FIFA 23 and new EA ANTICHEAT

[caliber1942]

Not much to say. Another kernel level anticheat that blocks memory access like all the others.

You can create a new launcher to replace

EAAntiCheat.GameServiceLauncher.exe

to run the game instead of that, but the game closes after a bit either because it doesn't have the necessary .dll from the launcher and makes calls to it, or it checks to see if EAAntiCheat.GameServiceLauncher.exe is running, or could be 100 other things.

I've paused the process at a main loop here after starting the game using modified launcher (without EA ANTICHEAT going):

0000000143001ED0 | 48 89 7C 24 18 | mov qword ptr ss:[rsp+18],rdi |

and the game won't close, but it seems there is still another thread in the background going and doing the check for stuff that ultimately sets up the 'close the game' scenario, because if you breakpoint and let it breakpoint a long time, it will pretty much instantly close when continuing the main thread. At least in my experience. I didn't step from that spot to see where the exit gets called or where it crashes out.

renaming

EAAntiCheat.GameServiceLauncher.dll

causes error if using normal launcher.

EA basic service files are here:

C:\Program Files\EA\AC

Stopping service equals instant close.

Once its running

EAAntiCheat.GameServiceLauncher.exe

is blocked from memory access as is

EAAntiCheat.GameService.exe

I am sure more will come of this as we gather more info.

Might be a hack that simply bypasses close of game when it detects that service or launcher .exe isn't running, and/or kills the thread if there is one in the background doing all the checking, etc.

best,
Cal

[caliber1942]

More info..

While breakpoint, you can get to this code here:

FIFA23.exe+1873A18 - E8 F39D4404 - call FIFA23.exe+5CBD810

and once it executes, step by step breakpoint, the game will crash after next step.

You can reverse further in to here from that code:

FIFA23.exe+5CBDA0F - E8 6C01EEFA - call FIFA23.exe+B9DB80
to:
FIFA23.exe+B9DBFC - E8 8F350000 - call FIFA23.exe+BA1190

FIFA23.exe+B9DB80 - 48 89 5C 24 08 - mov [rsp+08],rbx
FIFA23.exe+B9DB85 - 57 - push rdi
FIFA23.exe+B9DB86 - 48 83 EC 30 - sub rsp,30 { 48 }
FIFA23.exe+B9DB8A - 48 8B F9 - mov rdi,rcx
FIFA23.exe+B9DB8D - 48 8D 05 9C800307 - lea rax,[FIFA23.exe+7BD5C30] { (140B9DE90) }
FIFA23.exe+B9DB94 - 33 C9 - xor ecx,ecx
FIFA23.exe+B9DB96 - 48 8B DA - mov rbx,rdx
FIFA23.exe+B9DB99 - 48 89 4F 08 - mov [rdi+08],rcx
FIFA23.exe+B9DB9D - 48 89 4F 78 - mov [rdi+78],rcx
FIFA23.exe+B9DBA1 - 48 89 8F 80000000 - mov [rdi+00000080],rcx
FIFA23.exe+B9DBA8 - 48 89 07 - mov [rdi],rax
FIFA23.exe+B9DBAB - 89 4F 10 - mov [rdi+10],ecx
FIFA23.exe+B9DBAE - 48 89 4F 18 - mov [rdi+18],rcx
FIFA23.exe+B9DBB2 - 88 4F 20 - mov [rdi+20],cl
FIFA23.exe+B9DBB5 - 48 89 4F 68 - mov [rdi+68],rcx
FIFA23.exe+B9DBB9 - 48 89 4F 70 - mov [rdi+70],rcx
FIFA23.exe+B9DBBD - 48 8D 8F 90000000 - lea rcx,[rdi+00000090]
FIFA23.exe+B9DBC4 - 49 8B 41 08 - mov rax,[r9+08]
FIFA23.exe+B9DBC8 - 48 89 87 80000000 - mov [rdi+00000080],rax
FIFA23.exe+B9DBCF - 49 8B 01 - mov rax,[r9]
FIFA23.exe+B9DBD2 - 48 89 47 78 - mov [rdi+78],rax
FIFA23.exe+B9DBD6 - 44 89 87 88000000 - mov [rdi+00000088],r8d
FIFA23.exe+B9DBDD - E8 EEC35400 - call FIFA23.exe+10E9FD0
FIFA23.exe+B9DBE2 - 48 8B 44 24 70 - mov rax,[rsp+70]
FIFA23.exe+B9DBE7 - 48 8B D3 - mov rdx,rbx
FIFA23.exe+B9DBEA - 44 8B 4C 24 68 - mov r9d,[rsp+68]
FIFA23.exe+B9DBEF - 48 8B CF - mov rcx,rdi
FIFA23.exe+B9DBF2 - 44 8B 44 24 60 - mov r8d,[rsp+60]
FIFA23.exe+B9DBF7 - 48 89 44 24 20 - mov [rsp+20],rax
FIFA23.exe+B9DBFC - E8 8F350000 - call FIFA23.exe+BA1190 <---------- this sets up thread that detects BP or crashes game if no EA Anticheat
FIFA23.exe+B9DC01 - 48 8B 5C 24 40 - mov rbx,[rsp+40]
FIFA23.exe+B9DC06 - 48 8B C7 - mov rax,rdi
FIFA23.exe+B9DC09 - 48 83 C4 30 - add rsp,30 { 48 }
FIFA23.exe+B9DC0D - 5F - pop rdi
FIFA23.exe+B9DC0E - C3 - ret

And same... if you breakpoint here, then step past it, the game will crash.

So NOP that out, and run the game again using custom launcher, the game won't crash now...

however, something is still holding up the progress of the load to main menu.

More needs to be done, but this at least found one crash area.

best,
Cal

[SunBeam]

...

Several years ago when I was doing this, SOMEONE was venting I am circumventing DRMs. Now it's a commonality that even CH started adopting. Cool.

I also recall same SOMEONE mocking me for making an EAC proxy DLL that replaces the original libs. Who needs additional files when you can use public knowledge -- command lines -- or coded launchers that do CreateProcess? Now look what that same SOMEONE is suggesting people would do Cool man! I guess whenever it servers your purposes, it's fine to be used like that. Whenever others -way before you- did it, it was frowned upon. Tell you what.. CH never has and never will set standards of accepted RE approach methods.

But hey, kudos for sharing the information. Now, if anyone uses it, you can go right ahead and say "of course people bypass the game, considering the public information I've shared on FRF"

Cheers,
Sun

[thommo]

surely there will be a way around this

[sm_ckbk]

Great progress there Cal, indeed a custom launcher will probably be the best way to go around this pesky kernel anti-cheat

I always update players OVR and POT on the cheat engine, according to FM, before starting anew career mode, since I dont know much about coding I'l be waiting till there is a way

Thank you !

[CeLioCiBR]

Hey there. So, can you help us?
I know you have a lot of experience and are very good at what you do, it would be really helpful to have you help find a way to play the game without the anti cheat.
At least in offline, career-like and exibition and stuff like that.
Sorry my english. And I apologize if this is not allowed.
I would help but I have difficulties even to find money in the games.

[Nightcat]

I hope there will be 3 things that we can edit in the future:

First: edit age of players
Second: transfer women in men teams in career
Third: hymn and goalsound for original teams

[hedop]

So do we need to post a request or is someone trying to work on a table or trainer?

[Acido]

So do we need to post a request or is someone trying to work on a table or trainer?

There is no table or trainer possible until a solution is found to bypass the anticheat.

[thommo]

ANTICHEAT seems very ram intensive

[Kaisaha]

Just waiting of the First Patch. They have to update the Anticheat. There are currently a lot of problems with the anticheat and windows11 users.

[SunBeam]

Hey there. So, can you help us?
I know you have a lot of experience and are very good at what you do, it would be really helpful to have you help find a way to play the game without the anti cheat.
At least in offline, career-like and exibition and stuff like that.
Sorry my english. And I apologize if this is not allowed.
I would help but I have difficulties even to find money in the games.

I don't have the game, nor play this genre, so.. sorry.

[pabliito_tv]

still nothing about fifa 23? I'm really looking forward

[Kaisaha]

Today an update for the PC platforms has been released. It should fix the error messages caused by the EA anticheat. Maybe we can work with it.

[Acido]

Today an update for the PC platforms has been released. It should fix the error messages caused by the EA anticheat. Maybe we can work with it.

Not gonna change anything, if anything its gonna set back the work already done if anyone is actually working on it cause the offsets are gonna change. And most likely they will change some features in the AC as well that now has to be analyzed again.