-v0.0.61 started
2023-12-03 09:45:18 [INFO] Files will be saved to './data'
2023-12-03 09:46:01 [ERROR] Login fail, please try again
2023-12-03 09:54:46 [INFO] scsd-v0.0.61 started
2023-12-03 09:54:46 [INFO] Files will be saved to './data'
2023-12-03 09:55:41 [ERROR] Login fail, please try again
2023-12-03 09:59:35 [INFO] scsd-v0.0.61 started
2023-12-03 09:59:35 [INFO] Files will be saved to './data'
2023-12-03 10:00:12 [ERROR] Login fail, please try again
2023-12-03 10:04:31 [INFO] scsd-v0.0.61 started
2023-12-03 10:04:31 [INFO] Files will be saved to './data'
2023-12-03 10:04:55 [ERROR] Login fail, please try again

Update:
Tested on Windows 10 install, same result.

[hhhhhojeihsu]

Because Valve changed the login mechanism. (As stated here ValvePython/steam#450). Unfortunately it seems like the library (ValvePython/steam) is inactive for awhile. I plan to switch the library soon. It should work after that.

[hhhhhojeihsu]

Hi @dilydaly,

The issue should be fixed by the newest release v0.0.63. Please give it a try.

[dilydaly]

Hi @dilydaly,

The issue should be fixed by the newest release v0.0.63. Please give it a try.

Can not test fix, 2FA code not sent until prompt is advanced past the entry line.

username > pass > "2FA code (case insensitive) :

Unless I advance past the entry field by entering the wrong code, I will not recieve a 2FA code. Tested on SteamOS Arch.

[hhhhhojeihsu]

Due to Steam API changes the current underlying API does not support Steam Guard push notification. So you need to get the 2FA code manually. Steps:

Open Steam Mobile App -> Press the Shield tab at the bottom row -> Press "Show Steam Guard Code" -> Press "Show Steam Guard Code" again -> Enter the 5 characters manually.

[dilydaly]

@hhhhhojeihsu

Due to Steam API changes the current underlying API does not support Steam Guard push notification. So you need to get the 2FA code manually. Steps:

Open Steam Mobile App -> Press the Shield tab at the bottom row -> Press "Show Steam Guard Code" -> Press "Show Steam Guard Code" again -> Enter the 5 characters manually.

Ah, that might be it. I don't use the SteamGuard app. I still have mine set to email verification. The email was being sent at the proper time on v0.0.62, however the API was not up to date as you mentioned.

Now, the email only gets sent AFTER I push the script past the entry for the 2FA code. Assuming this has to do with the new API.

I don't expect you to write code specifically for people purposefully using outdated security measures, so I will appreciate the work thus far. If you would like me to mark this closed please let me know.

[hhhhhojeihsu]

@dilydaly
Actually it would be a relatively minor change to support Email 2FA I assume.

Question: Were you be able to login with the 2FA sent to your Email?

I guess the code sent to Email and the mobile authenticator are using the same shared_secret to generate the same OTP. If that is the case I'll create an option to support this scenario.

[dilydaly]

@hhhhhojeihsu

Question: Were you be able to login with the 2FA sent to your Email?

No. Both in v0.0.62 and v0.0.63

v0.0.62 - 2FA email is sent at the correct time, but not accepted.

Password:

(2FA email recieved)

2FA code (case sensitive): asdfg <--- (pretend actual code from email)

[ERROR] Login fail, please try again

v0.0.63 - 2FA email not sent until you advance past the 2FA entry field.

`Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)

2FA code (case insensitive): asdfg  <--- (i fill spam or leave empty and press enter)

2023-12-09 12:54:46 [ERROR] Login fail, please try again

(2FA Email arrives 3 seconds later.)
`

I have tested various waiting times but it is very clear that advancing the script to the next line is what triggers the email send.

[hhhhhojeihsu]

@dilydaly
v0.0.62 does not work because the API was outdated. v0.0.63 triggers the authentication email after entering 2FA because the payload was sent at that moment.

Just a theory: The OTP changes every 30 seconds. You should be able to use the same code if you re-initiate the authentication process once again with the previously sent code.

I will create a test branch for you to test the functionality with altered authentication flow in the next a few days.

[hhhhhojeihsu]

So I adjust the acquire sequence of 2FA code
Please test with commit b442d9e on the other branch

[dilydaly]

@hhhhhojeihsu

-Happy new years!-

RESULTS:
2FA Auth email sent at correct time, after the login password prompt.
Code not being recognized as correct.
Subsequent attempts within a short time period ends up with the same code being sent to email.
Code still not being accepted as correct.

TEST WITH INCORRECT LOGIN - behaves correctly

(11)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [username]
2023-12-31 20:07:14 [INFO] scsd-0.0.63 started
2023-12-31 20:07:14 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: [wrong password]
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): 2023-12-31 20:08:01 [ERROR] Login fail, please try again

TEST WITH LOWERCASE AUTH CODE:

(10)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [username]
2023-12-31 20:08:47 [INFO] scsd-0.0.63 started
2023-12-31 20:08:47 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: [password]
2FA code on Steam Authenticator (Please get the 5 digits code manually)
---EMAIL ARRIVES WITH CODE---
2FA code (case insensitive): 3ywg7 
2023-12-31 20:09:45 [ERROR] Login fail, please try again

TEST WITH UPPERCASE AUTH CODE:

(10)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [username]
2023-12-31 20:09:49 [INFO] scsd-0.0.63 started
2023-12-31 20:09:49 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: [password]
2FA code on Steam Authenticator (Please get the 5 digits code manually)
---EMAIL ARRIVES WITH THE SAME CODE---
2FA code (case insensitive): 3YWG7
2023-12-31 20:10:32 [ERROR] Login fail, please try again
(10)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ 

[hhhhhojeihsu]

@dilydaly

Happy New Year 😄

So I create another account with Email 2FA enabled instead of mobile authenticator. It turns out that Steam treats the codes differently. The API (AuthenticationService/UpdateAuthSessionWithSteamGuardCode) sent to the server specify the wrong code type. code_type 2 is for Email and 3 fro mobile authenticator.

Please try again with this commit version
1e4a71c

[dilydaly]

@hhhhhojeihsu

Good Progress!

RESULTS:
2FA Auth email sent at incorrect time, after the 2FA prompt, however code recognized as correct!
Subsequent attempts within a short time period ends up with new codes being sent, invalidating old codes.
Password and 2FA work, undesired behaviour on steam cloud download.

(1)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [username]
2024-01-08 19:40:50 [INFO] scsd-0.0.63 started
2024-01-08 19:40:50 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): 
---wait for 2 minutes -> no code arrives -> blank input to advance line---
2024-01-08 19:41:36 [ERROR] Login fail, please try again
--- Email Arrives within 3 seconds of advanced line ---
(10)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [username]
2024-01-08 19:41:45 [INFO] scsd-0.0.63 started
2024-01-08 19:41:45 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)
--- Use code from prior attempt ---
2FA code (case insensitive): 25r3g
Login success. Please rerun scsd to start downloading

--- Go to eat and play vidya ---

(14)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd
2024-01-08 22:38:53 [INFO] scsd-0.0.63 started
2024-01-08 22:38:53 [INFO] Files will be saved to './data'
2024-01-08 22:39:03 [INFO] (1/16) Processing Steam Client
2024-01-08 22:39:08 [ERROR] Cannot parse the file list. It seems like Steam has update the webpage. Please update to the latest version or notify the author.
2024-01-08 22:39:08 [INFO] Retrying in 25 seconds
2024-01-08 22:39:34 [ERROR] Cannot parse the file list. It seems like Steam has update the webpage. Please update to the latest version or notify the author.
2024-01-08 22:39:34 [INFO] Retrying in 22 seconds
 

[hhhhhojeihsu]

I will look into the reason of why the 2FA code won't send without advance the line. As for the download issue, I think it's the same reason as #3. I've back ported the fix to this branch. So the issue should be fixed in 6af89dd.

[dilydaly]

@hhhhhojeihsu

MODERATE SUCCESS!

RESULTS:
Email not sent until advanced past 2FA once, but login and 2FA code works on 2nd attempt with downloads fully functional.

