fesl.ea.com protocol

aluigi · **Posted:** 08 Feb 2010 23:46

The Electronic Arts games use a centralized login mechanism for forcing both players and admins to play only online, with the result that usually these games don't support/work in LAN.

the centralized server has the suffix "fesl.ea.com" like mohair-pc.fesl.ea.com, bfwest-dedicated.fesl.ea.com, lotr-pandemic-pc.fesl.ea.com and so on for various games like: Battlefield 2142 / Heroes, Command & Conquer 3, The Lord of the Rings, Medal of Honor Airborne, Need for Speed Carbon / Undercover, Mercenaries 2, Dragon Age and so on.

the connection is performed to port 18240 over SSL and the game verifies the certificate sent by the fesl server (it compares various fields and then the hash) so is not possible for the people to understand the protocol or emulate it without the original server's certificate and its private key.

the only solution is skipping the check and this operation is performed by the following one-byte-only modification I have released just in this moment:
http://aluigi.org/patches/fesl.lpatch
(remember the patcher http://aluigi.org/mytoolz.htm#lpatch)

DUMPING OF THE DECRYPTED PROTOCOL:
personally I'm not interested to the protocol because it's very simple and is not part of this little research, anyway capturing the decrypted connection with the fesl server is really a joke:
- apply the above modification
- get stcppipe: http://aluigi.org/mytoolz.htm#stcppipe
- launch it: stcppipe -S -d c:\ mohair-pc.fesl.ea.com 18240 18240
- now add the following line into your hosts file: 127.0.0.1 mohair-pc.fesl.ea.com
- launch the client or the dedicated server of the game
- result: client -> local_stcppipe -> fesl_server

note that in my example I have used mohair-pc.fesl.ea.com that is the fesl server of Airborne, so substituite it with the hostname used by your game.
stcppipe will dump the decrypted data in files with the CAP extension (open them with Wireshark) in c:\.
remember to restore the hosts files after the usage or to use directly the IP address of the fesl server in stcppipe if you want to maintain this "tunnel" solution for more time.

EXAMPLE OF PROTOCOL:
I have added some asterisks (*) for covering some unique fields and I have cut the big packets containing the same data block.
note that the long "data" fields are simply encoded with base64.

Code:

