EA Desktop
EA is deprecating Origin and replacing it with EA Desktop. In doing so, they changed how information is stored, and the previous method used by Origin does not work anymore. Instead of storing files as plain HTTP queries, EA has decided to encrypt their files. I went ahead and broke this encryption and will explain how you can do the same (it's very easy).
Note: this is not the only way of finding games installed with EA Desktop. Check the section Alternatives for more information.
Let's start by talking about the encrypted file itself. It is located at C:\ProgramData\EA Desktop\530c11479fe252fc5aabc24935b9776d4900eb3ba58fdc271e0d6229413ad40e\IS and you can grab my encrypted file from GitHub. I will be using CyberChef to walk you through everything.
Here is a simple Hexdump of the input:
AS you can see, the input contains some hash at the beginning and then an encrypted section. As a side note: the Shannon Entropy is a good measure to identify if something the input is structured or unstructured:
The section after the hash in the input file has a Shannon Entropy of 7.965, which suggests it's either encrypted or compressed.
The input is encrypted using AES with a key size of 256 bits in the Cipher Block Chaining (CBC) mode that requires an Initialization Vector (IV) of 128 bits. You can use this CyberChef link to see the decryption in action:
graph TD
allUsersGenericId & IS --> allUsersGenericIdIS[allUsersGenericId + IS]
hardwareInfo[Hardware Information] --> |SHA1| hardwareInfoHash[Hardware Info Hash]
allUsersGenericIdIS & hardwareInfoHash --> combine[allUsersGenericIdIS + Hardware Info Hash] --> |SHA3 256| KEY
allUsersGenericIdIS --> |SHA3 256| IV
This flowchart displays the process of generating the Key and IV. As you can see, the key is unique for each user and the IV is not unique.