Pidgin
Trac is being migrated to new services! Issues can be found in our new YouTrack instance and WIKI pages can be found on our website.

Changes between Initial Version and Version 1 of SteamFriendsProtocolSpec


Ignore:
Timestamp:
Dec 22, 2007, 5:25:22 AM (16 years ago)
Author:
queueram
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SteamFriendsProtocolSpec

    v1 v1  
     1[[TOC]]
     2= Unofficial Steam Friends Protocol Specification =
     3== Introduction ==
     4Steam Friends is an instant messaging protocol that is built into Steam, a game content delivery system developed by Valve.  This page details the protocol specification for Steam Friends as was ascertained though reverse-engineering.
     5
     6== Connection ==
     7Steam Friends uses UDP on port 27017.  Connections have been made to the following servers:
     8 * 68.142.64.165
     9 * 68.142.64.164
     10
     11== Layers ==
     12On top of UDP, another layer is implemented to keep track of sequencing and splitting of packets.  This layers prepends every packet with the following 36-byte structure:
     13
     14|| ||0||4||8||12||
     15||'''00:'''||"VS01"||type||destination||source||
     16||'''10:'''||sequence #||response #||split count ||seq. # of 1st packet||
     17||'''20:'''||data length|| || || ||
     18
     19'''Note:''' These values are little-endian, which is not network order.
     20
     21||'''Field'''||'''type'''||'''Length (bytes)'''||'''Description'''
     22||"VS01"||string (non-null terminated)||4||the 4 characters 'V', 'S', '0', '1'
     23||type||bit-field||4||a bit field describing the type of packet (needs further analysis)
     24||destination||integer||4||the destination ID of the packet
     25||source||integer||4||the source ID of the packet
     26||sequence #||integer||4||the packet's sequence number.  server and client keep track of own numbers
     27||response #||integer||4||if packet is sent as response to another packet, this is that packet sequence #
     28||split count||integer||4||the number of packets the current message was split in to
     29||seq. # of 1st packet||integer||4||the sequence number of the first packet for current message
     30||data length||integer||4||the length of the data that follows
     31
     32
     33== Login sequence ==
     34 1. Client initiates the login by sending a type '0x00020004' packet to the server with no data, and sequence # 1
     35{{{
     3600:   56 53 30 31 00 00 01 04 00 02 00 00 00 00 00 00
     3710:   01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00
     3820:   00 00 00 00
     39}}}
     40 1. Server responds with type '0x04020004' (first one ORed with 0x04000000) with 4 bytes of data attached '''(although the data length field is 0)''', sequence: 1, response: 1, src: 0x00000200
     41{{{
     4200:   56 53 30 31 04 00 02 00 00 00 00 00 00 02 00 00
     4310:   01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
     4420:   00 00 00 00 f9 8d 22 25
     45}}}
     46 1. Client responds with type '0x04030004' (previous ORed with 0x00010000) with 4 bytes of data attached (with 4 as data size).  That 4 bytes corresponds to the 4 bytes that the server sent XORed with 0xA426DF2B.  sequence: 2, response: 1, dest: 0x00000200
     47{{{
     4800:   56 53 30 31 04 00 03 04 00 02 00 00 00 00 00 00
     4910:   02 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00
     5020:   04 00 00 00 d2 52 04 81
     51}}}
     52 1. Server responds with type '0x04040000' (possibly as some sort of ACK).  sequence: 2, response: 2, dest: this becomes the source for all subsequent packets from client
     53{{{
     5400:   56 53 30 31 00 00 04 04 00 34 7e fe 00 02 00 00
     5510:   02 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00
     5620:   00 00 00 00
     57}}}
     58 1. Server sends type '0x0406001c' with the following data stream: "17 05 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 00 00 01 00 00 00".  sequence: 3, response: 2
     59{{{
     6000:   56 53 30 31 1c 00 06 04 00 34 7e fe 00 02 00 00
     6110:   03 00 00 00 02 00 00 00 01 00 00 00 03 00 00 00
     6220:   1c 00 00 00 17 05 00 00 ff ff ff ff ff ff ff ff
     6330:   ff ff ff ff ff ff ff ff 01 00 00 00 01 00 00 00
     64}}}
     65 1. Client responds type '0x040600a4' with the following data stream: "18 05 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 00 00 80 00 00 00 [132 bytes here] 00 00 00 00".  The 132 bytes are always different.
     66{{{
     6700:   56 53 30 31 a4 00 06 04 00 02 00 00 00 34 7e fe
     6810:   03 00 00 00 03 00 00 00 01 00 00 00 03 00 00 00
     6920:   a4 00 00 00 18 05 00 00 ff ff ff ff ff ff ff ff
     7030:   ff ff ff ff ff ff ff ff 01 00 00 00 80 00 00 00
     7140:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     7250:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     7360:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     7470:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     7580:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     7690:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     77a0:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     78b0:   xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
     79c0:   xx xx xx xx 00 00 00 00
     80}}}
     81 1. Server responds with type '0x04060018' with the following data: "19 05 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01 00 00 00"
     82{{{
     8300:   56 53 30 31 18 00 06 04 00 34 7e fe 00 02 00 00
     8410:   04 00 00 00 03 00 00 00 01 00 00 00 04 00 00 00
     8520:   18 00 00 00 19 05 00 00 ff ff ff ff ff ff ff ff
     8630:   ff ff ff ff ff ff ff ff 01 00 00 00
     87}}}
     88
     89== Encryption ==
     90
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!