fix: X509_NAME typedef compiler issue on gcc

.github/workflows/build.yml

@@ -22,36 +22,31 @@ jobs:
       if: ${{ github.event_name == 'push' }}
       shell: bash
       run: |
-        git fetch --tags || true
+        git fetch --tags --force
         
-        # Determine last tag and log range
-        if git describe --tags --abbrev=0 >/dev/null 2>&1; then
-            LAST_TAG=$(git describe --tags --abbrev=0)
+        if LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null); then
             RANGE="${LAST_TAG}..HEAD"
         else
             LAST_TAG="v0.1.9"
             RANGE="HEAD"
         fi
         
-        # Calculate next version
         IFS='.' read -r major minor patch <<< "${LAST_TAG#v}"
         NEW_VERSION="$major.$minor.$((patch + 1))"
-        NEW_TAG="v$NEW_VERSION"
         
-        # Log commits
         CHANGELOG=$(git log $RANGE --oneline | sed 's/^/* /')
-        [ -z "$CHANGELOG" ] && CHANGELOG="Maintenance build."
+        if [ -z "$CHANGELOG" ]; then
+          CHANGELOG="Re-run of version $NEW_VERSION or maintenance build."
+        fi
         
-        # Tag and push back to Gitea
-        git tag $NEW_TAG
-        git push origin $NEW_TAG
-        
-        # Set outputs for next steps
         echo "version-string=$NEW_VERSION" >> $GITHUB_OUTPUT
-        echo "changelog<<EOF" >> $GITHUB_OUTPUT
-        echo "## What's Changed" >> $GITHUB_OUTPUT
-        echo "$CHANGELOG" >> $GITHUB_OUTPUT
-        echo "EOF" >> $GITHUB_OUTPUT
+        echo "new-tag=v$NEW_VERSION" >> $GITHUB_OUTPUT
+        {
+          echo "changelog<<EOF"
+          echo "## What's Changed"
+          echo "$CHANGELOG"
+          echo "EOF"
+        } >> $GITHUB_OUTPUT
 
     - name: Setup Tools Cache
       id: tools-cache
@@ -124,11 +119,18 @@ jobs:
         name: unlocker-build
         path: unlocker.zip
 
+    - name: Finalize Version and Push Tag
+      if: ${{ github.event_name == 'push' && success() }}
+      run: |
+        git tag ${{ steps.calculate-version.outputs.new-tag }}
+        git push origin ${{ steps.calculate-version.outputs.new-tag }}
+
     - name: Create Gitea Release
-      if: ${{ github.event_name == 'push' }}
+      if: ${{ github.event_name == 'push' && success() }}
       uses: akkuman/gitea-release-action@v1
       with:
         files: unlocker.zip
-        tag_name: v${{ steps.calculate-version.outputs.version-string }}
-        name: Release v${{ steps.calculate-version.outputs.version-string }}
+        tag_name: ${{ steps.calculate-version.outputs.new-tag }}
+        name: Release ${{ steps.calculate-version.outputs.new-tag }}
         body: ${{ steps.calculate-version.outputs.changelog }}
+        

format-code.bat

@@ -8,3 +8,4 @@ for /r "src" %%f in (*.cpp *.h *.cs) do (
 
 echo done
 pause
+    

res/items.json

@@ -1,6 +1,5 @@
 {
-  "Camper": {
-    "Items": [
+  "Campers": [
     "Father_Key_Card",
     "FireflyLantern",
     "Item_Camper_AlexsToolbox",
@@ -59,10 +58,8 @@
     "Item_Survivor_MakeshiftFogVial",
     "Item_Survivor_PrototypeFogVial",
     "Item_Survivor_VigosFogVial"
-    ]
-  },
-  "Slasher": {
-    "Powers": [
+  ],
+  "Slashers": [
     "Item_Blighted_Serum",
     "Item_Slasher_Beartrap",
     "Item_Slasher_Blinker",
@@ -108,4 +105,3 @@
     "Item_Slasher_TormentMode"
   ]
 }
-}

src/dumper/main.cs

@@ -104,8 +104,8 @@ class DumpByDaylight
 
         var itemsSerialized = new
         {
-            Camper = new { Items = camperItems.OrderBy(x => x).ToList() },
-            Slasher = new { Powers = slasherPowers.OrderBy(x => x).ToList() }
+            Campers = camperItems.OrderBy(x => x).ToList(),
+            Slashers = slasherPowers.OrderBy(x => x).ToList()
         };
         File.WriteAllText("items.json", JsonConvert.SerializeObject(itemsSerialized, Formatting.Indented));
 

