fix: use config values from default member initialization

src/unlocker/main.cpp

@@ -5,6 +5,7 @@
 
 #include <windows.h>
 #include <wininet.h>
+#include <ctime>
 
 bool setProxyAddress(bool enable, const std::string& proxyAddr)
 {
@@ -87,6 +88,8 @@ BOOL WINAPI consoleHandler(DWORD dwType)
 
 int main()
 {
+    srand(static_cast<unsigned int>(time(NULL)));
+
     Log::createConsole();
     SetConsoleCtrlHandler(consoleHandler, TRUE);
     atexit(cleanup);

src/unlocker/spoofing.cpp

@@ -14,6 +14,8 @@
 
 #include <nlohmann/json.hpp>
 
+#define PLACEHOLDER_ITEMID "Anniversary2025Offering"
+
 using json = nlohmann::json;
 
 static std::random_device rd;
@@ -101,11 +103,10 @@ void Spoofer::loadConfig()
         try
         {
             json configJson = json::parse(configFile);
-            _config.spoofCharacterOwnership = configJson.value("spoofCharacterOwnership", false);
-            _config.spoofInventory = configJson.value("spoofInventory", true);
-            _config.spoofCustomization = configJson.value("spoofCustomization", true);
-            Log::info("Loaded config: Ownership={}, Inventory={}, Customization={}", _config.spoofCharacterOwnership,
-                      _config.spoofInventory, _config.spoofCustomization);
+            _config.spoofCharacterOwnership =
+                configJson.value("spoofCharacterOwnership", _config.spoofCharacterOwnership);
+            _config.spoofInventory = configJson.value("spoofInventory", _config.spoofInventory);
+            _config.spoofCustomization = configJson.value("spoofCustomization", _config.spoofCustomization);
         }
         catch (...)
         {
@@ -115,11 +116,15 @@ void Spoofer::loadConfig()
     else
     {
         Log::info("config.json not found, using default settings");
-        json defaultConfig = {
-            {"spoofCharacterOwnership", true}, {"spoofInventory", true}, {"spoofCustomization", true}};
+        json defaultConfig = {{"spoofCharacterOwnership", _config.spoofCharacterOwnership},
+                              {"spoofInventory", _config.spoofInventory},
+                              {"spoofCustomization", _config.spoofCustomization}};
         std::ofstream out(configPath);
         out << defaultConfig.dump(4);
     }
+
+    Log::info("Loaded config: Ownership={}, Inventory={}, Customization={}", _config.spoofCharacterOwnership,
+              _config.spoofInventory, _config.spoofCustomization);
 }
 
 /*
@@ -202,7 +207,7 @@ std::string Spoofer::getRandomItem()
     for (auto* s : allSets)
         if (!s->empty()) validSets.push_back(s);
 
-    if (validSets.empty()) return "Spring2024Offering";
+    if (validSets.empty()) return PLACEHOLDER_ITEMID;
 
     std::uniform_int_distribution<> setDist(0, static_cast<int>(validSets.size()) - 1);
     const auto& selectedSet = *validSets[setDist(gen)];
@@ -304,10 +309,6 @@ void Spoofer::modifyCharacterData(json& js)
             if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
         }
     }
-    else
-    {
-        if (js.value("isEntitled", false) == false) return;
-    }
 
     /*
         item spoofing
@@ -329,9 +330,9 @@ void Spoofer::modifyCharacterData(json& js)
 
             for (auto& item : js["characterItems"])
             {
-            /*
-                set existing items to rnd number
-            */
+                /*
+                    set existing items to rnd number
+                */
                 if (item.contains("itemId") && item["itemId"].is_string())
                 {
                     std::string itemId = item["itemId"];
@@ -541,6 +542,9 @@ void Spoofer::onBloodweb(std::string& body, std::string& respHeaders)
     json doc = json::parse(body, nullptr, false);
     if (doc.is_discarded()) return Log::error("JSON parse error for bloodweb response");
 
+    /*
+        return fake bloodweb data
+    */
     if (_config.spoofCharacterOwnership)
     {
         if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
@@ -576,6 +580,31 @@ void Spoofer::onBloodweb(std::string& body, std::string& respHeaders)
         }
     }
 
+    /*
+        bloodweb fixup for perks
+        (if all perks are unlocked, the game will interpret bloodwebs with perks as invalid so perks will be replaced with PLACEHOLDER_ITEMID)
+    */
+    if (_config.spoofInventory)
+    {
+        if (doc.contains("bloodWebData") && doc["bloodWebData"].contains("ringData"))
+        {
+            for (auto& ring : doc["bloodWebData"]["ringData"])
+            {
+                if (!ring.contains("nodeData")) continue;
+                for (auto& node : ring["nodeData"])
+                {
+                    if (!node.contains("contentId")) continue;
+                    std::string contentId = node["contentId"];
+                    if (_camperPerkIds.contains(contentId) || _slasherPerkIds.contains(contentId))
+                        node["contentId"] = PLACEHOLDER_ITEMID;
+                }
+            }
+        }
+    }
+
+    /*
+        prevent bloodweb reqs from overriding inventory values
+    */
     modifyCharacterData(doc);
     body = doc.dump();
 #ifdef _DEBUG

src/unlocker/spoofing.h

@@ -12,8 +12,8 @@
 struct SpooferConfig
 {
         bool spoofCharacterOwnership = false;
-        bool spoofInventory = false;
-        bool spoofCustomization = false;
+        bool spoofInventory = true;
+        bool spoofCustomization = true;
 };
 
 class Spoofer

src/unlocker/ssl.cpp

@@ -30,7 +30,7 @@ using X509_ptr = std::unique_ptr<X509, Deleter<X509, X509_free>>;
 using SSL_CTX_ptr = std::unique_ptr<SSL_CTX, Deleter<SSL_CTX, SSL_CTX_free>>;
 using BIO_ptr = std::unique_ptr<BIO, Deleter<BIO, BIO_vfree>>;
 
-CertManager::CertManager() : _sessionPkey(nullptr), _caPkey(nullptr), _caCert(nullptr) {}
+CertManager::CertManager() : _caPkey(nullptr), _caCert(nullptr), _sessionPkey(nullptr) {}
 
 CertManager::~CertManager()
 {
@@ -102,7 +102,7 @@ void CertManager::installCert(X509* cert)
     PCCERT_CONTEXT certCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, derBuf, derLen);
     if (certCtx)
     {
-        HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
+        HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
         if (rootStore)
         {
             BOOL success = CertAddCertificateContextToStore(rootStore, certCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
@@ -145,9 +145,10 @@ bool CertManager::generateCA()
     X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
     X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L); // 1 year
 
-    X509_NAME* name = X509_get_subject_name(cert.get());
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)"Debug Proxy CA", -1, -1, 0);
-    X509_set_issuer_name(cert.get(), name);
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    std::string randomCN = utils::randomizeString(16);
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)randomCN.c_str(), -1, -1, 0);
+    X509_set_issuer_name(cert.get(), subjName);
     X509_set_pubkey(cert.get(), _caPkey);
 
     /*
@@ -197,8 +198,8 @@ SSL_CTX* CertManager::createHostContext(const std::string& host)
     X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
     X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L);
 
-    X509_NAME* name = X509_get_subject_name(cert.get());
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)host.c_str(), -1, -1, 0);
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)host.c_str(), -1, -1, 0);
     X509_set_issuer_name(cert.get(), X509_get_subject_name(_caCert));
     X509_set_pubkey(cert.get(), _sessionPkey);
 

src/unlocker/ssl.h

@@ -5,6 +5,7 @@
 #include <mutex>
 
 struct x509_st;
+struct X509_name_st;
 struct ssl_st;
 struct ssl_ctx_st;
 struct evp_pkey_st;