Goal and how to help
One day, eventually, Trackmania will reach his EoL. This is about documenting as much as possible to eventually get the point of having a fully functional custom auth server. If you want to give help, go ahead. Just grab fiddler and start tweaking around with the game.
TrackMania uses a XML-RPC-like API to authenticate players, load server lists, load rankings, etc... Here is some documentation about what has been reversed engineered. A lot is still left to be documented.
The game sends unencrypted POST requests to
to communicate with the API.
It sets two headers:
User-Agent: GameBox and
Accept: */*, and uses the following format as request body :
<?xml version="1.0" encoding="UTF-8"?> <root> <game> <name>TmForever</name> <version>2.11.16</version> <distro>MOLUX</distro> <lang>fr</lang> </game> <author> <login/> <session/> </author> <request> <name>[...]</name> <params> [...] </params> </request> <auth> <value>[...]</value> </auth> </root>
Here is a description of the parameters :
- name the client you are using. Known values: TmForever
- version Version of the client
- distro Unknown. Set to MOLUX or TAHOR
- lang lang of the client, as ISO 639-1
- login is not set when calling GetConnectionAndGameParams
- session is not set when calling GetConnectionAndGameParams
- name Name of the requested function.
- param Parameters for the call.
- auth Optional. Only seen with Disconnect
- value Looks like an auth ticket.
The server responds with XML, which has obfurscated names:
<?xml version="1.0" encoding="UTF-8"?> <r> <r> <n>[...]</n> <c> [...] </c> </r> <e>execution time : 0.0010 s</e> </r>
Here is a description of the return:
- n The name of the called function
- c The return data
- e A string giving the execution time.
First request sent by client.
Used to check if login is already used for account creation.
Used to make the server send a password recovery email.
Used to disconnect (Duh).