Mass Effect Andromeda not working with Logitech Wrapper

[ProjectSynchro]

Checked logs and cannot see the application listed as being picked up by the logitech wrapper.

Is there a workaround that I could attempt to use? (additional registry keys, placing DLL in game directory?

I don't see why this game would actively block or use a checksum, seeing as it has no anticheat to speak of (despite having a multiplayer mode)

[diogotr7]

I'm not sure where game developers get the checksum from, i assume it's a version of the SDK provided by Logitech themselves.

I was able to see if the checking is done with procmon for the newer battlefield games, maybe you could check if this is the case as well? I do not have that gamer to test with.

As an alternative, i briefly looked into reverse engineering the host part of the SDK, so that the original DLL can still be used. It looks possible with the public dll, but i don't know if the dll provided to game developers by logitech does any other checks to prevent this. When i have the time to work on that part I'll publish something.

[ProjectSynchro]

I took a gander at the log and noticed the 'Microsoft Enhanced RSA and AES Cryptographic Provider' was being loaded after the logitech dll is found.

MassEffectAndromedaProcmon.zip

Here is the filtered log file if you want to take a look.

[diogotr7]

Yeah that's what i remember seeing for the battlefield games. I don't know if there's a way to get around it. Maybe working on the backend would be the only way to capture these effects, if even possible at all.

[ProjectSynchro]

Yeah, I suspect this is probably the case as well.

Looking at logitech's SDK it does state this:

Which I'm just going to hazard a guess and say that if you need to connect to the SDK it'll most likely break whatever is going on in the game, assuming you could get to that point at all..

[ProjectSynchro]

Also was just sniffing around the stack (no real idea what I'm doing)

I noticed a couple references to 'trusted publisher', followed by some anti-tamper instructions. Could it be that since the dll is not signed it won't load it? And if that is the case, what exactly needs to be done to sign the DLL (maybe even self sign) and then trust the self signed certificate and 'publisher'?

The 'LogitechLedEnginesWrapper.dll' file included in the SDK (don't want to redownload all of GHUB to test my theory on the original server dll) is digitally signed.
See:

So the check may just be to see if whatever libraries the game is loading are digitally signed and trusted by the system (regardless of who signed it or which trust it is under) seeing as (at least in this title) the only external libraries that are loaded would be the EA gubbins, the logitech DLL, and any external libraries which are included in the game folder.

All of the libraries are digitally signed (minus the artemis wrapper dll)

Thinking a little bit more now I don't think it would make sense if they did use a checksum.. as it would be invalid every time there's an SDK update. The last one was in 2018, which is a few years after Mass Effect Andromeda came out.
After using dumpbin on the static library included with the SDK, I see a VerifyDllAuthenticity function as well as a bunch of mentions of wintrust, and various other certificate checks.

093 00000000 UNDEF  notype       External     | __imp_CertFreeCertificateContext
094 00000000 UNDEF  notype       External     | __imp_CertGetNameStringW
095 00000000 UNDEF  notype       External     | __imp_CryptVerifyMessageSignature
096 00000000 UNDEF  notype ()    External     | WinVerifyTrust
097 00000000 UNDEF  notype       External     | __imp_ImageEnumerateCertificates
098 00000000 UNDEF  notype       External     | __imp_ImageGetCertificateData
099 00000000 UNDEF  notype       External     | __imp_ImageGetCertificateHeader
09A 00000000 SECT23 notype ()    External     | ?VerifyDllAuthenticity@@YA_NPEA_W@Z (bool __cdecl VerifyDllAuthenticity(wchar_t *))
09B 00000000 SECT24 notype ()    External     | ?_LogiLedInit@@YAXXZ (void __cdecl _LogiLedInit(void))
09C 00000000 UNDEF  notype ()    External     | __GSHandlerCheck
09D 00000000 UNDEF  notype ()    External     | __security_check_cookie

There definitely appears to be more than a couple different security checks in use here, I have no idea what exactly is being done.. I have pretty crap knowledge in respects to this. But just looking at this, there's a certificate check at least (to what degree I don't know) and there's some kind of cookie baked into the static library.

Maybe using a hex editor or something could shed some more light on what is actually going on..
Or some stub functions might need to be implemented to spoof some kind of check..

Kind of just thinking out loud at this point.

[diogotr7]

Yeah I'm not very knowledgeable about this either.

As you suggested, i self signed the dll it's supposed to load and it still didn't work. The process Monitor log is a bit different though, it has more entries. I suspect it checks for some sort of fingerprint on the signature, after verifying that it has a signature. Unfortunate.

[ProjectSynchro]

Yeah that's most likely the case..
Ah well.. Worth trying at least, will close this as wontfix.