Extracting Steam Guard TOTP secret for use in Bitwarden via root adb

May 6th 2022 on Dušan's blog

Introduction

I use Bitwarden. Besides being an awesome password manager it's also a 2FA app, albeit only in its paid tier (around 10€/yr). Nevertheless I use it to manage all my 2FA needs, except until recently I couldn't use it for Steam.

You see, Steam forces you to use its own app, called Steam Guard, to manage 2FA. It's annoying, since I strive to have almost no proprietary software on my phone. Steam was making it difficult.

So when I found out that you can actually use Bitwarden to manage it, I was thrilled.

The Procedure

Requirements:

Start by connecting your phone to your computer via USB. Then fire up your favorite terminal emulator and type:

adb root

Accept any prompts that may appear on your phone's screen and you should be greeted with a prompt that looks something like this:

apollo:/ #

From there we need to navigate to the directory where Steam Guard stores its TOTP secret.

cd /data/data/com.valvesoftware.android.steam.community/files/

There should be a file named a little something like this.

Steamguard-xxxxxxxxxxxxxxxxx

List the file's contents and you should see a JSON file with the following fields (Sensitive information censored).

{
  "shared_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "serial_number": "xxxxxxxxxxxxxxxxxxxx",
  "revocation_code": "xxxxxx",
  "uri": "otpauth://totp/Steam:xxxxxxx?secret=THIS_IS_YOUR_SECRET&issuer=Steam",
  "server_time": "1649505457",
  "account_name": "xxxxxxx",
  "token_gid": "xxxxxxxxxxxxxxxx",
  "identity_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "secret_1": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "status": null,
  "steamguard_scheme": 2,
  "steamid": "xxxxxxxxxxxxxxxx"
}

In particular we're interested in the following key:

{
  "uri": "otpauth://totp/Steam:xxxxxxx?secret=THIS_IS_YOUR_SECRET&issuer=Steam"
}

Go ahead and copy the TOTP secret.

Conclusion

You can now use the extracted secret in Bitwarden, just paste it in the TOTP field in this format:

steam://YOUR_TOTP_SECRET

From that point on Bitwarden can be used to generate your Steam 2FA codes, instead of Steam's own app. Make sure that both the app and Bitwarden are generating the same 2FA code! That way you'll know if you did everything correctly.

Good luck and happy hacking! 🙃