AnonPerson
Enthusiast
Here are a few that I have found. I believe I have seen one person in the forums mention the mpstats one. The others I haven't seen people, myself, talk about:
If any of my work is used to discover any exploits, please let me know as I'd love to see it! Also, be sure to give credit where credit is due. I have looked through 250,000-300,000 packets. I believe asking for a simple mention of my name, AnonPerson, and a link to this thread is simple enough.
Full Request URI:
https://prod.ros.rockstargames.com/gta5/11/gameservices/ProfileStats.asmx/WriteStats
Full request URI:
http://prod.ros.rockstargames.com/c...gc/gta5mission/z7GPlhzcw06ammDaqw7d_A/1_0.jpg
Full request URI: http://prod.ros.rockstargames.com/cloud/11/cloudservices/members/sc/********/GTA5/car
Full request URI:
http://prod.cs.ros.rockstargames.co...mbers/xbl/****************/GTA5/saves/mpstats
**************** = 16 Numbers. This is account specific, as it has stayed the same per packet.
I loaded up the Chemical Extraction mission. This packet is in reference to that.
Full request URI:
http://prod.ros.rockstargames.com/c...ta5mission/z7GPlhzcw06ammDaqw7d_A/0_0_en.json
In this next packet, I went into crews to view my own crew.
Full request URI:
http://prod.ros.rockstargames.com/cloud/11/cloudservices/crews/sc/*******/metadata.json
******* = 7 Numbers. My Crew Specific, so I removed it.
Full request URI:
http://prod.cloud.rockstargames.com...or/131200_Deathmatch_and_Race_Creator_256.dds
I'm posting this now, but I am editing the numbers until I know for sure it is not account specific. It most likely isn't, being in /global/sc/news/ , BUT I like to be safe.
EDIT: It's not account specific. Just the news, as I thought.
Here is the picture:
Full request URI:
http://prod.ros.rockstargames.com/gta5/11/gameservices/socialclub.asmx/CheckText
A prod.realtimevc.ros.rockstargames.com is a directory, packet info didn't matter. It was just a DNS protocol to look up the web address. Standard query. Just thought I'd post it.
Full request URI:
http://prod.ros.rockstargames.com/cloud/11/cloudservices/global/SC/news/TIP_Interaction_Menu/en.json
I don't like tips (on games) and disabling them on this game doesn't work for me. Just decided to post to see if I could do anything. Doubt I will. But why not post it. It may not even be what I think it is, being in /news/ directory.
Full request URI:
http://prod.cs.ros.rockstargames.co...*******/GTA5/saves/mpstats/save_char0001.save
This one is probably the most interesting out of a lot of these. I hate to take away numbers, but my XBL R* account number is used in here, just as it was in mpstats (which, this is a file from that directory).
**************** = 16 Numbers. XBL R* account specific. Have to delete.
That will retrieve a data through TCP that with this length:
Reassembled TCP length: 38815
It is encoded using:
Line-based text data: application/x-www-form-urlencoded
But you can also get the data in hex form, which is what I plan on working with.
EDIT: I made this thread to spark some creativity or ideas. Never hurts to see what people see, as I only have two eyes and they tend to see things once and can't stop seeing any different pattern.
EDIT2: Added a few more. Just found one for content creator, but I believe it is a .dds image file. Will share that in a few after I analyze it for a few more minutes.
EDIT3: The content creator packet I found was just the news one. I exported it into a readable format, and then uploaded it to imgur. You can find it above in that specified packet.
EDIT4: Found packet that was saving my char001 game save. Uploaded.
EDIT5: Done for now. Collecting more packets. If you have any thoughts, please post below. There are several that I am interested in comparing similar packets of and try to alter values.
Thanks.
AnonPerson.
If any of my work is used to discover any exploits, please let me know as I'd love to see it! Also, be sure to give credit where credit is due. I have looked through 250,000-300,000 packets. I believe asking for a simple mention of my name, AnonPerson, and a link to this thread is simple enough.
