This is spawned off of the work I'm doing with the trading post, but I had an idea...
The communication between the game and the trading post is done via SSL.
It makes sense to me that the game would use a pre-shared key to establish the secured connection...
Would make even more sense that this would be stored somewhere in the memory. Might any of you have come by this information already?
The significance is, if it does establish the SSL connection via pre-shared key, then the client has to store it. It's the only way that makes sense to me to have thousands of clients connecting to the host via secured means. If we can gather that pre-shared key, then we can decrypt the network traffic between our game and the server. With that decrypted, we can garner the information necessary to spoof communication with the trading post and submit buy/sell orders externally.