Skip to content

Instantly share code, notes, and snippets.

@p0358

p0358/Titanfall_sandboxie.md

Created March 21, 2022 17:04
Show Gist options
  • Save p0358/8a14c1b1cec5edf690effe89915c9176 to your computer and use it in GitHub Desktop.
Save p0358/8a14c1b1cec5edf690effe89915c9176 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Titanfall_sandboxie.md

Running Titanfall 2 (+Northstar) / Titanfall 1 in Sandboxie for increased security

In the light of recent events regarding an unclear exploit existing between Titanfall/Origin, and since neither Source Engine itself or Respawn/EA are known for their good security track records, I decided it will be a good idea to write a tutorial on how to run the game and Origin in a sandboxed environment, when even if the worst came to the worst, your system and data would still be secure and you could sleep calmly. Even though we try to fix any security vulnerabilities in Titanfall/Titanfall 2 as soon as they're uncovered, nobody can ever guarantee guarantee the game is 100% secure (just like with virtually any software honestly), and running things sandboxed will let you combat any dangers and prevent any damage ahead of time, before any danger is even known.

If you're slightly paranoid about possible security issues and want to sleep calmly while enjoying Titanfalls, you came to the right place. On the other hand, if you had grand trouble following even the Northstar installation instructions themselves, then it's probably not for you.

In this tutorial I will show you how to run the game inside Sandboxie-Plus: https://sandboxie-plus.com/downloads/ (Sandboxie-Plus-x64.v*.exe

Unfortunately the feature of Privacy Mode is locked behind a paid supporter certificate that costs €10. Without using it unfortunately your system is still exposed to potential dangers, although they still cannot persist after your game is closed

Revision of the tutorial: v1 If the revision number was updated, the ini configs below were changed and you should update them accordingly in your Sandboxie.

Sandboxes

In order to create a sandbox, in the Sandboxie manager click Sandbox -> Create New Box.

Box Type Preset doesn't matter for now. Enter Sandbox Name and click OK.

Then right-click the sandbox, go into Sandbox Options -> Edit init section. Click on the Edit ini button at the top-left and replace the contents of the text area with the appropriate configuration below. Click Save at top-right, then Apply and OK on bottom-right.

Below are presented three configurations of sandboxes, one for each of Titanfall 2 and 1 contained separately, and a common one for Origin that optionally allows the games to run inside of it. Read below for more information.

Sandbox for Titanfall 2 ONLY

Sandbox name: Titanfall2 Ini section:

Enabled=y
AutoRecover=y
BlockNetworkFiles=y
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
UsePrivacyMode=y
BoxNameTitle=n
FakeAdminRights=y
ClosePrintSpooler=y
CopyLimitKb=81920
OpenWinClass=#
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
DropAdminRights=y
ClosedIpcPath=!<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,WerFault.exe,Titanfall2.exe,Titanfall2_trial.exe,Titanfall2-unpacked.exe,NorthstarLauncher.exe,crashpad_handler.exe
OpenPipePath=\Device\NamedPipe\discord-ipc-*
OpenFilePath=%SystemDrive%\Program Files (x86)\Origin Games\Titanfall2
OpenFilePath=%SystemDrive%\Program Files (x86)\Steam\steamapps\common\Titanfall2
OpenFilePath=%Personal%\Respawn\Titanfall2

Please note that if you installed Titanfall 2 in a non-default location, you need to append a new line starting with OpenFilePath= followed by your installation directory!

Sandbox for Titanfall 1 ONLY

Sandbox name: Titanfall1 Ini section:

Enabled=y
AutoRecover=y
BlockNetworkFiles=y
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
UsePrivacyMode=y
BoxNameTitle=n
FakeAdminRights=y
ClosePrintSpooler=y
CopyLimitKb=81920
OpenWinClass=#
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
DropAdminRights=y
ClosedIpcPath=!<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,WerFault.exe,Titanfall.exe,Titanfall_alt.exe,crashpad_handler.exe,bme_updater.exe
OpenPipePath=\Device\NamedPipe\discord-ipc-*
OpenFilePath=%SystemDrive%\Program Files (x86)\Origin Games\Titanfall
OpenFilePath=%SystemDrive%\Program Files (x86)\Steam\steamapps\common\Titanfall
OpenFilePath=%Personal%\Respawn\Titanfall

Please note that if you installed Titanfall 1 in a non-default location, you need to append a new line starting with OpenFilePath= followed by your installation directory!

Sandbox for Origin

Sandbox name: Origin Ini section:

Enabled=y
AutoRecover=y
BlockNetworkFiles=y
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
UsePrivacyMode=y
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
LingerProcess=QtWebEngineProcess.exe
ClosedIpcPath=!<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,vcredist_x86_vs2015.exe,vcredist_x86_vs2010.exe,vcredist_x86.exe,vcredist_x64_vs2015.exe,vcredist_x64_vs2010.exe,vcredist_x64.exe,UpdateTool.exe,Touchup.exe,QtWebEngineProcess.exe,PatchProgress.exe,OriginWebHelperService.exe,OriginUninstall.exe,OriginThinSetupInternal.exe,OriginThinSetup.exe,OriginER.exe,OriginCrashReporter.exe,OriginClientService.exe,Origin.exe,MessageDlg.exe,Login.exe,igoproxy64.exe,igoproxy.exe,GetGameToken64.exe,GetGameToken32.exe,EASteamProxy.exe,EAProxyInstaller.exe,EAProxyInstaller.exe,EALink.exe,EACoreServer.exe,DXSETUP.exe,Cleanup.exe,ActivationUI.exe,WerFault.exe,Titanfall.exe,Titanfall_alt.exe,crashpad_handler.exe,bme_updater.exe,Titanfall2.exe,Titanfall2_trial.exe,Titanfall2-unpacked.exe,NorthstarLauncher.exe
OpenFilePath=%SystemDrive%\Program Files (x86)\Origin
OpenFilePath=%SystemDrive%\ProgramData\Origin
OpenFilePath=%AllUsersProfile%\Origin
OpenFilePath=%UserProfile%\AppData\Local\Origin
OpenFilePath=%UserProfile%\AppData\Roaming\Origin
OpenFilePath=%Personal%\Respawn
OpenFilePath=%SystemDrive%\Program Files (x86)\Steam\steamapps\common\Titanfall
OpenFilePath=%SystemDrive%\Program Files (x86)\Steam\steamapps\common\Titanfall2
OpenFilePath=%SystemDrive%\Program Files (x86)\Origin Games

Please note that if you installed Titanfalls in a non-default location, you need to add the appropriate lines to this ini section as well, just like to the one above! (OpenFilePath= followed by your Titanfall installation directory)

Notes

If you don't have the paid version of Sandboxie-Plus, after configuring the ini section you'll need to go to General Options and change Box Type Preset to one you are allowed to use in the free version. Otherwise the processes will be terminated within 5 minutes of starting them (trial mode). Note that using a preset without Data Protection is much less secure however.

Pay attention to the messages Sandboxie might show you. If some unknown process tries to start and gets blocked (and it isn't Origin.exe), please take a screenshot and report it to Northstar developers.

Instructions

You should now have three sandboxes. You have the choice of either running Titanfall and Origin in their separate sandboxes, or both of them in the Origin sandbox. If you never got LSX authentication error, the first option is for you. If you did get it, the second option is for you.

Ensure that the out-of-sandbox Origin is closed before starting Origin in sandbox.

Titanfall separated, Origin separated

Note that in this mode it is possible to run Origin outside of a Sandbox as well, but it's generally recommended to also run it inside its own sandbox. Titanfall 2: If you can always play the game with NorthstarLauncher.exe, this section is probably one for you. Titanfall 1: If you play the game with the Black Market Edition mod and can use Titanfall_alt.exe launcher, this section is probably one for you.

If the above applies to you, right-click on desktop, select New -> Shortcut, create the following shortcuts with that:

  1. "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Origin\Origin.exe" example name: Origin (Sandbox)
  2. Titanfall 2+Northstar: * Origin: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall2 "C:\Program Files (x86)\Origin Games\Titanfall2\NorthstarLauncher.exe" * Steam: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall2 "C:\Program Files (x86)\Steam\steamapps\common\Titanfall2\NorthstarLauncher.exe" example name: Titanfall 2 (Separated Sandbox) Titanfall 1+BME: * Origin: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall1 "C:\Program Files (x86)\Origin Games\Titanfall\Titanfall_alt.exe" * Steam: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall1 "C:\Program Files (x86)\Steam\steamapps\common\Titanfall\Titanfall_alt.exe" example name: Titanfall 1 (Separated Sandbox)

Note that you need to adjust the paths to your game installations if they're non-default.

Titanfall and Origin both in Origin sandbox

This will allow the game to start the game directly, alleviating the LSX authentication issue. Titanfall 2: If you had to add -northstar to your commandline arguments or you play without Northstar, this section is probably one for you. Titanfall 1: If you play the game without the Black Market Edition mod, this section is probably one for you.

If the above applies to you, right-click on desktop, select New -> Shortcut, create the following shortcuts with that:

  1. "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Origin\Origin.exe" example name: Origin (Sandbox)
  2. Titanfall 2: * Origin: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Origin Games\Titanfall2\Titanfall2.exe" * Steam: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Steam\steamapps\common\Titanfall2\Titanfall2.exe" example name: Titanfall 2 (Origin Sandbox) Titanfall 1: * Origin: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe" * Steam: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin "C:\Program Files (x86)\Steam\steamapps\common\Titanfall\Titanfall.exe" example name: Titanfall 1 (Origin Sandbox)

Note that you need to adjust the paths to your game installations if they're non-default.

Anonymous shortcuts

You can also create shortcuts that open run dialogs and allow you to specify the paths to the programs manually:

  • "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Origin run_dialog
  • "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall2 run_dialog
  • "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Titanfall1 run_dialog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment