|
You last visited: Today at 23:21
Advertisement
Change in obtaining token protocol.
Discussion on Change in obtaining token protocol. within the Nostale forum part of the MMORPGs category.
02/03/2021, 18:20
|
#1
|
elite*gold: 0 
Join Date: Feb 2014
Posts: 43
Received Thanks: 14
|
Change in obtaining token protocol.
Seems like today GF changed their protocol to obtain token, so probably most of custom launchers like 
stopped working.
After im already logged in the client and I try to generate the code/token to enter the game, after sending post request im receiving json with "error: "{"message": "Not allowed to create code"}.
Anyone has some kind of idea what exactly changed, or how to make it work?
I noticed there is blackbox content field in the call to /api/v1/auth/thin/codes, but even with blackbox provided it won't return code to me for some reason.
I provide following headers for the call: User-Agent, tnt-installation-id, Origin, Content-Type, Authorization.
|
|
|
|
02/04/2021, 20:23
|
#2
|
elite*gold: 0
Join Date: Oct 2018
Posts: 253
Received Thanks: 203
|
The blackbox is not needed
They added a captcha system that kind of block the first request (retrieving email address from username). Once done, there are no other problem except on the last request (when you got the final code), even if the request is totally valid (right parameters).
My tests were done with a random uuid as TNT-Installation-Id, maybe it comes from that, or maybe it comes from their new "gameEnvironmentId":"732876de-012f-4e8d-a501-2e0816cf22f2"
I did not get my head in it that much, but here are some ideas
Sorry for the double post, I'm only doing it so people interested in it knows that there is a new message.
I've updated my launcher to work with their new verifications. It still don't bypass captcha system since you can just login once through their ****** launcher and then it's done.
I know that you wanted to find the system to use clientless bot and not for custom launcher, so here is the diff between old/new verifications :
Please, note that you need a valid and registered GFUID.
By registered, I mean that it has to be known by Gameforge system. I don't know how it is done, probably when you start the launcher ? Could be cool to know it, so we could register a lot of gfuid.
|
|
|
|
|
02/04/2021, 23:48
|
#3
|
elite*gold: 0
Join Date: Feb 2014
Posts: 43
Received Thanks: 14
|
@
Thanks a lot about your post.
This is what I have found so far:
first 2 digits of the User-Agent-ID are the digits of your gameforge account uuid (the one you receive when asking for account list).
User-Agent-IDis unique to account (when you have multiple accounts on single gf accounts, they might have different User-Agent-ID)
The other 8 bytes are somehow dependent on installation id and account. They seem to be 64-bit hex number, but I can't figure out how it is generated.
it seems to be preserved between relaunching launcher etc.
don't know if it's generated client-side or server-side yet, because im not that good at reverse enginnering the client.
When I figure out something more I'll let you know.
Will check tommorow if it changes or not.
If someone has idea how to generate it, let us know.
|
|
|
|
|
02/05/2021, 00:04
|
#4
|
elite*gold: 0
Join Date: Oct 2018
Posts: 253
Received Thanks: 203
|
gfuid is unique to your computer and can be found in regedit at Ordinateur\HKEY_CURRENT_USER\SOFTWARE\Gameforge4d\ GameforgeClient\MainApp\InstallationId or in HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Gameforge4 d\GameforgeClient\MainApp\InstallationId
|
|
|
|
|
02/05/2021, 00:15
|
#5
|
elite*gold: 0
Join Date: Feb 2014
Posts: 43
Received Thanks: 14
|
@
Sorry for confusion.
By "gfuid" I was refering to the number passed to User-Agent (User-Agent Id)
Installation Id is another thing.
