new blades
sign in
Community Preservation Project

The simplest possible ask

The smallest set of things Bethesda could do for the community to keep Blades running on every platform after June 30, 2026 — without ongoing involvement from Bethesda or Microsoft.

Everything below collapses into one concept: one final preservation-friendly client build, plus a short technical handoff document. The strategic framing for why a publisher might engage with this request lives on the strategy page; this page is the technical specifics.

Ask 1

A FairPlay-stripped iOS build.

One final build of the iOS client with FairPlay encryption removed, posted publicly. Without this, iOS preservation is impossible.

App Store binaries are FairPlay-encrypted; decryption requires a jailbroken device of the right iOS vintage. Without a clean IPA, sideloading tools like AltStore and Sideloadly cannot help. The community has no path to a clean iOS binary on its own.

One last build, exported with FairPlay stripped and posted somewhere durable (a Bethesda preservation page, a community partner, a single archive link), keeps iOS alive after the App Store listing is gone.

Cost to Bethesda
Hours of engineering, one-time.
Risk to Bethesda
Near zero. The same binary already shipped to player devices.
Ask 2

Configurable server endpoints in the preservation build.

The iOS preservation build (and the equivalent Android build) reads server hostnames from a user-overridable resource — Servers.plist on iOS, an equivalent resource on Android.

A small named list of endpoints (auth, game, matchmaking, and so on), each mapping to a hostname or IP. Defaults ship with Bethesda's current production hosts; community re-signers swap them at re-signing time.

Side effect: multiple independent communities can run their own servers without coordinating, and a single client install can be pointed at different servers over its lifetime.

On Android: the community has already produced a modified APK that does this today. An official Android build with this feature is a courtesy — less legal grey, more user trust — not a blocker. Android preservation works without it; iOS is where this ask matters most.

Cost to Bethesda
Marginal — a build flag and a small resource lookup. Bundles cleanly with Ask 1.
Risk to Bethesda
None on iOS (the build is already off the App Store). On Android, no change to production behavior; the override only matters for re-signed copies.
Ask 3

Trust user-installed certificates in the preservation build.

The build trusts user-installed CAs, so the client can talk to a community server using a community-signed TLS certificate.

iOS: remove NSPinnedDomains (or any custom certificate pinning) from the preservation build. Without pinning, the app uses the standard system trust store, which on iOS already includes user-installed configuration profiles.

Android: include a network_security_config that trusts user CAs in the production manifest. Without this, Android 7+ rejects user-installed CAs by default.

Without this ask, the configurable endpoints in Ask 2 are useless — the client rejects the community server's TLS certificate before any traffic flows.

Cost to Bethesda
A manifest entry on Android; a removed Info.plist key on iOS. Trivial.
Risk to Bethesda
None for the preservation build. The current production app keeps its pinning.
Ask 4

A short technical handoff for non-obvious protocol details.

A document — a few pages of text, not a code release — covering the parts of the system a server emulator cannot easily reconstruct from observed traffic alone.

  • Auth and session tokens. Format, lifetime, whether anything client-side is more than an opaque session ID, any baked-in client secrets the server expects.
  • Save state authority. Which subsystems are server-authoritative (towns, inventory, character stats) vs. client-authoritative; reconciliation rules; conflict resolution.
  • Arena UDP encryption. Key derivation, libsodium AEAD parameter choices, sequence numbering, packet framing. The community is currently extracting keys via Frida hooks at runtime; documentation would replace that with a clean reimplementation.
  • Anti-tamper signatures. Any HMAC or request-signing scheme over request bodies, and the secrets used.
  • IAP receipt validation. The flow Bethesda's servers use to validate Apple/Google receipts, and what a community server should do for restored purchases.
  • Anything else Bethesda's engineers think a server-side reimplementer would otherwise miss.
Cost to Bethesda
A few engineer-days of writing. Not a code release.
Risk to Bethesda
Low. The document describes interfaces, not implementations; no proprietary code or assets are released.
Long-term aspiration. The ideal outcome would be open-sourcing the client and server on GitHub, as has happened years after the fact for many older games (Doom, Quake, the Command & Conquer Remastered source release, and many others). We understand why that isn't possible today, and the four requests above are deliberately scoped to be achievable without touching that question.

This page describes the simplest concrete ask to Bethesda. The broader strategic context — why this matters, why a publisher might engage, what alternatives exist — is on the strategy page. Not affiliated with Bethesda Softworks, ZeniMax Media, or Microsoft Corporation. The Elder Scrolls is a trademark of ZeniMax Media Inc.