ISteamUser.GetAuthSessionTicket implementation

[jesterret]

Implements generating auth token, which can be used by games to authenticate user.

Would welcome feedback, as I'm not sure about some stuff.

[jesterret]

Task returning method seems out of place for me looking at the rest of the codebase, but couldn't figure out how to do it better.

[codecov]

Codecov Report

Merging #789 into master will decrease coverage by 0.25%.
The diff coverage is 7.87%.

@@            Coverage Diff             @@
##           master     #789      +/-   ##
==========================================
- Coverage   22.77%   22.51%   -0.26%     
==========================================
  Files          95       98       +3     
  Lines        9329     9494     +165     
  Branches      772      781       +9     
==========================================
+ Hits         2125     2138      +13     
- Misses       7069     7221     +152     
  Partials      135      135

Impacted Files	Coverage Δ
...amKit2/Steam/Handlers/SteamAuthTicket/Callbacks.cs	0% <0%> (ø)
...mKit2/Steam/Handlers/SteamAuthTicket/TicketInfo.cs	0% <0%> (ø)
...eamKit2/SteamKit2/Steam/SteamClient/SteamClient.cs	47.34% <100%> (+0.25%)	⬆️
.../Steam/Handlers/SteamAuthTicket/SteamAuthTicket.cs	9.75% <9.75%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cffac80...de3d705. Read the comment docs.

[Alexeyt89]

After recent updates tokens generated with the GetAuthSessionTicket are not valid. Looks like the process was changed a little. Now it doesn't accept obfuscated ip addressess, but requires some "random" value. It worked if zeros were set, but now the value is validated on steam side, if it is 0 or any random value, the token is considered to be invalid.
Here is the steam response if such a token is sent to steam via BeginAuthSession:
OnValidateAuthTicketResponse -> (m_eAuthSessionResponse == k_EAuthSessionResponseAuthTicketInvalid).

I opened steamclient.dll and steamclient.so in IDA and the lines for appending ip addresses, which looked like this (F5 in IDA):

sub_6DFC90((int)&v23, 0x18u);
sub_6DFC90((int)&v23, 1u); // write 1
sub_6DFC90((int)&v23, 2u); // write 2
v10 = sub_33F16C(v19); // get IP1
sub_6DFC90((int)&v23, v10); // write IP1
v11 = sub_33F142(v19); // get IP2
sub_6DFC90((int)&v23, v11); // write IP2
v12 = sub_86E550();  // Plat_MSTime

now look like this:

sub_388CC050((int)&v26, 0x18u);
sub_388CC050((int)&v26, 1u); //write 1
sub_388CC050((int)&v26, 2u); //write 2
SecureRandomBytes((int)&v29, 8); //?
sub_388CB300(&v26, (int)&v29, 8); //?
v15 = Plat_MSTime();

The function can be found by scanning the *.dll and *.so for these text lines in IDA:

"GetAuthSessionTicket called but no app ownership ticket available "
"GetAuthSessionTicket called with buffer too small for ticket "
"Assertion Failed: k_EBeginAuthSessionResultOK == eResult"

Here are 5 valid tokens generated via game client for 730 appid:
valid_tokens.txt
The tokens were generated from the same game client with interval of ~10-15 seconds. Note, what was IP-addresses is now random bytes.