Compare commits
44 Commits
6b63d54eb8
...
v0.1.32
| Author | SHA1 | Date | |
|---|---|---|---|
 neru
|
a8b5e0148f | ||
|
neru
|
50413eb420 | ||
|
neru
|
ea49c39e53 | ||
|
neru
|
f599a9a648 | ||
|
neru
|
b8b24a5c30 | ||
|
neru
|
4a71bc6f1b | ||
|
neru
|
cfd52b8e05 | ||
|
neru
|
b2ca193aa4 | ||
|
neru
|
491daebf06 | ||
|
neru
|
9799c2babe | ||
|
neru
|
27b8a0e497 | ||
|
neru
|
3f9409b8c6 | ||
|
neru
|
1fdc7450cd | ||
|
neru
|
75338b10ff | ||
|
neru
|
5e8f059c49 | ||
|
neru
|
11a9447e05 | ||
|
neru
|
911c4d199a | ||
|
neru
|
167e5ee696 | ||
|
neru
|
7e6797b6c7 | ||
|
neru
|
c8b3104b4b | ||
|
neru
|
785d4a3ff2 | ||
|
neru
|
c09ce8b02a | ||
|
neru
|
0af818fc0f | ||
|
neru
|
6e62bcb1dc | ||
|
neru
|
1a05ef2742 | ||
|
neru
|
642c1c80fa | ||
|
neru
|
32525c1566 | ||
|
neru
|
75171b4557 | ||
|
neru
|
fe71decd38 | ||
|
neru
|
acfdf7b3ef | ||
|
neru
|
e8d387e520 | ||
|
neru
|
03a1841b8e | ||
|
neru
|
e61c20bb5a | ||
|
neru
|
105f8b6df0 | ||
|
neru
|
0300ced79c | ||
|
neru
|
83ac8615ba | ||
|
neru
|
697bff9752 | ||
|
neru
|
0fa2e0540b | ||
|
neru
|
a1a123054f | ||
|
neru
|
76d581c419 | ||
|
neru
|
4f91ab9cff | ||
|
neru
|
e6111f8dbd | ||
|
neru
|
7ec6e385a0 | ||
|
neru
|
7427357bc5 |
@@ -1,222 +0,0 @@
|
||||
#include "cert_manager.h"
|
||||
#include <nerutils/log.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include <cstdlib>
|
||||
#include <ctime>
|
||||
|
||||
#include <processthreadsapi.h>
|
||||
#include <cstring>
|
||||
|
||||
std::string randomizeString(size_t length)
|
||||
{
|
||||
const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||
std::string result;
|
||||
result.resize(length);
|
||||
for (size_t i = 0; i < length; ++i)
|
||||
result[i] = charset[rand() % (sizeof(charset) - 1)];
|
||||
return result;
|
||||
}
|
||||
|
||||
CertManager::CertManager() : _sessionPkey(nullptr) {}
|
||||
|
||||
CertManager::~CertManager()
|
||||
{
|
||||
if (_caPkey) EVP_PKEY_free(_caPkey);
|
||||
if (_caCert) X509_free(_caCert);
|
||||
if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
|
||||
|
||||
for (auto& pair : _hostContexts)
|
||||
SSL_CTX_free(pair.second);
|
||||
}
|
||||
|
||||
bool CertManager::Init()
|
||||
{
|
||||
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
|
||||
if (pctx)
|
||||
{
|
||||
EVP_PKEY_keygen_init(pctx);
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
|
||||
EVP_PKEY_keygen(pctx, &_sessionPkey);
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
}
|
||||
|
||||
if (LoadCA())
|
||||
{
|
||||
Log::verbose("Loaded existing CA certificate.");
|
||||
return true;
|
||||
}
|
||||
|
||||
Log::verbose("No CA found. Generating new CA certificate.");
|
||||
return GenerateCA();
|
||||
}
|
||||
|
||||
bool CertManager::LoadCA()
|
||||
{
|
||||
BIO* keyBio = BIO_new_file("ca_key.pem", "r");
|
||||
if (!keyBio) return false;
|
||||
|
||||
_caPkey = PEM_read_bio_PrivateKey(keyBio, nullptr, nullptr, nullptr);
|
||||
BIO_free(keyBio);
|
||||
|
||||
if (!_caPkey) return false;
|
||||
|
||||
BIO* certBio = BIO_new_file("ca_cert.pem", "r");
|
||||
if (!certBio) return false;
|
||||
|
||||
_caCert = PEM_read_bio_X509(certBio, nullptr, nullptr, nullptr);
|
||||
BIO_free(certBio);
|
||||
|
||||
if (!_caCert) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool CertManager::GenerateCA()
|
||||
{
|
||||
srand(static_cast<unsigned int>(time(nullptr)));
|
||||
|
||||
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
|
||||
if (!pctx) return false;
|
||||
EVP_PKEY_keygen_init(pctx);
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
|
||||
EVP_PKEY_keygen(pctx, &_caPkey);
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
|
||||
_caCert = X509_new();
|
||||
X509_set_version(_caCert, 2);
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(_caCert), 1);
|
||||
X509_gmtime_adj(X509_get_notBefore(_caCert), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(_caCert), 31536000L); // 1 year
|
||||
|
||||
std::string org = randomizeString(16);
|
||||
std::string cn = randomizeString(16);
|
||||
|
||||
X509_NAME* name = X509_get_subject_name(_caCert);
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)org.c_str(), -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)cn.c_str(), -1, -1, 0);
|
||||
X509_set_issuer_name(_caCert, name);
|
||||
X509_set_pubkey(_caCert, _caPkey);
|
||||
|
||||
X509V3_CTX ctxV3;
|
||||
X509V3_set_ctx_nodb(&ctxV3);
|
||||
X509V3_set_ctx(&ctxV3, _caCert, _caCert, nullptr, nullptr, 0);
|
||||
X509_EXTENSION* extCA = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_basic_constraints, "critical,CA:TRUE");
|
||||
if (extCA)
|
||||
{
|
||||
X509_add_ext(_caCert, extCA, -1);
|
||||
X509_EXTENSION_free(extCA);
|
||||
}
|
||||
|
||||
X509_sign(_caCert, _caPkey, EVP_sha256());
|
||||
|
||||
BIO* keyBioOut = BIO_new_file("ca_key.pem", "w");
|
||||
if (keyBioOut)
|
||||
{
|
||||
PEM_write_bio_PrivateKey(keyBioOut, _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
|
||||
BIO_free(keyBioOut);
|
||||
}
|
||||
|
||||
BIO* certBioOut = BIO_new_file("ca_cert.pem", "w");
|
||||
if (certBioOut)
|
||||
{
|
||||
PEM_write_bio_X509(certBioOut, _caCert);
|
||||
BIO_free(certBioOut);
|
||||
}
|
||||
|
||||