src/unlocker/cert_manager.cpp

@@ -1,222 +0,0 @@
-#include "cert_manager.h"
-#include <nerutils/log.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#include <cstdlib>
-#include <ctime>
-
-#include <processthreadsapi.h>
-#include <cstring>
-
-std::string randomizeString(size_t length)
-{
-    const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-    std::string result;
-    result.resize(length);
-    for (size_t i = 0; i < length; ++i)
-        result[i] = charset[rand() % (sizeof(charset) - 1)];
-    return result;
-}
-
-CertManager::CertManager() : _sessionPkey(nullptr) {}
-
-CertManager::~CertManager()
-{
-    if (_caPkey) EVP_PKEY_free(_caPkey);
-    if (_caCert) X509_free(_caCert);
-    if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
-
-    for (auto& pair : _hostContexts)
-        SSL_CTX_free(pair.second);
-}
-
-bool CertManager::Init()
-{
-    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
-    if (pctx)
-    {
-        EVP_PKEY_keygen_init(pctx);
-        EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
-        EVP_PKEY_keygen(pctx, &_sessionPkey);
-        EVP_PKEY_CTX_free(pctx);
-    }
-
-    if (LoadCA())
-    {
-        Log::verbose("Loaded existing CA certificate.");
-        return true;
-    }
-
-    Log::verbose("No CA found. Generating new CA certificate.");
-    return GenerateCA();
-}
-
-bool CertManager::LoadCA()
-{
-    BIO* keyBio = BIO_new_file("ca_key.pem", "r");
-    if (!keyBio) return false;
-
-    _caPkey = PEM_read_bio_PrivateKey(keyBio, nullptr, nullptr, nullptr);
-    BIO_free(keyBio);
-
-    if (!_caPkey) return false;
-
-    BIO* certBio = BIO_new_file("ca_cert.pem", "r");
-    if (!certBio) return false;
-
-    _caCert = PEM_read_bio_X509(certBio, nullptr, nullptr, nullptr);
-    BIO_free(certBio);
-
-    if (!_caCert) return false;
-
-    return true;
-}
-
-bool CertManager::GenerateCA()
-{
-    srand(static_cast<unsigned int>(time(nullptr)));
-
-    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
-    if (!pctx) return false;
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
-    EVP_PKEY_keygen(pctx, &_caPkey);
-    EVP_PKEY_CTX_free(pctx);
-
-    _caCert = X509_new();
-    X509_set_version(_caCert, 2);
-    ASN1_INTEGER_set(X509_get_serialNumber(_caCert), 1);
-    X509_gmtime_adj(X509_get_notBefore(_caCert), 0);
-    X509_gmtime_adj(X509_get_notAfter(_caCert), 31536000L); // 1 year
-
-    std::string org = randomizeString(16);
-    std::string cn = randomizeString(16);
-
-    X509_NAME* name = X509_get_subject_name(_caCert);
-    X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)org.c_str(), -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)cn.c_str(), -1, -1, 0);
-    X509_set_issuer_name(_caCert, name);
-    X509_set_pubkey(_caCert, _caPkey);
-
-    X509V3_CTX ctxV3;
-    X509V3_set_ctx_nodb(&ctxV3);
-    X509V3_set_ctx(&ctxV3, _caCert, _caCert, nullptr, nullptr, 0);
-    X509_EXTENSION* extCA = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_basic_constraints, "critical,CA:TRUE");
-    if (extCA)
-    {
-        X509_add_ext(_caCert, extCA, -1);
-        X509_EXTENSION_free(extCA);
-    }
-
-    X509_sign(_caCert, _caPkey, EVP_sha256());
-
-    BIO* keyBioOut = BIO_new_file("ca_key.pem", "w");
-    if (keyBioOut)
-    {
-        PEM_write_bio_PrivateKey(keyBioOut, _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
-        BIO_free(keyBioOut);
-    }
-
-    BIO* certBioOut = BIO_new_file("ca_cert.pem", "w");
-    if (certBioOut)
-    {
-        PEM_write_bio_X509(certBioOut, _caCert);
-        BIO_free(certBioOut);
-    }
-
-    Log::info("Generated new CA key and certificate files. Installing to Windows Root CA store automatically...");
-
-    STARTUPINFOA si;
-    memset(&si, 0, sizeof(si));
-    si.cb = sizeof(si);
-    PROCESS_INFORMATION pi;
-    memset(&pi, 0, sizeof(pi));
-    char cmd[] = "certutil.exe -user -addstore root ca_cert.pem";
-    if (CreateProcessA(NULL, cmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi))
-    {
-        WaitForSingleObject(pi.hProcess, INFINITE);
-        CloseHandle(pi.hProcess);
-        CloseHandle(pi.hThread);
-    }
-
-    return true;
-}
-
-SSL_CTX* CertManager::CreateHostContext(const std::string& host)
-{
-    std::lock_guard<std::mutex> lock(_mutex);
-
-    auto it = _hostContexts.find(host);
-    if (it != _hostContexts.end())
-    {
-        return it->second;
-    }
-
-    EVP_PKEY* pkey = _sessionPkey;
-    if (!pkey) return nullptr;
-
-    X509* cert = X509_new();
-    X509_set_version(cert, 2);
-    ASN1_INTEGER_set(X509_get_serialNumber(cert), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
-    X509_gmtime_adj(X509_get_notBefore(cert), 0);
-    X509_gmtime_adj(X509_get_notAfter(cert), 31536000L);
-
-    std::string dynamicOrg = randomizeString(16);
-
-    X509_NAME* name = X509_get_subject_name(cert);
-    X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)dynamicOrg.c_str(), -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)(host.c_str()), -1, -1, 0);
-    X509_set_issuer_name(cert, X509_get_subject_name(_caCert));
-    X509_set_pubkey(cert, pkey);
-
-    X509V3_CTX ctxV3;
-    X509V3_set_ctx_nodb(&ctxV3);
-    X509V3_set_ctx(&ctxV3, _caCert, cert, nullptr, nullptr, 0);
-    std::string san = "DNS:" + host;
-    X509_EXTENSION* extSAN = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_subject_alt_name, san.c_str());
-    if (extSAN)
-    {
-        X509_add_ext(cert, extSAN, -1);
-        X509_EXTENSION_free(extSAN);
-    }
-
-    X509_sign(cert, _caPkey, EVP_sha256());
-
-    SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
-
-    SSL_CTX_set_alpn_select_cb(
-        ctx,
-        [](SSL* /*ssl*/, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen,
-           void* /*arg*/) -> int {
-            for (unsigned int i = 0; i < inlen;)
-            {
-                unsigned int len = in[i];
-                if (len == 8 && memcmp(&in[i + 1], "http/1.1", 8) == 0)
-                {
-                    *out = &in[i + 1];
-                    *outlen = (unsigned char)len;
-                    return SSL_TLSEXT_ERR_OK;
-                }
-                i += len + 1;
-            }
-            return SSL_TLSEXT_ERR_NOACK;
-        },
-        nullptr);
-
-    SSL_CTX_use_certificate(ctx, cert);
-    SSL_CTX_use_PrivateKey(ctx, pkey);
-
-    X509_free(cert);
-
-    _hostContexts[host] = ctx;
-    return ctx;
-}

