Not working.

[ivanfeli]

Hi,

I tried your script but it doesn't work. I've been trying to make one myself but it seems that there's something different in the API. I spoofed the requests myself using Fiddler4, everything (headers, POST data) seems to be the same but for some reason when calling /callproc105/ it just returns a blank page no matter what. Any idea? Can you take a look again and help me out, maybe I've been missing something.

Thanks.

[e00E]

Usually happens when your session id is not valid.

[ivanfeli]

Yea, seems like it only works when you enter a correct Auth code, but that is only valid for some time and you have to open the game and sniff the code to get it.

[e00E]

Check my last commit. There is a workaround to get a session id without auth code now.

[ivanfeli]

Yep, it seems to work that way. Let's hope Psyonix releases an official one soon.

[jabbink]

Unfortunately, the day before yesterday, Psyonix patched the authentication without valid AuthCode. (semi-related to their patches, but not really relevant to this library: many SQL injections are patched)

[ivanfeli]

Yep, I noticed this myself. :( Maybe it's a sign that they are releasing an API? Probably not though, lol.

[jabbink]

@drivfe for now, if you have a website/tool that scrapes all scores, you could take the SessionID from an account that you don't use, and just never let it expire by regularly calling /Population/UpdatePlayerCurrentGame/.

[nathanstaines]

@jabbink and if you don't have a website/tool is there any other way that you know of to get a valid SessionID?

[jomo]

There are two ways to get a SessionID:

1. Actually run Rocket League and intercept it
   • You can try doing this once manually and then use @jabbink's method, but AFAIK it will expire after some time regardless of sending keep-alives
2. Imitate Rocket League and authenticate against their API to receive a SessionID from their server
   • This requires a valid AuthTicket (not to be confused with AuthCode).
     I'm not aware of anyone figuring out how to generate this. It's probably some sort of encryption built into Rocket League independent of the platform.

[jabbink]

@nathanstaines I actually meant: if you need this because you operate a scraper or something: take the SessionID from a game (number 1 from @jomo).

[nathanstaines]

@jabbink yeah I was trying to use it with a discord bot. Guess I'll just have to wait and hope that psyonix release a public api themselves.

[e00E]

It looks like the current state is clear from the other comments. I would like to find the "good way" of reverse engineering how the AuthTicket is generated. I have played around with a disassembler but didnt get anywhere. If anyone else has more experience with something like that and would like to try or collaborate please post your progress.

[Xylot]

Until we find a good way of reverse engineering the AuthTicket, would it be worth considering an automated way of getting a session ID using something like Mitmproxy? Just intercepting the http traffic of the client so we don't have to manually sniff for it.