Log::info("Generated new CA key and certificate files. Installing to Windows Root CA store automatically...");
|
||||
|
||||
STARTUPINFOA si;
|
||||
memset(&si, 0, sizeof(si));
|
||||
si.cb = sizeof(si);
|
||||
PROCESS_INFORMATION pi;
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
char cmd[] = "certutil.exe -user -addstore root ca_cert.pem";
|
||||
if (CreateProcessA(NULL, cmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi))
|
||||
{
|
||||
WaitForSingleObject(pi.hProcess, INFINITE);
|
||||
CloseHandle(pi.hProcess);
|
||||
CloseHandle(pi.hThread);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
SSL_CTX* CertManager::CreateHostContext(const std::string& host)
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(_mutex);
|
||||
|
||||
auto it = _hostContexts.find(host);
|
||||
if (it != _hostContexts.end())
|
||||
{
|
||||
return it->second;
|
||||
}
|
||||
|
||||
EVP_PKEY* pkey = _sessionPkey;
|
||||
if (!pkey) return nullptr;
|
||||
|
||||
X509* cert = X509_new();
|
||||
X509_set_version(cert, 2);
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(cert), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
|
||||
X509_gmtime_adj(X509_get_notBefore(cert), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(cert), 31536000L);
|
||||
|
||||
std::string dynamicOrg = randomizeString(16);
|
||||
|
||||
X509_NAME* name = X509_get_subject_name(cert);
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)dynamicOrg.c_str(), -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)(host.c_str()), -1, -1, 0);
|
||||
X509_set_issuer_name(cert, X509_get_subject_name(_caCert));
|
||||
X509_set_pubkey(cert, pkey);
|
||||
|
||||
X509V3_CTX ctxV3;
|
||||
X509V3_set_ctx_nodb(&ctxV3);
|
||||
X509V3_set_ctx(&ctxV3, _caCert, cert, nullptr, nullptr, 0);
|
||||
std::string san = "DNS:" + host;
|
||||
X509_EXTENSION* extSAN = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_subject_alt_name, san.c_str());
|
||||
if (extSAN)
|
||||
{
|
||||
X509_add_ext(cert, extSAN, -1);
|
||||
X509_EXTENSION_free(extSAN);
|
||||
}
|
||||
|
||||
X509_sign(cert, _caPkey, EVP_sha256());
|
||||
|
||||
SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
|
||||
|
||||
SSL_CTX_set_alpn_select_cb(
|
||||
ctx,
|
||||
[](SSL* /*ssl*/, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen,
|
||||
void* /*arg*/) -> int {
|
||||
for (unsigned int i = 0; i < inlen;)
|
||||
{
|
||||
unsigned int len = in[i];
|
||||
if (len == 8 && memcmp(&in[i + 1], "http/1.1", 8) == 0)
|
||||
{
|
||||
*out = &in[i + 1];
|
||||
*outlen = (unsigned char)len;
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
i += len + 1;
|
||||
}
|
||||
return SSL_TLSEXT_ERR_NOACK;
|
||||
},
|
||||
nullptr);
|
||||
|
||||
SSL_CTX_use_certificate(ctx, cert);
|
||||
SSL_CTX_use_PrivateKey(ctx, pkey);
|
||||
|
||||
X509_free(cert);
|
||||
|
||||
_hostContexts[host] = ctx;
|
||||
return ctx;
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
#pragma once
|
||||
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
#include <mutex>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
class CertManager
|
||||
{
|
||||
public:
|
||||
CertManager();
|
||||
~CertManager();
|
||||
|
||||
bool Init();
|
||||
SSL_CTX* CreateHostContext(const std::string& host);
|
||||
|
||||
private:
|
||||
bool GenerateCA();
|
||||
bool LoadCA();
|
||||
|
||||
EVP_PKEY* _caPkey = nullptr;
|
||||
X509* _caCert = nullptr;
|
||||
EVP_PKEY* _sessionPkey = nullptr;
|
||||
|
||||
std::mutex _mutex;
|
||||
std::unordered_map<std::string, SSL_CTX*> _hostContexts;
|
||||
};
|
||||
+36
-22
@@ -5,34 +5,45 @@
|
||||
|
||||
#include <windows.h>
|
||||
#include <wininet.h>
|
||||
#include <ctime>
|
||||
|
||||
bool setProxy(bool enable, const std::string& proxyAddr)
|
||||
bool setProxyAddress(bool enable, const std::string& proxyAddr)
|
||||
{
|
||||
INTERNET_PER_CONN_OPTION_LIST list;
|
||||
INTERNET_PER_CONN_OPTION options[3];
|
||||
unsigned long listSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
|
||||
|
||||
ZeroMemory(&list, sizeof(list));
|
||||
ZeroMemory(options, sizeof(options));
|
||||
|
||||
options[0].dwOption = INTERNET_PER_CONN_FLAGS;
|
||||
|
||||
if (enable)
|
||||
{
|
||||
if (proxyAddr.empty()) return false;
|
||||
|
||||
options[0].Value.dwValue = PROXY_TYPE_PROXY | PROXY_TYPE_DIRECT;
|
||||
|
||||
options[1].dwOption = INTERNET_PER_CONN_PROXY_SERVER;
|
||||
options[1].Value.pszValue = const_cast<char*>(proxyAddr.c_str());
|
||||
|
||||
options[2].dwOption = INTERNET_PER_CONN_PROXY_BYPASS;
|
||||
options[2].Value.pszValue = (char*)"<local>";
|
||||
|
||||
list.dwOptionCount = 3;
|
||||
}
|
||||
else
|
||||
{
|
||||
options[0].Value.dwValue = PROXY_TYPE_DIRECT;
|
||||
|
||||
options[1].dwOption = INTERNET_PER_CONN_PROXY_SERVER;
|
||||
options[1].Value.pszValue = const_cast<char*>(proxyAddr.c_str());
|
||||
|
||||
options[2].dwOption = INTERNET_PER_CONN_PROXY_BYPASS;
|
||||
options[2].Value.pszValue = const_cast<char*>("<local>");
|
||||
list.dwOptionCount = 1;
|
||||
}
|
||||
|
||||
list.dwSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
|
||||
list.pszConnection = NULL;
|
||||
list.dwOptionCount = 3;
|
||||
list.dwOptionError = 0;
|
||||
list.pOptions = options;
|
||||
|
||||
if (!InternetSetOptionA(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, listSize))
|
||||
if (!InternetSetOption(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, sizeof(list)))
|
||||
{
|
||||
Log::error("Failed to set proxy options, Err: {}", GetLastError());
|
||||
Log::error("Failed to set proxy options - error: {}", GetLastError());
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -43,7 +54,7 @@ bool setProxy(bool enable, const std::string& proxyAddr)
|
||||
}
|
||||
|
||||
bool running = true;
|
||||
Proxy* g_Proxy = nullptr;
|
||||
Proxy* proxy = nullptr;
|
||||
|
||||
void cleanup()
|
||||
{
|
||||
@@ -53,14 +64,14 @@ void cleanup()
|
||||
if (cleaned) return;
|
||||
cleaned = true;
|
||||
|
||||
if (g_Proxy)
|
||||
Log::info("Restoring system proxy settings");
|
||||
setProxyAddress(false, "");
|
||||
|
||||
if (proxy)
|
||||
{
|
||||
Log::info("Shutting down proxy");
|
||||
g_Proxy->Shutdown();
|
||||
proxy->shutdown();
|
||||
}
|
||||
|
||||
Log::info("Restoring system proxy settings");
|
||||
setProxy(false, "");
|
||||
}
|
||||
|
||||
BOOL WINAPI consoleHandler(DWORD dwType)
|
||||
@@ -77,6 +88,8 @@ BOOL WINAPI consoleHandler(DWORD dwType)
|
||||
|
||||
int main()
|
||||
{
|
||||
srand(static_cast<unsigned int>(time(NULL)));
|
||||
|
||||
Log::createConsole();
|
||||
SetConsoleCtrlHandler(consoleHandler, TRUE);
|
||||
atexit(cleanup);
|
||||
@@ -87,13 +100,14 @@ int main()
|
||||
proxy setup
|
||||
*/
|
||||
Log::info("Starting proxy");
|
||||
g_Proxy = new Proxy();
|
||||
if (!g_Proxy->Init())
|
||||
proxy = new Proxy();
|
||||
if (!proxy->init())
|
||||
{
|
||||
Log::error("Proxy failed to start");
|
||||
return 1;
|
||||
}
|
||||
setProxy(true, std::format("127.0.0.1:{}", PROXY_PORT));
|
||||
proxy->addWhitelistDomain("bhvrdbd.com");
|
||||
setProxyAddress(true, std::format("127.0.0.1:{}", PROXY_PORT));
|
||||
|
||||
/*
|
||||
Spoofer setup
|
||||
@@ -101,7 +115,7 @@ int main()
|
||||
Log::info("Spoofer init");
|
||||
Spoofer* spoofer = new Spoofer();
|
||||
|
||||
spoofer->init(g_Proxy);
|
||||
spoofer->init(proxy);
|
||||
|
||||
/*
|
||||
pause
|
||||
|
||||
+687
-530
File diff suppressed because it is too large
Load Diff
+17
-3
@@ -3,9 +3,13 @@
|
||||
#include <thread>
|
||||
#include <atomic>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <queue>
|
||||
#include <mutex>
|
||||
#include <condition_variable>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include "cert_manager.h"
|
||||
#include "ssl.h"
|
||||
#include <nerutils/callback.h>
|
||||
|
||||
/*
|
||||
@@ -13,6 +17,7 @@
|
||||
use random port, test availability
|
||||
*/
|
||||
#define PROXY_PORT 58421
|
||||
#define PROXY_THREAD_COUNT 256
|
||||
|
||||
typedef unsigned __int64 SOCKET;
|
||||
|
||||
@@ -22,12 +27,14 @@ class Proxy
|
||||
Proxy();
|
||||
~Proxy();
|
||||
|
||||
bool Init();
|
||||
void Shutdown();
|
||||
bool init();
|
||||
void shutdown();
|
||||
|
||||
CallbackEvent<std::string&, const std::string&, std::string&> OnClientRequest;
|
||||
CallbackEvent<const std::string&, std::string&, std::string&> OnServerResponse;
|
||||
|
||||
void addWhitelistDomain(const std::string& domain);
|
||||
|
||||
private:
|
||||
void loop();
|
||||
void handleClient(SOCKET clientSocket);
|
||||
@@ -39,6 +46,13 @@ class Proxy
|
||||
std::thread _workerThread;
|
||||
std::atomic<bool> _running = false;
|
||||
|
||||
std::vector<std::thread> _poolThreads;
|
||||
std::queue<SOCKET> _clientQueue;
|
||||
std::mutex _queueMutex;
|
||||
std::condition_variable _queueCond;
|
||||
|
||||
CertManager _certManager;
|
||||
SSL_CTX* _clientCtx = nullptr;
|
||||
|
||||
std::vector<std::string> _whitelistDomains;
|
||||
};
|
||||
|
||||
+269
-121
@@ -6,6 +6,7 @@
|
||||
#include <random>
|
||||
#include <vector>
|
||||
#include <regex>
|
||||
#include <thread>
|
||||
|
||||
#include <time.h>
|
||||
|
||||
@@ -13,6 +14,8 @@
|
||||
|
||||
#include <nlohmann/json.hpp>
|
||||
|
||||
#define PLACEHOLDER_ITEMID "Anniversary2025Offering"
|
||||
|
||||
using json = nlohmann::json;
|
||||
|
||||
static std::random_device rd;
|
||||
@@ -38,6 +41,7 @@ void Spoofer::init(Proxy* proxy)
|
||||
{
|
||||
registerListeners(proxy);
|
||||
loadData();
|
||||
loadConfig();
|
||||
}
|
||||
|
||||
void Spoofer::registerListeners(Proxy* proxy)
|
||||
@@ -89,6 +93,37 @@ void Spoofer::loadData()
|
||||
LOADDATA("perks.json", Perks, _camperPerkIds, _slasherPerkIds, "Perks won't be added");
|
||||
}
|
||||
|
||||
void Spoofer::loadConfig()
|
||||
{
|
||||
std::string configPath = utils::getExePath() + "config.json";
|
||||
std::ifstream configFile(configPath);
|
||||
|
||||
if (configFile.is_open())
|
||||
{
|
||||
try
|
||||
{
|
||||
json configJson = json::parse(configFile);
|
||||
_config.spoofCharacterOwnership = configJson.value("spoofCharacterOwnership", false);
|
||||
_config.spoofInventory = configJson.value("spoofInventory", true);
|
||||
_config.spoofCustomization = configJson.value("spoofCustomization", true);
|
||||
Log::info("Loaded config: Ownership={}, Inventory={}, Customization={}", _config.spoofCharacterOwnership,
|
||||
_config.spoofInventory, _config.spoofCustomization);
|
||||
}
|
||||
catch (...)
|
||||
{
|
||||
Log::error("Failed to parse config.json, using defaults");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Log::info("config.json not found, using default settings");
|
||||
json defaultConfig = {
|
||||
{"spoofCharacterOwnership", true}, {"spoofInventory", true}, {"spoofCustomization", true}};
|
||||
std::ofstream out(configPath);
|
||||
out << defaultConfig.dump(4);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
data parsing
|
||||
*/
|
||||
@@ -109,10 +144,11 @@ bool Spoofer::parseCatalog(std::string data)
|
||||
auto extractIds = [&](const std::string& key, std::unordered_set<std::string>& targetSet) {
|
||||
if (catalogData.contains(key) && catalogData[key].contains("items"))
|
||||
for (const auto& id : catalogData[key]["items"])
|
||||
if (id.is_string())
|
||||
targetSet.insert(id.get<std::string>());
|
||||
else
|
||||
Log::warning("Catalog missing or invalid category: {}", key);
|
||||
{
|
||||
if (id.is_string()) targetSet.insert(id.get<std::string>());
|
||||
}
|
||||
else
|
||||
Log::warning("Catalog missing or invalid category: {}", key);
|
||||
};
|
||||
|
||||
extractIds("item", _catalogItemIds);
|
||||
@@ -142,10 +178,11 @@ bool Spoofer::parseStackable(std::string data, std::unordered_set<std::string>&
|
||||
auto populate = [&](const std::string& key, std::unordered_set<std::string>& targetSet) {
|
||||
if (doc.contains(key) && doc[key].is_array())
|
||||
for (const auto& item : doc[key])
|
||||
if (item.is_string())
|
||||
targetSet.insert(item.get<std::string>());
|
||||
else
|
||||
Log::warning("Missing stackables array ({})", key);
|
||||
{
|
||||
if (item.is_string()) targetSet.insert(item.get<std::string>());
|
||||
}
|
||||
else
|
||||
Log::warning("Missing stackables array ({})", key);
|
||||
};
|
||||
|
||||
populate("Slashers", slasherSet);
|
||||
@@ -167,7 +204,7 @@ std::string Spoofer::getRandomItem()
|
||||
for (auto* s : allSets)
|
||||
if (!s->empty()) validSets.push_back(s);
|
||||
|
||||
if (validSets.empty()) return "Spring2024Offering";
|
||||
if (validSets.empty()) return PLACEHOLDER_ITEMID;
|
||||
|
||||
std::uniform_int_distribution<> setDist(0, static_cast<int>(validSets.size()) - 1);
|
||||
const auto& selectedSet = *validSets[setDist(gen)];
|
||||
@@ -238,119 +275,120 @@ void Spoofer::modifyCharacterData(json& js)
|
||||
}
|
||||
|
||||
std::string name = js["characterName"];
|
||||
bool slasher = isSlasher(js["characterName"]);
|
||||
|
||||
bool needsSpoofing = false;
|
||||
if (js.value("isEntitled", true) == false)
|
||||
if (_config.spoofCharacterOwnership)
|
||||
{
|
||||
_unownedCharacters.insert(name);
|
||||
js["isEntitled"] = true;
|
||||
js["purchaseInfo"] = {{"quantity", 1},
|
||||
{"origin", "PlayerInventory"},
|
||||
{"reason", "Item(s) added via Purchase"},
|
||||
{"lastUpdateAt", std::time(nullptr)},
|
||||
{"objectId", name}};
|
||||
needsSpoofing = true;
|
||||
}
|
||||
else if (_unownedCharacters.contains(name))
|
||||
needsSpoofing = true;
|
||||
bool needsSpoofing = false;
|
||||
|
||||
/*
|
||||
modifications for unowned characters (spoof level and fake bloodweb)
|
||||
*/
|
||||
if (needsSpoofing)
|
||||
{
|
||||
if (js.contains("bloodWebLevel") && js["bloodWebLevel"].is_number() && js["bloodWebLevel"] <= 15)
|
||||
if (!js.contains("prestigeLevel") || (js["prestigeLevel"].is_number() && js["prestigeLevel"] <= 0))
|
||||
js["bloodWebLevel"] = 16;
|
||||
|
||||
if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
ghost node hotfix (untested)
|
||||
*/
|
||||
/* if (js.contains("bloodWebData") && js["bloodWebData"].contains("ringData"))
|
||||
if (js.value("isEntitled", false) == false)
|
||||
{
|
||||
auto& ringData = js["bloodWebData"]["ringData"];
|
||||
_unownedCharacters.insert(name);
|
||||
js["isEntitled"] = true;
|
||||
js["purchaseInfo"] = {{"quantity", 1},
|
||||
{"origin", "PlayerInventory"},
|
||||
{"reason", "Item(s) added via Purchase"},
|
||||
{"lastUpdateAt", std::time(nullptr)},
|
||||
{"objectId", name}};
|
||||
needsSpoofing = true;
|
||||
}
|
||||
else if (_unownedCharacters.contains(name))
|
||||
needsSpoofing = true;
|
||||
|
||||
for (auto& ring : ringData)
|
||||
{
|
||||
if (ring.contains("nodeData") && ring["nodeData"].is_array())
|
||||
{
|
||||
for (auto& node : ring["nodeData"])
|
||||
{
|
||||
if (node.contains("nodeId") && node["nodeId"] != "0")
|
||||
{
|
||||
if (!node.contains("contentId") || node["contentId"].get<std::string>().empty())
|
||||
{
|
||||
node["contentId"] = "Spring2024Offering";
|
||||
if (!node.contains("state"))
|
||||
node["state"] = "Available";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}*/
|
||||
/*
|
||||
modifications for unowned characters (spoof level and fake bloodweb)
|
||||
*/
|
||||
if (needsSpoofing)
|
||||
{
|
||||
if (js.contains("bloodWebLevel") && js["bloodWebLevel"].is_number() && js["bloodWebLevel"] <= 15)
|
||||
if (!js.contains("prestigeLevel") || (js["prestigeLevel"].is_number() && js["prestigeLevel"] <= 0))
|
||||
js["bloodWebLevel"] = 16;
|
||||
|
||||
if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
item spoofing
|
||||
*/
|
||||
if (js.contains("characterItems") && js["characterItems"].is_array())
|
||||
if (_config.spoofInventory)
|
||||
{
|
||||
std::unordered_set<std::string> existingItemIds;
|
||||
bool slasher = isSlasher(js["characterName"]);
|
||||
|
||||
std::unordered_set<std::string> stackableIds;
|
||||
stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
|
||||
stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
|
||||
stackableIds.insert(_camperAddonIds.begin(), _camperAddonIds.end());
|
||||
stackableIds.insert(_slasherAddonIds.begin(), _slasherAddonIds.end());
|
||||
stackableIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
|
||||
|
||||
for (auto& item : js["characterItems"])
|
||||
if (js.contains("characterItems") && js["characterItems"].is_array())
|
||||
{
|
||||
/*
|
||||
set existing items to rnd number
|
||||
*/
|
||||
if (item.contains("itemId") && item["itemId"].is_string())
|
||||
std::unordered_set<std::string> existingItemIds;
|
||||
|
||||
std::unordered_set<std::string> stackableIds;
|
||||
stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
|
||||
stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
|
||||
stackableIds.insert(_camperAddonIds.begin(), _camperAddonIds.end());
|
||||
stackableIds.insert(_slasherAddonIds.begin(), _slasherAddonIds.end());
|
||||
stackableIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
|
||||
|
||||
for (auto& item : js["characterItems"])
|
||||
{
|
||||
std::string itemId = item["itemId"];
|
||||
existingItemIds.insert(itemId);
|
||||
if (stackableIds.contains(itemId)) item["quantity"] = getRandomQuantity();
|
||||
/*
|
||||
set existing items to rnd number
|
||||
*/
|
||||
if (item.contains("itemId") && item["itemId"].is_string())
|
||||
{
|
||||
std::string itemId = item["itemId"];
|
||||
existingItemIds.insert(itemId);
|
||||
if (stackableIds.contains(itemId)) item["quantity"] = getRandomQuantity();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
auto appendItems = [&](const std::unordered_set<std::string>& idList, bool isPerk) {
|
||||
for (const auto& itemId : idList)
|
||||
if (existingItemIds.find(itemId) == existingItemIds.end())
|
||||
js["characterItems"].push_back(
|
||||
{{"itemId", itemId}, {"quantity", isPerk ? 3 : getRandomQuantity()}});
|
||||
};
|
||||
auto appendItems = [&](const std::unordered_set<std::string>& idList, bool isPerk) {
|
||||
for (const auto& itemId : idList)
|
||||
if (existingItemIds.find(itemId) == existingItemIds.end())
|
||||
js["characterItems"].push_back(
|
||||
{{"itemId", itemId}, {"quantity", isPerk ? 3 : getRandomQuantity()}});
|
||||
};
|
||||
|
||||
if (!slasher)
|
||||
{
|
||||
appendItems(_camperItemIds, false);
|
||||
appendItems(_camperAddonIds, false);
|
||||
appendItems(_camperOfferingIds, false);
|
||||
appendItems(_camperPerkIds, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
appendItems(_slasherAddonIds, false);
|
||||
appendItems(_slasherOfferingIds, false);
|
||||
appendItems(_slasherPerkIds, true);
|
||||
if (!slasher)
|
||||
{
|
||||
appendItems(_camperItemIds, false);
|
||||
appendItems(_camperAddonIds, false);
|
||||
appendItems(_camperOfferingIds, false);
|
||||
appendItems(_camperPerkIds, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
appendItems(_slasherAddonIds, false);
|
||||
appendItems(_slasherOfferingIds, false);
|
||||
appendItems(_slasherPerkIds, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef _DEBUG
|
||||
Log::verbose("Spoofed data for character {}", name);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
endpoint handlers
|
||||
*/
|
||||
|
||||
void Spoofer::onGetCatalogItems(std::string& body)
|
||||
{
|
||||
std::thread t([body]() {
|
||||
std::string outPath = utils::getExePath() + "catalog.json";
|
||||
std::ofstream file(outPath);
|
||||
if (file.is_open())
|
||||
{
|
||||
file << body;
|
||||
file.close();
|
||||
Log::verbose("Raw catalog saved to {}", outPath);
|
||||
}
|
||||
else
|
||||
Log::error("Unable to write to catalog.json");
|
||||
});
|
||||
t.detach();
|
||||
|
||||
parseCatalog(body);
|
||||
}
|
||||
|
||||
void Spoofer::onGetAll(std::string& body)
|
||||
{
|
||||
json doc = json::parse(body, nullptr, false);
|
||||
@@ -384,8 +422,24 @@ void Spoofer::onInventoryAll(std::string& body)
|
||||
int quantity;
|
||||
};
|
||||
|
||||
std::vector<Category> categories = {{_camperPerkIds, 3}, {_slasherPerkIds, 3}, {_camperOfferingIds, -1},
|
||||
{_slasherOfferingIds, -1}, {_catalogOutfitIds, 1}, {_catalogItemIds, 1}};
|
||||
std::vector<Category> categories;
|
||||
if (_config.spoofInventory)
|
||||
{
|
||||
categories.push_back({_camperPerkIds, 3});
|
||||
categories.push_back({_slasherPerkIds, 3});
|
||||
categories.push_back({_camperOfferingIds, -1});
|
||||
categories.push_back({_slasherOfferingIds, -1});
|
||||
|
||||
categories.push_back({_camperItemIds, -1});
|
||||
categories.push_back({_camperAddonIds, -1});
|
||||
categories.push_back({_slasherAddonIds, -1});
|
||||
}
|
||||
|
||||
if (_config.spoofCustomization)
|
||||
{
|
||||
categories.push_back({_catalogOutfitIds, 1});
|
||||
categories.push_back({_catalogItemIds, 1});
|
||||
}
|
||||
|
||||
for (auto& item : itemsArr)
|
||||
{
|
||||
@@ -424,44 +478,135 @@ void Spoofer::onInventoryAll(std::string& body)
|
||||
Log::verbose("Inventory spoofed");
|
||||
}
|
||||
|
||||
void Spoofer::onMessageList(std::string& body)
|
||||
{
|
||||
json doc = json::parse(body, nullptr, false);
|
||||
if (doc.is_discarded()) return Log::error("JSON parse error for dbd-messages/listV2");
|
||||
|
||||
auto now = std::chrono::system_clock::now();
|
||||
auto now_seconds = std::chrono::duration_cast<std::chrono::seconds>(now.time_since_epoch()).count();
|
||||
auto now_milliseconds = std::chrono::duration_cast<std::chrono::milliseconds>(now.time_since_epoch()).count();
|
||||
|
||||
json msg;
|
||||
|
||||
/*
|
||||
msg base
|
||||
*/
|
||||
msg["allowedPlatforms"] = json::array({"egs", "grdk", "ps4", "ps5", "steam", "xbox", "xsx"});
|
||||
msg["flag"] = "READ";
|
||||
msg["gameSpecificData"] = {};
|
||||
msg["read"] = false;
|
||||
msg["tag"] = json::array({"inbox"});
|
||||
msg["expireAt"] = now_seconds + (1337 * 24 * 60 * 60);
|
||||
msg["received"] = now_milliseconds;
|
||||
msg["recipientId"] = "system";
|
||||
|
||||
/*
|
||||
msg content
|
||||
*/
|
||||
json bodyContent;
|
||||
bodyContent["sections"] = json::array();
|
||||
bodyContent["sections"].push_back(
|
||||
{{"type", "text"},
|
||||
{"text", "Japan is turning footsteps into electricity!<br><br>Using piezoelectric tiles, every step "
|
||||
"you take generates a small amount of energy. Millions of steps together can power LED "
|
||||
"lights and displays in busy places like Shibuya Station.<br><br>A brilliant way to create a "
|
||||
"sustainable and smart city — turning movement into clean, renewable energy."}});
|
||||
|
||||
bodyContent["image"] = {
|
||||
{"packagedPath", "/Game/UI/UMGAssets/Icons/ItemAddons/iconAddon_powerBulb.iconAddon_powerBulb"},
|
||||
{"contentVersion", "ccc3f02b0a671fe19a0017d6a69293876a465fd9"},
|
||||
{"uri", ""}};
|
||||
|
||||
bodyContent["sections"].push_back(
|
||||
{{"type", "itemshowcase"},
|
||||
{"rewards", json::array({{{"type", "inventory"}, {"id", "ADDON_flashlight_oddbulb"}, {"amount", 1}}})}});
|
||||
|
||||
msg["message"] = {};
|
||||
msg["message"]["title"] = "Japan is turning footsteps into electricity";
|
||||
msg["message"]["body"] = bodyContent.dump();
|
||||
|
||||
doc["messages"].push_back(msg);
|
||||
|
||||
body = doc.dump();
|
||||
#ifdef _DEBUG
|
||||
Log::verbose("Spoofed message list");
|
||||
#endif
|
||||
}
|
||||
|
||||
void Spoofer::onBloodweb(std::string& body, std::string& respHeaders)
|
||||
{
|
||||
json doc = json::parse(body, nullptr, false);
|
||||
if (doc.is_discarded()) return Log::error("JSON parse error for bloodweb response");
|
||||
|
||||
if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
|
||||
/*
|
||||
return fake bloodweb data
|
||||
*/
|
||||
if (_config.spoofCharacterOwnership)
|
||||
{
|
||||
Log::info("Spoofing bloodweb error for unowned character");
|
||||
json mock;
|
||||
mock["bloodWebLevelChanged"] = false;
|
||||
mock["updatedWallets"] = json::array();
|
||||
mock["bloodWebLevel"] = 16;
|
||||
mock["prestigeLevel"] = 0;
|
||||
mock["bloodWebData"] = json::object();
|
||||
mock["characterItems"] = json::array();
|
||||
mock["characterName"] = this->_lastBloodWebChar;
|
||||
mock["isEntitled"] = true;
|
||||
mock["purchaseInfo"] = {{"quantity", 1},
|
||||
{"origin", "PlayerInventory"},
|
||||
{"reason", "Item(s) added via Purchase"},
|
||||
{"lastUpdateAt", std::time(nullptr)},
|
||||
{"objectId", this->_lastBloodWebChar}};
|
||||
if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
|
||||
{
|
||||
Log::info("Spoofing bloodweb error for unowned character");
|
||||
json mock;
|
||||
mock["bloodWebLevelChanged"] = false;
|
||||
mock["updatedWallets"] = json::array();
|
||||
mock["bloodWebLevel"] = 16;
|
||||
mock["prestigeLevel"] = 0;
|
||||
mock["bloodWebData"] = json::object();
|
||||
mock["characterItems"] = json::array();
|
||||
mock["characterName"] = this->_lastBloodWebChar;
|
||||
mock["isEntitled"] = true;
|
||||
mock["purchaseInfo"] = {{"quantity", 1},
|
||||
{"origin", "PlayerInventory"},
|
||||
{"reason", "Item(s) added via Purchase"},
|
||||
{"lastUpdateAt", std::time(nullptr)},
|
||||
{"objectId", this->_lastBloodWebChar}};
|
||||
|
||||
_unownedCharacters.insert(this->_lastBloodWebChar); // probably not needed but just in case
|
||||
_unownedCharacters.insert(this->_lastBloodWebChar); // probably not needed but just in case
|
||||
|
||||
modifyCharacterData(mock);
|
||||
modifyCharacterData(mock);
|
||||
|
||||
std::regex statusRegex(R"(HTTP\/\d\.\d\s+403)");
|
||||
respHeaders = std::regex_replace(respHeaders, statusRegex, "HTTP/1.1 200");
|
||||
std::regex statusRegex(R"(HTTP\/\d\.\d\s+403)");
|
||||
respHeaders = std::regex_replace(respHeaders, statusRegex, "HTTP/1.1 200");
|
||||
|
||||
body = mock.dump();
|
||||
Log::verbose("Spoofed bloodweb request for unowned character.");
|
||||
return;
|
||||
body = mock.dump();
|
||||
#ifdef _DEBUG
|
||||
Log::verbose("Spoofed bloodweb request for unowned character.");
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
bloodweb fixup for perks
|
||||
(if all perks are unlocked, the game will interpret bloodwebs with perks as invalid so perks will be replaced with PLACEHOLDER_ITEMID)
|
||||
*/
|
||||
if (_config.spoofInventory)
|
||||
{
|
||||
if (doc.contains("bloodWebData") && doc["bloodWebData"].contains("ringData"))
|
||||
{
|
||||
for (auto& ring : doc["bloodWebData"]["ringData"])
|
||||
{
|
||||
if (!ring.contains("nodeData")) continue;
|
||||
for (auto& node : ring["nodeData"])
|
||||
{
|
||||
if (!node.contains("contentId")) continue;
|
||||
std::string contentId = node["contentId"];
|
||||
if (_camperPerkIds.contains(contentId) || _slasherPerkIds.contains(contentId))
|
||||
node["contentId"] = PLACEHOLDER_ITEMID;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
prevent bloodweb reqs from overriding inventory values
|
||||
*/
|
||||
modifyCharacterData(doc);
|
||||
body = doc.dump();
|
||||
#ifdef _DEBUG
|
||||
Log::verbose("Spoofed bloodweb items for owned character");
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -476,8 +621,11 @@ void Spoofer::serverResponseHandler(const std::string& url, std::string& body, s
|
||||
Log::verbose("BHVR api res @ {}", url);
|
||||
#endif
|
||||
|
||||
if (url.find("api/v1/extensions/store/getCatalogItems") != std::string::npos) return onGetCatalogItems(body);
|
||||
if (url.find("api/v1/dbd-character-data/get-all") != std::string::npos) return onGetAll(body);
|
||||
if (url.find("api/v1/dbd-character-data/get-all") != std::string::npos) return onGetAll(body);
|
||||
if (url.find("api/v1/dbd-inventories/all") != std::string::npos) return onInventoryAll(body);
|
||||
if (url.find("/api/v1/messages/listV2") != std::string::npos) return onMessageList(body);
|
||||
if (url.find("api/v1/dbd-character-data/bloodweb") != std::string::npos ||
|
||||
url.find("api/v1/dbd-character-data/bulk-spending-bloodweb") != std::string::npos)
|
||||
return onBloodweb(body, respHeaders);
|
||||
|
||||
@@ -9,6 +9,13 @@
|
||||
|
||||
#include <nlohmann/json_fwd.hpp>
|
||||
|
||||
struct SpooferConfig
|
||||
{
|
||||
bool spoofCharacterOwnership = false;
|
||||
bool spoofInventory = false;
|
||||
bool spoofCustomization = false;
|
||||
};
|
||||
|
||||
class Spoofer
|
||||
{
|
||||
public:
|
||||
@@ -17,6 +24,7 @@ class Spoofer
|
||||
private:
|
||||
void registerListeners(Proxy* proxy);
|
||||
void loadData();
|
||||
void loadConfig();
|
||||
|
||||
bool parseCatalog(std::string data);
|
||||
bool parseStackable(std::string data, std::unordered_set<std::string>& camperSet,
|
||||
@@ -28,13 +36,17 @@ class Spoofer
|
||||
void generateBloodweb(nlohmann::json& data);
|
||||
void modifyCharacterData(nlohmann::json& js);
|
||||
|
||||
void onGetCatalogItems(std::string& body);
|
||||
void onGetAll(std::string& body);
|
||||
void onInventoryAll(std::string& body);
|
||||
void onMessageList(std::string& body);
|
||||
void onBloodweb(std::string& body, std::string& respHeaders);
|
||||
|
||||
void serverResponseHandler(const std::string& url, std::string& body, std::string& respHeaders);
|
||||
void clientRequestHandler(std::string& url, const std::string& body, std::string& reqHeaders);
|
||||
|
||||
SpooferConfig _config;
|
||||
|
||||
std::unordered_set<std::string> _camperItemIds;
|
||||
std::unordered_set<std::string> _slasherPowerIds;
|
||||
|
||||
|
||||
@@ -0,0 +1,232 @@
|
||||
#include "ssl.h"
|
||||
#include "utils.h"
|
||||
|
||||
#include <nerutils/log.h>
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include <random>
|
||||
#include <cstdlib>
|
||||
#include <ctime>
|
||||
#include <cstring>
|
||||
|
||||
#include <wincrypt.h>
|
||||
#include <processthreadsapi.h>
|
||||
|
||||
template <typename T, void (*f)(T*)> struct Deleter
|
||||
{
|
||||
void operator()(T* p) const { f(p); }
|
||||
};
|
||||
|
||||
using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, Deleter<EVP_PKEY, EVP_PKEY_free>>;
|
||||
using X509_ptr = std::unique_ptr<X509, Deleter<X509, X509_free>>;
|
||||
using SSL_CTX_ptr = std::unique_ptr<SSL_CTX, Deleter<SSL_CTX, SSL_CTX_free>>;
|
||||
using BIO_ptr = std::unique_ptr<BIO, Deleter<BIO, BIO_vfree>>;
|
||||
|
||||
CertManager::CertManager() : _caPkey(nullptr), _caCert(nullptr), _sessionPkey(nullptr) {}
|
||||
|
||||
CertManager::~CertManager()
|
||||
{
|
||||
if (_caPkey) EVP_PKEY_free(_caPkey);
|
||||
if (_caCert) X509_free(_caCert);
|
||||
if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
|
||||
|
||||
for (auto& pair : _hostContexts)
|
||||
SSL_CTX_free(pair.second);
|
||||
}
|
||||
|
||||
bool CertManager::init()
|
||||
{
|
||||
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
|
||||
if (!pctx) return false;
|
||||
|
||||
EVP_PKEY_keygen_init(pctx);
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
|
||||
|
||||
EVP_PKEY* rawPkey = nullptr;
|
||||
if (EVP_PKEY_keygen(pctx, &rawPkey) <= 0)
|
||||
{
|
||||
Log::error("Failed to generate session key");
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
return false;
|
||||
}
|
||||
_sessionPkey = rawPkey;
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
|
||||
if (loadCA())
|
||||
{
|
||||
Log::verbose("Loaded existing CA certificate");
|
||||
return true;
|
||||
}
|
||||
|
||||
Log::verbose("No CA found, generating");
|
||||
return generateCA();
|
||||
}
|
||||
|
||||
bool CertManager::loadCA()
|
||||
{
|
||||
std::string path = utils::getExePath();
|
||||
|
||||
BIO_ptr keyBio(BIO_new_file((path + "/key.pem").c_str(), "r"));
|
||||
if (!keyBio) return false;
|
||||
_caPkey = PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr);
|
||||
|
||||
BIO_ptr certBio(BIO_new_file((path + "/cert.pem").c_str(), "r"));
|
||||
if (!certBio) return false;
|
||||
_caCert = PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr);
|
||||
|
||||
return (_caPkey && _caCert);
|
||||
}
|
||||
|
||||
void CertManager::installCert(X509* cert)
|
||||
{
|
||||
if (!cert) return;
|
||||
|
||||
/*
|
||||
X509 to DER
|
||||
*/
|
||||
int derLen = i2d_X509(cert, nullptr);
|
||||
if (derLen < 0) return;
|
||||
|
||||
unsigned char* derBuf = new unsigned char[derLen];
|
||||
unsigned char* p = derBuf;
|
||||
i2d_X509(cert, &p);
|
||||
|
||||
PCCERT_CONTEXT certCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, derBuf, derLen);
|
||||
if (certCtx)
|
||||
{
|
||||
HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
|
||||
if (rootStore)
|
||||
{
|
||||
BOOL success = CertAddCertificateContextToStore(rootStore, certCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
|
||||
|
||||
if (success)
|
||||
Log::info("CA certificate installed");
|
||||
else
|
||||
Log::error("Failed to install CA certificate");
|
||||
|
||||
CertCloseStore(rootStore, 0);
|
||||
}
|
||||
CertFreeCertificateContext(certCtx);
|
||||
}
|
||||
|
||||
delete[] derBuf;
|
||||
}
|
||||
|
||||
bool CertManager::generateCA()
|
||||
{
|
||||
std::random_device rd;
|
||||
std::mt19937 gen(rd());
|
||||
|
||||
/*
|
||||
key
|
||||
*/
|
||||
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
|
||||
EVP_PKEY_keygen_init(pctx);
|
||||
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
|
||||
EVP_PKEY* rawCaKey = nullptr;
|
||||
EVP_PKEY_keygen(pctx, &rawCaKey);
|
||||
_caPkey = rawCaKey;
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
|
||||
/*
|
||||
cert
|
||||
*/
|
||||
X509_ptr cert(X509_new());
|
||||
X509_set_version(cert.get(), 2);
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1);
|
||||
X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L); // 1 year
|
||||
|
||||
X509_name_st* subjName = X509_get_subject_name(cert.get());
|
||||
std::string randomCN = utils::randomizeString(16);
|
||||
X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)randomCN.c_str(), -1, -1, 0);
|
||||
X509_set_issuer_name(cert.get(), subjName);
|
||||
X509_set_pubkey(cert.get(), _caPkey);
|
||||
|
||||
/*
|
||||
CA constraints
|
||||
*/
|
||||
X509V3_CTX v3ctx;
|
||||
X509V3_set_ctx(&v3ctx, cert.get(), cert.get(), nullptr, nullptr, 0);
|
||||
X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_basic_constraints, "critical,CA:TRUE");
|
||||
X509_add_ext(cert.get(), ext, -1);
|
||||
X509_EXTENSION_free(ext);
|
||||
|
||||
if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return false;
|
||||
|
||||
/*
|
||||
out
|
||||
*/
|
||||
std::string path = utils::getExePath();
|
||||
BIO_ptr kOut(BIO_new_file((path + "/key.pem").c_str(), "w"));
|
||||
PEM_write_bio_PrivateKey(kOut.get(), _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
|
||||
|
||||
BIO_ptr cOut(BIO_new_file((path + "/cert.pem").c_str(), "w"));
|
||||
PEM_write_bio_X509(cOut.get(), cert.get());
|
||||
|
||||
/*
|
||||
install and release
|
||||
*/
|
||||
installCert(cert.get());
|
||||
|
||||
_caCert = cert.release();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
SSL_CTX* CertManager::createHostContext(const std::string& host)
|
||||
{
|
||||
std::lock_guard<std::mutex> lock(_mutex);
|
||||
if (_hostContexts.count(host)) return _hostContexts[host];
|
||||
|
||||
/*
|
||||
cert base
|
||||
*/
|
||||
X509_ptr cert(X509_new());
|
||||
X509_set_version(cert.get(), 2);
|
||||
|
||||
ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
|
||||
|
||||
X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
|
||||
X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L);
|
||||
|
||||
X509_name_st* subjName = X509_get_subject_name(cert.get());
|
||||
X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)host.c_str(), -1, -1, 0);
|
||||
X509_set_issuer_name(cert.get(), X509_get_subject_name(_caCert));
|
||||
X509_set_pubkey(cert.get(), _sessionPkey);
|
||||
|
||||
/*
|
||||
SAN
|
||||
*/
|
||||
X509V3_CTX v3ctx;
|
||||
X509V3_set_ctx(&v3ctx, _caCert, cert.get(), nullptr, nullptr, 0);
|
||||
std::string altName = "DNS:" + host;
|
||||
X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_subject_alt_name, altName.c_str());
|
||||
X509_add_ext(cert.get(), ext, -1);
|
||||
X509_EXTENSION_free(ext);
|
||||
|
||||
/*
|
||||
sign & ctx load
|
||||
*/
|
||||
if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return nullptr;
|
||||
|
||||
SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
|
||||
if (!ctx) return nullptr;
|
||||
|
||||
if (SSL_CTX_use_certificate(ctx, cert.get()) <= 0 || SSL_CTX_use_PrivateKey(ctx, _sessionPkey) <= 0)
|
||||
{
|
||||
SSL_CTX_free(ctx);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
_hostContexts[host] = ctx;
|
||||
return ctx;
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
#pragma once
|
||||
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
#include <mutex>
|
||||
|
||||
struct x509_st;
|
||||
struct X509_name_st;
|
||||
struct ssl_st;
|
||||
struct ssl_ctx_st;
|
||||
struct evp_pkey_st;
|
||||
|
||||
typedef struct x509_st X509;
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
typedef struct evp_pkey_st EVP_PKEY;
|
||||
|
||||
class CertManager
|
||||
{
|
||||
public:
|
||||
CertManager();
|
||||
~CertManager();
|
||||
|
||||
bool init();
|
||||
SSL_CTX* createHostContext(const std::string& host);
|
||||
|
||||
private:
|
||||
bool generateCA();
|
||||
bool loadCA();
|
||||
|
||||
void installCert(X509* cert);
|
||||
|
||||
EVP_PKEY* _caPkey = nullptr;
|
||||
X509* _caCert = nullptr;
|
||||
EVP_PKEY* _sessionPkey = nullptr;
|
||||
|
||||
std::mutex _mutex;
|
||||
std::unordered_map<std::string, SSL_CTX*> _hostContexts;
|
||||
};
|
||||
@@ -12,3 +12,13 @@ std::string utils::getExePath()
|
||||
if (pos != std::string::npos) return path.substr(0, pos + 1);
|
||||
return "";
|
||||
}
|
||||
|
||||
std::string utils::randomizeString(size_t length)
|
||||
{
|
||||
const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||
std::string result;
|
||||
result.resize(length);
|
||||
for (size_t i = 0; i < length; ++i)
|
||||
result[i] = charset[rand() % (sizeof(charset) - 1)];
|
||||
return result;
|
||||
}
|
||||
@@ -5,4 +5,5 @@
|
||||
namespace utils
|
||||
{
|
||||
std::string getExePath();
|
||||
}
|
||||
std::string randomizeString(size_t length);
|
||||
} // namespace utils
|
||||
Reference in New Issue
Block a user