Comment by sanktanglia

Comment by sanktanglia 8 days ago

Ea loves using generic systems across all their games. When poking around at Madden I found they have a common backend called blaze that has generic web and tcp endpoints. We built out a tool to call these endpoints (having to upload xml) and only later found out that every time we made the call it was crashing their servers but since we were grabbing a new server each request we were crashing all of their madden servers one by one. They ended up building an API to discourage people poking around

Thaxll 8 days ago

Blaze is the name of the C++ framework/service to build custom backend for online games. It allows game team to developp online features in a standard way, it's backed by MySQL.

From what I remember you need roughly one Blaze instance for 5k/10k players.

Reply View 1 reply

dijit 8 days ago

not to be confused with “blaze” the PHP backend used for Respawn games. Who are also owned by EA.

Reply View | 0 replies

battledash 8 days ago

Hey, author of the article here! I actually wrote one last year on a ton of Blaze exploits I've found, but didn't end up releasing it. It uses a proprietary format now, and it seems they were very comfortable with security through obscurity by assuming no one would figure out how to interface with it. Hopefully I'll get back around to that post one day, there's some fun stuff to say the least.

Reply View 3 replies

Moru 8 days ago

Unfortunately the security by obscurity is backed up by "If a user exploits this, it's a crime and we just contact our legal team." I have seen this happen even in Sweden, local student 16 years old [1] figures out state has a big hole in their school system. He tells state about it and they do nothing so he tries to log in with the admin password he found in a file on his computer. They call the police.
[1] https://www.aftonbladet.se/nyheter/a/bK49Wq/han-kravs-pa-en-...

Reply View | 0 replies
phrotoma 8 days ago

Heya, infosec nerd and titanfall fan here. Can you elaborate on the bit where apex was referred to as titanfall3? I didn't notice anything about apex in the accompanying JSON in that section of the writeup.

Reply View | 1 reply
- battledash 7 days ago
  
  Yeah, it isn't obvious from that section, but I know it's referring to apex because its oauth client ID also has "TITANFALL3" in it.
  
  Reply View | 0 replies

chatmasta 8 days ago

lol, I think I saw this API recently for another game. It’s a GraphQL frontend right? They disabled introspection but their error messages will helpfully offer suggestions for misspelled field names

BTW, pro-tip when reversing APIs of popular services like this: use GitHub code search! Put some unique endpoint names into it and see what comes up. You’ll often find some kindred spirits who have hacked their own little API clients to do something you never even thought about, but which nevertheless helps you advance along your own quest…

Reply View 2 replies

jer0me 8 days ago

https://jero.zone/posts/reverse-engineering-apis

Reply View | 1 reply
- chatmasta 8 days ago
  
  Lots of great and practical advice in that post, much of which I’ve used in the past.
  
  Reply View | 0 replies

unit149 8 days ago

Thumbing through iterations of PSN client IDs, attempting to sign in to the EA gateway proxy returns 'namespacename' value that's pulled from personal data. 2F-A token info should be hashed in /tokeninfo/ endpoint pulled from JUNO.

Attempting to integrate, post-ex-facto - infrastructure for a C++ API would return the PSN user id.

Reply View 0 replies