💵 Shop Stand/Basket Scanner for BoundlessTrade.net

Tags: #<Tag:0x00007fb4d90b3278> #<Tag:0x00007fb4d90b3048> #<Tag:0x00007fb4d90b2df0> #<Tag:0x00007fb4d90b2c60> #<Tag:0x00007fb4d90b2b20>

I have created a PC application that gathers shop stand/basket data from your game and uploads it to https://boundlesstrade.net/. It should be easy to setup, but has only very limited testing at the current time. Let me know if you experience any issues and I can try to help.

The application may introduce network lag to your game, or may crash your game, etc. It’s probably a good idea not to submit crash-dumps or suppport requests to Wonderstruck while you’re using this application.

The client will impact the security of your system as well as the security of your boundless network data. If you’re unclear on how this works or how it affects you, it may be better to avoid using the client. I’ll let you decide.

The client will almost certainly break with every update/hotfix of the game, so please be patient as they happen until I’m able to fix it.

Download & Usage

Click to expand

image

To download the Price Gathering Client, click on the Boundless Trade link above, then click “Scanner Client” at the top.

Here is a video showing how to use it:
https://www.youtube.com/watch?v=cdyp_ERJff0

How does the Price Gathering Client work?

Click to expand

First, the application adds it’s own certificates to the ca-bundle.crt file in the boundless directory. Next, the application updates the hosts file to force boundless to connect to my application instead of to the boundless servers. Next the application opens TCP port 443 and TCP port 8902 on the loopback adaptor. Queries sent to these ports are forwarded to the boundless servers. The boundless server certificate is not verified whatsoever, unlike what the game usually does when it’s connecting directly. Next the application opens a UDP port on the local machine for each planet starting at port 1000 going up. UDP traffic sent to these ports is forwarded to the corresponding planet server. Next the application injects some code into the boundless process which copies a pointer to the current chunk you’re looking at (I"ll describe why later).

As you’re running the game, Boundless will ask the discovery server for connection information for various planets. The application modifies the responses to the game in two ways. First it updates the IP address field to be loop-back instead of the actual server, next it modifies the UDP port to match the local port opened for the corresponding planet. This causes the game to connect through the application for almost all of it’s data.

When you approach a shop stand/basket, you see the item appear on top of the stand/basket. This is the same data that the application is uploading to the Boundless Trade server. In addition to that, this application also asks the Boundless Trade server what shops stands are in the current chunk the player is looking at, and informs the server if any of those shop-stands no longer exist.

Shop stands/baskets will stay on Boundless Trade for 3 days.

How does a customer find a shop stand/basket in-game that they see on Boundless Trade?

Click to expand

The right-most column shows registered shops nearby the buy/sell order. It may be easier to find stands that are close to a registered shop and the shop owner can put some directions in the description.

Regardless if it’s near a shop or not, you can click on the buy/sell order to see more details.
image

Here you can over over or click on the nearby shops for travel directions, or you can click on the https://boundless-maps.com/ link shown to display a pin on the map where it is. You can then download the boundless-maps client if you’re on PC to see where you are and when you’re getting close, etc.

Once you get close you can set the coordinates of the shop stand/basket as a custom destination in-game, and will show a nice icon directly on the shop stand/basket.

How does a shop owner add their shop to Boundless Trade for others to find

Click to expand

First you have to create an account on the site, then click “My Account” at the top and you can add shops there. Please double check coordinates and add over-detailed travel instructions so people can find your shop easily.

I want to help scan

Click to expand

You can post here asking if there are communities that want to be scanned regularly. I’m sure there are some PS4 or other communities that would love this. Or you can just scan shops/malls at your own leisure. Every scan helps!

Also if you apply for membership on the Portal Seekers discord, you can operate the discord bot to help fill the scan requests from the Boundless Trade site described above.

What if I’m not able to use the Price Gathering Client

Click to expand

If you can’t get the client working to scan your shop, there are two alternatives:

  1. Connect your shop to [PS] Biitula, [PS] Boori, [PS] Grovidias Te, or [PS] Lamblis. Portal Seekers will be scanning shops (not malls) connected to these hubs.

  2. On the Boundless Trade website, go to your shop page in “My Account” and click “request scan” in the top right. This will signal a bot in the Portal Seekers discord and someone should come and scan your shop soon. The scan request applies for 2 weeks, and the discord bot will request someone scan your shop every 2-3 days. So basically as long as you refresh the scan request every 2 weeks, you should end up with relatively up-to-date data on the site consistently.

*Note: If you’ve requested a scan on your shop before this post was made, it may have been cancelled due to random bugs, so just request again please.

Is Wonderstruck okay with all this?

Click to expand

They can see this thread, as well as other threads that have led to this. If they ask me to stop I will.

I tried your application, now I can’t connect to Boundless at all even without it!

Click to expand

It’s likely you need to revert the changes done to your hosts file. This can happen if the application did not shut-down cleanly or if you opted for the manual host file modification flow.

I’m getting some error about System.Net.Http. What do?

Click to expand

If you get an error like this:
image

Install this:
https://dotnet.microsoft.com/download/dotnet-framework-runtime/net472

23 Likes

Awesome work!

3 Likes

that gives me Hackmud flash backs :joy:

1 Like

Might want to bold that lag part for people that just skim this. The lag can get pretty brutal for some people as it is.

Hopefully this post doesn’t get closed like the other one(s) good luck.

1 Like

Might I ask why no source code?

Because of the potential for abuse. I know it’s not ideal, sorry.

1 Like

for people worried about it being a exe here is scan form both eset NOD32 and malwarebytes

malware scan

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/17/19
Scan Time: 2:19 PM
Log File: 5a960df6-48fa-11e9-a38c-74d435ee9472.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9724
License: Premium

-System Information-
OS: Windows 10 (Build 17763.379)
CPU: x64
File System: NTFS
User: BRIAN-PC\Brian

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 7
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 4 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

3 Likes

I hope nothing like that happens. Gunna see a handful of people sitting on the same beacon

1 Like

Great to see it released. It is an awesome tool!

Already saved me a lot of time searching for items I need. Especially when my favorite shops are sold out again.
Will be also really helpful once I am ready for my own shop.

5 Likes

Virus scan is a good step. But it is a 3rd party .exe that has no source available, anything is possible in theory. A virus scan wouldn’t pick up the client reading some sensitive data and sending it somewhere. The data it sends to the server is sha256 encrypted so we have no idea what’s actually in there. I understand that this is an abuse precaution, but I also took a peek with a decompiler and it decompiles with obfuscated function and variable names, regardless I still found the hash generation in a few minutes. If I have time and interest I might extract the hash(es) and take a look at the data, a few hoops to jump through but it can be done. You can also already mess with the data by burying a shop stand or a request basket and it picks them up and it appears on the site.

I’m not saying it is malicious and I sincerely hope it isn’t, based on @Simoyd’s previous work it should be ok. Just in general you shouldn’t run a random exe you downloaded from the internet, they could be nasty even if they pass a virus check.

Waiting for something similar to be done in-game by the boundless devs so the data is more complete and up to date. A shop-stand api could work too :thinking:

edit: Wait the data can’t be in sha256 can it? I’ll take a better look tomorrow…
edit2: Yeah I figured it out, although I won’t fix anything above as to not make it easier for someone else

4 Likes

you’ll be able to figure it out if you keep trying. but I’m not sending anything bad don’t worry =D

1 Like

I give you credit for setting this up but is the code release on GitHub or something for community review?

1 Like

Currently it is not, because of the potential for abuse. I know it’s not ideal, sorry.

Which means someone who already has access can abuse it or people who are computer/program savvy can dig into it and find ways to do it. Nice

2 Likes

Oh yea. Bout time this got released

1 Like

Also dont ruin the game with this tool. Use it as intended until something else is put in place to react similarly and is dev ran.

4 Likes

If someone doesn’t want to use it as intended they won’t no matter how much we ask them not to. Problem is this game has plenty of trolls and this gives a different way to do it. Plus there’s always people who just want to watch the world burn

3 Likes

to be fair the amount of work needed to decompile sims tool and reverse engineer it they would need the knowledge to do it anyway so it would happen with or without this tool being released. it would be more risky to release the source code has it would allow someone who may not know how to it have to make minor changes to the source code to get there tool to do what they want.

1 Like

Still doesn’t change how easy it is to troll the client which affects everyone that will use this. And easier to get someone to do that for you opposed to getting someone to build you a program to do this.

1 Like

Funny, as if it’s not possible to write malicious code existing virus scanners do not know yet!

1 Like