Full Request URI:
https://prod.ros.rockstargames.com/gta5/11/gameservices/ProfileStats.asmx/WriteStats
Code:
Protocols in frame: eth:ip:tcp:http:data:data:data:data:data-text-lines
Frame Length: 60 bytes (480 bits)
Header length: 20 bytes
Destination port: http (80)
Flags: 0x018 (PSH, ACK)
POST /gta5/11/gameservices/ProfileStats.asmx/WriteStats HTTP/1.1\r\n
HOST:prod.ros.rockstargames.com\r\n
CONTENT-TYPE: application/x-www-form-urlencoded; charset=utf-8\r\n
TRANSFER-ENCODING: chunked\r\n
Full request URI:
http://prod.ros.rockstargames.com/c...gc/gta5mission/z7GPlhzcw06ammDaqw7d_A/1_0.jpg
Code:
I understand this one above leads to a .jpg file. However, I am posting it because of the directory.
Message: GET /cloud/11/cloudservices/ugc/gta5mission/z7GPlhzcw06ammDaqw7d_A/1_0.jpg HTTP/1.1\r\n
Request Method: GET
If-Modified-Since: Tue, 19 Nov 2013 21:20:02 GMT\r\n **(I ran this 12/16/2013)**
Full request URI: http://prod.ros.rockstargames.com/cloud/11/cloudservices/members/sc/********/GTA5/car
Code:
Protocols in frame: eth:ip:tcp:http:data:data:data:mime_multipart:data
HOST:prod.ros.rockstargames.com\r\n
CONTENT-TYPE: multipart/form-data; boundary=--------------------52af3ba8\r\n
TRANSFER-ENCODING: chunked\r\n
CONNECTION: Keep-alive\r\n
Expert Info (Chat/Sequence): POST /cloud/11/cloudservices/members/sc/********/GTA5/car HTTP/1.1\r\n
Header length: 20 bytes
Frame Length: 218 bytes (1744 bits)
UDP Length: 184
******** = How many numbers are after /sc/ but before /GTA5/[/I]
I edited due to not knowing if this is account specific. Haven't analyzed it enough yet.
Full request URI:
http://prod.cs.ros.rockstargames.co...mbers/xbl/****************/GTA5/saves/mpstats
**************** = 16 Numbers. This is account specific, as it has stayed the same per packet.
Code:
Protocols in frame: eth:ip:tcp:http:data:data:data:mime_multipart:data
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Frame Length: 60 bytes (480 bits)
Header length: 20 bytes
Destination port: http (80)
Flags: 0x018 (PSH, ACK)
TRANSFER-ENCODING: chunked\r\n
CONNECTION: Keep-alive\r\n
HOST:prod.cs.ros.rockstargames.com\r\n
Request Method: POST
Expert Info (Chat/Sequence): POST /cloud/11/cloudservices/members/xbl/****************/GTA5/saves/mpstats HTTP/1.1\r\n
MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "--------------------52af3ba8"
**************** = 16 Numbers. This is account specific, as it has stayed the same per packet.
I loaded up the Chemical Extraction mission. This packet is in reference to that.
Full request URI:
http://prod.ros.rockstargames.com/c...ta5mission/z7GPlhzcw06ammDaqw7d_A/0_0_en.json
Code:
Expert Info (Chat/Sequence): GET /cloud/11/cloudservices/ugc/gta5mission/z7GPlhzcw06ammDaqw7d_A/0_0_en.json HTTP/1.1\r\n
Request Method: GET
Connection: Keep-alive\r\n
Host:prod.ros.rockstargames.com\r\n
If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT\r\n **(Odd date?)**
Flags: 0x018 (PSH, ACK)
Protocols in frame: eth:ip:tcp:http
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Destination port: http (80)
Header length: 20 bytes
Frame Length: 528 bytes (4224 bits)
In this next packet, I went into crews to view my own crew.
Full request URI:
http://prod.ros.rockstargames.com/cloud/11/cloudservices/crews/sc/*******/metadata.json
******* = 7 Numbers. My Crew Specific, so I removed it.
Code:
Protocols in frame: eth:ip:tcp:http
Expert Info (Chat/Sequence): GET /cloud/11/cloudservices/crews/sc/*******/metadata.json HTTP/1.1\r\n
Host:prod.ros.rockstargames.com\r\n
Connection: Keep-alive\r\n
Request Method: GET
Destination port: http (80)
Header length: 20 bytes
Frame Length: 508 bytes (4064 bits)
Number of per-protocol-data: 1
Hypertext Transfer Protocol, key 0]
Flags: 0x018 (PSH, ACK)
If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT\r\n **(Again, non-updated date in code)**
Full request URI:
http://prod.cloud.rockstargames.com...or/131200_Deathmatch_and_Race_Creator_256.dds
I'm posting this now, but I am editing the numbers until I know for sure it is not account specific. It most likely isn't, being in /global/sc/news/ , BUT I like to be safe.