CLIENT data
|       SERVER data
|       |
-------------------------------------------------------------------------------------
00000000  66 73 79 73 c0 00 00 01  00 00 00 b8 54 58 4e 3d fsys.... ....TXN=
00000010  48 65 6c 6c 6f 0a 63 6c  69 65 6e 74 53 74 72 69 Hello.cl ientStri
00000020  6e 67 3d 6d 6f 68 61 69  72 2d 70 63 0a 73 6b 75 ng=mohai r-pc.sku
00000030  3d 31 38 32 39 38 33 31  0a 6c 6f 63 61 6c 65 3d =1829831 .locale=
00000040  65 6e 5f 55 53 0a 63 6c  69 65 6e 74 50 6c 61 74 en_US.cl ientPlat
00000050  66 6f 72 6d 3d 50 43 0a  63 6c 69 65 6e 74 56 65 form=PC. clientVe
00000060  72 73 69 6f 6e 3d 31 2e  31 0a 53 44 4b 56 65 72 rsion=1. 1.SDKVer
00000070  73 69 6f 6e 3d 33 2e 35  2e 32 2e 30 2e 39 0a 70 sion=3.5 .2.0.9.p
00000080  72 6f 74 6f 63 6f 6c 56  65 72 73 69 6f 6e 3d 32 rotocolV ersion=2
00000090  2e 30 0a 66 72 61 67 6d  65 6e 74 53 69 7a 65 3d .0.fragm entSize=
000000A0  38 30 39 36 0a 63 6c 69  65 6e 74 54 79 70 65 3d 8096.cli entType=
000000B0  73 65 72 76 65 72 0a 00                          server.. 
        00000000  66 73 79 73 80 00 00 01  00 00 00 fe 64 6f 6d 61 fsys.... ....doma
        00000010  69 6e 50 61 72 74 69 74  69 6f 6e 2e 64 6f 6d 61 inPartit ion.doma
        00000020  69 6e 3d 65 61 67 61 6d  65 73 0a 6d 65 73 73 65 in=eagam es.messe
        00000030  6e 67 65 72 49 70 3d 6d  65 73 73 61 67 69 6e 67 ngerIp=m essaging
        00000040  2e 65 61 2e 63 6f 6d 0a  6d 65 73 73 65 6e 67 65 .ea.com. messenge
        00000050  72 50 6f 72 74 3d 31 33  35 30 35 0a 64 6f 6d 61 rPort=13 505.doma
        00000060  69 6e 50 61 72 74 69 74  69 6f 6e 2e 73 75 62 44 inPartit ion.subD
        00000070  6f 6d 61 69 6e 3d 4d 4f  48 41 49 52 2d 32 30 30 omain=MO HAIR-200
        00000080  37 0a 54 58 4e 3d 48 65  6c 6c 6f 0a 61 63 74 69 7.TXN=He llo.acti
        00000090  76 69 74 79 54 69 6d 65  6f 75 74 53 65 63 73 3d vityTime outSecs=
        000000A0  30 0a 63 75 72 54 69 6d  65 3d 22 46 65 62 2d 30 0.curTim e="Feb-0
        000000B0  38 2d 32 30 31 30 20 31  37 25 33 61 34 39 25 33 8-2010 1 7%3a49%3
        000000C0  61 34 30 20 55 54 43 22  0a 74 68 65 61 74 65 72 a40 UTC" .theater
        000000D0  49 70 3d 6d 6f 68 61 69  72 2d 70 63 2e 74 68 65 Ip=mohai r-pc.the
        000000E0  61 74 65 72 2e 65 61 2e  63 6f 6d 0a 74 68 65 61 ater.ea. com.thea
        000000F0  74 65 72 50 6f 72 74 3d  31 38 32 34 35 00       terPort= 18245.
        000000FE  66 73 79 73 80 00 00 00  00 00 00 3d 54 58 4e 3d fsys.... ...=TXN=
        0000010E  4d 65 6d 43 68 65 63 6b  0a 6d 65 6d 63 68 65 63 MemCheck .memchec
        0000011E  6b 2e 5b 5d 3d 30 0a 74  79 70 65 3d 30 0a 73 61 k.[]=0.t ype=0.sa
        0000012E  6c 74 3d 38 30 30 32 32  35 39 35 32 00          lt=80022 5952.
000000B8  66 73 79 73 80 00 00 00  00 00 00 22 54 58 4e 3d fsys.... ..."TXN=
000000C8  4d 65 6d 43 68 65 63 6b  0a 72 65 73 75 6c 74 3d MemCheck .result=
000000D8  0a 00                                            ..