I just wanted to point out that your
Code:
User-Agent "Chrome/C2.1.22.784 (IDxyzabcde) GameforgeClient/2.1.22
will only work for the single account that has first 2 digits of account equal to ID.
and will only work on your current installation ID (if you tried running same account on different computer, you would get
Code:
User-Agent "Chrome/C2.1.22.784 (IDsomethingdifferent) GameforgeClient/2.1.22
where ID would stay the same, but somethingdifferent =/=xyzabcde
You have this number hardcoded, but I don't think it will work for others (or even for you for another account)
My whole previous post is refering mostly to this number. I edited the post above so hopefully it makes more sense now.
|
|
|
|
|
02/05/2021, 12:17
|
#6
|
elite*gold: 0
Join Date: Oct 2018
Posts: 253
Received Thanks: 203
|
Oh yep you're right, I don't have enough time to get into this, but a good starting point could be to take a look at 0x4ff9b1 and to go back a little bit to find out how is generated %2
|
|
|
|
|
02/08/2021, 23:28
|
#7
|
elite*gold: 0
Join Date: Jun 2015
Posts: 10
Received Thanks: 1
|
If anyone find any solution (or have some hint) to find how this Id is created, I'm interested! If I find anything I'll post it here.
|
|
|
|
|
02/09/2021, 13:41
|
#8
|
elite*gold: 0
Join Date: Feb 2014
Posts: 43
Received Thanks: 14
|
Right now there is problem on two levels.
First one mentioned by Apourtartt - GFUID/installation id has to be registered.
Second problem is how to generate user agent id while having known account id and gfuid/installation id.
|
|
|
|
|
02/09/2021, 14:48
|
#9
|
elite*gold: 0
Join Date: Jun 2015
Posts: 10
Received Thanks: 1
|
Quote:
Originally Posted by Blomex
First one mentioned by Apourtartt - GFUID/installation id has to be registered.
|
Hello, GFUID need to be registered for create code or just keep platformGameAccountId ? Because I can get it without any registered GFUID 
Quote:
Originally Posted by Blomex
Second problem is how to generate user agent id while having known account id and gfuid/installation id.
|
For this point, as you said, UserAgentId begin with 2 chars from platformGameAccountId but for the next I rly don't know, firstly it's interresting to keep UserAgentId created by GameforgeClient and try to reproduce this with http requests I think.
|
|
|
|
|
02/09/2021, 15:07
|
#10
|
elite*gold: 0
Join Date: Feb 2014
Posts: 43
Received Thanks: 14
|
you need gfuid to be registered in order to get last code. Even if you have correct user agent, but not registered gfuid, it won't work.
|
|
|
|
|
02/09/2021, 15:10
|
#11
|
elite*gold: 0
Join Date: Dec 2014
Posts: 7
Received Thanks: 4
|
Quote:
Originally Posted by Blomex
First one mentioned by Apourtartt - GFUID/installation id has to be registered.
|
Actually tested this and not really true. The user agent id depends on platformGameAccountId and installationId. (maybe more things too ? )
installationId is randomly generated if there is none in your windows registry but there is no real api called to validate it
I logged succesfully in with installationId like this : 00000000-0000-0000-0000-000000000000 or 00000000-0000-0000-0000-000000000002
So the user agent id is unique for each account (ingame account not gameforge account )
|
|
|
|
|
02/09/2021, 15:13
|
#12
|
elite*gold: 0
Join Date: Jun 2015
Posts: 10
Received Thanks: 1
|
Ok so, if I use my gfuid of my computer, it can work ? But I've have again "Not allowed to create code"
Do you use any tools to capture traffic and get UserAgentId? I've try with Fiddler but I think Gameforge don't appreciate to use Fiddler certificate
The solution can be find with reverse engeenering but I've not kind of competence in this domain tbh
Quote:
Originally Posted by ryuuzaki77
So the user agent id is unique for each account (ingame account not gameforge account )
|
I'm not sure for this point, I've try to connect with 2 PC and I've not the same UserAgentId on both.
|
|
|
|
|
02/09/2021, 15:20
|
#13
|
elite*gold: 0
Join Date: Dec 2014
Posts: 7
Received Thanks: 4
|
Quote:
Originally Posted by razorrt
Ok so, if I use my gfuid of my computer, it can work ?
|
Yes it does if you have the same gfuid + same userAgent Id
Quote:
Originally Posted by razorrt
Do you use any tools to capture traffic and get UserAgentId? I've try with Fiddler
|
I'm actually using Fiddler too
Quote:
Originally Posted by razorrt
I'm not sure for this point, I've try to connect with 2 PC and I've not the same UserAgentId on both.
