I can't help but roll my eyes at "serious issues" you know in most states these anti trans laws were passes targeting handfuls of children in each state, sometimes a single child. But oh yes that's a serious issue for sure right now
Ea loves using generic systems across all their games. When poking around at Madden I found they have a common backend called blaze that has generic web and tcp endpoints. We built out a tool to call these endpoints (having to upload xml) and only later found out that every time we made the call it was crashing their servers but since we were grabbing a new server each request we were crashing all of their madden servers one by one. They ended up building an API to discourage people poking around
Blaze is the name of the C++ framework/service to build custom backend for online games. It allows game team to developp online features in a standard way, it's backed by MySQL.
From what I remember you need roughly one Blaze instance for 5k/10k players.
Hey, author of the article here! I actually wrote one last year on a ton of Blaze exploits I've found, but didn't end up releasing it. It uses a proprietary format now, and it seems they were very comfortable with security through obscurity by assuming no one would figure out how to interface with it. Hopefully I'll get back around to that post one day, there's some fun stuff to say the least.
Unfortunately the security by obscurity is backed up by "If a user exploits this, it's a crime and we just contact our legal team." I have seen this happen even in Sweden, local student 16 years old [1] figures out state has a big hole in their school system. He tells state about it and they do nothing so he tries to log in with the admin password he found in a file on his computer. They call the police.
Heya, infosec nerd and titanfall fan here. Can you elaborate on the bit where apex was referred to as titanfall3? I didn't notice anything about apex in the accompanying JSON in that section of the writeup.
lol, I think I saw this API recently for another game. It’s a GraphQL frontend right? They disabled introspection but their error messages will helpfully offer suggestions for misspelled field names
BTW, pro-tip when reversing APIs of popular services like this: use GitHub code search! Put some unique endpoint names into it and see what comes up. You’ll often find some kindred spirits who have hacked their own little API clients to do something you never even thought about, but which nevertheless helps you advance along your own quest…
Thumbing through iterations of PSN client IDs, attempting to sign in to the EA gateway proxy returns 'namespacename' value that's pulled from personal data. 2F-A token info should be hashed in /tokeninfo/ endpoint pulled from JUNO.
Attempting to integrate, post-ex-facto - infrastructure for a C++ API would return the PSN user id.
Im currently deep in rewriting a c# monolith thats 10+ years old that has thousands of lines of extra code that i was able to throw away because most of it was written before there were optional arguments so they made overloads for every permutation of arguments for every framework function
oh yeah because our courts have definitely shown themselves to be non partisan, like how one of the republican supreme court justices thinks they are at war ideologically against the other side and must win
because the way they encouraged doctors to push it to everyone, regardless if they needed it or not. they aggressively marketed and pushed the drug in situations that didnt call for it
these days instagram is much more used by older people than tiktok which has a large younger audience. Also scale wise, tiktok is crazy huge, so yes there is a difference between the two offerings
reply