Update for FUT16?

[pascal08]

I was wondering if anyone is interested to update this repo for FUT16. I tried to implement a new way to get past the new (?) two-way verification, but without luck. Though, I succesfully have implemented some functionality for keeping alive the session and checking if the user is logged in. Don't hesitate to contact me if you are interested.

[ebess]

Well, i quitted building bots because there was no money to make. Are there still the caps for player auctions?

[pascal08]

There are still caps, but the price ranges are much wider. It should really not be that hard to update this for FUT16. I think I'm almost there, I'm just struggling with two-way verification.

[nivshah]

The two-factor authentication will make authentication very difficult, and two-factor is required for FUT web API access. If you have some ideas on how to allow two-factor auth to work, I'd be happy to help.

[pascal08]

@nivshah I got that part working right now. Though, it is quite cumbersome. I have to insert a new verification code every time I run this code. I hope it is possible to get around this just like a regular browser does, I just don't know how yet. Any suggestions on this?

[nivshah]

@pascal08 If you can authenticate successfully with two-factor on, then you should have the user enter their 2 factor auth code at start time when you first authenticate and that should work fine. Maybe you're already doing this - what is cumbersome about your current process?

EDIT: It should be noted that access to the GitHub API (for example) for users with 2FA on requires the user to enter their 2FA code in order to authenticate. Not as seamless as before, but workable...

[pascal08]

@nivshah That's correct, but somehow I don't have to enter my 2FA code every time I log in through my browser. I think it's somewhere saved in a cookie and it should be quite easy to fix that.

I'm currently stuck at the point where I have to obtain my session ID. It returns a 500 error everytime. I have slightly modified the original code:

private function getSessionId()
    {
        $personaId = $this->userAccounts['userAccountInfo']['personas'][0]['personaId'];
        $personaName = $this->userAccounts['userAccountInfo']['personas'][0]['personaName'];
        $platform = $this->getNucleusPlatform($this->platform);
        $data = array(
            'isReadOnly' => false,
            'sku' => 'FUT16WEB',
            'clientVersion' => 1,
//            'nuc' => $this->nucId,
            'nucleusPersonaId' => $personaId,
            'nucleusPersonaDisplayName' => $personaName,
            'gameSku' => 'FFA16XBO',
            'nucleusPersonaPlatform' => $platform,
            'locale' => 'en-GB',
            'method' => 'authcode',
            'priorityLevel' => 4,
            'identification' => array(
                'authCode' => ''
            )
        );

        $forge = $this->getForge($this->urls['fut']['authentication'], 'post');
        $json = $forge
//            ->setNucId($this->nucId)
            ->setRoute()
            ->setBody($data, true)
            ->getJson();

        $this->sid = isset($json['sid']) ? $json['sid'] : null;

        return $this;
    }

[...]

$this->urls['fut']['authentication'] = https://www.easports.com/iframe/fut16/p/ut/auth

In comparison with the headers from Chrome:

Request URL: https://www.easports.com/iframe/fut16/p/ut/auth

Request Payload:
{ 
"isReadOnly": false, 
"sku": "FUT16WEB", 
"clientVersion": 1, 
"nucleusPersonaId": ***my persona ID***, 
"nucleusPersonaDisplayName": ***my display name***, 
"gameSku": "FFA16XBO", 
"nucleusPersonaPlatform": "360", 
"locale": "en-CA", 
"method": "authcode", 
"priorityLevel":4, 
"identification": { "authCode": "" } }

[nivshah]

@pascal08 that's a good point. On the EA account management side, you can see there is a list of trusted devices. Perhaps there is something in the login POST that tells EA to store the device from which you are logging in, which then would only require a 2FA code to be entered by the user one time.

https://www.dropbox.com/s/1u7p8lickhrvfma/Screenshot%202015-10-01%2012.30.51.png?dl=0

[nivshah]

@pascal08 Do you have a branch you are working in? Maybe I'll take a peek and see if I can help figure out what the 500 error is.

[pascal08]

@nivshah Ofcourse, checkout my fork.

[pascal08]

Anyone else experiencing the same 500 error when retrieving the session ID?

[pascal08]

I was looking into this error again today, trying to log in, but without any succes. Since logging in through the webapp using my browser is just working fine, I'm still curious what's causing this annoying 500 error I get when trying to retrieve the session ID.

If anyone is interested, check out my fork of this repo: https://github.com/pascal08/Fifa-15-Ultimate-Team-WebApp-Api

[juliankoehn]

@pascal08 https://gist.github.com/juliankoehn/7175a2171289065dc9f6

are you sending the correct headers?

[meezohd]

anybody could figure this out ?

[sulaiman1989]

it seems like it's accepting my log in info: email password security answer backup code

however it seems like it's having a problem getting the Urls

i found an error here: in the webapp.php file

private function getUrls() { $url = $this->urls['config'] . '?c1=' . $this->buildCl; $forge = $this->getForge($url, 'get'); $xml = $forge ->removeEndpointHeaders() ->getXml();

    $path = $this->urls['host'][$this->platform] . $xml->directHttpServiceDestination . 'game/fifa16/';
    $path_auth = $this->urls['site'] . '/iframe/fut16' . $xml->httpServiceDestination;

    /** @var \SimpleXMLElement $services */
    $services = $xml->services->prod;

    foreach ($services->children() as $key => $value) {
        if ((string)$key == 'authentication') {
            $this->urls['fut'][(string)$key] = $path_auth . (string)$value;
        } else {
            $this->urls['fut'][(string)$key] = $path . (string)$value;
        }
    }

    return $this;
}

in line 7

any idea what that is ? how to fix it ?

[pascal08]

@juliankoehn Where did you get these headers from? Logging in with Chrome 46 shows me these headers:

Accept:application/json, text/javascript;
Accept-Encoding:gzip, deflate
Accept-Language:nl,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:289
Content-Type:application/json;
Cookie:***
Easw-Session-Data-Nucleus-Id:***
Host:www.easports.com
Origin:https://www.easports.com
Referer:https://www.easports.com/iframe/fut16/?baseShowoffUrl=https%3A%2F%2Fwww.easports.com%2Ffifa%2Fultimate-team%2Fweb-app%2Fshow-off&guest_app_uri=http%3A%2F%2Fwww.easports.com%2Ffifa%2Fultimate-team%2Fweb-app&locale=en_US
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
X-Requested-With:XMLHttpRequest
X-UT-Embed-Error:true
X-UT-Route:https://utas.s3.fut.ea.com:443

[pascal08]

@sulaiman1989 Line 7 of webapp.php? That's an empty line...

[pascal08]

I'm not familiar enough with Python, but if anyone is, maybe this is a good repo to use as a working example: https://github.com/oczkers/fut

I can confirm the log in functionality of this repo works.

[sulaiman1989]

@pascal08 look at the getUrls function

the line: ->getXml();

seems to be the issue here.

replacing the getUrls function with this seem to pass this issue only leading to another

private function getShards() { $forge = $this->getForge($this->urls['shards'], 'get'); $forge ->setNucId($this->nucId) ->setRoute() ->sendRequest();

   return $this;
}

[Asfga]

@pascal08 is there a chance for you to finish this project? I would do it, but my skills are way to low for it. Just began to look and try out the code and get an error in the valide-method in WebApp.php:

$this->phishingToken = $json['token']; --> Token can't be found in the Array, just something like "Session expired" written in there

[JKetelaar]

Not sure if you'd like me to post this, so feel free to remove if you want to.

I've created a new API around FUT 17 if some of you are still interested, you can find it here. It's still in (active) development, but it should provide enough abilities already.