|
Are you using the same gfuid on both computer ? I used the same gfuid + the userAgent id generated and I can connect using a clientless app
The userAgent id will actually change for an account if you don't use the same gfuid that's what I meant by "unique"
|
|
|
|
|
02/09/2021, 15:36
|
#14
|
elite*gold: 0
Join Date: Jun 2015
Posts: 10
Received Thanks: 1
|
Quote:
Originally Posted by ryuuzaki77
Yes it does if you have the same gfuid + same userAgent Id
|
I've try this but same result, not allowed to create code. The old method to obtain code just with the new user agent id is supposed to work if I understand correctly ?
Quote:
Originally Posted by ryuuzaki77
Are you using the same gfuid on both computer ? I used the same gfuid + the userAgent id generated and I can connect using a clientless app
|
You're right, I forgot that I did not have the same Gfuid, my bad xD
Ok, there is another problem, I've generate a request (and it works (magic????)), but about 2 mins after that this same request don't works.. To understand what happen, I've generate another token (for Authorization) and try with it but : "not allowed to create code"
This new system will make me crazy.. xD
|
|
|
|
|
02/10/2021, 01:47
|
#15
|
elite*gold: 0
Join Date: Oct 2018
Posts: 253
Received Thanks: 203
|
Oh sorry, did not noticed that the user agent value was changing ! mb
Same about the guid, I thought it had to be registered because of my first assumption.
Well, so here we go, I reversed it I found it out :
get platformGameUserId, sha1 it, store it
get installationid (also known as gfuid), sha256 it and store it
get chromeversion (the "C2.1.22.784"), sha1 it and store it
get the encryption key (currently : "edd76c5219499d00da2c5a9e2b703c03d5aaf67d1f16c7ecd 3165869921148f7", will maybe change, or maybe it's generated, will take a look later)
then mix it all up together :
pre_code = encryptionKey + chromeversion + install + platform
pre_code = sha256(pre_code)
code = 2 first character of platformGameUserId not crypted + 8 first character from pre_code
here you go
if you want a poc :
btw razzort, you're receiving "not allowed to create code" because the request has a lifetime
|
|
|
|
 |
|
Similar Threads
|
Token and Protocol Finder
01/14/2009 - Lin2 Exploits, Hacks, Bots, Tools & Macros - 34 Replies
Hi all!!
Cause so many ppl want to know how to find out the token of L2 here is a very nice tool: The Token Finder!!! :D
How to use - step by step:
1st: UnRAR the Archive. (best would be: /system)
2nd:
-If u use C1, C2, C3 u should run EngEXT_ME.exe (with the Chronicle-thing im not sure - try to use both) Then press "Search" (if there is an error engine.dll not found] copy the EngExt_ME.exe into the /system)
-If u use C4 run EngExt_FE.exe . Klick "Open" . Then open the...
|
Engine.dll from wrath - getting the right token and server protocol - IMPOSSIBLE!
10/24/2007 - Lineage 2 - 1 Replies
Hello,
Getting the token and protocol server from the engine.dll, that I was trying to do... nothing, it seems to be impossible.:mad:
I've found all kind of advices,tutorials, guides... NOTHING.:eek:
If some one could find out the token and protocol version please share it with me, PM or Smth.
So.. need a coder.. pls help. :D
Thanks.
|
What protocol version for L2pvpx and Token? plz
06/08/2006 - Lineage 2 - 0 Replies
What protocol version for L2pvpx and Token? plz
thx to alltext2schild.php?smilienummer=1&text=Woow xD' border='0' alt='Woow xD' />
|
as knowing the protocol and token of a server
04/03/2006 - Lineage 2 - 1 Replies
as knowing the protocol and token of a private server .
here is provado the walker in it carries to an extreme and ok works.. but as knowing protocol, token and port of other server.
thanks and sorry for my english
|
Mobl2 C4 Need Token/protocol
04/02/2006 - Lineage 2 - 1 Replies
Hi! i need a token and protocol to Mobl2 c4 (www.mob-games.com).
Thank u for the help!!
|
All times are GMT +2. The time now is 23:21.
|
|