000000DA  61 63 63 74 c0 00 00 02  00 00 02 22 54 58 4e 3d acct.... ..."TXN=
000000EA  4c 6f 67 69 6e 0a 72 65  74 75 72 6e 45 6e 63 72 Login.re turnEncr
000000FA  79 70 74 65 64 49 6e 66  6f 3d 30 0a 65 6e 63 72 yptedInf o=0.encr
0000010A  79 70 74 65 64 49 6e 66  6f 3d 2a 2a 2a 2a 2a 2a yptedInf o=******
0000011A  2a 2a 2a 2a 2a 2a 2a 2a  2a 2a 2a 2a 2a 2a 2a 2a ******** ********
...cut...
000002CA  2a 2a 2a 2a 2a 2a 2a 2a  2a 2a 2a 2a 2a 2a 2a 2a ******** ********
000002DA  2a 2a 2a 2a 2a 2a 2a 2a  2a 2a 0a 6d 61 63 41 64 ******** **.macAd
000002EA  64 72 3d 24 2a 2a 2a 2a  2a 2a 2a 2a 2a 2a 2a 2a dr=$**** ********
000002FA  0a 00                                            ..
        0000013B  61 63 63 74 80 00 00 02  00 00 00 73 6c 6b 65 79 acct.... ...slkey
        0000014B  3d 2a 2a 2a 2a 2a 2a 2a  2a 2a 2a 2a 2a 2a 2a 2a =******* ********
        0000015B  2a 2a 2a 2a 2a 2a 2a 2a  2a 2a 2a 2a 2e 0a 70 72 ******** ****..pr
        0000016B  6f 66 69 6c 65 49 64 3d  2a 2a 2a 2a 2a 2a 2a 2a ofileId= ********
        0000017B  2a 0a 54 58 4e 3d 4c 6f  67 69 6e 0a 75 73 65 72 *.TXN=Lo gin.user
        0000018B  49 64 3d 2a 2a 2a 2a 2a  2a 2a 2a 2a 0a 64 69 73 Id=***** ****.dis
        0000019B  70 6c 61 79 4e 61 6d 65  3d 2a 2a 2a 2a 2a 2a 2a playName =*******
        000001AB  2a 2a 00                                         **.
000002FC  61 63 68 69 c0 00 00 03  00 00 00 47 54 58 4e 3d achi.... ...GTXN=
0000030C  47 65 74 41 63 68 69 65  76 65 6d 65 6e 74 47 72 GetAchie vementGr
0000031C  6f 75 70 44 65 66 69 6e  69 74 69 6f 6e 73 0a 6e oupDefin itions.n
0000032C  61 6d 65 73 2e 5b 5d 3d  30 0a 63 68 75 6e 6b 53 ames.[]= 0.chunkS
0000033C  69 7a 65 3d 30 0a 00                             ize=0..
00000343  66 73 79 73 c0 00 00 04  00 00 00 1e 54 58 4e 3d fsys.... ....TXN=
00000353  47 65 74 50 69 6e 67 53  69 74 65 73 0a 00       GetPingS ites..
        000001AE  61 63 68 69 80 00 00 03  00 00 00 b5 61 63 68 69 achi.... ....achi
        000001BE  47 72 70 44 65 66 73 2e  30 2e 61 74 74 72 69 62 GrpDefs. 0.attrib
        000001CE  73 2e 7b 7d 3d 30 0a 61  63 68 69 47 72 70 44 65 s.{}=0.a chiGrpDe
        000001DE  66 73 2e 31 2e 61 74 74  72 69 62 73 2e 7b 7d 3d fs.1.att ribs.{}=
        000001EE  30 0a 61 63 68 69 47 72  70 44 65 66 73 2e 30 2e 0.achiGr pDefs.0.
        000001FE  6e 61 6d 65 3d 4d 75 6c  74 69 70 6c 61 79 65 72 name=Mul tiplayer
        0000020E  0a 61 63 68 69 47 72 70  44 65 66 73 2e 31 2e 6e .achiGrp Defs.1.n
        0000021E  61 6d 65 3d 53 69 6e 67  6c 65 70 6c 61 79 65 72 ame=Sing leplayer
        0000022E  0a 54 58 4e 3d 47 65 74  41 63 68 69 65 76 65 6d .TXN=Get Achievem
        0000023E  65 6e 74 47 72 6f 75 70  44 65 66 69 6e 69 74 69 entGroup Definiti
        0000024E  6f 6e 73 0a 61 63 68 69  47 72 70 44 65 66 73 2e ons.achi GrpDefs.
        0000025E  5b 5d 3d 32 00                                   []=2.
00000361  61 63 68 69 c0 00 00 05  00 00 00 72 54 58 4e 3d achi.... ...rTXN=
00000371  47 65 74 41 63 68 69 65  76 65 6d 65 6e 74 44 65 GetAchie vementDe
00000381  66 69 6e 69 74 69 6f 6e  73 42 79 47 72 6f 75 70 finition sByGroup
00000391  0a 6e 61 6d 65 73 2e 5b  5d 3d 32 0a 6e 61 6d 65 .names.[ ]=2.name
000003A1  73 2e 30 3d 4d 75 6c 74  69 70 6c 61 79 65 72 0a s.0=Mult iplayer.
000003B1  6e 61 6d 65 73 2e 31 3d  53 69 6e 67 6c 65 70 6c names.1= Singlepl
000003C1  61 79 65 72 0a 63 68 75  6e 6b 53 69 7a 65 3d 30 ayer.chu nkSize=0
000003D1  0a 00                                            ..
        00000263  66 73 79 73 80 00 00 04  00 00 01 15 70 69 6e 67 fsys.... ....ping
        00000273  53 69 74 65 2e 30 2e 6e  61 6d 65 3d 77 63 2d 69 Site.0.n ame=wc-i
        00000283  70 0a 70 69 6e 67 53 69  74 65 2e 31 2e 74 79 70 p.pingSi te.1.typ
        00000293  65 3d 30 0a 70 69 6e 67  53 69 74 65 2e 31 2e 61 e=0.ping Site.1.a
        000002A3  64 64 72 3d 31 35 39 2e  31 35 33 2e 31 36 34 2e ddr=159. 153.164.
        000002B3  31 0a 6d 69 6e 50 69 6e  67 53 69 74 65 73 54 6f 1.minPin gSitesTo
        000002C3  50 69 6e 67 3d 30 0a 70  69 6e 67 53 69 74 65 2e Ping=0.p ingSite.
        000002D3  31 2e 6e 61 6d 65 3d 65  75 2d 69 70 0a 70 69 6e 1.name=e u-ip.pin
        000002E3  67 53 69 74 65 2e 30 2e  61 64 64 72 3d 31 35 39 gSite.0. addr=159
        000002F3  2e 31 35 33 2e 31 39 33  2e 31 39 33 0a 70 69 6e .153.193 .193.pin
        00000303  67 53 69 74 65 2e 30 2e  74 79 70 65 3d 30 0a 70 gSite.0. type=0.p
        00000313  69 6e 67 53 69 74 65 2e  5b 5d 3d 33 0a 70 69 6e ingSite. []=3.pin
        00000323  67 53 69 74 65 2e 32 2e  61 64 64 72 3d 31 35 39 gSite.2. addr=159
        00000333  2e 31 35 33 2e 32 32 34  2e 36 35 0a 70 69 6e 67 .153.224 .65.ping
        00000343  53 69 74 65 2e 32 2e 6e  61 6d 65 3d 65 63 2d 69 Site.2.n ame=ec-i
        00000353  70 0a 70 69 6e 67 53 69  74 65 2e 32 2e 74 79 70 p.pingSi te.2.typ
        00000363  65 3d 30 0a 54 58 4e 3d  47 65 74 50 69 6e 67 53 e=0.TXN= GetPingS
        00000373  69 74 65 73 00                                   ites.
        00000378  61 63 68 69 b0 00 00 05  00 00 1f ce 64 61 74 61 achi.... ....data
        00000388  3d 59 57 4e 6f 61 55 52  6c 5a 6e 4d 75 4d 6a 55 =YWNoaUR lZnMuMjU
        00000398  75 5a 33 4a 76 64 58 42  4f 59 57 31 6c 50 56 4e uZ3JvdXB OYW1lPVN
        ...cut...
        00002308  76 64 58 42 4f 59 57 31  6c 50 55 31 31 62 48 52 vdXBOYW1 lPU11bHR
        00002318  70 63 47 78 68 65 57 56  79 43 6d 46 6a 61 47 6c pcGxheWV yCmFjaGl
        00002328  45 0a 64 65 63 6f 64 65  64 53 69 7a 65 3d 38 35 E.decode dSize=85
        00002338  36 39 0a 73 69 7a 65 3d  31 31 34 32 38 00       69.size= 11428.
        00002346  61 63 68 69 b0 00 00 05  00 00 0d 36 64 61 74 61 achi.... ...6data
        00002356  3d 5a 57 5a 7a 4c 6a 45  78 4c 6d 46 30 64 48 4a =ZWZzLjE xLmF0dHJ
        00002366  70 59 6e 4d 75 65 30 52  6c 63 32 4e 79 61 58 42 pYnMue0R lc2NyaXB
        ...cut...
        00003046  6f 49 47 5a 79 62 32 30  67 51 57 4a 76 64 6d 55 oIGZyb20 gQWJvdmU
        00003056  69 41 41 25 33 64 25 33  64 0a 64 65 63 6f 64 65 iAA%3d%3 d.decode
        00003066  64 53 69 7a 65 3d 38 35  36 39 0a 73 69 7a 65 3d dSize=85 69.size=
        00003076  31 31 34 32 38 00                                11428.
000003D3  61 63 68 69 c0 00 00 06  00 00 00 9c 54 58 4e 3d achi.... ....TXN=
000003E3  47 65 74 4f 77 6e 65 72  41 63 68 69 65 76 65 6d GetOwner Achievem
000003F3  65 6e 74 73 42 79 47 72  6f 75 70 0a 6f 77 6e 65 entsByGr oup.owne
00000403  72 49 64 73 2e 5b 5d 3d  31 0a 6f 77 6e 65 72 49 rIds.[]= 1.ownerI
00000413  64 73 2e 30 3d 2a 2a 2a  2a 2a 2a 2a 2a 2a 0a 6f ds.0=*** ******.o
00000423  77 6e 65 72 54 79 70 65  3d 31 0a 6e 61 6d 65 73 wnerType =1.names
00000433  2e 5b 5d 3d 32 0a 6e 61  6d 65 73 2e 30 3d 4d 75 .[]=2.na mes.0=Mu
00000443  6c 74 69 70 6c 61 79 65  72 0a 6e 61 6d 65 73 2e ltiplaye r.names.
00000453  31 3d 53 69 6e 67 6c 65  70 6c 61 79 65 72 0a 63 1=Single player.c
00000463  68 75 6e 6b 53 69 7a 65  3d 30 0a 00             hunkSize =0..
        0000307C  61 63 68 69 80 00 00 06  00 00 00 3e 54 58 4e 3d achi.... ...>TXN=
        0000308C  47 65 74 4f 77 6e 65 72  41 63 68 69 65 76 65 6d GetOwner Achievem
        0000309C  65 6e 74 73 42 79 47 72  6f 75 70 0a 61 63 68 69 entsByGr oup.achi
        000030AC  65 76 65 6d 65 6e 74 73  2e 5b 5d 3d 30 00       evements .[]=0.
        000030BA  66 73 79 73 00 00 00 00  00 00 00 15 54 58 4e 3d fsys.... ....TXN=
        000030CA  50 69 6e 67 00                                   Ping.
0000046F  66 73 79 73 80 00 00 00  00 00 00 16 54 58 4e 3d fsys.... ....TXN=
0000047F  50 69 6e 67 0a 00                                Ping..
        000030CF  66 73 79 73 00 00 00 00  00 00 00 15 54 58 4e 3d fsys.... ....TXN=
        000030DF  50 69 6e 67 00                                   Ping.
00000485  66 73 79 73 80 00 00 00  00 00 00 16 54 58 4e 3d fsys.... ....TXN=
00000495  50 69 6e 67 0a 00                                Ping..
        000030E4  66 73 79 73 00 00 00 00  00 00 00 15 54 58 4e 3d fsys.... ....TXN=
        000030F4  50 69 6e 67 00                                   Ping.
0000049B  66 73 79 73 80 00 00 00  00 00 00 16 54 58 4e 3d fsys.... ....TXN=
000004AB  50 69 6e 67 0a 00                                Ping..
        000030F9  66 73 79 73 80 00 00 00  00 00 00 3e 54 58 4e 3d fsys.... ...>TXN=
        00003109  4d 65 6d 43 68 65 63 6b  0a 6d 65 6d 63 68 65 63 MemCheck .memchec
        00003119  6b 2e 5b 5d 3d 30 0a 74  79 70 65 3d 30 0a 73 61 k.[]=0.t ype=0.sa
        00003129  6c 74 3d 31 37 38 35 39  37 35 37 38 39 00       lt=17859 75789.
000004B1  66 73 79 73 80 00 00 00  00 00 00 22 54 58 4e 3d fsys.... ..."TXN=
000004C1  4d 65 6d 43 68 65 63 6b  0a 72 65 73 75 6c 74 3d MemCheck .result=
000004D1  0a 00                                            ..

well, I hope this will be useful or will be at least the "start" for new projects for who is interested in this stuff (like LAN partys).
use this thread if you need to add more info or have doubts or anything else related

aluigi · **Posted:** 11 Feb 2010 11:29

released a new version of lpatch (0.4.4) that allows the patching of a running process or the patching of a launched program.

it's enough to create a link or a bat file containing the following command:

Code:

lpatch.exe -r fesl.lpatch "c:\program...blah...\game.exe"

it will run the specified program (in my example an hypothetic game.exe, that can be moha.exe, bf2142.exe and so on) and after 1 or 2 seconds it will apply the patch to the started process.

if it's still not able to apply the patch or the game doesn't want to work is possible to launch the game as usual and after it's started run lpatch with the following command:

Code:

lpatch.exe -p fesl.lpatch game.exe

it means that we want to apply the patch to the process called game.exe

as usual in case of doubts or problems I'm here

aluigi · **Posted:** 12 Feb 2010 23:24

I have updated the fesl.lpatch file for supporting other games not "patchable" with the previous version

aluigi · **Posted:** 14 Mar 2010 23:17

in these days some people asked me about how to retrieve the list of servers in Battlefield Bad Company 2.
well, the new tool for doing this job will be released in the next days (the first test code is ready) so stay tuned.

mdz · **Joined:** 23 Apr 2010 17:14 **Posts:** 1

hi luigi,
first i want to thank you for this very helpful program "stcppipe" and this guide. now my question: the fesl-server sends a packet with the following content:

"acctTXN=NuLogin
returnEncryptedInfo=0
encryptedInfo= [ENCRYPTED_INFO]
macAddr=$00*********8"

Do you know which algorith is used to encrypt the data after "encryptedInfo"? (i have cut them for security reasons, but they look like "Diyveb0tgradVsBtpiHpeFha4G6iwC2x5")

kind regards,
mdz

aluigi · **Posted:** 23 Apr 2010 18:01

in the case of Battlefield Heroes it's a pseudo cookie (AuthToken) that the browser plugin of the game takes from the website after you authenticate and it's passed to the game via a command-line parameter when it gets launched and is subsequently sent to fesl.
so it should be the same also for the other games that don't use the classical username/password scheme.

I show you the bfheroes example in practice:

Code:

GET /nucleus/authToken HTTP/1.1
Cookie: magma=e1212154asgapa6ms8rs7wmip3
User-Agent: BFHeroesINet
Host: www.battlefieldheroes.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

Code:

HTTP/1.1 200 OK
Date: Mon, 15 Mar 2010 23:22:18 GMT
Server: Apache
Vary: Accept-Encoding
X-Orig-Server: bfhweb32.eao.abn-iad.ea.com
Content-Length: 226
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/xml; charset=utf8

<?xml version="1.0"?>
<success code="NEW_TOKEN"><token>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX..</token></success>

and then all to fesl

Code:

TXN=NuLogin
returnEncryptedInfo=0
encryptedInfo=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX..
macAddr=$076ceffffffa

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

Generalization and additions

FeslPacket = struct {
FeslHeader, // 12 bytes
Data // 0 terminated string (UTF8(without BOM)/ASCII/Latin1???)
}

FeslHeader = struct {
FeslCommand, // 4 bytes
FeslTypeAndNumber, // 4 bytes, BigEndian!
PaketSize, // 4 bytes, BigEndian!, Data_size + 12
}

FeslTypeAndNumber = ( FeslType << 24 ) | PacketNumber

PacketNumber - sends request to server with unique number you receive answer with same number (order may be wrong!)

FeslType = enum {
0xC0 - TAG_SINGLE_CLIENT // one packet request
0x80 - TAG_SINGLE_SERVER // one packet answer/request
0xF0 - TAG_MULTI_CLIENT // part of multipacket request (all parts with one PacketNumber)
0xB0 - TAG_MULTI_SERVER // part of multipacket answer/request (all parts with one PacketNumber)
}

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

Multipart packets

If packet (request or answer) size more then 8KB (???), packet data (Data field) converted with base64, cut into pieces (8KB), and sends like number of packets with fields:

FeslCommand = like in original packet
FeslType = 0xF0 (request from client)/0xB0(answer from server)
Data="data=[part of base64'ed original Data)]\n
"size=[size of base64'ed original Data (All data size, not a current part only!)]\n
"decodedSize=[size of original Data (optional)]\n"
PacketNumber = all parts have an original packet's number

Some details of realization:
In real live EA server and clients insert strange garbage in base64 string, it's looks like "%3" substrings. Really, if you want to read data sanded by EA, you must cutoff all this garbage ;)

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

Sample code:

BFBC2Stats program - observe your statistics from desktop
http://www.gigasize.com/get.php?d=2hll43cdgwc

Code:
It's shared on svn, but i want to know is it interested for somebody, before public link.
I think then authorized access is a better way for interested developers.

ThaNODnl · **Joined:** 29 Jun 2010 14:08 **Posts:** 4

wdigger, I tried to download your code but it was removed,

I'm really interested in the protocol, especially how to get Statistics for people in BFBC2.
And I'm implementing the Fesl protocol in java as we speak so maybe we can help each other with it.

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

Really strange, but file is gone...
I'm upload it again to
http://www.gigasize.com/get.php?d=7jm2l20n46d

Some later i present new version without login with your EA account.
Now i know how to connect like a server ;)

Write me to bfbc2.easpy@gmail.com for additional info

ThaNODnl · **Joined:** 29 Jun 2010 14:08 **Posts:** 4

Unfortunately I'm running on OSX almost all of the time so I could not try out your application. Hope to have a look at it in the weekend.
But I'm real glad you found a way to fetch statistics of players. Could you tell me if it's only possible to get your own results or can I get the stats of a random bfbc2 player?

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

It's working on OSX too.
I'll try to build completely distribution package, and publish it.

ThaNODnl · **Joined:** 29 Jun 2010 14:08 **Posts:** 4

Currently there was only a windows binary on the download link you provided.
Even running it with wine would not show me something usefull.
At the end of the week Im back home again where I have a windows machine.

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

It's a link to OSX version

http://www.gigasize.com/get.php?d=3qf21zfw27d

aluigi · **Posted:** 30 Jun 2010 22:40

Quote:

Some later i present new version without login with your EA account.
Now i know how to connect like a server ;)

uhmmm in what game the servers don't require an EA account?
because in those I saw it was ever required (example mohair)
where are these "details"?

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

In BFBC2 all servers have same login and password (hardcoded!) ;)
But server have some differences from client, for example it send presence message every 5 seconds.

aluigi · **Posted:** 01 Jul 2010 08:49

Quote:

In BFBC2 all servers have same login and password (hardcoded!) ;)

that's completely different from "without login with your EA account".
it's exactly like sharing the same account between all the people of the world.

instead, does it require special things or it's like using -a bfbc2_user bfbc2_pass bfbc2-pc from ealist?

wdigger · **Joined:** 22 Jun 2010 01:07 **Posts:** 11

aluigi wrote:

that's completely different from "without login with your EA account".
it's exactly like sharing the same account between all the people of the world.

At this moment my program ask user to enter his EA credentials, next version must work
without this step. That's all what i say.

aluigi wrote:

instead, does it require special things or it's like using -a bfbc2_user bfbc2_pass bfbc2-pc from ealist?

For ealist that's enough, i think...

allanmc · **Joined:** 15 Jan 2011 15:49 **Posts:** 1

I have some updated information about the NuLogin and encryptedInfo, which i found through bfbc2 by using Luigi's great patch and stcppipe. Some of you might already know this, but i didn't see it in this forum, so i'll just post it, hoping that it's useful for some of you,

When sending an fsys TXN=NuLogin command, the following fields are still mandatory:

Code:

returnEncryptedInfo = 0/1 - yes or no to whether you want "encryptedLoginInfo" returned.
macAddr =$000000000000 - in my case its always just zeroes.

Regarding login information you can choose whether you want to login usign encrypted information or not - if you provide both, only the encrypted login will be used (plaintext login will be ignored).

Plaintext login is done using the fields:

Code:

nuid = your account email
password = your account password

So the change here would be logging in using "nuid" instead of "name".

If you want to login using encrypted information the field is:

Code:

encryptedInfo = encrypted login information

Now, how to obtain the encrypted login information? Simple by logging in using NuLogin with plaintext login, and returnEncryptedInfo=1. This will log you in while also returning your encrypted login information - named encryptedLoginInfo.

I don't know much about encryptedInfo/encryptedLoginInfo, but in my case it is always a 128 bytes long string, using characters [A-Za-z0-9_-].
And every time i ask NuLogin to return the encrypted information to me, for the same login details, only the first 42 bytes are identical each time - the remaining 86 bytes seem random. But nevertheless, any of the returned different encrypted login strings will work later - not only the newest.

Luigi Auriemma

fesl.ea.com protocol