Announcement

**Clearvue** · 12-12-2016, 06:47:52 PM

Holy wow, Its been so long! Harry, 1UP .. jesus

Idk how many of you will remember me, Harry Probably does. I used the name Stealth and clearvue in the Socom Days. Bluefrost, cys, DNAS, all that nonsense .. its been a damn long time. I lost contact with most people after I joined the Army.

Its pretty cool to see you guys still focused on this project! Good for you guys. And Harry, I'm glad to see you still focused on a passion like this.

**Harry62** · 12-21-2016, 07:54:16 PM

Originally posted by Clearvue View Post

Holy wow, Its been so long! Harry, 1UP .. jesus

Idk how many of you will remember me, Harry Probably does. I used the name Stealth and clearvue in the Socom Days. Bluefrost, cys, DNAS, all that nonsense .. its been a damn long time. I lost contact with most people after I joined the Army.

Its pretty cool to see you guys still focused on this project! Good for you guys. And Harry, I'm glad to see you still focused on a passion like this.

Long time no see Stealth. I haven't heard from any of the bluefrost guys in years, probably 10 years at this point. We meet up a few times a year to hack the hell out of SOCOM for old times sake. You can contact me via skype @harrysix2. We are trying to put out a new code video each year to keep up with the SOCOM tradition. Here's the 2015 and 2016 videos:

2015:
https://www.youtube.com/watch?v=gPJc2sAMIFo

2016:
https://www.youtube.com/watch?v=uOidmKf7D3I

**brad2192** · 01-02-2017, 08:14:41 PM

https://github.com/FogNo23/DNASrep

**Gtlcpimp** · 01-26-2017, 03:40:46 AM

I think this should constitute as a small bit of progress towards being able to achieve the main goal here. Since I don't want to port over everything I have logged on 1.4 patch, I now have something even better. Completely dumped all the patch files in their natural, non-encrypted forms. Since I am not really sure if it would be a copy right violation, I'll post the code used instead of posting the decrypted files. With the Patch Loader mod, non-encrypted patches can be loaded on any console (no more "created on another console" b.s. error). This also allows the much more efficient route of creating a game mod to enable online play again without depending as heavily on a cheat device.

Code written for the process:

Code:

=======================================================================================================
=======================================================================================================
=========================================================================================== Misc

/*

	Disables the ERX stubs from re-encrypting to allow viewing the functions in their
	natrual form. Gave up on this route, after seeing it's using a bunch of RSA key
	mumbo jumbo on the patch files...

*/

Disable ERX Re-Encrypt 1
209dbea8 5520001d
209dbeac 00000000

Disable ERX Re-Encrypt 2
209d2e80 5520001d
209d2e84 00000000



=======================================================================================================
=======================================================================================================
=======================================================================================================
=========================================================================================== Decrypt.cds

/*

	Decrypts the files from the memory card, and haults the system to allow memory dumping

*/

address $001840f8
hexcode $241300a0

address $00183b24
jal :decryptTest

address $00080000

string file_00 "S3CORE"
string file_01 "RTBASEv1.4"
string file_02 "RTCERTv1.4"
string file_03 "RTCOMMv1.4"
string file_04 "RTCRYPTv1.4"
string file_05 "RTINETCv1.4"
string file_06 "RTMEDIAv1.4"
string file_07 "RTMEDIASv1.4"
string file_08 "RTMCLv1.4"
string file_09 "RTMGCLv1.4"
string file_0a "RTMSGCLv1.4"
string file_0b "RTOBJECTv1.4"
string file_0c "RTP2Pv1.4"
string file_0d "RTSSLv1.4"
string file_0e "INETCV6v1.4"

define binAddr $00088000

fnc writeOutput(EE a0, EE a1, EE a2, EE a3)
{
	sw a1, $0000(a0) // &Data
	sw a2, $0004(a0) // File Size
	sw a3, $0008(a0) // Full Size
	
	addiu v0, a0, $000c
	a1 += a3
	addiu v1, a1, $0020
}

fnc decryptTest(void) \s0,s1,s2
{
	setreg s0, :dumpWrite
	setreg s1, :binAddr
	
	call memAlloc($40, $00800000, 0)
	s1 = v0
	
	for (a0 = 0; a0 < 0x00800000; a0 += 4)
	{
		v1 = -1
		sw v1, $0000(v0)
		v0 += 4
	}
	
