I need to guess Metatrader protocol and create corresponding API lib
with Ruby gem(preferred)/Python
Here some refs: [url removed, login to view] [url removed, login to view]
Some from StackOverflow:
Actually, there is an (official) MT4 Server API. It consists of an .dll-file with some example code in C++ and Delphi. The .dll exposes functions for logging in, place orders, get your balance, etc.
You don't need MetaTrader installed, but only that .dll-file.
Unfortunately, the documentation for this API is virtually non-existant. Sometimes source code is only commented in Russian. Apparently some documentation is available in a special support area on MetaQuote's website, but this requires a login- which you'll only get if you bought a MT4 server licence (which I don't have).
Now to answer your original question: If you want to reverse-engineer the protocol you definately need to disassemble the binary and have a look at the code. The communication is scrambled by an unkown algorithm.
What I have found out so far:
Although they are using port 443 for communication, they are not using SSL or even HTTPS. If you look at captured traffic it sometimes looks like they are using 16 bytes blocksize without cbc. (You can easily spot patterns which repeat every 16 bytes with slight differences).
Transport is simply TCP, you can stream multiple commands with one connection until you are finished.
Commands (before encryption) are readable ASCII-texts finished with a line feed (\n)
Connection is properly terminated by sending QUIT\n
The first byte after opening the connection specifies the protocol mode. Possible values are (at least) W, Z for clear text or 0x0 for encrypted transport.
Beginning a connection with W starts the "Web Service"-mode. You can receive at least quotes and a list of symbols with that. You can easily try this out with telnet:
$ telnet [url removed, login to view] 443
Connected to 18.104.22.168.
Escape character is '^]'.
MetaTrader Server 4.00 build 391
Ava Financial Ltd.
up EURUSD 1.4105 1.4106 [url removed, login to view] 02:02:49
down EURGBP 0.8673 0.8675 [url removed, login to view] 02:02:41
[url removed, login to view] 02:02:49
[url removed, login to view]
Connection closed by foreign host.
Bold text is what I've typed in the telnet session. Z instead of W works also for the INFO command.
Note that you have to end the list of symbols for the QUOTES command with a comma. The QUOTES command seems to be unavailable in builds prior to 391 (found a lot of servers running build 344).
I know about the QUOTES command (and the W) directly from the docs, saw the INFO command by sniffing the MT4 client and found out about LIST just by trying out some keywords. Let me know if you find more. There should be at least a command to receive the bars for the charts.
I know this is not a proper answer to your question, but I think this info is relevant to a lot of people for a starting point, and it was too much text for a comment.