ninjatrader_jew

# NinjaTrader 8 Reverse Engineering Project

## Purpose
Reverse-engineer NinjaTrader 8's data layer: how it downloads, encrypts, stores, and replays market data. Build standalone tools to fetch historical bars and parse cached replay files without NT8.

## Key Findings So Far
- **Two data paths exist:**
  1. **CQG/Tradovate** — live + historical bars via WebSocket (JSON text frames). Fully working standalone client.
  2. **NinjaTrader HDS** — encrypted `.ncd` files + unencrypted `.nrd` replay files via raw TCP+SSL. Protocol captured and partially decoded.
- **Obfuscation:** Agile.NET (CliSecure) — all strings, crypto calls, and control flow in `NinjaTrader.Core.dll` are obfuscated. Static decompilation yields empty method bodies.
- **.nrd format:** 12×80-byte headers + delta-compressed tick stream. Header layout fully confirmed. Tick compression partially understood (infoByte-driven variable-length records, ~5 bytes/event).
- **.ncd encryption:** Cipher unknown (likely AES via BouncyCastle). Key source unknown. Blocked by obfuscation.

## Directory Layout

```
├── PLAN.md                    # Original RE plan (phases 1-7)
├── cqg_config.json            # Tradovate auth config (tokens, creds) — gitignored
├── .device_id                 # Machine identifier — gitignored
│
├── scripts/                   # Python tooling (main workspace)
│   ├── cqg_client.py          # CQG protobuf WebSocket client
│   ├── tv_client.py           # Tradovate JSON WebSocket client
│   ├── tradovate_auth.py      # Tradovate REST auth (token acquisition/renewal)
│   ├── pipeline.py            # En…