	call decryptFile(:file_00, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_01, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_02, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_03, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_04, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_05, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_06, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_07, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_08, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_09, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_0a, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_0b, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_0c, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_0d, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call decryptFile(:file_0e, s1)
	call writeOutput(s0, s1, v0, v1)
	s0 = v0
	s1 = v1
	
	call hault()
}

fnc decryptFile(EE a0, EE a1) \s0,s1,s2,s3
{
	addiu sp, sp, $ff80
	s1 = sp
	sq zero, $0000(s1)
	
	//call memAlloc($40, $00800000, 0)
	s3 = a0
	s2 = a1
	
	call LoadMCPatchFile(1, s3, s2)
	s0 = v0
	if (s0 <= 0)
	{
		call hault()
	}
	
	call Decrypt_1(s0, s2, s1)
	if (v0 <> 0)
	{
		call hault()
	}
	
	lw a1, $0000(s1)
	call Decrypt_2(s0, a1, s2)
	if (v0 <> 0)
	{
		call hault()
	}
	
	/*
	nop
	nop
	nop
	nop
	
	setreg v0, :dumpWrite
	lw a0, $0000(s1)
	sw s2, $0000(v0) // Compressed Data
	sw a0, $0004(v0) // Compressed Size
	
	call hault()
	*/
	addiu sp, sp, $0080
	
	// Return compressed size
	lw a0, $0000(s1)
	v0 = a0
	v1 = s0
}

fnc hault(void)
{
	while (1)
	{
		nop
		nop
		nop
		nop
		nop
		nop
	}
}
dumpWrite:

addradd $100

// int malloc(int a, int size, int c)
extern $001848c0 memAlloc(EE a0, EE a1, EE a2)

// void free(int *data)
extern $001802d0 memFree(EE a0, EE a1, EE a2)

/*
Input:
	a0 = MC Pos? :: 1
	a1 = File Name (S3CORE, etc)
	a2 = &Dest
Output:
	v0 = Size
*/
extern $00184090 LoadMCPatchFile(EE a0, EE a1, EE a2)


/*
Input:
	a0 = Size
	a1 = &Data
	a2 = &NewSizeDest
Output:
	v0 = ZERO (Success)
*/
extern $009cc870 Decrypt_1(EE a0, EE a1, EE a2)

/*
Input:
	a0 = Size
	a1 = OutputSize
	a2 = &Data
Output:
	v0 = ZERO (Success)
*/
extern $009cd1b0 Decrypt_2(EE a0, EE a1, EE a2)








=======================================================================================================
=======================================================================================================
=========================================================================================== PatchLoader.cds

/*

	Forces the game to use the non-encrypted files

*/


address $00183fd0

addu v0, s0, s2
lw s2, $fffc(v0)

a0 = s3 // Destination
addiu a1, sp, $0080 // Stack for Return Size
a2 = s0 // &Data
a3 = s2 // Compressed Size


jal $001f6470
nop

goto $00184020



address $002ebf78
//a0 = size; a1 = addr;  a2 = &stack
s2 -= 4
addu a1, a1, s2
lw a0, $0000(a1)
sw a0, $006c(sp)
goto $002ebfa0


address $0019bf54
//a0 = size; a1 = addr;  a2 = &stack
s1 -= 4
addu a0, s4, s1
lw v0, $0000(a0)
sw v0, $0000(sp)
v0 = 0
goto $0019bfa8








=======================================================================================================
=======================================================================================================
=========================================================================================== CSharp Code