---[2FA Auth email sent at incorrect time, after the 2FA prompt on first try]---

(1)(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd -a [USER]
2024-01-11 02:23:39 [INFO] scsd-0.0.63 started
2024-01-11 02:23:39 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [USER]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): yr8ch
Login success. Please rerun scsd to start downloading
(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ python scsd
2024-01-11 02:24:34 [INFO] scsd-0.0.63 started
2024-01-11 02:24:34 [INFO] Files will be saved to './data'
2024-01-11 02:24:43 [INFO] (1/16) Processing Steam Client
2024-01-11 02:24:46 [INFO] Downloading serverbrowser_hist.vdf
2024-01-11 02:24:50 [INFO] Downloading sharedconfig.vdf
2024-01-11 02:24:53 [INFO] (2/16) Processing Steam Input Configs
2024-01-11 02:24:58 [INFO] Downloading configset_45e-2e0-17766ce4.vdf
2024-01-11 02:25:02 [INFO] Downloading configset_controller_xboxone.vdf
2024-01-11 02:25:07 [INFO] Downloading preferences_8430953c7c9a.vdf
2024-01-11 02:25:11 [INFO] Downloading personalization.vdf
2024-01-11 02:25:17 [INFO] (3/16) Processing RUNNING WITH RIFLES
2024-01-11 02:25:22 [INFO] Downloading id.xml
2024-01-11 02:25:26 [INFO] (4/16) Processing Enter the Gungeon
2024-01-11 02:25:30 [INFO] Downloading SlotA.save

---some time later---

2024-01-11 02:27:33 [INFO] (15/16) Processing NEKOPARA Vol. 4
2024-01-11 02:27:37 [INFO] Downloading datasc.ksd
2024-01-11 02:27:42 [INFO] Downloading datasu.ksd
2024-01-11 02:27:47 [INFO] Downloading savecheck
2024-01-11 02:27:50 [INFO] (16/16) Processing Resident Evil 4
2024-01-11 02:27:56 [INFO] Downloading data00-1.bin
(deck@steamdeck steamCloudSaveDownloader-email_2fa)$ 

 

[hhhhhojeihsu]

Hi @dilydaly

Appreciate the constant feedback. Figured out why is the code not sent at the correct timing (due to some stupid mistake). I have integrate the changes to master branch and published as v0.0.67. In addition, config file is now required if 2FA code is sent to Email when authenticating (only). Please refer to the 2fa section in this article.

And issue the command like python scsd -a [USER] -f [CONFIG]

Please let me know if the issue is finally resolved. Thanks.

[dilydaly]

@hhhhhojeihsu

Confusing behaviour, not sure what to make of it. 2FA working inconsistently.

RESULTS:
Unable to nail down behaviour, but 2FA either gets sent AFTER the prompt is advanced, or is sent at the right time but the code is not accepted, or is not sent at all even after waiting a few times.

(1)(deck@steamdeck steamCloudSaveDownloader-0.0.67)$ python scsd -a [username] -f conf
2024-01-19 09:08:30 [INFO] scsd-0.0.63 started
2024-01-19 09:08:30 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)

**--- Email Arrives, code entered. ---**

2FA code (case insensitive): X38VT
2024-01-19 09:08:50 [ERROR] Login fail, please try again

**--- Not sure why it did not take the code. ---**


(10)(deck@steamdeck steamCloudSaveDownloader-0.0.67)$ python scsd -a [username] -f conf
2024-01-19 09:08:59 [INFO] scsd-0.0.63 started
2024-01-19 09:08:59 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)

**--- The same code is sent, arrives at the right time ---**

2FA code (case insensitive): X38VT
2024-01-19 09:12:40 [ERROR] Login fail, please try again

**--- Code not working no idea why, let me wait a few minutes and get a new code ---**
 
(10)(deck@steamdeck steamCloudSaveDownloader-0.0.67)$ python scsd -a [username] -f conf
2024-01-19 09:12:46 [INFO] scsd-0.0.63 started
2024-01-19 09:12:46 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password: 
2FA code on Steam Authenticator (Please get the 5 digits code manually)

**--- no new email ---**

2FA code (case insensitive): X38VT
2024-01-19 09:13:16 [ERROR] Login fail, please try again
(10)(deck@steamdeck steamCloudSaveDownloader-0.0.67)$ 


 

I will run some more tests on another system and update this post as needed.

