Sony may shut down DNAS server by March 2016

A place to discuss Playstation 2 online gaming.
Hunk91
Level 41: Can't Think of More Ranks...Time to Split!
Posts: 556
Joined: Wed Sep 23, 2015 12:02 pm
Xlink Kai Setup?: yes
Xlink Kai username: Hunk91
Location: France

Re: Sony may shut down DNAS server by March 2016

Post by Hunk91 » Tue Jan 19, 2016 10:56 am

Vedita BR wrote:
DonkeyKong wrote:So when it will close we'll always get such error
-104 sceDNAS2_SS_END_OF_SERVICE All DNAS services have stopped. "DNAS Error
(-104) The network authentication server is not in service."
They will just take down the server, it will not respond anymore, so the error will be a timed out connection.

This skiping DNAS look like.

Code: Select all

sceDNAS2InitNoHDD 0x0032E770
jr $ra
lui $v0, 0

sceDNAS2AuthGetUniqueID 0x0032E950
jr $ra
lui $v0, 0

sceDNAS2Shutdown 0x0032EB18
jr $ra
lui $v0, 0

sceDNAS2Abort 0x0032EE10
jr $ra
lui $v0, 0

sceDNAS2GetStatus 0x0032EF28
li $a1, 5
sw $a1, 0($a0)
li $a1, 0x4000004
sw $a1, 4($a0)
li $a1, 3
sw $a1, 8($a0)
jr $ra
lui $v0, 0

sceDNAS2SetProxy 0x0032EF88
jr $ra
lui $v0, 0

sceDNAS2GetProxy 0x0032F020
jr $ra
lui $v0, 0

sceDNAS2AuthNetStart 0x0032F280
jr $ra
lui $v0, 0
Thank you Vedita BR for the code.

How to create an Elf file with it? Or how to use it with a game to skip DNAS check?
\\FAT PAL PS2 + Internal 64GB SD Card + FMCB 1.953 + OPL 0.9.3
\\PCSX2 1.40 + CLR DEV9 V0.8.2 (Playing via Wifi!)

Playing: B.O File#1&2, SWBF I&II,Sniper Elite, Area 51, Hot Wheels Stunt Track Challenge, T.M.B.O, C.O.D 3, M.G.S.3.O

User avatar
Vedita BR
Level 16: Immoral Kombat: Reconciliation
Posts: 156
Joined: Sat Oct 31, 2015 9:24 pm
Xlink Kai Setup?: yes
Xlink Kai username: LtCarlos

Re: Sony may shut down DNAS server by March 2016

Post by Vedita BR » Tue Jan 19, 2016 11:37 am

Hunk91 wrote: How to create an Elf file with it? Or how to use it with a game to skip DNAS check?
With PS2Dis or PCSX2. I've managed to change something in Call of Duty 3, after changing some hex values the game hangs at DNAS authentication, that's a good sign tough. Check out these posts bellow.

PS: I'm new with hacking on PS2.
Coldbird wrote:
What exactly is DNAS and how does it work?

Code: Select all

DNAS is a online authentication system to check your hardware, harddrive and disc for legitimacy.

It reads Disc IDs out of the Sony Wobble Sector Lead-In and passes it, hashed together with a bunch of other hardware information to the Sony Gate Server which in turn returns a error code or success value, allowing or denying you network access.

DNAS itself, on the clientside, is implemented as a asynchronous polling utility, similiar to sceUtility modules on Playstation Portable.
How to disable DNAS inside your game?

Code: Select all

Basically we overwrite the DNAS2 functions Sony added to the games with dummies that always return expected success values.

This way the game will think it passed the DNAS checks and not bother with it anymore.
This workaround won't work for every game, especially not those that do DNAS challenge checks in their gaming servers, but those that don't will work.

The real difficulty is finding the DNAS functions inside the game, as they aren't always easy to find.

Thus... take this road-map to .hack//Frägment's main executable (HACK_00.ELF) and the replacement functions I've coded to make it work.
.hack//Frägment (HACK_00.ELF) Roadmap

Code: Select all

sceDNAS2InitNoHDD 0x0032E770
jr $ra
lui $v0, 0

sceDNAS2AuthGetUniqueID 0x0032E950
jr $ra
lui $v0, 0

sceDNAS2Shutdown 0x0032EB18
jr $ra
lui $v0, 0

sceDNAS2Abort 0x0032EE10
jr $ra
lui $v0, 0

sceDNAS2GetStatus 0x0032EF28
li $a1, 5
sw $a1, 0($a0)
li $a1, 0x4000004
sw $a1, 4($a0)
li $a1, 3
sw $a1, 8($a0)
jr $ra
lui $v0, 0

sceDNAS2SetProxy 0x0032EF88
jr $ra
lui $v0, 0

sceDNAS2GetProxy 0x0032F020
jr $ra
lui $v0, 0

sceDNAS2AuthNetStart 0x0032F280
jr $ra
lui $v0, 0
Aramaki wrote: I created a 273933B4.pnach file based on the above information:

Code: Select all

comment=dothack Fragment

// Coldbird's DNAS patch
patch=1,EE,0032e770,word,03e00008
patch=1,EE,0032e774,word,3c020000
patch=1,EE,0032e950,word,03e00008
patch=1,EE,0032e954,word,3c020000
patch=1,EE,0032eb18,word,03e00008
patch=1,EE,0032eb1c,word,3c020000
patch=1,EE,0032ee10,word,03e00008
patch=1,EE,0032ee14,word,3c020000
patch=1,EE,0032ef28,word,24050005
patch=1,EE,0032ef2c,word,ac850000
patch=1,EE,0032ef30,word,3c054000
patch=1,EE,0032ef34,word,24a50004
patch=1,EE,0032ef38,word,ac850004
patch=1,EE,0032ef3c,word,24050003
patch=1,EE,0032ef40,word,ac850008
patch=1,EE,0032ef44,word,03e00008
patch=1,EE,0032ef48,word,3c020000
patch=1,EE,0032ef88,word,03e00008
patch=1,EE,0032ef8c,word,3c020000
patch=1,EE,0032f020,word,03e00008
patch=1,EE,0032f024,word,3c020000
patch=1,EE,0032f280,word,03e00008
patch=1,EE,0032f284,word,3c020000
Here's my own patch, don't know if it breaks something, at least DNAS is entirely skipped and the game tries to connect to the (nonexistent) lobby server:

Code: Select all

comment=dothack Fragment

// Aramaki's DNAS patch
patch=1,EE,002a87a8,word,24020001
Coldbird wrote: Hm... thats a good one Aramaki.

You erase the thing from the top-down while I take it from the bottom-up.

It's good to have variety in case one of the patches fails, actually, we could just go and use both patches, they shouldn't hurt each other, in theory your patch should nullify mine as it prevents the EIP from ever reaching it.

The reason I picked my approach is because it is transferable to other games with hardly any modification required (not that it matters for our use-case) as the DNAS caller functions are actually statically linked in via ld, which in turn means that the functions are identical in all games.
http://forum.coldbird.net/viewtopic.php?f=31&t=1526
PlayStation® 2 System
SCPH-90010, 39001, SCE Modem/Ethernet (Network Adaptor)
OPL 0.9.X WIP


METAL GEAR ONLINE is BACK! SaveMGO.com
-Vedita BR / Fury-K96

kalle
Level 1: Deer Hunter
Posts: 1
Joined: Sun Jan 31, 2016 9:44 am

Re: Sony may shut down DNAS server by March 2016

Post by kalle » Sun Jan 31, 2016 10:06 am

Hey guys,

great work upon here. If it's somehow possible to get some valid certificate for the ps2 I would be pleased to host an DNAS emulator server. To say some words about myself: I'm the founder of GameMaster (https://gamemaster.gameshare.co) and I recently noticed that atm no connection to DNAS is possible any more. I even can't get the IP address from an DNS server from "dnas.playstation.org".

Maybe it would be possible that we get the things working even for the original PS2 without modding it.

mangoost
Level 1: Deer Hunter
Posts: 6
Joined: Sun Jan 31, 2016 12:46 pm
Contact:

Re: Sony may shut down DNAS server by March 2016

Post by mangoost » Sun Jan 31, 2016 1:03 pm

hi guys, i from Ukraine using Google translator .
We in Ukraine and Russia , too many players PS2 online.
And we are interested to apply with a petition to Sony so that it strongly supported online on PS2.
Here coalesce together and write a letter to SONY.
We ask your help as the right thing to do.
Thank you.

my skype mangost86

DonkeyKong
Level 22: Rogue Soldier
Posts: 219
Joined: Wed Sep 16, 2015 2:48 pm

Re: Sony may shut down DNAS server by March 2016

Post by DonkeyKong » Sun Jan 31, 2016 1:21 pm

mangoost wrote:hi guys, i from Ukraine using Google translator .
We in Ukraine and Russia , too many players PS2 online.
And we are interested to apply with a petition to Sony so that it strongly supported online on PS2.
Here coalesce together and write a letter to SONY.
We ask your help as the right thing to do.
Thank you.

my skype mangost86
I already told you that it is a bad idea.They didn't post any massages about closing the cod3 servers. But they probably can shut servers when DNAS will be down.And Sony isn't supporting PS2 already for 3 years.They closed all their servers for PS2 games,but they are just keeping DNAS in order players to be able to play on official servers of other developers.But SquareEnix is going to take down FFXI severs in March ,so maybe Sony will shut DNAS at that point

User avatar
Vedita BR
Level 16: Immoral Kombat: Reconciliation
Posts: 156
Joined: Sat Oct 31, 2015 9:24 pm
Xlink Kai Setup?: yes
Xlink Kai username: LtCarlos

Re: Sony may shut down DNAS server by March 2016

Post by Vedita BR » Sun Jan 31, 2016 4:02 pm

kalle wrote: "dnas.playstation.org"
Wrong domain name.

Right is:
gate1.us.dnas.playstation.org 203.105.78.163
gate1.eu.dnas.playstation.org 203.105.78.164
gate1.jp.dnas.playstation.org 203.105.78.162

These IPs are located in Japan.

DNAS Certificate has a RSA private key with 1024 bits lenght. PS2 only trust in the certificate if it is signed by a CA that it trusts
Last edited by Vedita BR on Tue Feb 02, 2016 12:12 am, edited 1 time in total.
PlayStation® 2 System
SCPH-90010, 39001, SCE Modem/Ethernet (Network Adaptor)
OPL 0.9.X WIP


METAL GEAR ONLINE is BACK! SaveMGO.com
-Vedita BR / Fury-K96

mangoost
Level 1: Deer Hunter
Posts: 6
Joined: Sun Jan 31, 2016 12:46 pm
Contact:

Re: Sony may shut down DNAS server by March 2016

Post by mangoost » Sun Jan 31, 2016 5:06 pm

I think that all this is due to move the headquarters of SONY in the United States from Japan , namely in Japan are DNAS server through which we get to the official server or a pirated games. correct me if I'm wrong

mangoost
Level 1: Deer Hunter
Posts: 6
Joined: Sun Jan 31, 2016 12:46 pm
Contact:

Re: Sony may shut down DNAS server by March 2016

Post by mangoost » Sun Jan 31, 2016 5:40 pm

may still try to find out about plans SONY. What do you think ?

mangoost
Level 1: Deer Hunter
Posts: 6
Joined: Sun Jan 31, 2016 12:46 pm
Contact:

Re: Sony may shut down DNAS server by March 2016

Post by mangoost » Mon Feb 01, 2016 4:15 pm

Tell me who holds the server for Call of duty 3? This is Treyarch? Can Activision?

mangoost
Level 1: Deer Hunter
Posts: 6
Joined: Sun Jan 31, 2016 12:46 pm
Contact:

Re: Sony may shut down DNAS server by March 2016

Post by mangoost » Mon Feb 01, 2016 4:24 pm

Vedita BR wrote:
Hunk91 wrote: How to create an Elf file with it? Or how to use it with a game to skip DNAS check?
With PS2Dis or PCSX2. I've managed to change something in Call of Duty 3, after changing some hex values the game hangs at DNAS authentication, that's a good sign tough. Check out these posts bellow.

PS: I'm new with hacking on PS2.
Coldbird wrote:
What exactly is DNAS and how does it work?

Code: Select all

DNAS is a online authentication system to check your hardware, harddrive and disc for legitimacy.

It reads Disc IDs out of the Sony Wobble Sector Lead-In and passes it, hashed together with a bunch of other hardware information to the Sony Gate Server which in turn returns a error code or success value, allowing or denying you network access.

DNAS itself, on the clientside, is implemented as a asynchronous polling utility, similiar to sceUtility modules on Playstation Portable.
How to disable DNAS inside your game?

Code: Select all

Basically we overwrite the DNAS2 functions Sony added to the games with dummies that always return expected success values.

This way the game will think it passed the DNAS checks and not bother with it anymore.
This workaround won't work for every game, especially not those that do DNAS challenge checks in their gaming servers, but those that don't will work.

The real difficulty is finding the DNAS functions inside the game, as they aren't always easy to find.

Thus... take this road-map to .hack//Frägment's main executable (HACK_00.ELF) and the replacement functions I've coded to make it work.
.hack//Frägment (HACK_00.ELF) Roadmap

Code: Select all

sceDNAS2InitNoHDD 0x0032E770
jr $ra
lui $v0, 0

sceDNAS2AuthGetUniqueID 0x0032E950
jr $ra
lui $v0, 0

sceDNAS2Shutdown 0x0032EB18
jr $ra
lui $v0, 0

sceDNAS2Abort 0x0032EE10
jr $ra
lui $v0, 0

sceDNAS2GetStatus 0x0032EF28
li $a1, 5
sw $a1, 0($a0)
li $a1, 0x4000004
sw $a1, 4($a0)
li $a1, 3
sw $a1, 8($a0)
jr $ra
lui $v0, 0

sceDNAS2SetProxy 0x0032EF88
jr $ra
lui $v0, 0

sceDNAS2GetProxy 0x0032F020
jr $ra
lui $v0, 0

sceDNAS2AuthNetStart 0x0032F280
jr $ra
lui $v0, 0
Aramaki wrote: I created a 273933B4.pnach file based on the above information:

Code: Select all

comment=dothack Fragment

// Coldbird's DNAS patch
patch=1,EE,0032e770,word,03e00008
patch=1,EE,0032e774,word,3c020000
patch=1,EE,0032e950,word,03e00008
patch=1,EE,0032e954,word,3c020000
patch=1,EE,0032eb18,word,03e00008
patch=1,EE,0032eb1c,word,3c020000
patch=1,EE,0032ee10,word,03e00008
patch=1,EE,0032ee14,word,3c020000
patch=1,EE,0032ef28,word,24050005
patch=1,EE,0032ef2c,word,ac850000
patch=1,EE,0032ef30,word,3c054000
patch=1,EE,0032ef34,word,24a50004
patch=1,EE,0032ef38,word,ac850004
patch=1,EE,0032ef3c,word,24050003
patch=1,EE,0032ef40,word,ac850008
patch=1,EE,0032ef44,word,03e00008
patch=1,EE,0032ef48,word,3c020000
patch=1,EE,0032ef88,word,03e00008
patch=1,EE,0032ef8c,word,3c020000
patch=1,EE,0032f020,word,03e00008
patch=1,EE,0032f024,word,3c020000
patch=1,EE,0032f280,word,03e00008
patch=1,EE,0032f284,word,3c020000
Here's my own patch, don't know if it breaks something, at least DNAS is entirely skipped and the game tries to connect to the (nonexistent) lobby server:

Code: Select all

comment=dothack Fragment

// Aramaki's DNAS patch
patch=1,EE,002a87a8,word,24020001
Coldbird wrote: Hm... thats a good one Aramaki.

You erase the thing from the top-down while I take it from the bottom-up.

It's good to have variety in case one of the patches fails, actually, we could just go and use both patches, they shouldn't hurt each other, in theory your patch should nullify mine as it prevents the EIP from ever reaching it.

The reason I picked my approach is because it is transferable to other games with hardly any modification required (not that it matters for our use-case) as the DNAS caller functions are actually statically linked in via ld, which in turn means that the functions are identical in all games.
http://forum.coldbird.net/viewtopic.php?f=31&t=1526
Because I find it hard to read the message, but the basic idea , I realized that really DNAS check can be bypassed ?

Post Reply