Remove certificate on MOHPA client

Extraction and unpacking of game archives and compression, encryption, obfuscation, decoding of unknown files
THORONGIL
Posts: 4
Joined: Sat Feb 06, 2016 11:30 am

Remove certificate on MOHPA client

Post by THORONGIL »

Hey I'm looking for a way to remove the ssl certficate/fesl step. Its for a gamespy replacement. Cause of this we can't play multiplayer not even the Lan mode since gamespy is down.

I've found the "EA games fesl.ea.com certificate verification remover 0.2" which would solve the issue but sadly it returns with "no bytes found".

http://aluigi.altervista.org/patches/fesl.lpatch

I also read this part "note that the executable must be NOT encrypted or compressed (that happens when are used CD protections)." I have no idea if that's the case or if mohpa bytes are just slightly different.
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Remove certificate on MOHPA client

Post by aluigi »

Your exe is the 1.02 no-cd one, so it's correct.

Inside the exe there are no references to ssl or "https" and so on.
fesl and Gamespy are 2 different things.

What's the exact problem you are experiencing at "low level"?
THORONGIL
Posts: 4
Joined: Sat Feb 06, 2016 11:30 am

Re: Remove certificate on MOHPA client

Post by THORONGIL »

The game tries to connect to mohpa.fesl.ea.com 18020 first. Which prevents us to connect to a master server.
THORONGIL
Posts: 4
Joined: Sat Feb 06, 2016 11:30 am

Re: Remove certificate on MOHPA client

Post by THORONGIL »

Can a working fesl emulator be created I guess not right? So I have to find a way to skip the fesl. Just have no clue how to find that. How did you approach this to find the bytes in your fesl.lpatch ?
Cobra
Posts: 2
Joined: Mon Feb 08, 2016 6:29 pm

Re: Remove certificate on MOHPA client

Post by Cobra »

Hey i was also looking at this some time ago and couldnt figure out where to find/change the bytes needed to either stop fesl running or tell it to accept the failed check and continue running the game, ive looked all over for help on this and arrived here so any help appreciated guys :)
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Remove certificate on MOHPA client

Post by aluigi »

One of the checking functions is 0xaf64b0, you can try setting it to 33 c0 c3 at 0x6F56B0 of the executable but it may not work.
Maybe someone will work on this stuff, I have no time. Sorry.

P.S.: remember to run the server as sslv2
THORONGIL
Posts: 4
Joined: Sat Feb 06, 2016 11:30 am

Re: Remove certificate on MOHPA client

Post by THORONGIL »

As your doubt suggested changing to the following 33 c0 c3 at 0x6F56B0 did not help. I'm curious how did you get to that conclusion that 0xaf64b0 might be it? It points to function: sub_AF64B0 (I use IDA pro)
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Remove certificate on MOHPA client

Post by aluigi »

It contains the code that checks the various fields of the certificate.
Cobra
Posts: 2
Joined: Mon Feb 08, 2016 6:29 pm

Re: Remove certificate on MOHPA client

Post by Cobra »

Aluigi, do you think it is possible to modify at this address alone and continue running the game or do you think it also needs your own FESL Server created as with BF2142 and just stop original FESL from running in the PA exe?
Gold
Posts: 2
Joined: Sun Feb 14, 2016 10:11 pm

Re: Remove certificate on MOHPA client

Post by Gold »

THORONGIL i have Lan working here but sadly cant get outside of the network.Would love to just be able to do that even if other features were disabled.
mDaWg
Posts: 1
Joined: Tue Jul 12, 2016 3:35 am

Re: Remove certificate on MOHPA client

Post by mDaWg »

I'm pretty sure the fesl server we wrote would work for this game. I know this thread is a bit old, but we didn't have a working fesl server up until recently.

As of today, we have a fully working fesl server that we wrote from scratch in nodejs based on aluigi's concept written in C (Thanks! Much appreciated). We did all the gamespy stuff ourselves as well based on research from multiple sources, which so far has kept battlefield 2 online over at battlelog.co for the past few months will little to no crashing. When it does manage to crash, its amazingly good at bringing itself back online and only disconnecting a small portion of users in the process (we run multiple forks of the processes, which evenly distributes our concurrent load of users). Hoping to see the same stability with 2142 and more players interested now that we got -everything- working (yep, buddy list and messaging too!).

I'm horrible with modifying exes though, and have been unable to get past the SSL checks to see if I can even get this thing to talk to my fesl server. After about 10 seconds in IDA Pro I just gave up. If anyone has the ability to take care of the SSL wall, I can probably write any of the necessary network functions to make this work.


EDIT: Just realized this game is actually SSLv2, so I'm off to recompile node with sslv2 support, which was removed ages ago... I'll report back after I try SSLv2 with the edits aluigi suggested on the exe. Might not get around to it until tomorrow though.


EDIT2: Turns out recompiling node with SSLv2 is even more difficult than SSLv3... Might be a few days til I am able to figure this one out. I'm currently getting "bad mac decode" on the SSL handshake.. though i'm trying to use sslv23_method instead of explicitly setting it to sslv2_method.... sslv2_method seems to be completely broken with node/openssl to the point i can't even set it without getting errors, though sslv23_method still works, but won't complete the handshake with sslv2.

EDIT3: So after some further testing, it appears that SSLv2 is working via my openssl client explicitly specifying -ssl2. At this point I'm wondering if the bad mac decode issue is related to the game doing the ssl verification that may need to be removed... if anyone is experienced enough to take care of this, I could continue working on this to get this game back online, but I'm afraid when it comes to decompiling exes and digging through them, I am completely useless.
Gold
Posts: 2
Joined: Sun Feb 14, 2016 10:11 pm

Re: Remove certificate on MOHPA client

Post by Gold »

mDaWg thanks for trying, still hoping someone with needed skills chimes in to help.
striker
Posts: 2
Joined: Tue May 24, 2022 1:12 am

Re: Remove certificate on MOHPA client

Post by striker »

maybe a bit too late for u guys but if someone is still interested:::::,: then you should continue reading..

i will make it short: it is now possible to play the game online (with the EA login), like back in the days, because i was able to make a patch with the help of openspy's head admin. openspy is the master server, so all hosted servers will show up on the public openspy server list and in your MOHPA ingame server browser

CHC, the openspy head admin, was the one who could successfully patch the fesl SSLv2 stuff. he showed me what he did, then i've created a offset patcher for the game exe, it will also remove stuff like the game intros

Image

he created a SSL server hello payload where the signature was all 0xAA
then he traced TCP recv function back to where it reads hello
he found the buffer in memory and set a hardware read breakpoint on the first byte of signature read
from there he traced back in the call stack a bit to this check and patched it
so he made a dumb server that sent that hard coded response

in attach (size limit is 5mb so i made 2 parts) is the archive with all patched game files for the GOG version, incl. the openspy multiplayer patcher. there is a readme txt file with all important informations like how to play and so on, just follow the instructions and you will be good. i do not play the game, i only helped some people in the openspy community because they asked for it

NOTE:::::::::::::: => this was successfully tested with the MOHPA GOG version, there is no guarantee for any other version. also turn off antivirus when you use the patcher, any virus detection is a false alert!!!!! there is no harm code inside, file is absolutely clean.

questions? ask here or in openspy discord, i'm there with same name. not really sure how often i will check this thread here

..ok nuff said, ciao

Short video of testing ingame server browser and playing in a server: https://www.youtube.com/watch?v=YMakTEqFa4Q