EFT is using login system to authenticate user and set him a proper session id after that its easier to access game without any credentials. Official game launcher is using proper login system which also includes captcha, BUT there is one catch... they forgot to remove old ass login system from ingame, which was leading to this url:
below 12.11: "/client/game/login"
after 12.11: "/api/editor/login"
it accepts only POST data (below csharp code for POST data generation)
string loginPostData = new JavaScriptSerializer().Serialize(new
{
email = LOGIN_EMAIL,
pass = string.Concat(MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(LOGIN_PASSWORD)).Select(x => x.ToString("x2"))),
version = new
{
major = GAME_VERSION,
minor = "live",
game = "live",
backend = BACKEND_VERSION,
taxonomy = TAXONOMY_VERSION
},
device_id = LOGIN_DEVICE_ID,
develop = true,
sec = 1
});
as we see its not that hard to login into the game and retrive PHPSESSID which can be later abused.
About Login Data
LOGIN_EMAIL - as name states its simple email address you registered your account,
LOGIN_PASSWORD - its simple md5 hash (WITHOUT ANY SALT) of your ingame password (its very insecure if database will got leaked somehow there will be a great trouble with hacked accounts etc.)
LOGIN_DEVICE_ID - in simple words its text which represents your deviceID it can be whatever (even "ILikeAnimusSoBadly") if its verified using hardware activation with email generated code you can put there whatever you want. By default there should be "Unity Unique Hardware ID"
its not ending there... so what we can do now we login succesfully using out poggers login link, whats now ? Well after login is completed we gather PHPSESSID of that response after that we can make a bot which will use same PHPSESSID (it was abused in the past), or we can just start game skipping launcher completly... (yes we can do that...)
EscapeFromTarkov_BE.exe -token={PUT RETRIVED PHPSESSID HERE} - config={\"BackendUrl\":\"https://prod.escapefromtarkov.com\",\"Version\":\"live\"}"
yea just for good measure we include a config here also :)
Interesting, I didnt think the launcher could be bypassed. I gues you could creat a .bat file with the call and any launch params?