What's new

Discussion GTA Cloud Servers Being Sent Encrypted HTTP Headers

Xversial

Xversial

Enthusiast
Messages
105
Reaction score
40
Points
85
Sin$
0
While watching GTA Online's outbound HTTP connections I noticed that there are 2 things being sent to rockstar when you're gathering the config files.

Scs-ticket = E6huAFselAqPv2EbFdgpUXyHjzJeTHer0aXUMuzxvfUtvYogUTpwFrIJNQSlONhDZEfws3DBXeZAFVjfy6r4wU61QWI/VjVOdY30md8MgBFmQ5l9EYOXRlOv8bSTxJDDH2uoQ2LFXgANcyvq6VxUc2zVPrEEqA==
User-agent = ros 8UEQPZR8IRGFfHdJkHQ8Tcw5clKJciYN3TctDMA=

What I know for sure:
The user-agent string starts with ros which stands for Robot Operating System and could be the library that is being used to instigate HTTP requests.
The user-agent is different for every request.
Both strings seem to be in base64, however do not decode to plain-text.


The Scs-ticket I am paranoid about being the console serial number, thus why I blanked out 23 characters of the string.
If anyone could share some insight on these that would be great. I would really like to know what rockstar is being sent.

Edit: The SCS Ticket is NOT the console serial number. It changes every time you reload the game. This is probably your session ID or something of the sort.
 
Pork Soda

rebman

Enthusiast
Messages
201
Reaction score
33
Points
85
Sin$
0
While watching GTA Online's outbound HTTP connections I noticed that there are 2 things being sent to rockstar when you're gathering the config files.

Scs-ticket = E6huAFselAqPv2EbFdgpUXyHjzJeTHer0aXUMuzxvfUtvYogUTpwFrIJNQSlONhDZEfws3DBXeZAFVjfy6r4wU61QWI/VjVOdY30md8MgBFmQ5l9EYOXRlOv8bSTxJDDH2uoQ2LFXgANcyvq6VxUc2zVPrEEqA==
User-agent = ros 8UEQPZR8IRGFfHdJkHQ8Tcw5clKJciYN3TctDMA=

What I know for sure:
The user-agent string starts with ros which stands for Robot Operating System and could be the library that is being used to instigate HTTP requests.
The user-agent is different for every request.
Both strings seem to be in base64, however do not decode to plain-text.


The Scs-ticket I am paranoid about being the console serial number, thus why I blanked out 23 characters of the string.
If anyone could share some insight on these that would be great. I would really like to know what rockstar is being sent.

Edit: The SCS Ticket is NOT the console serial number. It changes every time you reload the game. This is probably your session ID or something of the sort.

We need a way to spoof that number
 
X

xBob

Enthusiast
Messages
34
Reaction score
1
Points
55
Sin$
0
My theory on spoofing this goes this way:
1. We modify the currently used web servers for the tunables so when it gives the console the tunables the web server saves the sesh id
2. We make a program on your pc that when the server gets a session id from your ip the server sends it to your client
3. Your client requests tunables from the legit rockstar servers with the sesh id to spoof the console connecting to the cloud servers
 
K

Kiint

Enthusiast
Messages
43
Reaction score
25
Points
55
Sin$
7
scs ticket is the session id for session control. This is what is used to create/manage lobbies.
 
X

xBob

Enthusiast
Messages
34
Reaction score
1
Points
55
Sin$
0
But couldn't rockstar see if they get the sesh id or not and put you on a list for inspection?
 
K

Kiint

Enthusiast
Messages
43
Reaction score
25
Points
55
Sin$
7
The session ID is a way of tracking and matching the character to the Online sessions, if you mess with it you probably won't be able to join and instead be either on a session all by yourself, or you will get an invalid Online ID. Your console ID is tracked by Sony/Microsoft. Rockstar track your session ID and your PSN account. They can tie it all together by requesting a console ban for consoles using the appropriate PSN account (if Sony/Microsoft honour the request).

There are no Rockstar servers except for the session control servers (and other stuff like saves, news, tunables etc). The actual lobbies and missions are all peer to peer using STUN to mesh the sessions together based on the scs-ticket. Everyone will have a unique scs-ticket, and Rockstar will (in the back end) manage the lobby/mission ID's and use the STUN servers to merge the selected scs-tickets to the apropriate lobby/mission ID.

Basically, messing with the scs-ticket won't achieve anything except make it harder for you to go Online.
 
X

xBob

Enthusiast
Messages
34
Reaction score
1
Points
55
Sin$
0
Ah. That's makes a lot more sense so I guess spoofing it is useless
 
K

Kiint

Enthusiast
Messages
43
Reaction score
25
Points
55
Sin$
7
Theoretically, Rockstar could detect/patch who is "tunable" glitching by looking and matching the ros for the savegame and the tunable server ... unless they match then the client doesn't receive a scs-ticket.

Though to be perfectly honest, that's a very obtuse way of doing it.
 
Xversial

Xversial

Enthusiast
Messages
105
Reaction score
40
Points
85
Sin$
0
the ros is the base64 session for clients to obtain their MP save from http://prod.cs.ros.rockstargames.com

you can access your save (an encrypted mpstats.xml file) by spoofing the agentdata on the prod.cs.ros sub-domain

ex. http://prod.cs.ros.rockstargames.com/cloud/11/cloudservices/members/xbl/XUID_HERE/GTA5/saves/mpstats


Your information has made me happier then ever!
Do you happen to know how we could go about decrypting the MPSTATS? I mean there must be a static encryption key stored somewhere within the game files.
 
Rukkia

Rukkia

Enthusiast
Frame In Gold
Messages
259
Reaction score
185
Points
115
Sin$
7
Your information has made me happier then ever!
Do you happen to know how we could go about decrypting the MPSTATS? I mean there must be a static encryption key stored somewhere within the game files.

couldnt tell ya, i didn't look into it too much - just spent a few minutes looking at it. srry
 
E

ECB2

lkn
Messages
1,029
Reaction score
1,513
Points
295
Sin$
0
Your information has made me happier then ever!
Do you happen to know how we could go about decrypting the MPSTATS? I mean there must be a static encryption key stored somewhere within the game files.


It's not a static encryption key.
 
Xversial

Xversial

Enthusiast
Messages
105
Reaction score
40
Points
85
Sin$
0
It's not a static encryption key.

If it's not a static encryption key, what server is left to send it? I have checked it against prod.cs.ros.rockstargames.com, prod.cloud.rockstargames.com, and socialclub.rockstargames.com.
Also, if it's time based it still is static in a sense.
 
T

twisted0ne

Enthusiast
Messages
33
Reaction score
9
Points
55
Sin$
0
While watching GTA Online's outbound HTTP connections I noticed that there are 2 things being sent to rockstar when you're gathering the config files.

Scs-ticket = E6huAFselAqPv2EbFdgpUXyHjzJeTHer0aXUMuzxvfUtvYogUTpwFrIJNQSlONhDZEfws3DBXeZAFVjfy6r4wU61QWI/VjVOdY30md8MgBFmQ5l9EYOXRlOv8bSTxJDDH2uoQ2LFXgANcyvq6VxUc2zVPrEEqA==
User-agent = ros 8UEQPZR8IRGFfHdJkHQ8Tcw5clKJciYN3TctDMA=

What I know for sure:
The user-agent string starts with ros which stands for Robot Operating System and could be the library that is being used to instigate HTTP requests.
The user-agent is different for every request.
Both strings seem to be in base64, however do not decode to plain-text.


The Scs-ticket I am paranoid about being the console serial number, thus why I blanked out 23 characters of the string.
If anyone could share some insight on these that would be great. I would really like to know what rockstar is being sent.

Edit: The SCS Ticket is NOT the console serial number. It changes every time you reload the game. This is probably your session ID or something of the sort.

Looks like sha1 encryption to me, not base64.
 
Xversial

Xversial

Enthusiast
Messages
105
Reaction score
40
Points
85
Sin$
0
Looks like sha1 encryption to me, not base64.

Sha1 is a hashing method and doesn't have a suffix of = signs.
Regardless, It's encoded after being encrypted. It's not just a hash or encoding.

I'm under the impression it is the same algo that GTA Uses for mostly everything else, AES-CBC with PKCS5Padding.
 
Last edited:
E

ECB2

lkn
Messages
1,029
Reaction score
1,513
Points
295
Sin$
0
Sha1 is a hashing method and doesn't have a suffix of = signs.
Regardless, It's encoded after being encrypted. It's not just a hash or encoding.

I'm under the impression it is the same algo that GTA Uses for mostly everything else, AES-CBC with PKCS5Padding.

Wrong algo.
Next try.
 
Top Bottom
Login
Register