Aller au contenu

PASS2 AU TRAVER DU DNS ??


Invité Invité

Messages recommandés

"well i heard on a different forum that it is possible to get past dnas protection, and i dont think he was lying as he was the administrator"

 

voila ce que je viens de trouver!je m'en raproche!je continue mes investigations et je vous dis quoi

Lien vers le commentaire
Partager sur d’autres sites

Slt,

Moi voilà ce que j'ai pour le moment (en Anglais)

et en résumé : "Ce sera possible mais dur à faire et risqué compte tenu du risque de banissement des erveurs PS2 en cas de detection de connection illicite. Un "groupe" aurait déjà trouvé une solution mais elle serait en phase de test..."

 

L'original :

 

DNAS Demystified

by: MJ / Team PS2Ownz

 

Introduction:

 

The purpose of this Tutorial is to simply explain how $ony’s Dynamic Network Authentication System (DNAS) works to those interested, and to detail common DNAS errors end users may encounter. This Tutorial will NOT detail steps to bypass/crack DNAS, but perhaps such developments are forthcoming by someone else at a point in time...

 

To begin, there are DNAS-net client and DNAS-inst data authentication routines present as well as DNAS unique IDs as further-detailed below:

 

 

How DNAS-net client authentication works:

 

DNAS-net provides protection against illegitimate hardware and software by performing hardware ID-based authentication.

 

For basic client authentication, the following (non-personally identifying) information is sent from the console to the DNAS server:

 

 DNAS authentication data and passphrase (assigned by $ony for each DNAS title)

 PlayStation 2 console ID, HDD ID (if used)

 media ID: title ID (your product code) + serialized disc ID

 

The DNAS server records the most recent combination, or binding, of the media ID with the hardware ID. However, changes in the combination are not automatically treated as DNAS system errors. Instead, the title itself determines what do with the information contained in the sceDNAS2Status_t.subcode and the inst_result bit field.

 

During authentication, if the current combination is different than the previous, the inst_result bit fields returns 0 == sceDNAS2_SC_InstResult_EXIST (although this result can only be seen when using manufactured / pressed discs against the production server). In Japan, this feature allows DNAS titles to be installed to and directly boot from the HDD, without using the original CD or DVD. These titles check the inst_result field to prevent installation to multiple consoles.

 

 

How DNAS-inst data authentication works:

 

Downloading and executing patches, when implemented naively, is vulnerable to hacking and tampering through DNS redirects. Without physical modifications to the console, these vulnerabilities can conceivably be exploited to execute unauthorized code.

 

To secure the online platform, DNAS-inst provides authentication and verification of downloadable data. To download any type of executable data, DNAS and DNAS-inst must be used. DNAS-inst is also useful for other data you wish to copy-protect. DNAS-inst usage consists of three distinct processes: one to sign the downloadable data, one to encode and store the data on the console, and one more to decode the data for usage.

 

1. Author (encrypt and sign) the source data

a. You develop the source data.

b. You submit the source data to DNAS authoring server, which returns the authored data (encrypted and signed).

c. You host the authored data, to be downloaded by your titles out in the field.

 

2. Download the authored data, and individually encrypt the data before storage

Use DNAS-inst to individually encrypt ("personalize&quot the authored data before storing to the HDD. Personalized data can only be decrypted from the same console that encrypted it. During personalization, sceDNAS2InstPersonalizeData() will verify the content of the authored data, in case of corruption or tampering during network transmission.

 

3. Extract the personalized data before usage

Use DNAS-inst again to decrypt the personalized data back to its original form. If the stored data has been corrupted or tampered with, sceDNAS2InstExtractData() will return an error. If the data has been copied or moved to a different console, the specific error will be (-10201).

 

Note that the DNAS-inst library itself does not require any online access to encrypt and decrypt data. After downloading data in step 2, the DNAS TRC requires you perform an online authentication using sceDNAS2AuthInstall(), before installing the data. If you then need to restart the program in order to activate a downloaded patch, sceDNAS2InstExtractData() can be used without going online.

 

DNAS-inst generally assumes the availability of the HDD, however, patching capabilities to the memory card instead is a viable option.

 

 

DNAS unique IDs:

 

The unique ID returned by DNAS is not the actual hardware ID (for user privacy and other reasons). Instead, you get back a hashed / transformed representation of the raw ID – think of the hashed result as a virtual ID. The unique ID can be generated from the console ID, the serialized disc ID, or a combination of both.

 

The hash function is seeded by the notion of a unique ID “category,” giving publishers the flexibility to align their titles/series into the same virtual ID space – titles that share the same category will recognize the same console with the same virtual ID. Otherwise, titles using different category seeds will get different virtual IDs from the same console.

 

An example usage scenario is to use unique IDs to ban problem users. The category system then allows you to ban the user from either:

 

 One game: Skateboarding 2004

 The game series: Skateboarding 200x

 The genre: Extreme Sports games

 All online games from the same publisher

 

Note: Since multiple users can legitimately use the same hardware, you still risk banning innocent users. You should let users know when, why, and for how long they are being punished; and optionally provide a way for the user to appeal.

 

 

DNAS security:

 

One potential crack against a DNAS title would be to locate and nop the authentication process. There are established methods to detect cracked games (online or offline), by performing checksums over the program image.

 

Another security enhancement involves your game servers challenging the PS2 client to confirm it has gone through DNAS.

 

 Store a secret key in a DNAS-net download slot.

 PS2 client downloads secret key (HTTPS).

 PS2 client contacts your server.

 Your server sends a random message to PS2 client (Challenge)

 PS2 client computes cryptographic message digest/hash using the secret key, and sends the result to the server (Response).

 Your server computes message digest/hash using same secret key, and compares the results.

 

The secret key is never sent in clear text, while the Challenge and Response can be. If the key is compromised, it can be replaced by contacting the DNAS administrator. Your server should temporarily halt client Challenges while the key is replaced.

 

 

DNAS memory allocation/usage:

 

The EE dnas_net.a library has a footprint of more than 500 KB on the EE. Using an overlay or DLL for DNAS is highly recommended, so you can reclaim the memory after authentication goes through. The IOP side consists of a DNAS-specific replacement image (dnas###.img) with negligible footprint differences, although 40 KB of temporary IOP memory is required during authentication. However, the regional libraries differ...

 

The different dnas_net.a library objects are parameterized for one of the three SCEI/A/E regions, containing region-specific DNAS server hostnames:

 

gate1.{jp,us,eu}.dnas.playstation.org (production)

ts01.{jp,us,eu}.dnas.playstation.org (development)

 

Since each DNAS title is registered for a specific region and activated on a specific regional server, ensure the title uses the correct regional library. You can double check dnas_net.a or your ELF using the prver utility:

 

dnas2 : #.#.#.{I,A,E}

 

There are no differences in the dnas###.bin or dnas###.img files, between regional library releases.

 

 

How to test DNAS:

 

DNAS verifies the console hardware as well as the disc media. For the T10000 DevKit, you can use either the dnas###.bin Flash ROM or the dnas###.img IOP replacement image. For Debugging stations and the consumer console, you must use the dnas###.img IOP replacement image.

 

To simulate disc authentication, you also need a test CD-R/DVD-R that can identify itself correctly to the DNAS development server. Using CD/DVD-ROM Generator, the test disc’s Disc Name must match the registered DNAS product code, and the disc must contain a SYSTEM.CNF file with a matching BOOT2 parameter. The test disc can otherwise be empty.

 

Suppose you are using a temporary DNAT-12345 product code, the corresponding SYSTEM.CNF should read:

 

BOOT2 = cdrom0:\DNAT_123.45;1

VER = 1.00

VMODE = NTSC

 

Note: During authentication, the DNAS library reads in the SYSTEM.CNF file with sceOpen() and sceRead(). This can interfere with other asynchronous CD/DVD loading operations. You must suspend such operations between the sceDNAS2Init() and sceDNAS2Shutdown() calls.

 

 

Why sceDNAS2Status_t fields don’t update/change after calling sceDNAS2AuthNetStart():

 

The DNAS communication thread is not getting execution time. The priority for this thread is specified in the call to sceDNAS2Init(). If your game engine currently calls sceGsSyncV() at the end of every frame, you should be aware that this call busy-waits, which will starve threads with lower priority. You should change the engine to install a vblank interrupt and WaitSema() on a semaphore that gets signaled in the interrupt, or temporarily lower the main thread priority (raised in value) during DNAS.

 

 

Common DNAS error codes detailed:

 

(-401) sceDNAS2_SS_INVALID_PS2

Not using DNAS Flash ROM or IOP replacement image.

 

(-402) sceDNAS2_SS_INVALID_MEDIA

No test disc, or problems reading test disc.

 

(-832)

Unregistered title ID.

Incorrect title ID in SYSTEM.CNF.

Using the wrong regional DNAS library, thus talking to the wrong DNAS server.

Using the production server (debug=0) without DNS redirection.

 

(-848)

Wrong authentication data or passphrase.

 

(-864)

Invalid media, e.g. using CD-R and DVD-R discs against the production server, or using manufactured discs against the development server.

 

 

Previewing/verifying DNAS error handling code:

 

With the development server, you can trigger specific errors by specifying debug=1 and ng_type=-xxx in the call to sceDNAS2Init(). It is strongly recommended that you verify the error code and messages for correctness and appearance (e.g. text clipping).

 

 

Development vs. Production servers and how data is concealed:

 

The development server only allows disc authentication using a CD-R or DVD-R, while the production server only allows manufactured / pressed discs.

 

DNAS authentication data can either be bundled inside PAK / WAD files, or can be placed the 64 KB authentication data file on the master disc without creating a visible directory entry. Using CD/DVD Generator, do so using the Layout Mode. Hidden files are shown in blue.

 

 

How to target the development server:

 

There are two ways: one is an internal flag within the library, and the second is through external DNS redirection.

 

Internal: In the call to sceDNAS2Init(), set debug=1 to explicitly request the development server by name. You may use debug=1 throughout development, but be sure to use debug=0 for your submission build as they may be able to pass DNAS authentication without using external DNS redirection if you don’t and get rejected.

 

External: Testing actual online game play on all submission builds requires using external DNS redirection. Setup DNS resolvers that intercept name lookups for the production server, and return the IP addresses of the development server instead. $ony operates two such resolvers, and you may setup your own:

 

202.213.243.121

202.213.243.122

 

Use NetGUI to create a new Your Network Configuration (YNC) setting that uses these redirection resolvers. In the “DNS Server Address Setup” screen, choose “Manual” and then enter the IP addresses. Save the setting with a name that readily identifies its redirection purpose. When this YNC setting is used to startup a network connection, requests to the production server will transparently go to the development server. Finally, maintenance notices for DNAS production servers can be found at the US PlayStation consumer site: http://www.us.playstation.com/DNAS

 

 

Summary/Closing:

 

In summary, it may be quite possible to bypass the infamous DNAS through the use of unauthorized “underground” servers similar to popular on-line PC games. In addition, Team PS2Ownz has received word that another group has managed to actually crack DNAS and is in the final testing stages right now! Of course only time will tell, but expect lots more to come from the net’s #1 PS2 scene site for nearly 4 years running and stronger than ever- WWW.PS2OWNZ.COM! ;-)

 

Lien vers le commentaire
Partager sur d’autres sites

J'ai oublié de préciser : Pour le moment SEULS les jeux online sortis avant 2003 fonctionne en réseau-backup....

Je l'ai vérifié avec les backups :"Twisted Metal online" et "Midnight Club 2" tous les deux en version PAL => Online OK pour moi !!!

Lien vers le commentaire
Partager sur d’autres sites

en fait il fau changé son adresse dns et ip ainssi que le netmask

mai on peu se faire chopé et etre bani a vie du reseau

alors sans moi 202.213.243.121

202.213.243.122

Lien vers le commentaire
Partager sur d’autres sites

Veuillez vous connecter pour commenter

Vous pourrez laisser un commentaire après vous êtes connecté.



Connectez-vous maintenant
  • Statistiques des membres

    23 028
    Total des membres
    2 222
    Maximum en ligne
    Subaru
    Membre le plus récent
    Subaru
    Inscription
  • Statistiques des forums

    128,1 k
    Total des sujets
    1,7 M
    Total des messages
×
×
  • Créer...