Get the IP addresses of Steam users playing DOTA2 and others

[alohadance]

I made some quick tests but at the moment I found no easy solution.
GetP2PSessionState is a debugging feature so it's possible that it has been limited.

Thanks for your work mate, hope you will find solution

[aluigi]

My guess at the moment is that probably the limitation affect only DOTA2 because this game is just one of the few that uses protocols and APIs that are similar to those of Steamworks but are not compatible.

I tried Spacewar and Alien Swarm and steamuserip worked as usual.

The strong point of this "feature-bug" in Steam was just that DOTA2 is the most played game on Steam and it's free so the chances of finding a player online and, consequently, his IP address are very high.
If DOTA2 can be no longer used... the "feature-bug" becomes no longer useful as before, and it's limited only to the affected games you own.

[zie]

Does this still work?
If it does; How do I use it?

The CMD window is opening and closing instantly. I tried running it in admin mode and different compitability modes.
Thanks anyways for releasing,
Zie

[aluigi]

It still works but probably not with DOTA2.

The tool is a command-line program:
http://aluigi.org/about.htm#howuse

[hax]

need steam resolver... fixed error pls

[guster]

Nice work on this subject. It is clear that not every game on steam is affected by this. I was wondering if anyone knows of a way to determine which games are affected. So far I have only been able to get it working on Spacewar and Alien Swarm.

I also have a question about the error:

"Error: Steam is not running"

Code: Select all

C:\Users\xxxxx\Desktop\steamuserip>steamuserip.exe 282350 76561198068958033

steamuserip 0.1
by Luigi Auriemma
e-mail: me@aluigi.org
web:    aluigi.org


Error: Steam is not running

I get this sometimes even though steam is running. For instance, it does it for the NBA 2k15 and GTA 5 appids.

Thanks for your time

[blervlme]

This is no longer working for me.
It appears that I get a response or more commonly:

Setting breakpad minidump AppID = 271590
Steam_SetMinidumpSteamID: Caching Steam ID: [removed] [API loaded no]
Your ID [removed] - [removed] 1 1 1
Your Name [removed]

"Error: Steam is not running"

Can we please get this looked at by the dev?

[humbula]

Hello aluigi,

amazing site you built here.

As we all know steamuserip sadly doesn't work anymore on Dota.

I am wondering if the alternative explained by you in post #2 (Nethook2) is still working?

I did compile Nethook2 and injected it into Steam - but i don't get any P2P-message-protocols dumped.

Maybe you know of any other way to gather the ip address?

[aluigi]

I'm happy to see so much interest about steamuserip, I thought nobody was aware of that method

Currently I can't work on this stuff and when I checked it I noticed nothing wrong or to improve in the tool, all the tests gave the same result so I have no suggestions or news about this topic.

[humbula]

Thanks for the quick reply aluigi.

I noticed when using the combination of steamuserip and Nethook2 i get said "EMsgClientP2PConnectionInfo"-dumpfiles but they only contain my ip and a random 192.168.x.x address (local something).

So it seems Valve really did a good job on fixing this vulnerability

[blervlme]

I did not see the point about 'it only works on games you own' I was using a testing account that had zero games in it.

This was my problem, it would require me to have significant financial investment in order to scan other games on a secondary account.

Thanks for the app.

[humbula]

I tried Spacewar and Alien Swarm and steamuserip worked as usual.

Seems they even fixed it for those games aswell!

[Blaze]

Hey, Im new to this and I was just wondering how I use this tool in the first place lol

[aluigi]

From command-line (Start->Run cmd.exe):
steamuserip <appID> <steamID/64/"">

There are many usage examples just in the above posts.

[Scurippio]

From my tests the Counter-Strike series (1, Source and GO) do not seem affected.

A game is vulnerable when it uses the Steam Networking API and it uses AcceptP2PPacketsFromUser with ANY incoming packet, so it's not directly related to the lobbies system.

For csgo, you must join the same lobby and you can spot the ip!

[parisjan]

first of all thanks for all the hard work

i tried your first method and i didnt seem to work, can you pls comment on this response i get

/
C:\Users\xxx\xxxx\xxxx\steamuserip>steamuserip 6020 ""

steamuserip 0.1
by Luigi Auriemma
e-mail: me@aluigi.org
web: aluigi.org

Setting breakpad minidump AppID = 6020
Steam_SetMinidumpSteamID: Caching Steam ID: xxxxxxxxxxxx [API loaded no]
Your ID xxxxxxxxxxxx - xxxxxxxxxxx
Your Name xxxxxxxxxxi

### GAME 6020 - Jedi Academy ###
- request list of lobbies:
0 lobbies

- done

steam is running and im inside the game =/

[aluigi]

Are you sure the Steam version of JA has been enhanced with the Steamworks SDK?
Maybe it's just distributed on Steam but has no multiplayer features based on it.

[parisjan]

you are possibly right, looks like the game multiplayer is separate from steam.

another question about q3noclient, it works only when i host a server from same machine im playing, i was able to disconnected myself, but when i tried with a friend on another server it doesnt work.

looks like there are no hacks,exploits or vulnerabilites in jedi academy anymore. i tried sniffing packets with commview but the UDP stream looks encrypted?
if there are any hacks i dont know about, id like to know about them and test it myself

[aluigi]

q3noclient uses a spoofed IP packet, probably you can't send spoofed packets (router, PC, ISP or something else).

Regarding the other vulnerabilities affecting JA, there are some as far as I know but too much time is passed to remember everything.
Maybe use site:aluigi.freeforums.org on Google to search various topics on my old forum that contained many references to bugs in JA and other Q3 games.

[parisjan]

yes i searched your forums but apperantly all exploits are fixed i mostly by yourself =)

if you have time could you look into JA again for any possible exploit? the game is old, afaik the source code is released and it doesnt get any updates.

im particularly interested in JA moviebattles 2 mod. im really curious thanks