EDIT: It's not account specific. Just the news, as I thought.
Here is the picture:
Code:
Frame Length: 486 bytes (3888 bits)
Protocols in frame: eth:ip:tcp:http
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Header length: 20 bytes
Destination port: http (80)
Flags: 0x018 (PSH, ACK)
Expert Info (Chat/Sequence): GET /global/sc/news/Creator/131200_Deathmatch_and_Race_Creator_256.dds HTTP/1.1\r\n
Connection: Keep-alive\r\n
Full request URI:
http://prod.ros.rockstargames.com/gta5/11/gameservices/socialclub.asmx/CheckText
Code:
Protocols in frame: eth:ip:tcp:http:data:data:data:data-text-lines
Frame Length: 60 bytes (480 bits)
Header length: 20 bytes
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Source port: mysql-proxy (6446)
Destination port: http (80)
Flags: 0x018 (PSH, ACK)
Expert Info (Chat/Sequence): POST /gta5/11/gameservices/socialclub.asmx/CheckText HTTP/1.1\r\n
Request Method: POST
CONTENT-TYPE: application/x-www-form-urlencoded; charset=utf-8\r\n
TRANSFER-ENCODING: chunked\r\n
CONNECTION: Keep-alive\r\n
A prod.realtimevc.ros.rockstargames.com is a directory, packet info didn't matter. It was just a DNS protocol to look up the web address. Standard query. Just thought I'd post it.
Full request URI:
http://prod.ros.rockstargames.com/cloud/11/cloudservices/global/SC/news/TIP_Interaction_Menu/en.json
I don't like tips (on games) and disabling them on this game doesn't work for me. Just decided to post to see if I could do anything. Doubt I will. But why not post it. It may not even be what I think it is, being in /news/ directory.
Code:
Expert Info (Chat/Sequence):
GET /cloud/11/cloudservices/global/SC/news/TIP_Interaction_Menu/en.json HTTP/1.1\r\n
Frame Length: 485 bytes (3880 bits)
Protocols in frame: eth:ip:tcp:http
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Header length: 20 bytes
Destination port: http (80)
Flags: 0x018 (PSH, ACK)
Connection: Keep-alive\r\n
Full request URI:
http://prod.cs.ros.rockstargames.co...*******/GTA5/saves/mpstats/save_char0001.save
This one is probably the most interesting out of a lot of these. I hate to take away numbers, but my XBL R* account number is used in here, just as it was in mpstats (which, this is a file from that directory).
**************** = 16 Numbers. XBL R* account specific. Have to delete.
Code:
Protocols in frame: eth:ip:tcp:http
Number of per-protocol-data: 1
[Hypertext Transfer Protocol, key 0]
Destination port: http (80)
Header length: 20 bytes
Frame Length: 547 bytes (4376 bits)
Flags: 0x018 (PSH, ACK)
Request Method: GET
Connection: Keep-alive\r\n
Message: GET /cloud/11/cloudservices/members/xbl/****************/GTA5/saves/mpstats/save_char0001.save HTTP/1.1\r\n
That will retrieve a data through TCP that with this length:
Reassembled TCP length: 38815
It is encoded using:
Line-based text data: application/x-www-form-urlencoded
But you can also get the data in hex form, which is what I plan on working with.
EDIT: I made this thread to spark some creativity or ideas. Never hurts to see what people see, as I only have two eyes and they tend to see things once and can't stop seeing any different pattern.
EDIT2: Added a few more. Just found one for content creator, but I believe it is a .dds image file. Will share that in a few after I analyze it for a few more minutes.
EDIT3: The content creator packet I found was just the news one. I exported it into a readable format, and then uploaded it to imgur. You can find it above in that specified packet.
EDIT4: Found packet that was saving my char001 game save. Uploaded.
EDIT5: Done for now. Collecting more packets. If you have any thoughts, please post below. There are several that I am interested in comparing similar packets of and try to alter values.
Thanks.
AnonPerson.
Last edited: