Extracting Steam Guard TOTP secret for use in Bitwarden via root adb

May 6th 2022 | ~ 2 minute read


I use Bitwarden. Besides being an awesome password manager it's also a 2FA app, albeit only in its paid tier (around 10€/yr). Nevertheless I use it to manage all my 2FA needs, except until recently I couldn't use it for Steam.

You see, Steam forces you to use its own app, called Steam Guard, to manage 2FA. It's annoying, since I strive to have almost no proprietary software on my phone. Steam was making it difficult.

So when I found out that you can actually use Bitwarden to manage it, I was thrilled.

The Procedure


Start by connecting your phone to your computer via USB. Then fire up your favorite terminal emulator and type:

adb root

Accept any prompts that may appear on your phone's screen and you should be greeted with a prompt that looks something like this:

apollo:/ #

From there we need to navigate to the directory where Steam Guard stores its TOTP secret.

cd /data/data/com.valvesoftware.android.steam.community/files/

There should be a file named a little something like this.


List the file's contents and you should see a JSON file with the following fields (Sensitive information censored).

  "shared_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "serial_number": "xxxxxxxxxxxxxxxxxxxx",
  "revocation_code": "xxxxxx",
  "uri": "otpauth://totp/Steam:xxxxxxx?secret=THIS_IS_YOUR_SECRET&issuer=Steam",
  "server_time": "1649505457",
  "account_name": "xxxxxxx",
  "token_gid": "xxxxxxxxxxxxxxxx",
  "identity_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "secret_1": "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "status": null,
  "steamguard_scheme": 2,
  "steamid": "xxxxxxxxxxxxxxxx"

In particular we're interested in the following key:

  "uri": "otpauth://totp/Steam:xxxxxxx?secret=THIS_IS_YOUR_SECRET&issuer=Steam"

Go ahead and copy the TOTP secret.


You can now use the extracted secret in Bitwarden, just paste it in the TOTP field in this format:


From that point on Bitwarden can be used to generate your Steam 2FA codes, instead of Steam's own app. Make sure that both the app and Bitwarden are generating the same 2FA code! That way you'll know if you did everything correctly.

Good luck and happy hacking! πŸ™ƒ