[hhhhhojeihsu]

Hi @dilydaly

According to the log you posted

(1)(deck@steamdeck steamCloudSaveDownloader-0.0.67)$

and

2024-01-19 09:08:30 [INFO] scsd-0.0.63 started

Suggest that you might accidentally use the old version instead. Please ensure that you use the latest version with pip or whatever method you get the files with.

[dilydaly]

@hhhhhojeihsu

Behaviour seems to have reverted to before two weeks ago: #1 (comment)
Interesting to note that trying to login to the official site does not send an email as well if triggered within short timespan of trying to use SCSD.

RESULTS:
2FA code not accepted. Login failed.
2FA code gets sent after prompt advance, and does not accept or send a new code every time the prompt advances.
All tests done without VPN, then repeated with VPN for same results.

This program will NOT save your credential locally
Username: [username]
Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): 
**[---I waited 5 minutes no code ---]**
2024-01-24 20:14:52 [ERROR] Login fail, please try again
**[CODE ARRIVES IMMEDIATELY]**

PS H:\_scsd> H:\_scsd\scsd.exe -a [username]
2024-01-24 20:15:17 [INFO] scsd-v0.0.67 started
2024-01-24 20:15:17 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): w64fq
2024-01-24 20:15:52 [ERROR] Login fail, please try again


**[I go to https://help.steampowered.com and try to login to the same account, same password manually entered, and NO EMAIL IS SENT.]**
**[I use the code from the prior email and it logs me in immediately.]**


PS H:\_scsd> H:\_scsd\scsd.exe -a [username]
2024-01-24 20:19:08 [INFO] scsd-v0.0.67 started
2024-01-24 20:19:08 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)
**[NO EMAIL IS SENT]**
2FA code (case insensitive): w64fq
2024-01-24 20:19:52 [ERROR] Login fail, please try again

**[EMAIL ARRIVES IMMEDIATELY]**

PS H:\_scsd> H:\_scsd\scsd.exe -a [username]
2024-01-24 20:20:00 [INFO] scsd-v0.0.67 started
2024-01-24 20:20:00 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)
2FA code (case insensitive): yrfdx
2024-01-24 20:20:11 [ERROR] Login fail, please try again 

[hhhhhojeihsu]

Hi @dilydaly

You still need a config and specify 2fa option to mail for it to work (as mentioned in #1 (comment)). I shall add an argument flag to specify this option without the need of config file later.

[dilydaly]

@hhhhhojeihsu

Success!!! Fully functional. Prior issues update entirely due to user illiteracy.

Closing issue.

RESULTS:

Fully functional once config file was setup and argument to use it applied.

PS H:\_scsd> H:\_scsd\scsd.exe -f conf -a [username]
2024-01-26 15:47:29 [INFO] scsd-v0.0.67 started
2024-01-26 15:47:29 [DEBUG] {'General': {'save_dir': './data', '2fa': 'mail'}, 'Rotation': {'rotation': 15}, 'Log': {'log_level': 3}, 'Notifier': {'notify_if_no_change': False, 'notifier': '', 'webhook': '', 'path': '', 'level': 1}, 'Target': {'mode': 'exclude', 'list': [7, 12]}, 'Danger Zone': {'wait_interval': [3, 5]}, 'auth': '[username]'}
2024-01-26 15:47:29 [INFO] Files will be saved to './data'
This program will NOT save your credential locally
Username: [username]
Password:
2FA code on Steam Authenticator (Please get the 5 digits code manually)

[CODE ARRIVES IMMEDIATELY]

2FA code (case insensitive): w75gy
Login success. Please rerun scsd to start downloading

PS H:\_scsd> H:\_scsd\scsd.exe
2024-01-26 15:48:16 [INFO] scsd-v0.0.67 started
2024-01-26 15:48:16 [INFO] Files will be saved to './data'
2024-01-26 15:48:16 [INFO] Refreshing session
2024-01-26 15:48:25 [INFO] (1/16) Processing Steam Client
2024-01-26 15:48:31 [INFO] Downloading serverbrowser_hist.vdf
2024-01-26 15:48:35 [INFO] Downloading sharedconfig.vdf
...
2024-01-26 15:51:58 [INFO] (16/16) Processing Resident Evil 4
2024-01-26 15:52:01 [INFO] Downloading data00-1.bin
PS H:\_scsd>