DICE API Leaked - Exposing end user privacy and security.
"gametools.network" - Have found the API by exploiting the game (memory dump I imagine)? Not to be confused with GameTracker. Yes this is very real. I found this while looking to build a discord bot for BF2042. I'm a seasoned developer.
This is pretty much how both services work.
Method 1:
You can control everything as it stands right now in the BF Portal via the API gRPC.
Grabbing the name, amount of players online etc. It's all doable BUT you can not kick/ban players.
API 1: https://kingston-prod-wgw-envoy.ops.dice.se
export const sessionId = 'web-58451048-693f-4b92-8024-d068833eb996'
export const testPlayground = '355a31a0-3778-11ed-a123-5967b3f31df6'
These 2 variables can be obtained through your browser dev tools. Login to your server portal -> Modify Server, Open dev tools and look for the API requests. Exposed is your server and session ID.
This gives you the ability as a server owner to make features for your community.
Method 2:
This is where things get a little sketchy. The second API found looks to be exploited by using a memory dump. This API URL allows you to kick/ban, fake login users amongst other things.
You can see this in their github repo here the ability to kick/ban users:
https://github.com/community-network/Server-manager/blob/master/src/api/api.ts
This happens to be the same API that I strongly believe is being used to boot players from their own servers as per my post below. I don't believe they are the only one that has found this. I believe other users have found it and taking advantage of it.
They GameTools are a third-party service unregulated and may be looking to profit from this in the future. They are refusing to share the URL from the exploit? Personal gains? Anyway. Using the service could very well compromise server security, account security. The list goes on just how much more.
Discord Transcript:
https://ibb.co/fXbKppv
As you can see its hidden, not being release. BUT they are not the only ones with it.
What you do with this information is your choice. BF2042 players have already been deprived of functionality why shouldn't we be able to control our servers etc.
