Potential idea for decrypting network data between game and trading post

[darkager]

This is spawned off of the work I'm doing with the trading post, but I had an idea...

The communication between the game and the trading post is done via SSL.
It makes sense to me that the game would use a pre-shared key to establish the secured connection...

Would make even more sense that this would be stored somewhere in the memory. Might any of you have come by this information already?

The significance is, if it does establish the SSL connection via pre-shared key, then the client has to store it. It's the only way that makes sense to me to have thousands of clients connecting to the host via secured means. If we can gather that pre-shared key, then we can decrypt the network traffic between our game and the server. With that decrypted, we can garner the information necessary to spoof communication with the trading post and submit buy/sell orders externally.

[Xtse]

I know you posted this a week ago, but Decrypting SSL traffic with Wireshark, and ways to prevent it « wirewatcher goes over some details on how to decrypt SSL - if the client has a certificate, they're easy enough to find in the executable or libraries.

[easymoad]

While messing around with trading post stuff, I tried MITMing the trading post with a proxy at one point. I believe the game client does not use a pre-shared key and has its own logic for validating the certificate and/or the authority chain. I don't know enough about SSL stuff and haven't spent enough time messing around down this path to tell you definitively though. In the end, it's way easier to just read everything out of process memory

Edit: I was doing this all on the OSX client. Haven't tried the Windows client yet.

[zeduckie]

Perhaps you should have a look @ Fiddler
Its a web debugging proxy that logs all HTTPS traffic

[darkager]

I made this post before I was aware of Fiddler.
I was able to decrypt via Fiddler. I made some posts in another thread on here regarding the information I found