PlayStation 2

The PlayStation 2 is a video game console created by Sony.

DNAS

"DNAS" (Dynamic Network Authentication System) is a proprietary authentication system created by Sony Computer Entertainment Inc. ("SCEI").

DNAS retrieves information about a user’s hardware and software for authentication,
copy protection, account blocking, system, rules, or game management and other purposes.

The information collected does not identify the user personally. A publisher can combine
this information with personally identifying information from the publisher’s records if
the user provides the personally identifying information. Before providing any personal
information to a publisher please be sure to review the publisher’s privacy policy and
terms and conditions of use. Do not provide personally identifying information to a
publisher unless you accept the conditions of use and terms of their privacy policy.

SCEI, Sony Computer Entertainment America ("SCEA") and their affiliates cannot guarantee
the continuous operation of the "DNAS" servers. SCEA shall not be liable for any delay or
failure of the "DNAS" servers to perform.

On April 4, 2016; SCEI discontinued the official DNAS servers, thus forcefully taking down hundreds of multiplayer game titles with it.

Official DNAS server domains:

• gate1.us.dnas.playstation.org
• gate1.jp.dnas.playstation.org
• gate1.eu.dnas.playstation.org

Status Codes

DNAS status code definitions:

• -101 to -108: Authentication
• -201 to -204: Downloading
• -401 to -404: Hardware
• -601 to -625: Network
• -701 to -703: Unique ID
• -800 to -1099: Unexpected

Possible resolutions for errors -402 or -403:

• Most likely mod chip related. Try disabling the mod chip.

Possible resolutions for errors -611 or -612:

• Related to a firewall issue or network with closed ports.
• Try opening the suggested ports.

Service Revival

The shutdown of DNAS has caused hundreds of multiplayer titles go offline with it. The community has went above and beyond to try to revive many game servers.

Since SCEI discontinued DNAS, there have been a few replacement services out there, such as:

These public services are running a DNAS replacement server, however it is far more convenient to run a Docker containerized version instead.

More information regarding game servers here: https://docs.google.com/spreadsheets/d/1bbxOGm4dPxZ4Vbzyu3XxBnZmuPx3Ue-cPqBeTxtnvkQ

Medius

Medius (SCE-RT) was a networking engine solution that most top-title games would have implemented for their multiplayer games as the underlying protocol. There is very little documentation regarding it therefore it's not fully understood and the only parts that we know of have to be reverse-engineered.

Medius uses Textbook RSA (512-bit) in conjunction with a custom RC4 or RCQ algorithm for encryption.

Factored public key:

p = 0xDFB02A1599450D529CEF34774EDAA76F0D46663B42469476D45AA764B0CDC98D
q = 0xE16B03F8AC618A461B545D8697949C8597EC9306D03F82D950257A9E0013D0E9
d = 0x5CB0A1743310A44CC64F5A26965D2485A3DB53B2A3CE436A208E3024DD7721E1FFB72135F578033ED5D6A8B58B4013FF616A47CADB6072B5752495EBF2A7B7F1

Where p and q are the prime numbers, and d being the private exponent. But if you just care about the RSA private key:

RSA Private-Key: (512 bit, 2 primes)
modulus:
    00:c4:f7:57:16:ec:83:5d:23:25:68:9f:91:ff:85:
    ed:9b:fc:32:11:db:9c:16:4f:41:85:2e:26:4e:56:
    9d:28:02:00:80:54:a0:ef:45:9e:7e:3e:ab:b8:7f:
    ae:57:6e:73:54:34:d1:d1:24:b3:0b:11:bd:6d:e0:
    98:14:86:01:55
publicExponent: 17 (0x11)
privateExponent:
    5c:b0:a1:74:33:10:a4:4c:c6:4f:5a:26:96:5d:24:
    85:a3:db:53:b2:a3:ce:43:6a:20:8e:30:24:dd:77:
    21:e1:ff:b7:21:35:f5:78:03:3e:d5:d6:a8:b5:8b:
    40:13:ff:61:6a:47:ca:db:60:72:b5:75:24:95:eb:
    f2:a7:b7:f1
prime1:
    00:df:b0:2a:15:99:45:0d:52:9c:ef:34:77:4e:da:
    a7:6f:0d:46:66:3b:42:46:94:76:d4:5a:a7:64:b0:
    cd:c9:8d
prime2:
    00:e1:6b:03:f8:ac:61:8a:46:1b:54:5d:86:97:94:
    9c:85:97:ec:93:06:d0:3f:82:d9:50:25:7a:9e:00:
    13:d0:e9
exponent1:
    4e:f2:e1:ad:45:27:6e:1d:28:54:6c:de:d0:89:68:
    45:4f:fa:ba:ab:80:cd:9d:cf:96:3e:1c:f6:5c:84:
    dd:b9
exponent2:
    00:84:99:4d:a1:56:57:7e:83:97:9b:09:d6:b3:84:
    98:4e:95:9a:38:5e:5c:61:98:43:98:8e:84:5c:f0:
    fc:99:01
coefficient:
    26:32:fd:71:73:4a:cc:ad:11:ad:f7:5c:14:15:0d:
    1f:79:cd:b9:a5:0b:ee:6b:96:f4:9a:88:e2:85:40:
    8b:9b
RSA key ok
writing RSA key

-----BEGIN RSA PRIVATE KEY-----
MIIBOAIBAAJBAMT3Vxbsg10jJWifkf+F7Zv8MhHbnBZPQYUuJk5WnSgCAIBUoO9F
nn4+q7h/rlduc1Q00dEkswsRvW3gmBSGAVUCARECQFywoXQzEKRMxk9aJpZdJIWj
21Oyo85DaiCOMCTddyHh/7chNfV4Az7V1qi1i0AT/2FqR8rbYHK1dSSV6/Knt/EC
IQDfsCoVmUUNUpzvNHdO2qdvDUZmO0JGlHbUWqdksM3JjQIhAOFrA/isYYpGG1Rd
hpeUnIWX7JMG0D+C2VAlep4AE9DpAiBO8uGtRSduHShUbN7QiWhFT/q6q4DNnc+W
Phz2XITduQIhAISZTaFWV36Dl5sJ1rOEmE6VmjheXGGYQ5iOhFzw/JkBAiAmMv1x
c0rMrRGt91wUFQ0fec25pQvua5b0mojihUCLmw==
-----END RSA PRIVATE KEY-----

Here are some PDF's and documentation that explain parts of Medius for the PlayStation 2:

• File:Medius Components-API.pdf
• File:SOCOM GDC 2003 Presentation.pdf
• File:Medius changes.txt
• File:SCE-RT SDK Medius API Overview.pdf
• File:SCE-RT SDK Medius API Reference.pdf
• File:SCE-RT SDK DME API Overview.pdf
• File:SCE-RT SDK DME API Reference.pdf
• File:SCE-RT SDK MGCL API Overview.pdf
• File:SCE-RT SDK MGCL API Reference.pdf

Medius Games

Medius App IDs

Medius App IDs are what each game uses to identify each other from what game it is for. Here is a list of known PS2 Medius App IDs:

Medius Components

Medius servers are split into 6 major components:

Medius Universe Manager (MUM)

Keeps track of lobby rooms, game information, and players. This server generally runs on port 10076.

Medius Authentication Server (MAS)

Allows users to login, authenticate and obtain a session token to login to the Medius Lobby Server. This server generally runs on port 10075.

Medius Lobby Server (MLS)

Handles license agreement, announcements, global chat room, clans, create games, and join games. This server generally runs on port 10077 or sometimes 10078.

Medius Proxy Server (MPS)

Global chat room, clans, create games, and join games. This server generally runs on port 10078.

DME Game Server (Distributed Memory Engine)

The DME Game Server is a "Reliable UDP" server that handles connections between clients on a game's current status.

Medius Network Address Translation (NAT)

A UDP server used to give the client their IP Address.

Medius Universe Information Server (MUIS)

Server for providing the client with multiple other Medius stacks (MAS/MLS/MPS/DME). This server generally runs on port 10071.

Medius Protocol

All encrypted Medius packets are structured as follows:

(This is an example MAS login packet from a PlayStation 2 client)

00000000  92 40 00 f4 f8 7a f7 34  25 c8 9a 6d a9 dd eb ab   [email protected] %..m....
00000010  a8 3c a6 e6 b4 72 6d ef  51 23 00 de ea 43 d5 8f   .<...rm. Q#...C..
00000020  22 50 3f af 9c 52 96 10  7c a4 be a9 57 8a ae 49   "P?..R.. |...W..I
00000030  68 06 20 73 c6 24 a8 07  ad 44 d2 54 29 8d 58 b6   h. s.$.. .D.T).X.
00000040  3c da 3b e4 33 8c 57                               <.;.3.W

The first byte (e.g. 0x92) is the encrypted Packet ID, which has 0x80 added to the original (unencrypted) Packet ID value to indicate it's encrypted. The following two bytes (e.g. 0x40 0x00) (in little-endian) refer to the length of packet's payload data. After that, there are four bytes (e.g. 0xf8 0x7a 0xf7 0x34) which is the checksum of the payload data of the packet. Finally after that is the payload data.

"The first packet (92) holds a public 512-bit RSA key the game created on the fly. But the packet is encrypted with Sony‘s public Medius RSA key. You need to crack that key or find a way to deactivate encryption in the game (patch). The second packet holds the session key for a RC like algorithm, it’s encrypted with the public key the server got from game. It’s a slightly modified variant of RC4 that is used for decryption from now on." -Fog23

So far what we know is the MAS Packet ID conversation goes like this:

1. Client Connects
2. Client: 0x12 [len 64] The contents is an RSA key generated by the PS2, which is encrypted using public-key of the server (512-bit Textbook RSA). The server's public-key is burned in the game client's iso.
3. Server: 0x13 [len 64] The contents is a custom RC4 or RCQ "session key" used to encrypt/decrypt messages going forward, this message is encrypted via the public RSA key sent by the client.
4. Client: 0x00 [len 73] Unknown. Encrypted RC4/RCQ key?
5. Server: 0x14 [len 64] Unknown. Static key?
6. Server: 0x07 [len 23] Server sends the client their own IP address. Starts with 0x01 0x08 0x00 0x00 0x01 0x00, followed by the client's IP address.
7. Server: 0x1a [len 2] Continuation of 0x07 packet, just 0x01 0x00.
8. Client: 0x0b [len 30] Set world id. Starts with 0x01 0x03 0x31 and at byte 27 0x01 (world id).
9. Server: 0x0a [len 50] Set player id. Starts with 0x01 0x04, at byte 3 0x31 (world id) and at byte 31 0x32 (player id). The player id increments each time a player connects.
10. Client: 0x0b [len 50] Unknown. Appears to be static. Starts with 0x01 0xa3 and at byte 43 0x02, at byte 47 0x01.
11. Server: 0x0a [len 30] Unknown. Appears to be static. Starts with 0x01 0xa4.
12. Client: 0x0b [len 82] Unknown. Starts with 0x04 0x0a at byte 3 0x31 (world id?), at byte 24 0x32 (player id), at byte 47 0x20 0x28 0x75 0x0F 0xCE 0x19 0x65 0x56 0x61 0x65 0x14 0x0B 0xF6 0xB4 0xC4 0x13 0x63 0xD3 0xD0 0x20 0x02 0x0F 0xE4 0x09 0xF4 0x4D 0xF5 0x36 0x76 0xB8 0xEF 0x50 0x93 0x00 0x00 0x00 (static key?).
13. Client: 0x0b [len 104] Login details. Starts with 0x01 0x07, at byte 3 0x31 (world id), at byte 24 0x32 (player id), at byte 41 (username), at byte 73 (password).
14. Server: 0x0a [len 198] Successful authentication, give client MLS address and access token. At byte 51 (MLS IP Address) followed by the port as a short (2 bytes), at byte 75 (NAT IP Address) followed by the port as a short (2 bytes).
15. Client: 0x01 [len 0] Client sends disconnect packet.
16. Client Disconnects

After authenticating with the Medius Authentication Server, the MAS will send the IP address and port of the Medius Lobby Server (MLS) which by default runs on port 10078.

Custom RC4 Crypto

PlayStation 2 titles that use Medius are noticed to use a custom RC4 implementation, or RCQ for the encryption scheme after the RSA handshake completes.

Below are a couple of utilities that can be used to encrypt/decrypt Medius packets (custom RC4 works, RCQ works only partially).

• Java: https://github.com/hashsploit/medius-crypto
• C#: https://github.com/Dnawrkshp/medius-crypto

You can also use the Medius Crypto Test Tool to verify if your own library implementation works.

• Medius Crypto Test Tool: https://github.com/hashsploit/medius-test-tools

Encryption example:

private void encrypt(byte[] input, int inOff, int length, byte[] output, int outOff) {
    for (int i = 0; i < length; ++i) {
        x = (x + 5) & 0xff;
        y = (y + engineState[x]) & 0xff;

        // Swap
        byte temp = engineState[x];
        engineState[x] = engineState[y];
        engineState[y] = temp;

        // Xor
        output[i + outOff] = (byte) (input[i + inOff] ^ engineState[(engineState[x] + engineState[y]) & 0xff]);
        y = (engineState[input[i + inOff]] + y) & 0xff;
    }
}

Decryption example:

private void decrypt(byte[] input, int inOff, int length, byte[] output, int outOff) {
    for (int i = 0; i < length; ++i) {
        y = (y + 5) & 0xFF;

        int v0 = engineState[y];
        byte a2 = (byte) (v0 & 0xFF);
        v0 += x;
        x = (byte) (v0 & 0xFF);

        v0 = engineState[x];
        engineState[y] = (byte) (v0 & 0xFF);
        engineState[x] = a2;

        byte a0 = input[i];

        v0 += a2;
        v0 &= 0xFF;
        int v1 = engineState[v0];

        a0 ^= (byte) v1;
        output[i] = a0;

        v1 = engineState[a0] + x;
        x = v1 & 0xFF;
    }
}

Packet IDs

The Packet ID type is the first byte in each packet that define what type of packet this is. If it's encrypted it will have 0x80 added to the original Packet ID.

Graceful Disconnect (0x01)

The Graceful Disconnect packet is sent by the client to notify the server of a graceful disconnect.

• Bind Type: client
• Packet ID: 0x01
• Encrypted Packet ID: 0x01

Encrypted packet: [ID: 0x01, LENGTH: 0x03 [3], DATA LENGTH: 0x00 [0]]

00000000  01 00 00                                          |...|

Decrypted packet data: (without packet id, length, or checksum): [ID: 0x1c, LENGTH: 0x00 [0]]

00000000

Login RSA Request (0x12)

The Login RSA Request packet is sent by the client to initiate a connection to MAS, it uses the MAS's public key embedded in the ISO to encrypt a custom RC4 or RCQ key.

• Bind Type: server
• Packet ID: 0x12
• Encrypted Packet ID: 0x92

It is the first packet sent by the client. This packet contains data encrypted using the MAS's RSA 512-bit public key, which we believe is stored in the game's ISO ELF file.

Raw Structure:

Encrypted packet: [ID: 0x9c, LENGTH: 0x46 [71], DATA LENGTH: 0x40 [64]]

00000000  92 40 00 f4 f8 7a f7 34  25 c8 9a 6d a9 dd eb ab  |[email protected]%..m....|
00000010  a8 3c a6 e6 b4 72 6d ef  51 23 00 de ea 43 d5 8f  |.<...rm.Q#...C..|
00000020  22 50 3f af 9c 52 96 10  7c a4 be a9 57 8a ae 49  |"P?..R..|...W..I|
00000030  68 06 20 73 c6 24 a8 07  ad 44 d2 54 29 8d 58 b6  |h. s.$...D.T).X.|
00000040  3c da 3b e4 33 8c 57                              |<.;.3.W|

Decrypted packet data: (without packet id, length, or checksum): [ID: 0x12, LENGTH: 0x40 [64]]

00000000  6b 8f 99 ec 1b af 06 d2  67 42 84 b5 30 5e e6 e3  |k.......gB..0^..|
00000010  8b 1d e7 33 1f 2f bf 31  de 49 72 28 b7 c5 21 62  |...3./.1.Ir(..!b|
00000020  f1 8d ae 89 13 c4 0c 43  c0 e8 90 d1 4e ee 16 ad  |.......C....N...|
00000030  07 c6 4f d9 28 1d 8b 97  2d 78 be 78 d1 b2 90 ce  |..O.(...-x.x....|

Login RSA Response (0x13)

The Login RSA Response packet is sent by the server to establish encrypted communication with the client. The response is a custom RC4 or RCQ key used later that is encrypted with the client's public RSA key that is sent in the Login RSA Request 0x12 packet.

