Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is a system trusted custom CA really enough to get past all the cert checks from ubi? #4

Open
yoshimo opened this issue Jan 23, 2022 · 3 comments
Open

Is a system trusted custom CA really enough to get past all the cert checks from ubi? #4

yoshimo opened this issue Jan 23, 2022 · 3 comments

Comments

@yoshimo
Copy link

yoshimo commented Jan 23, 2022

I have been trying to figure out how to create a custom downloader for ubi-games and every attempt to read the cleartext with a mitm proxy that is using my custom root ca failed so far.
Some launchers have their own list of trusted cas more or less hidden somewhere, sometimes some endpoints are more aggressively checked than others.
@TheRealAyCe
Copy link
Owner

Ubisoft Connect simply uses Window's HTTPS library. So having a root certificate to spoof your own server is enough to get "accepted" by it in my experience. Check out the C# source code for hosting that server.

@yoshimo
Copy link
Author

yoshimo commented Jan 23, 2022
edited
Loading

I have the cert as part of my systems cert store and connections to both dmx.upc.ubisoft.com and public-ubiservices.ubi.com fail
"Client closed the connection before a request was made. Possibly the SSL certificate was rejected."

Launcher_log.txt says:

[ 2608]  2022-01-01 14:54:23      [14332]      ERROR      SSLSocket.cpp (527)                              Certificate verification for host 'public-ubiservices.ubi.com' failed: 2148204809
[ 2608]  2022-01-01 14:54:23      [14332]      ERROR      SSLSocket.cpp (531)                              PortSwigger, PortSwigger, PortSwigger CA, public-ubiservices.ubi.com
[ 2608]  2022-01-01 14:54:23      [14332]      INFO       SSLSocket.cpp (434)                              Certificate verification failed, closing connection.
[ 2608]  2022-01-01 14:54:23      [14332]      ERROR      JobHttp.cpp (66)                                 Http status code is none for url https://public-ubiservices.ubi.com/v3/profiles/me/events.

So something is different with win10

@TheRealAyCe
Copy link
Owner

I tested my code on Windows 10 as well and it works there too. The root certificate must be self-signed, for the exact domain name, and must be placed in the Root Certificates cert management folder, in my case for the current user. Then the server must be explicitly told to use that certificate. Check if your server actually serves the correct certificate. This was a bit tricky for me when I developed my tool, but I found all of that out eventually. Maybe you have a similar problem?

https://social.technet.microsoft.com/Forums/systemcenter/en-US/2ee44e01-a29f-4501-bd21-5815805e2702/the-operating-system-reported-error-2148204809?forum=configmgrgeneral

Apparently that error code means the root certificate is not trusted, so it may be that you placed it in the wrong folder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yoshimo @TheRealAyCe