Sony may shut down DNAS server by March 2016

A place to discuss Playstation 2 online gaming.
Hunk91
Level 41: Can't Think of More Ranks...Time to Split!
Posts: 556
Joined: Wed Sep 23, 2015 12:02 pm
Xlink Kai Setup?: yes
Xlink Kai username: Hunk91
Location: France

Re: Sony may shut down DNAS server by March 2016

Post by Hunk91 » Thu Dec 10, 2015 9:22 am

For the moment I only know HTML. I do have some network knowledges but those are vey common to all of us. May be we can make a working group and try to work on this. I'm sure there are a lot of talented people here and on the PS2 scene that may help us.

I'm really busy with my young familly the evening, so the only thing I can do for the moment when I'm playing online is to make some capture packets with wireshark.
\\FAT PAL PS2 + Internal 64GB SD Card + FMCB 1.953 + OPL 0.9.3
\\PCSX2 1.40 + CLR DEV9 V0.8.2 (Playing via Wifi!)

Playing: B.O File#1&2, SWBF I&II,Sniper Elite, Area 51, Hot Wheels Stunt Track Challenge, T.M.B.O, C.O.D 3, M.G.S.3.O

Viscosity
site admin
Posts: 682
Joined: Wed Aug 18, 2010 9:15 pm
Xlink Kai Setup?: yes

Re: Sony may shut down DNAS server by March 2016

Post by Viscosity » Sun Dec 20, 2015 4:33 am

The main issue is that sony own the key to their ssl connection. Using that would be illegal unless we reverse engineered it which is pretty much cracking it. The first thing to do would probably to edit the https lines of the game to http and setup an http proxy/tunnel that handles the ssl on a server for you. This would enable you to be able to see the unencrypted traffic from the DNAS. This is what people did when gamespy was going down for reverse engineering the wii games.
(gmt-5)
Current Online Games: TSFP,TMBO, Project Snowblind, COD 2 BRO,Tribes, Champions: Return to Arms, Amplitude, Greg Hastings, XIII, Tony Hawk Pro Skater 3, Deer Hunter

[BILBO]
Level 1: Deer Hunter
Posts: 6
Joined: Tue Nov 17, 2015 10:48 pm
Xlink Kai Setup?: no

Re: Sony may shut down DNAS server by March 2016

Post by [BILBO] » Sun Dec 20, 2015 10:29 am

I know about DNAS authentication, but what exactly are DNAS servers? I thought that the games authenticated that with their own servers.

daps2
Level 41: Can't Think of More Ranks...Time to Split!
Posts: 465
Joined: Wed Jul 16, 2014 12:07 am
Xlink Kai Setup?: yes

Re: Sony may shut down DNAS server by March 2016

Post by daps2 » Wed Dec 23, 2015 4:39 pm

[BILBO] wrote:I know about DNAS authentication, but what exactly are DNAS servers? I thought that the games authenticated that with their own servers.
Dnas is sonys own thing. It till this day is still hosted officially by sony and nearly every game has to pass through it before connecting to its own server. So if DNAS is turned offline it would need to be eumulated or discs patched to make games playable again.

For more info go google "Dynamic Network Authentication System"

MrGame20
Level 1: Deer Hunter
Posts: 3
Joined: Mon Jan 18, 2016 5:32 am

Re: Sony may shut down DNAS server by March 2016

Post by MrGame20 » Mon Jan 18, 2016 7:18 am

I'm one of the people behind the Metal Gear Solid 3: Subsistence server and I've spent a very significant amount of time trying to recreate DNAS. If someone wants to make a stab at this though I figured I'd give a bit more light on the core problem

As TheDominator said "One of the biggest problems you probably will run in to is encrypted traffic." and as Viscosity said:
The main issue is that sony own the key to their SSL connection. Using that would be illegal unless we reverse engineered it which is pretty much cracking it.
For what its worth, using the key wouldn't actually be illegal, the illegal thing would (likely) be getting access to that key since SSL/TLS is built on public key cryptography, the private key never leaves the server. It cannot be reverse engineered and even with modern computing it is still not feasible to generate the private key from the public key.

I figured I'd add an explanation of the problem for anyone who wants to try and pick up where I left off:

SSL/TLS (the protocol that provides encryption for TCP connections, DNAS is over TCP) is based on public key cryptography. There is a certificate that is provided when you connect to the server and try to establish a secure connection, this certificate includes stuff like who you're connecting to (the domain name, company name, etc) and it includes the key you can use to encrypt a message to the server(there is a separate key for decryption only the server knows). This certificate is then 'signed' using the private key. This signature can be verified using the public key but can only be generated using the private key. If you change any details in the certificate(like the domain name) then verification will fail unless you update the signature using the private key...so basically this prevents tampering of the certificate.

So one question someone might then ask is: What is stopping me from creating a certificate with my own keys and just saying it's from Sony, this is prevented by a sort of 'chain' of signatures. Not only does the private key sign it but you need to get this certificate signed by a 'Certificate Authority' (CA for short). When you request a CA sign your certificate they will verify certain aspects of the certificate, at the cheapest level they just verify you control the domain name the certificate is for and more expensive ones will verify the company and personal information also. Once they are satisfied they sign your certificate.

Part of the verification of a certificate the PS2 receives when connecting to DNAS is to check for this CA's signature and that the CA is one that the PS2 trusts. You can create your own CA and sign a certificate (called self-signing) but that CA won't be trusted by the PS2.

All this to say when the PS2 attempts to connect to the DNAS server If the signature doesn't match the content, or if the CA's signature is not from a trusted source, or a number of other reasons the certificate is rejected and the connection won't go forward.

Preventing someone from masquerading as another server is one of the primary purposes of using SSL/TLS in the first place, so it is not surprising that this is a major roadblock. The three classic methods of dealing with this are to either add your own CA to the trusted list of CAs, or to change the domain it tries to contact to one you can get a certificate for, or disable certificate verification.

All of those are applicable on the PS2, however if you have access to do any of these on your console, you'd also have access to simply disable DNAS altogether by patching it out. Why waste time building a DNAS clone when it can't be used unless you already skip DNAS?

If someone wants to take up this challenge there are a few possibilities:

I don't remember if the PS2 does revocation checking but while writing I had the thought of using a stolen CA key. Occasionally some random CA will have their key stolen. Usually, this key won't be publicly released and I can't think of any time they have been if it ever happens that one is publicly released that belongs to a CA the PS2 trusts, and the PS2 doesn't do revocation checking then you could use that key to generate an acceptable certificate for DNAS. I'll admit this is a pretty unlikely case since releasing the key is a stupid move after someone has stolen it.

Occasionally CAs will have a bug that results in mistakenly signed certificates, abuse one of those to get a valid certificate

Recover the DNAS private key. Sounds crazy but this might be the most likely case. It is possible to discover the private key information from the public key it is just computationally difficult and likely not feasible with current computing power.

Noticing a trend? These all rely on somehow getting a valid certificate which shouldn't happen.

The other option is the ability to patch the game, this can be accomplished with something like a Code Breaker, Action Replay, Gameshark or a homebrew program to patch out DNAS. Without using something 'extra,' the only option is to find an exploit that can be leveraged to get code execution. This exploit would need to be in code that precedes DNAS, so likely candidates are in DNS response handling, SSL/TLS verification or in the TCP and UDP processing code. If the game has downloadable content that is another possibility. Other locations like save management are viable but would be roughly as accessible as using a cheat disk or homebrew.

If someone here does decide to try and pick up this challenge please feel free to contact me with any questions on here or on email if I don't respond. I've spent a lot of time working on DNAS and it has annoyed me that I haven't managed to solve this problem over the years.

Email: my username at savemgo.com

DonkeyKong
Level 22: Rogue Soldier
Posts: 219
Joined: Wed Sep 16, 2015 2:48 pm

Re: Sony may shut down DNAS server by March 2016

Post by DonkeyKong » Mon Jan 18, 2016 12:20 pm

You know Square Enix will shut down Final Fantasy XI servers for PS2 and Xbox 360 in March 2016. I think Sony just waiting when the last official servers for PS2 games will shut down. There is CoD3 too ,but I don't think that they will keep DNAS for only one game,there is also low online level in it (15 players on both PAL and NTSC)

BevP99
Level 9: Greg Hasting's Competition Squirtguns Max'd
Posts: 82
Joined: Sun Jan 17, 2016 12:58 pm
Xlink Kai Setup?: yes
Xlink Kai username: rocker9375

Re: Sony may shut down DNAS server by March 2016

Post by BevP99 » Mon Jan 18, 2016 1:32 pm

Fack, looks like I gotta get MGS3 subsistence now and start playing. I never had the chance before but I think i'd better before things get shut down completely.

DonkeyKong
Level 22: Rogue Soldier
Posts: 219
Joined: Wed Sep 16, 2015 2:48 pm

Re: Sony may shut down DNAS server by March 2016

Post by DonkeyKong » Mon Jan 18, 2016 1:58 pm

You know if you trying to go online in MGS 3 you always get DNAS error.For example:we have licensed copy,putting the disk into the console,starting online mode and getting error -618 (or -610).But if we will boot it using special elf we can pass DNAS check. So is it custom DNAS server or it just connecting to official one?
.

MrGame20
Level 1: Deer Hunter
Posts: 3
Joined: Mon Jan 18, 2016 5:32 am

Re: Sony may shut down DNAS server by March 2016

Post by MrGame20 » Mon Jan 18, 2016 2:33 pm

But if we will boot it using special elf we can pass DNAS check. So is it custom DNAS server or it just connecting to official one?
Its neither, the special elf (or any method of modifying the code) just disables the DNAS check altogether.
Fack, looks like I gotta get MGS3 subsistence now and start playing. I never had the chance before but I think i'd better before things get shut down completely.
The Metal Gear Online server won't be disappearing anytime soon and we've been back online for a couple years now.

DNAS was a roadblock from the start so the method to get on is the same regardless DNAS being only (you do need a cheat disk, or the ability to run homebrew. More information at savemgo.com)

DonkeyKong
Level 22: Rogue Soldier
Posts: 219
Joined: Wed Sep 16, 2015 2:48 pm

Re: Sony may shut down DNAS server by March 2016

Post by DonkeyKong » Mon Jan 18, 2016 2:54 pm

MrGame20 wrote:Its neither, the special elf (or any method of modifying the code) just disables the DNAS check altogether.
Is it possible to disable it in other games using the same methods?
And why do you always get DNAS errors when starting without homebrew tools? Had MGS3 its own DNAS check server?

Post Reply