• Bind Type: server
• Packet ID: 0x13
• Encrypted Packet ID: 0x93

It is the first packet sent by the server.

Raw Structure:

Encrypted packet: [ID: 0x93, LENGTH: 0x46 [71], DATA LENGTH: 0x40 [64]]

00000000  93 40 00 73 a1 bb f9 45  93 0a 9e 59 40 35 b2 63  |[email protected]@5.c|
00000010  90 46 cd 56 f5 cc e6 59  98 bd dd 16 e9 2e c0 fd  |.F.V...Y........|
00000020  75 63 95 1c 74 88 da 4e  23 41 67 5e 3f 69 26 45  |uc..t..N#Ag^?i&E|
00000030  ad 8b 06 4a 0b 5d 3d 52  01 7f e1 b4 fc c1 b7 cd  |...J.]=R........|
00000040  48 43 cd db a3 b8 c1                              |HC.....|

Decrypted packet data: (without packet id, length, or checksum): [ID: 0x13, LENGTH: 0x40 [64]]

00000000  e7 47 74 38 e0 23 4b b8  19 6d 57 4f 09 33 7b e7  |.Gt8.#K..mWO.3{.|
00000010  a7 29 71 62 8c 55 1c 33  73 a6 8b e7 f1 f1 08 18  |.)qb.U.3s.......|
00000020  1e aa c2 41 9a fa 75 83  21 5e 79 77 5e 9d 6d bc  |...A..u.!^yw^.m.|
00000030  8d 44 25 45 ef 39 6f 29  c6 29 c6 29 4c 69 fc 97  |.D%E.9o).).)Li..|
00000040  e1 77                                             |.w|

Server Message (0x1c)

The Server Message packet is sent by the server to the client to show a message notification on screen.

• Bind Type: server
• Packet ID: 0x1c
• Encrypted Packet ID: 0x9c

This packet is structured with the first byte referencing the message severity 0x9f (159). The message severity appears to be a value ranging from 0 to 255, followed by 3 unknown bytes that appear to be constants 0x02 0x01 0x01, followed by the message contents and finally terminated by two null bytes 0x00 0x00.

Raw Structure:

Encrypted packet: [ID: 0x9c, LENGTH: 0x6e [110], DATA LENGTH: 0x67 [103]]

00000000  9c 67 00 b8 61 0e 24 b6  e9 12 a1 61 b7 30 26 e4  |.g..a.$....a.0&.|
00000010  4e 6f b4 3d 81 7f 09 9b  35 7d 88 05 cc 1c 45 f0  |No.=....5}....E.|
00000020  88 94 75 7d 19 51 71 b7  81 49 26 8d 59 b1 ba 62  |..u}.Qq..I&.Y..b|
00000030  77 51 eb f7 af 75 ae ab  24 69 4f d6 12 25 18 c3  |wQ...u..$iO..%..|
00000040  14 05 40 f4 33 44 d7 81  ef 01 43 b3 50 70 93 a8  |[email protected]|
00000050  a4 97 5c 25 db bc 6c 89  4c 2d d6 b1 9a 76 37 6d  |..\%..l.L-...v7m|
00000060  a6 d5 56 4c 52 ea 48 46  fc cc 69 4d 03 b6        |..VLR.HF..iM..|

Decrypted packet data: (without packet id, length, or checksum): [ID: 0x1c, LENGTH: 0x67 [103]]

00000000  9f 02 01 01 4e 6f 74 69  66 69 63 61 74 69 6f 6e  |....Notification|
00000010  20 74 65 73 74 3a 20 42  72 6f 61 64 63 61 73 74  | test: Broadcast|
00000020  69 6e 67 20 6d 65 73 73  61 67 65 2e 2e 2e 54 69  |ing message...Ti|
00000030  6d 65 3d 31 35 39 34 34  33 31 31 33 35 20 28 46  |me=1594431135 (F|
00000040  72 69 20 4a 75 6c 20 31  30 20 31 38 3a 33 32 3a  |ri Jul 10 18:32:|
00000050  31 35 20 32 30 32 30 29  20 53 65 76 65 72 69 74  |15 2020) Severit|
00000060  79 3d 31 35 39 00 00                              |y=159..|

MAS Documentation

MLS Documentation

The beginning login process of MLS is very similar to MAS.