This post does not contain an AutoBuyer. It does contain PHP code that would allow you to create an AutoBuyer very easily. To stay updated with the code please use my GitHub Account.
Last week I posted code that allowed you to login to the FIFA 13 Ultimate Team Web App, today I’ve posted the code that allows you to search for players and make bids on them. The code has other functionality as well, such as retrieving player images, player JSON description files and other things.
In what ever language you prefer to code in it doesn’t take aΒ geniusΒ that putting the code together would allow you to connect and then search for specific players and bid on them based on maximum bid values you supply.
So with no further a do here is the code:
This first portion allows you to search for players and staff:
<?PHP
/**
* @llygoden
* @author - Rob McGhee
* @URL - www.robmcghee.com
* @date - 24/09/12
* @version - 1.0
**/
class Searchor {
private $EASW_KEY;
private $EASF_SESS;
private $PHISHKEY;
private $XSID;
//initialise the class
public function __construct($EASW_KEY, $EASF_SESS, $PHISHKEY, $XSID) {
$this->EASW_KEY = $EASW_KEY;
$this->EASF_SESS = $EASF_SESS;
$this->PHISHKEY = $PHISHKEY;
$this->XSID = $XSID;
}
public function playersearch($start = 0,$count = 15,$level,$formation,$position,$nationality,$league,$team,$minBid,$maxBid,$minBIN,$maxBIN){
//URL to search for items
$searchurl = "https://utas.fut.ea.com/ut/game/fifa13/auctionhouse?";
//String that holds our search variables
$searchstring = "";
//Add to the search string based on the variables passed
if ($level != "" && $level != "any"){
$searchstring .= "&lev=$level";
}
if ($formation != "" && $formation != "any"){
$searchstring .= "&form=$formation";
}
if ($position != "" && $position != "any"){
if ($position == "defense" || $position == "midfield" || $position == "attacker"){
$searchstring .= "&zone=$position";
}else{
$searchstring .= "&pos=$position";
}
}
if ($nationality > 0){
$searchstring .= "&nat=$nationality";
}
if ($league > 0){
$searchstring .= "&leag=$league";
}
if ($team > 0){
$searchstring .= "&team=$team";
}
if ($minBid > 0){
$searchstring .= "&micr=$minBid";
}
if ($maxBid > 0){
$searchstring .= "¯=$maxBid";
}
if ($minBIN > 0){
$searchstring .= "&minb=$minBid";
}
if ($maxBIN > 0){
$searchstring .= "&maxb=$maxBid";
}
//create the final search string
$search = $searchurl . "type=player&start=$start&num=$count" . $searchstring;
//Set the cookie data
$cookie_string = $this->EASW_KEY."; ".$this->EASF_SESS ."; ".$this->PHISHKEY;
//Setup cURL HTTP request
$ch = curl_init($search);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'x-http-method-override: GET',
$this->XSID)
);
//Contains the JSON file returned from EA
$EAPSEARCH = curl_exec($ch);
curl_close($ch);
unset ($start,$count,$level,$formation,$position,$nationality,$league,$team,$minBid,$maxBid,$minBIN,$maxBIN, $ch, $cookie_string, $search, $searchstring);
return $EAPSEARCH;
}
public function staffsearch($start = 0,$count = 15, $level, $cat, $minBid, $maxBid, $minBIN, $maxBIN){
//URL to search for items
$searchurl = "https://utas.fut.ea.com/ut/game/fifa13/auctionhouse?";
//String that holds our search variables
$searchstring = "";
//Add to the search string based on the variables passed
if ($level != "" && $level != "any"){
$searchstring .= "&lev=$level";
}
if ($cat != "" && $cat != "any"){
$searchstring .= "&cat=$cat";
}
if ($minBid > 0){
$searchstring .= "&micr=$minBid";
}
if ($maxBid > 0){
$searchstring .= "¯=$maxBid";
}
if ($minBIN > 0){
$searchstring .= "&minb=$minBid";
}
if ($maxBIN > 0){
$searchstring .= "&maxb=$maxBid";
}
//create the final search string
$search = $searchurl . "type=staff&blank=10&start=$start&num=$count" . $searchstring;
//Set the cookie data
$cookie_string = $this->EASW_KEY."; ".$this->EASF_SESS ."; ".$this->PHISHKEY;
//Setup cURL HTTP request
$ch = curl_init($search);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'x-http-method-override: GET',
$this->XSID)
);
//Contains the JSON file returned from EA
$EASSEARCH = curl_exec($ch);
curl_close($ch);
unset ($start,$count,$level,$cat,$minBid,$maxBid,$minBIN,$maxBIN, $ch, $cookie_string, $search, $searchstring);
return $EASSEARCH;
}
}
?>
This next portion allows you to get trade information and bid on an item:
<?PHP
/**
* @llygoden
* @author - Rob McGhee
* @URL - www.robmcghee.com
* @date - 24/09/12
* @version - 1.0
**/
class Tradeor {
private $EASW_KEY;
private $EASF_SESS;
private $PHISHKEY;
private $XSID;
//initialise the class
public function __construct($EASW_KEY, $EASF_SESS, $PHISHKEY, $XSID) {
$this->EASW_KEY = $EASW_KEY;
$this->EASF_SESS = $EASF_SESS;
$this->PHISHKEY = $PHISHKEY;
$this->XSID = $XSID;
}
//$trade is the tradeID for the item you want
//$value is the value in FIFA coins that you want to BID
public function bid($trade, $value){
//URL to bid on trade items
$bidurl = "https://utas.fut.ea.com/ut/game/fifa13/trade/". $trade ."/bid";
//JSON data to send as a POST item
$data = array("bid" => $value);
$data_string = json_encode($data);
//Set the cookie data
$cookie_string = $this->EASW_KEY."; ".$this->EASF_SESS ."; ".$this->PHISHKEY;
//Setup cURL HTTP request
$ch = curl_init($bidurl);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'x-http-method-override: PUT',
$this->XSID)
);
//Contains the JSON file returned from EA
$EABID = curl_exec($ch);
curl_close($ch);
unset ($ch, $cookie_string, $data_string, $data, $trade, $bidurl, $value);
return $EABID;
}
public function trade($trade){
//URL to view trade details
$tradeurl = "https://utas.fut.ea.com/ut/game/fifa13/trade?tradeIds=". $trade;
//Set the cookie data
$cookie_string = $this->EASW_KEY."; ".$this->EASF_SESS ."; ".$this->PHISHKEY;
//Setup cURL HTTP request
$ch = curl_init($tradeurl);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'x-http-method-override: GET',
$this->XSID)
);
//Contains the JSON file returned from EA
$EATRADE = curl_exec($ch);
curl_close($ch);
unset($ch, $cookie_string $trade, $tradeurl);
return $EATRADE;
}
}
?>
And finally is a general functions class that allows you to retrieve trivial bits of information about a player.
<?PHP
/**
* @llygoden
* @author - Rob McGhee
* @URL - www.robmcghee.com
* @date - 23/09/12
* @version - 1.0
**/
//returns the base ID of a player from the resource ID provided
public function baseID($resourceid){
$rid = $resourceid;
$version = 0;
WHILE ($rid > 16777216){
$version++;
if ($version == 1){
//the constant applied to all items
$rid -= 1342177280;
}elseif ($version == 2){
//the value added to the first updated version
$rid -= 50331648;
}else{
//the value added on all subsequent versions
$rid -= 16777216;
}
}
$returnable = array('baseID'=>$rid,'version'=>$version);
return $returnable;
}
//returns the JSON file containing the players information
public function playerinfo($baseID){
$playerurl = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/web/". $baseID .".json";
$EAPLAYER = file_get_contents($playerurl, false);
return $EAPLAYER;
}
//returns the URL of the players image
public function playerimage($baseID){
$EAPIMAGE = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/images/players/web/". $baseID .".png";
return $EAPIMAGE;
}
//returns the JSON file containing the managers information
public function managerinfo($assetID){
$managerurl = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/web/". $assetID .".json";
$EAMANAGER = file_get_contents($managerurl, false);
return $EAMANAGER;
}
//returns the URL of the managers image
public function managerimage($assetID){
$EAMIMAGE = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/images/players/web/heads_staff_". $assetID .".png";
return $EAMIMAGE;
}
//returns the URL of the countries flag
public function flagimage($assetID){
$EAMIMAGE = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/images/cardflags/web/". $assetID .".png";
return $EAMIMAGE;
}
//returns the URL of the countries flag
public function flagswfimage($assetID){
$EAMIMAGE = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/images/cardflagssmall/web/Flag_". $assetID .".swf";
return $EAMIMAGE;
}
//returns the URL of the clubs badge
public function clubimage($assetID){
$EAMIMAGE = "http://cdn.content.easports.com/fifa/fltOnlineAssets/2013/fut/items/images/clubbadges/web/s". $assetID .".png";
return $EAMIMAGE;
}
//returns the JSON file containing how many coins your account has to spend
public function credits($EASW_KEY, $EASF_SESS, $PHISHKEY, $XSID){
//URL to retrieve credits
$creditsurl = "https://utas.fut.ea.com/ut/game/fifa13/user/credits";
//Set the cookie data
$cookie_string = $EASW_KEY."; ".$EASF_SESS ."; ".$PHISHKEY;
//Setup cURL HTTP request
$ch = curl_init($creditsurl);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'x-http-method-override: GET',
$XSID)
);
//Contains the JSON file returned from EA
$EACREDITS = curl_exec($ch);
curl_close($ch);
unset ($ch, $cookie_string, $trade, $tradeurl, $value);
return $EACREDITS;
}
//Return the type of card we have
public function cardtype($rating, $rare){
$type = "Gold";
//Set the Colour based on the player rating
if ($rating <= 64){
$type = "Bronze";
}elseif ($rating <= 74){
$type = "Silver";
}
//Set the Catagory based on the player rareity
switch($rare):
case 1:
$type .= " Shiny";
break;
case 3:
$type .= " InForm";
break;
case 5:
$type .= " TOTY";
break;
case 6:
$type .= " TOTY";
break;
case 8:
$type .= " MOTM";
endswitch;
//Return the Card Type
return $type;
}
?>
Hello,
is it possible to hire you for a complete autobuyer?
Regards
Sure it is, what are you willing to pay?
What kind of coding do i need to learn to program this.. sorry for this stupid question. But i would really want to learn on how to do it..
Another question.. Can you actually concentrate the searches on more than one player.. Example..
Concentrate it specifically on 3 players.. all from different leagues etc..
Thanks for the tutorial – any reason why the script displays nothing after I enter the user/pass/hash?
hey rob, am 16 and I just want to know how you put these codes together
Could you please contact me on how to set this up, thank you.
How can I go about putting this together? Please contact me via email.
Rob, this is great! Thanks for making this available.
I’m attempting to extend this and managed to connect to the watchlist, but cannot figure what requests to send in order to remove expired cards, discard them or send them to the club. Could you give some pointers?
No prob.. Figured it.
Same question as above: can I hire you for a complete autobuyer? Please let me know…
Thanks!
Will you make a complete one for $150!!
Hi,
Is the hash algorithm the straight-forward MD5 or is a custom algorithm? Also, do you have sample code on how to make a buy now instead of a bid?
how do i use this?
Thank you for the extensive info. Much appreciated!
Hi Rob,
Again, thanks for posting all of this. I am trying to write a C# version, and I am having issues connect. I wonder if you could kindly provide some input.
I get the following response:
{“debug”:””,”string”:”Forbidden (ut)”,”reason”:””,”code”:”403″}
When trying to authenticate with a application/json post to:
http://www.ea.com/p/fut/a/ps3/l/en_GB/s/p/ut/auth
With the following data:
{“isReadOnly”:false,”sku”:”391A0001″,”clientVersion”:3,”nuc”:2**9727761,”nucleusPersonaDisplayName”:”bot”,”nucleusPersonaPlatform”:”ps3″,”locale”:”en-GB”,”method”:”idm”,”priorityLevel”:4,”identification”:{“EASW-Token”:””}}
I have tried multiple skus, and the displayName I logged in with. I also tried different data types for the nucleusId. Sadly, no luck π I am passing the correct cookies too.
Any ideas? Your help is greatly appreciated.
I’m a tit…. after comparing the requests in fiddler, I was missing the personaId! π Suprise suprise, the servers are down, so I can’t test… but i’m pretty certain that’s my issue.
I noticed i pasted the incorrect url too, the machine should have been card-ps3.
Ta
Hello. Im interested……. i pay for autobuyer working…. contact me please.. for ps3
Hi would you be able to send me all the codes needed please? And a bit of instruction with them. Will u be able to use it with eclipse?
Thanks
What program would you recommend using the code in? ive tried phython seems to be a little to low level for it, help would be greatly appreciated
Hi,
Been trying to get this working. Firstly, I’ve never used PHP before, so apologies if I am doing something wrong here.
Firstly, I can call the eahashor.php method and it returns a hash value to me. Then I attempted to use the connector.php class to make the connection, etc. Firstly (with some changes to return such), I get the following error:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
So I changed the connection url (“https://www.ea.com/uk/football/services/authenticate/login”) to http (i.e. removed the ‘s’). This gets me further. I get to the json_decode of $EAACCOUNT. Putting more error handling here I get the following JSON:
{“debug”:””,”string”:”No User”,”reason”:””,”code”:”465″}
So that appears to me to indicate while I can make a connection, I am not logged in properly (perhaps)? Could it be the hashed secret question; if I change either the user or password field to something bogus, it obviously doesn’t get as far. However, I noted I can change the secret question hash to whatever I want, and I get the same response. Can you confirm the hash PHP is working as it should, or point out what I am doing wrong? Would really appreciate it!
NOTE: I’m using the linked version on GitHub.
Thanks!
I’ve been playing around with the code from GitHub and found 2 issues that prevented me from logging in:
1. eahashor.php isn’t calculating the correct hash. I used hash.js to calculate the hash and hardcoded it into my code.
2. line 98 in connector.php ($machine = $d->shardInfo[0]->customdata1[0];) returned the wrong machine. It returned card-360 (xbox I guess) and that devices isn’t linked to my profile. In this case I hardcoded “card-pc” into the code.
After changing these two things I’m now able to successfully log in!
Now I’m stuck with the fact that the search functions don’t return anything. I’m not sure why as there is no debug or error data. Any tips or suggestions are more than welcome!
http://www.robmcghee.com/programming/using-my-fifa13-code/
@Marc
A few people have mentioned the wrong machine type so I might make it hard coded.
Also the issue you were having with EAHashor has now been fixed over at GitHub
Hi rob,
I need your help.
I’m using a bronze pack method to make coins where i buy bronze packs and sell all the contents for 150 & BIN 150. My current method is to modify post parameters from 200 to 150 Buy Now. If you are interested, I am offering some money if you can make a script where it automatically posts all auctions in the trade pile at 150/150BIN. Contact me if interested
Thanks, Nick
Hi Rob, how can i ( install / use ) the Autobuyer? please help me.
Thanx.
Hey!
I’m very interested in buying a full complete working autobuyer for fifa 13 ultimate team pc version. Email me for info, Rob π
Hi Rob, I’m also interesting to buy a complete working autobuyer!
I wait your news! Thanx!!!
Hi Rob,
Thanks for posting the utility functions — the login process was the tricky part to get right. I’ve now managed to create an autobuyer that loops continuously through a set of auction searches and the results are quite amazing. π I’m amazed how many people sell top quality players without even looking at the current market value.
I do have one question, though. In the authentication process, you use the value “bot” for “nucleusPersonaDisplayName”. Do you know what EA use this for, and is it safe to change it?
I can pay for your program if I programs you π
Hey rob,
can i hire you to complete the autobuyer?
And can it look for more player at once?
tutorial from youtube? π
@ Ashley Snowdon, Mark
Can both of you help me to sort some things out? Would be awesome!
@Ashley Snowdon
If you inspect what FUT sends with their WebApp… it is sending the personaName…. I wasn’t able to authenticate if this didn’t match. So I suggest you use the correct personaDisplayName.
Hello could you email me potential prices for an autobuyer. Thank you
@Kurt
That’s odd, since I am now sending a value of “null”, and it’s been trading players fine for days now.
Are you sure you’re talking about “nucleusPersonaDisplayName”?
@ashley
It’s a trap π
When i looked for cookie when browsing with real fut app,
nucleusPersonaDisplayName isn’t equal to bot π
@ Ashley Snowdon
How and what program can I use after i’ve donwloaded all these code?
Hey Rob, was wondering, how can I search for a specific player ? For exemple using the player’s ID because sometimes the search string isn’t narrow enough especially when looking for an english player in the BPL.
Or do I have to analyse the returned .json and see if the attributes match with those of the player I am looking for ?
Hey guys how do I get my nucleusId?
Can you add me on skype i’m willing to pay fifa coins if you could make me the program thankyou! My skype is joee.childs6
@Medz
Hi.
To search for a specific player you need indeed the resourceId.
But in first step you should give the search the following criteria to make the result as small as posible:
TeamId, Position, Level
Furthermore you can add the formation if you need just one kind of a player.
@ Markus
i got the script going, starting making progress with it, however is it possible to be able to search on names instead of club and such, i would love if i just had to type messi instead of his info.
How would i go about this?
There should be some kind of database where player names are linked to resource/base id right?
thanks in advance
rob :((
Hi Rob,
Firstly great site and cool of you to help people, but i am something of a programming novice and was wondering if you will make me the autobuyer, i am willing to pay, how much would you be willing to pay and would you prefer real money or fifa coins?
Cheers
Luke
Hi, I’ve gotten all of these code snippets to work, however, I have one little issue. What would the code be to purchase a card once it has been searched for a located?
I’ve seen you marked up the code with the following:
$trade = $t->trade(18629464);
//to bid 200 on the trade above you would use $t->bid(18629464, 200);
This would only be relating to that specific tradeID, which is 18629464. Would it be possible to go about putting the TradeID that was just found when searching for a player, into the $trade = $t->trade(this spot?????);
Thanks,
KJL
Anyone willing to build one for me? also what price would you want?
Can I hire anyone to build a complete one for me?
is possible to buy a autobuyer?
please contactme
I have made an auto buyer in JAVA.
email me at nickmitchko@gmail.com with the subject Autobuyer.
The Price is $300
Proof: http://brotherlykicks.com/fifa/code/autobuyer.JPG