Hey everyone, I have been tinkering around with this game, and I have made some progress.
As mentioned in this thread, you can download almost any old build of the client all the way to the May 2013 open beta from Steam via manifests. Some of them, especially older ones, have some debug features enabled, such as verbose logging.
You can launch any build by running the main executable with the -solidstate -nobitraider -nosteam arguments (older builds from before BitRaider was removed don't need the -solidstate argument). Older builds also require a SiteConfig.xml file to run which used to be requested from the CDN, but the request can be redirected by editing ClientConfig.xml file or using the -siteconfigurl=url argument.
SiteConfig.xml follows the same syntax as ClientConfig.xml and you can get all the possible fields for a given version from a memory dump. The most interesting one is AuthServerAddress, which is exactly what the name implies.
When you press the log in button, the client sends an HTTP GET request to the specified AuthServerAddress over https/port 443. I've been able to redirect this request to my local "server", but now the main question is what kind of response the client expects.
After digging around I've discovered that the game uses protobufs for communication. Having figured out that, I've been able to extract .proto schemas from the main executable using
You must be registered to see links
, and then use them to generate a library using the protogen tool from
You must be registered to see links
, similar to how Diablo 3 server emulators do it.
According to client logs, it appears the game expects an AuthTicket message in response to the initial request, however simply sending a built protobuf message in a buffer, expectedly, doesn't seem to work. It appears the game uses some kind of custom binary header for its messages, which should include information such as message size. I've been poking the executable with IDA to try to figure out what exactly it expects, but, to be honest, I'm not very good at it and haven't had much luck so far.
Any dumps / info / wisdom you might have is most appreciated.
--
Quick update: I've figured the message header. Turns out it was just two bytes (0x0 followed by protobuf size as uint8). Now I've reached the client actually attempting to connect to a so called frontend server that actually handles account data and authorization.