/*

	Extracts the decrypted files from the memory dump

*/

string dump = "C:\\ISO\\Dumps\\CA\\Patch Load\\Take 2\\Dump.bin";
byte[] raw = System.IO.File.ReadAllBytes(dump);
string[] fileNames =
{
    "S3CORE", "RTBASEv1.4", "RTCERTv1.4", "RTCOMMv1.4", "RTCRYPTv1.4", "RTINETCv1.4",
    "RTMEDIAv1.4", "RTMEDIASv1.4", "RTMCLv1.4", "RTMGCLv1.4", "RTMSGCLv1.4", "RTOBJECTv1.4",
    "RTP2Pv1.4", "RTSSLv1.4", "INETCV6v1.4"
};

int Table, Entry, Size, FullSize;
Table = 0x000804c4;
for (int i = 0; i < fileNames.Length; i++)
{
    Entry = BitConverter.ToInt32(raw, Table);
    Table += 4;
    Size = BitConverter.ToInt32(raw, Table);
    Table += 4;
    FullSize = BitConverter.ToInt32(raw, Table);
    Table += 4;

    if (i == 0)
    {
        byte[] fData = new byte[Size];
        for (int i2 = 0; i2 < Size; i2++)
        {
            fData[i2] = raw[Entry];
            Entry++;
        }
        string fSave = "C:\\ISO\\Dumps\\CA\\Patch Load\\Take 2\\Decrypted\\" + fileNames[i];
        //System.IO.File.WriteAllBytes(fSave, fData);
        System.IO.BinaryWriter bw = new System.IO.BinaryWriter(System.IO.File.Open(fSave, System.IO.FileMode.Create));
        bw.Write(fData);
        int tmpSize = Size;
        while ((tmpSize & 3) != 0)
        {
            bw.Write(Convert.ToByte(0));
            tmpSize++;
        }
        bw.Write(Size);
        bw.Close();
    }
    else
    {
        int entry2 = (Entry + FullSize);
        do
        {
            entry2 -= 4;
            FullSize -= 4;
        } while (BitConverter.ToInt32(raw, entry2) != 0);

        byte[] fData = new byte[FullSize];
        for (int i2 = 0; i2 < FullSize; i2++)
        {
            fData[i2] = raw[Entry];
            Entry++;
        }

        string fSave = "C:\\ISO\\Dumps\\CA\\Patch Load\\Take 2\\Decrypted\\" + fileNames[i];
        System.IO.BinaryWriter bw = new System.IO.BinaryWriter(System.IO.File.Open(fSave, System.IO.FileMode.Create));
        bw.Write(fData);
        bw.Write(Size);
        bw.Close();
    }
}
MessageBox.Show("Done.");

**s2ali** · 03-31-2017, 08:56:07 PM

updates?

Hey guys,

First and foremost, thank you to everyone is helping resurrect the Socom I/II online servers. For the time being, myself and others have been steadily growing the number of players who actively play on xLink, which we can all agree is far from perfect. There is a community of 2,075 members on Facebook who are excited for what you guys are doing. Hats off you all!

I just wanted to ask if there were any new updates regarding this project? Any breakthroughs, milestones, roadblocks o recent developments that you can share with the community?

Is there anything that the community can do to help accelerate your progress? Will you accept donations? Missing resources/skill sets? We will help anyway that we can.

Cheers!
- Ali

**KrazyKimahri** · 04-11-2017, 12:16:06 AM

its amazing the very thing that people complained about when socom was alive is the very thing that may bring it back to life I think I could be happy with a CA private server I would definitely rather socom 2 myself but ultimately I support everything you guys do. you are the exact reason why I am doing what I'm doing granted I wish I had just a piece of one of your brains in my head lol. keep up the good work. I follow you guys around like a crazy ex you are all the reason I even started exploring programming.

**brad2192** · 04-24-2017, 04:58:00 PM

Just a quick thought, I know when the game "Amplitude" went offline they redirected the DNS to SOCOM I. I know on Bobzent.info he used to have a DNS server for Amplitude he discontinued support but I would like to see if it could be used to resurrect the SOCOM I server? I would love to see if someone could get in contact with him, as I do not have Facebook but I do know he has a page. Thanks guys! http://bobzent.info/

**1UP** · 04-24-2017, 11:12:02 PM

Originally posted by brad2192 View Post

Just a quick thought, I know when the game "Amplitude" went offline they redirected the DNS to SOCOM I. I know on Bobzent.info he used to have a DNS server for Amplitude he discontinued support but I would like to see if it could be used to resurrect the SOCOM I server? I would love to see if someone could get in contact with him, as I do not have Facebook but I do know he has a page. Thanks guys! http://bobzent.info/

No, those games don't function the same way. Socom 1 and so on require an actual server. There are some pdf's floating around that describe some of the functionality. Socom used Medius.

I've actually put my socom work on hold for the time being because I've picked up another project. The original people who were working on the .hack fragment project quit supporting it and I have been taking a port of what they wrote and am currently trying to make it better and add in the rest of the functionality that the game had.

Since alot of the stuff was already figured out it's given me a better understanding on how a client server application works at least between the ps2 and a server.

**KrazyKimahri** · 04-25-2017, 04:21:48 AM

Originally posted by 1UP View Post

No, those games don't function the same way. Socom 1 and so on require an actual server. There are some pdf's floating around that describe some of the functionality. Socom used Medius.

I've actually put my socom work on hold for the time being because I've picked up another project. The original people who were working on the .hack fragment project quit supporting it and I have been taking a port of what they wrote and am currently trying to make it better and add in the rest of the functionality that the game had.

Since alot of the stuff was already figured out it's given me a better understanding on how a client server application works at least between the ps2 and a server.

yes it is a sad thing that it wont work for socom I looked into this a long time ago of course the best game in the world will be the most difficult to emulate a server lol

**Gtlcpimp** · 05-19-2017, 07:00:11 PM

Originally posted by s2ali View Post

Hey guys,

First and foremost, thank you to everyone is helping resurrect the Socom I/II online servers. For the time being, myself and others have been steadily growing the number of players who actively play on xLink, which we can all agree is far from perfect. There is a community of 2,075 members on Facebook who are excited for what you guys are doing. Hats off you all!

I just wanted to ask if there were any new updates regarding this project? Any breakthroughs, milestones, roadblocks o recent developments that you can share with the community?

Is there anything that the community can do to help accelerate your progress? Will you accept donations? Missing resources/skill sets? We will help anyway that we can.

Cheers!
- Ali

Donations would most definitely be accepted. Working on resurrecting the game does not bring any income, which is why attention to the project is very low honestly.

**silent-j** · 05-29-2017, 02:19:20 AM

Originally posted by Gtlcpimp View Post

Donations would most definitely be accepted. Working on resurrecting the game does not bring any income, which is why attention to the project is very low honestly.

If you ever have time I would love to just sit and literally watch what you do on skype and ask questions. Always been interested in this and SOCOM is the love of my life. It actually influenced me to join the military after high school and now im a certified Air Traffic Controller in the Air Force. Besides the point. Seeing what you post here is extremely impressive and encouraging for me to continue to learn things. I would pay you for your time to just teach me basics in MIPs and if I could somehow just learn and be of any help with this project. I know a couple of languages but nothing like MIPS. Good stuff and thank you for your work!

**Gtlcpimp** · 05-29-2017, 06:30:51 PM

MIPS, in my opinion, is one of the easiest (if not the easiest) languages. Just send me a msg on skype - gtlcpimp32

**1UP** · 06-30-2017, 04:15:31 PM

Originally posted by brad2192 View Post

Just a quick thought, I know when the game "Amplitude" went offline they redirected the DNS to SOCOM I. I know on Bobzent.info he used to have a DNS server for Amplitude he discontinued support but I would like to see if it could be used to resurrect the SOCOM I server? I would love to see if someone could get in contact with him, as I do not have Facebook but I do know he has a page. Thanks guys! http://bobzent.info/

So I'd actually like to add on to this despite what my original reply to you said.
There was a thread I read on PS2onlinegaming that I found interesting a while back (the site is down now and who knows for how much longer).

Anyways what I remember was when they redirected amplitude to point to socom 2's servers, a few things happened.
Anyone who was playing on Amplitude could see players who were logged into socom 2. (I am assuming amplitude had a player listing?) and they could also see the rooms that players made on socom 2 however couldn't join them. From what I remember reading it was also a little buggy in that sometimes people playing amplitude couldn't see other players rooms that were created?

I did not think that was possible but I am not going to question that. I've seen odd things with socom 2 when it would go into maintenance mode and not get kicked from the server.

I thought that a medius server was self contained in that it was specific to a single title but that doesn't seem to be the case. The other thing that this tells me is that at least some of the packets were the same between those 2 games (maybe all games?). The other thing that I don't really understand about all this was the last thing I mentioned. I would have thought that packets would have been encrpyted (which I know they were for socom 2) so how you could have 2 different games see data from the other doesn't make sense to me.

**Based_Skid** · 09-23-2017, 08:29:27 AM

Originally posted by Gtlcpimp View Post

We discovered the issue. Apparently WinPCap (that is required for the plugin to work) has an issue with connecting back to the same machine. I have to load my server application on a different host in order to make a connection.

By the way, if anyone understands this method better, having a bit of a set back with producing an online server for SOCOM: Combined Assault. Looking to see if anyone has any prior knowledge about this packet in particular. It gets sent out when requesting the Universe server listings, and doesn't seem to like me very much if I try to bypass the function that does this...

Code:

0x00000000 24 D9 02 03 00 6F 00 6E-00 6D 00 03 00 00 06 00 $Ù.o.n.m....
0x00000010 04 01 00 C7 02 30 82 02-C3 30 82 01 AB A0 03 02 .Ç0‚Ã0‚«*
0x00000020 01 02 02 14 01 00 00 00-00 00 00 00 00 00 00 00 ...........
0x00000030 42 00 00 00 00 00 01 3D-30 0D 06 09 2A 86 48 86 B.....=0..*†H†
0x00000040 F7 0D 01 01 05 05 00 30-81 96 31 0B 30 09 06 03 ÷..0–10.
0x00000050 55 04 06 13 02 55 53 31-0B 30 09 06 03 55 04 08 UUS10.U
0x00000060 13 02 43 41 31 12 30 10-06 03 55 04 07 13 09 53 CA10U.S
0x00000070 61 6E 20 44 69 65 67 6F-31 31 30 2F 06 03 55 04 an Diego110/U
0x00000080 0A 13 28 53 4F 4E 59 20-43 6F 6D 70 75 74 65 72 .(SONY Computer
0x00000090 20 45 6E 74 65 72 74 61-69 6E 6D 65 6E 74 20 41 Entertainment A
0x000000A0 6D 65 72 69 63 61 20 49-6E 63 2E 31 14 30 12 06 merica Inc.10
0x000000B0 03 55 04 0B 13 0B 53 43-45 52 54 20 47 72 6F 75 USCERT Grou
0x000000C0 70 31 1D 30 1B 06 03 55-04 03 13 14 53 43 45 52 p10USCER
0x000000D0 54 20 52 6F 6F 74 20 41-75 74 68 6F 72 69 74 79 T Root Authority
0x000000E0 30 1E 17 0D 30 36 30 36-31 36 31 37 35 39 32 35 0.060616175925
0x000000F0 5A 17 0D 33 36 30 36 31-34 32 33 35 39 35 39 5A Z.360614235959Z
0x00000100 30 68 31 0B 30 09 06 03-55 04 06 13 02 55 53 31 0h10.UUS1
0x00000110 0B 30 09 06 03 55 04 08-13 02 43 41 31 12 30 10 0.UCA10
0x00000120 06 03 55 04 07 13 09 53-61 6E 20 44 69 65 67 6F U.San Diego
0x00000130 31 0D 30 0B 06 03 55 04-0A 13 04 53 43 45 41 31 1.0U.SCEA1
0x00000140 0F 30 0D 06 03 55 04 0B-13 06 5A 69 70 70 65 72 0.UZipper
0x00000150 31 18 30 16 06 03 55 04-03 13 0F 53 4F 43 4F 4D 10USOCOM
0x00000160 20 43 41 32 20 32 30 36-30 34 30 5C 30 0D 06 09 CA2 206040\0..
0x00000170 2A 86 48 86 F7 0D 01 01-01 05 00 03 4B 00 30 48 *†H†÷..K.0H
0x00000180 02 41 00 C3 AF 72 08 96-62 3B 90 DE 4E FD 9D 65 A.Ã¯r–b;ÞNýe
0x00000190 AD 43 A7 FC CB 29 28 8F-F7 13 A3 C4 7F F6 F6 1F *C§üË)(÷£Äöö
0x000001A0 7D 27 A6 2B 17 EE E6 41-26 DA CA C5 C0 D3 FE 3F }'¦+îæA&amp;ÚÊÅÀÓ&amp;#254;?
0x000001B0 10 A1 F6 89 C4 34 68 61-F0 BE F0 B7 56 26 5D A3 ¡ö‰Ä4hað¾ð·V&amp;]£
0x000001C0 13 C7 7B 02 03 00 00 11-30 0D 06 09 2A 86 48 86 Ç{..0..*†H†
0x000001D0 F7 0D 01 01 05 05 00 03-82 01 01 00 4C F6 51 AD ÷..‚.LöQ*
0x000001E0 1E 51 D4 04 AB 35 0B 3B-8E 36 FE 8B 3B E4 2D EF QÔ«5;Ž6&amp;#254;‹;ä-ï
0x000001F0 C7 3F 9A 8A D0 A4 0A E0-C6 2C F3 CE 97 4E 5B FF Ç?šŠÝ¤.àÆ,óÎ—N[&amp;#255;
0x00000200 DA B3 48 58 99 26 AD E4-71 E1 2A 05 1E 28 24 08 Ú³HX™&amp;*äqá*($
0x00000210 B8 45 10 D5 41 45 16 49-69 36 37 3A 16 08 19 1E ¸EÕAEIi67:
0x00000220 79 7B 3B B6 62 B6 8D E6-BB 96 AD 28 A3 7A 9B B7 y{;¶b¶æ»–*(£z›·
0x00000230 E7 AB AB CD 9D E4 88 61-06 65 88 16 7E 87 6C F7 ç««Ýäˆaeˆ~‡l÷
0x00000240 3D CB 0A 26 E8 84 10 D4-D7 3C 27 9C 52 3B A2 24 =Ë.&amp;è„Ô×&lt;'œR;¢$
0x00000250 1D B8 05 67 09 44 7D 97-40 D0 8A 92 16 83 D8 E8 ¸g.D}—@ÝŠ’ƒØè
0x00000260 B8 7B A6 81 48 E5 5D D2-4D 7B 1A 76 A2 BE 6F 99 ¸{¦Hå]ÒM{v¢¾o™
0x00000270 01 B5 8F 9B EA 29 73 2A-74 78 25 7A AF 99 29 97 µ›ê)s*tx%z¯™)—
0x00000280 38 5F B9 72 03 E2 95 63-98 BB 01 56 F7 82 EC 40 8_¹râ•c˜»V÷‚ì@
0x00000290 28 12 84 62 E6 FB 90 D0-CF 59 00 31 DF 38 6B 0D („bæûÝÝY.1ß8k.
0x000002A0 78 A7 03 CE 5A 4D F8 CE-3D 86 DB 3A 44 5C 5B 04 x§ÎZMøÎ=†Û:D\[
0x000002B0 35 1F 3D A1 5F F7 40 DE-68 C7 84 74 2C 76 B0 E7 5=¡_÷@ÞhÇ„t,v°ç
0x000002C0 EC 17 C8 73 63 96 83 A7-36 AB 04 97 04 90 3F 12 ìÈsc–ƒ§6«—?
0x000002D0 E6 93 C0 99 7E C1 CE 8D-B0 C7 9C 0B æ“À™~ÝÎ°Çœ

Thankfully I still have my Virtual Gateway application I wrote for the game years ago, which includes the vast majority of the game's packet system mapped out. It would be very easy to build onto it and have a fully functional game server, if I can manage to get around this "SCERT Root Authority" request... Any takers?

Dont know if you remember who i am but if you think hard on it im sure you will. but anywho i got an idea on what the fuck that is.
-
It Appears to be a Request to a server for some kind of certificate (presumably an SSL root certificate and maybe the CA cert im not sure if the certificate would be stored on the disc for ) to establish some sort of encryption. probably for the login to keep some dickhead from sniffing your credentials out in plain text over the network..

but knowing sonys old take on security, those passwords were probably sent out over http and that your request there is most likely indeed for the Fucking DNAS system for defeating piracy and presumably cheats.maybe to connect to the server socom had for socom CA.
see: http://obsrv.org/viewtopic.php?t=3562

If there are any DNAS servers online for any ps2 games (very unlikely) you could come up with some dodgy way to implement some kind of http server that could run in the bg and theoretically run in the background and dump the ram from the device throughout the whole process of connecting and fuck around and see if you can get it to throw as many error codes as possible. Your going to need to figure out how to emulate a DNAS server so you need to figure out a way to sniff the "encrypted traffic" so that you can capture packets and its probably running some old outdated version of SSL and they probably couldnt patch it for X reasons. but dont count on that 100% i would also look into the memory card patches SCEA released for socom and see if they addressed the DNAS system or the "SCERT shit" (or figure out a way to bypass DNAS in general) to be fair i think the OBSRV server bypassed DNAS somehow but i do know it involves a modified network configuration with a dns server and im guessing they spoof the Original gameserver web address ip via the DNS server to create the requests to another server they control. i doubt they implement a MITM attack to get around ssl because the obsrv server doesnt even have https but i know DNAS uses https. However if my hypothesis is correct on the certificate part it may or may not also use https for the actual game server that handled the leader board and authentication for logging in. and it looks like the hex code there might actually be the output or part of the output of the certificate. I see what appears to be part of a server address and i think SCERT Group is actually Sony computer entertainment US CERT Group 10 potentially being the issuer of the certificate of the root certificate and the sandiego portion might be the CA( certificate authority) and the zipper part might be the certificate used for the came SOCOM Combined assault. if you notice the CA part shortly after i cant read the whole thing because it appears that maybe the encoding isnt correct im not sure there. the missing information or []s might be the fingerprints used for validating the said certificates . and you might be able to find those old certificates (although i dont think it would be 100% useful but you never know). As i said i am not exactly sure what that code there is or does but im 97% sure it has something to do with an ssl certificate and DNAS

see: https://support.dnsimple.com/article...ificate-chain/
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
https://www.google.com/patents/US20110265159

This outdated SSL may have also been the reason why the gameservers closed down because im guessing the OS's for the servers running the webserver reached their EOL cycles and could no longer recieve security updates for the OS and if SSL was vulnerable then the users would have been at risk to potentially having the passwords stolen.
--
My best Guess is you would need to alter the code in some way to use a different certificate. your next issue would be validating that certificate and that would obviously require a mod disk or iso from like back in the day.

Or if you can figure out the server address you can probably spin up a Linux VM with a very old Version of i would recommend something like centos spin up a dns server that could be used to handle the request and fire up some sort of webserver (like nginx) and implement some sort of MITM attack from around that time period (id say search the CVE database and milw0rm archives ) to spoof the SSL certificate. (old 2008 article https://www.sslshopper.com/article-m...e-created.html)

Im guessing that if this were the case then it would be vulnerable to some sort of attack. If sony was self signing its own certificates it may only only validate via a certificate stored on the device, and im not aware of the full technical abilities of socoms networking capabilities but it would be safe to assume that if they were signing there own certs then perhaps didnt have a way to validate them without a certificate chain being present on the ps2 and why pay verisign or comodo big money for corporate certs when you can generate your own. But if this is For DNAS then you going to need to figure out a way to emulate what DNAS server does and if i remember correctly it was for anti piracy and i think cheat detection. so if you can bypass DNAS whoohoo but then sony might fuck with you later on for piracy circumvention.

now if you can get it to work without https (but then you got some potential security issues) then i would assume it would help with lag issues because the PS2s networking adapter was only 10Mbps so thats something else you have to keep in mind when creating the server is you would probably want to cap user connections to 10mbps and im guessing if you created new game modes then you would probably want to make sure they are optimized for that 10mbps connection. I dont know if PCSX2 has the 10mbps limit.

**brad2192** · 09-30-2017, 04:22:16 PM

Originally posted by nick314 View Post

Dont know if you remember who i am but if you think hard on it im sure you will. but anywho i got an idea on what the fuck that is.
-
It Appears to be a Request to a server for some kind of certificate (presumably an SSL root certificate and maybe the CA cert im not sure if the certificate would be stored on the disc for ) to establish some sort of encryption. probably for the login to keep some dickhead from sniffing your credentials out in plain text over the network..

but knowing sonys old take on security, those passwords were probably sent out over http and that your request there is most likely indeed for the Fucking DNAS system for defeating piracy and presumably cheats.maybe to connect to the server socom had for socom CA.
see: http://obsrv.org/viewtopic.php?t=3562

If there are any DNAS servers online for any ps2 games (very unlikely) you could come up with some dodgy way to implement some kind of http server that could run in the bg and theoretically run in the background and dump the ram from the device throughout the whole process of connecting and fuck around and see if you can get it to throw as many error codes as possible. Your going to need to figure out how to emulate a DNAS server so you need to figure out a way to sniff the "encrypted traffic" so that you can capture packets and its probably running some old outdated version of SSL and they probably couldnt patch it for X reasons. but dont count on that 100% i would also look into the memory card patches SCEA released for socom and see if they addressed the DNAS system or the "SCERT shit" (or figure out a way to bypass DNAS in general) to be fair i think the OBSRV server bypassed DNAS somehow but i do know it involves a modified network configuration with a dns server and im guessing they spoof the Original gameserver web address ip via the DNS server to create the requests to another server they control. i doubt they implement a MITM attack to get around ssl because the obsrv server doesnt even have https but i know DNAS uses https. However if my hypothesis is correct on the certificate part it may or may not also use https for the actual game server that handled the leader board and authentication for logging in. and it looks like the hex code there might actually be the output or part of the output of the certificate. I see what appears to be part of a server address and i think SCERT Group is actually Sony computer entertainment US CERT Group 10 potentially being the issuer of the certificate of the root certificate and the sandiego portion might be the CA( certificate authority) and the zipper part might be the certificate used for the came SOCOM Combined assault. if you notice the CA part shortly after i cant read the whole thing because it appears that maybe the encoding isnt correct im not sure there. the missing information or []s might be the fingerprints used for validating the said certificates . and you might be able to find those old certificates (although i dont think it would be 100% useful but you never know). As i said i am not exactly sure what that code there is or does but im 97% sure it has something to do with an ssl certificate and DNAS

see: https://support.dnsimple.com/article...ificate-chain/
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
https://www.google.com/patents/US20110265159

This outdated SSL may have also been the reason why the gameservers closed down because im guessing the OS's for the servers running the webserver reached their EOL cycles and could no longer recieve security updates for the OS and if SSL was vulnerable then the users would have been at risk to potentially having the passwords stolen.
--
My best Guess is you would need to alter the code in some way to use a different certificate. your next issue would be validating that certificate and that would obviously require a mod disk or iso from like back in the day.

Or if you can figure out the server address you can probably spin up a Linux VM with a very old Version of i would recommend something like centos spin up a dns server that could be used to handle the request and fire up some sort of webserver (like nginx) and implement some sort of MITM attack from around that time period (id say search the CVE database and milw0rm archives ) to spoof the SSL certificate. (old 2008 article https://www.sslshopper.com/article-m...e-created.html)

Im guessing that if this were the case then it would be vulnerable to some sort of attack. If sony was self signing its own certificates it may only only validate via a certificate stored on the device, and im not aware of the full technical abilities of socoms networking capabilities but it would be safe to assume that if they were signing there own certs then perhaps didnt have a way to validate them without a certificate chain being present on the ps2 and why pay verisign or comodo big money for corporate certs when you can generate your own. But if this is For DNAS then you going to need to figure out a way to emulate what DNAS server does and if i remember correctly it was for anti piracy and i think cheat detection. so if you can bypass DNAS whoohoo but then sony might fuck with you later on for piracy circumvention.

now if you can get it to work without https (but then you got some potential security issues) then i would assume it would help with lag issues because the PS2s networking adapter was only 10Mbps so thats something else you have to keep in mind when creating the server is you would probably want to cap user connections to 10mbps and im guessing if you created new game modes then you would probably want to make sure they are optimized for that 10mbps connection. I dont know if PCSX2 has the 10mbps limit.

You seem to know how to go about this, to be honest nobody is going to do it without getting paid. The only tangible method I see anyone going through all this work is for the money. If we could find a reputable person like yourself and advertise the idea on TRS Forums or the SOCOM FB pages they could score a few hundred to get something up and running for us. You have no idea how many people are on standby growing tired of Xlink just waiting for the server to come back. Hundreds at this point. The hype is still there, we just need someone like yourself to take the opportunity.

Announcement

Resurrecting an online server

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment