When I first started looking at the Simcity 2013 traffic, I had hoped I could peak at all of the server communication they do. Sadly (for me), the team at Maxis was fairly smart when it came to securing their encrypted traffic and they were able to thwart my initial attempts to man-in-the-middle (MITM) the connection between the Simcity client and their servers. I plan on attempt that some more in the future, but for now I’m going to look at the traffic from a higher level. I’m not entirely skilled here, but I know enough to have been able to pull it off for the Final Fantasy XIV login system (which will be its own post someday).
Note, all my data capture was from the first week of Simcity’s launch, so the behavior outlined below may have changed since then.
Looking at the Simcity traffic, the first and most obvious point is that all communications with their servers is done over either HTTP or HTTPS using standard ports.
Starting the Simcity Launcher
Wow, talk about a busy client. In starting up the Simcity launcher, there are a total of 12 DNS lookups. This whole process includes checking for updates, authenticating, and loading news/ads. Below I outline what I’m able to see and guess about the traffic that the Simcity launcher does out to their servers.
Below is a list of all the DNS lookups the Simcity launcher does at startup. I also looked at some of its traffic to try and guess what each server is used for.
|novafusion.ea.com||HTTP||Client tries to connect a few times, but the server never responds. Ends up falling back to proxy.novafusion.ea.com|
|loginregistration.dm.origin.com||HTTPS||Origin service. Used for registration/account verification.|
|proxy.novafusion.ea.com||HTTPS||Origin service. Seems to be related to logging into the game and verifying you have an Origin account.|
|telemetry.simcity.com||HTTP & HTTPS||A central simcity services (not region specific).|
|api.simcity.com||HTTPS||Another central simcity service.|
|api.p04.simcity.com||HTTPS||Simcity API specific for a reason (US East 2 in this case). Lots of connections opened to this server.|
|socket.p04.simcity.com||HTTPS||Second region-specific Simcity service. More likely used for region chat communications and more immediate events.|
|update.prod.simcity.com||HTTP||Update server. Handles fetching game updates and scripts related to the game. Also responsible for serving up some static images for the launcher. (learn more graphic, game scripts html, UpdaterControl.bin)|
|scprod04servicenews.s3.amazonaws.com||HTTP||Does a GET on “/en_US/announcement.json“, which report status information (Currently this is the “Welcome to Simcity!” message)|
|adsrv-dummy.ea.com||none||Not a valid DNS entry. Looks like a place-holder until they get a real ad system setup.|
|static.prod.simcity.com||HTTP||Same IP addresses as update.prod.simcity.com, though the server distinguishes the hostname when handling GET requests.|
There isn’t anything all too surprising with the list of servers the launcher connects to. I would say the number of servers that it connects to are pretty surprising, it goes to show they are doing a lot with just the launcher. As well, much of the traffic is over HTTPS, so without getting around the SSL encryption, it will be hard to know exactly what each server is used for.
The two “p04” servers, which are the region specific servers (NA East 2 in this case) are a bit interesting, as it means the game is fetching region specific data before the game even launches. This could be just simple checks to see if the server is busy.
Another interesting piece about the launcher is the User-Agent it reports itself as:
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.3 (KHTML, like Gecko) Safari/535.3 EAWebKit/126.96.36.199.0
It looks like the Simcity launcher is using Webkit as its rendering engine for HTML. That definitely will make it easier for them to have the game on OSX. For those that are unfamiliar with Windows gave development, many developers tend to use Internet Explorer on Windows as it is fairly painless to embed in an application. Choosing to use Webkit was definitely more work for them, but makes cross-platform a lot easier.