bookuha
commented
1 year ago According to the GameProgressive GameSpy Docs and a little research using WireShark, there are 10 servers that together make multiplayer gameplay possible. Two of them, that are seemingly directly responsible for authenticating and authorizing users, are Presence Connection Manager (GPCM) and Presence Search Player (GPSP). They use gcpm.gamespy.com & gpsp.gamespy.com IP addresses and 29900 & 29901 ports respectively
Login process flow:
1) when client gets connected the following request(?) is issued by GPCM:
\lc\1\challenge\{challenge}\1\final
2) client responds with:
\login\\challenge\{challenge}\authtoken\{authtoken}\partnerid\{partnerid}\response\{challenge_response}\port\{port}\productid\{productid}\gamename\{gamename}\namespaceid\{namespaceid}\sdkrevision\{sdkrevision}\id\{id}\final
3) server responds with:
\lc\2\sesskey\{sesskey}\userid\{userid}\uniquenick\{uniquenick}\lt\{loginticket}\id\{id}\final\
4) client response:
\status\{status}\sesskey\{sesskey}\statstring\Online\locstring\final
But before that, some SSL(v3) magic happens. It must define some of the values that are passed to the described endpoints Also, the process ends here if wrong credentials were supplied, I suspect, that authtoken is received here
! All the parameters & commands are described in the mentioned documentation. Also, there must be a specific error response to each request
! According to various resources, the challenge is always a random 10-characters string
Next, we should investigate how the online login works and what we should provide for it to work properly.