src/unlocker/cert_manager.h

@@ -1,27 +0,0 @@
-#pragma once
-
-#include <string>
-#include <unordered_map>
-#include <mutex>
-#include <openssl/ssl.h>
-
-class CertManager
-{
-    public:
-        CertManager();
-        ~CertManager();
-
-        bool Init();
-        SSL_CTX* CreateHostContext(const std::string& host);
-
-    private:
-        bool GenerateCA();
-        bool LoadCA();
-
-        EVP_PKEY* _caPkey = nullptr;
-        X509* _caCert = nullptr;
-        EVP_PKEY* _sessionPkey = nullptr;
-
-        std::mutex _mutex;
-        std::unordered_map<std::string, SSL_CTX*> _hostContexts;
-};

src/unlocker/main.cpp

@@ -5,34 +5,45 @@
 
 #include <windows.h>
 #include <wininet.h>
+#include <ctime>
 
-bool setProxy(bool enable, const std::string& proxyAddr)
+bool setProxyAddress(bool enable, const std::string& proxyAddr)
 {
     INTERNET_PER_CONN_OPTION_LIST list;
     INTERNET_PER_CONN_OPTION options[3];
-    unsigned long listSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
+
+    ZeroMemory(&list, sizeof(list));
+    ZeroMemory(options, sizeof(options));
 
     options[0].dwOption = INTERNET_PER_CONN_FLAGS;
+
     if (enable)
+    {
+        if (proxyAddr.empty()) return false;
+
         options[0].Value.dwValue = PROXY_TYPE_PROXY | PROXY_TYPE_DIRECT;
-    else
-        options[0].Value.dwValue = PROXY_TYPE_DIRECT;
 
         options[1].dwOption = INTERNET_PER_CONN_PROXY_SERVER;
         options[1].Value.pszValue = const_cast<char*>(proxyAddr.c_str());
 
         options[2].dwOption = INTERNET_PER_CONN_PROXY_BYPASS;
-    options[2].Value.pszValue = const_cast<char*>("<local>");
+        options[2].Value.pszValue = (char*)"<local>";
+
+        list.dwOptionCount = 3;
+    }
+    else
+    {
+        options[0].Value.dwValue = PROXY_TYPE_DIRECT;
+        list.dwOptionCount = 1;
+    }
 
     list.dwSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
     list.pszConnection = NULL;
-    list.dwOptionCount = 3;
-    list.dwOptionError = 0;
     list.pOptions = options;
 
-    if (!InternetSetOptionA(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, listSize))
+    if (!InternetSetOption(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, sizeof(list)))
     {
-        Log::error("Failed to set proxy options, Err: {}", GetLastError());
+        Log::error("Failed to set proxy options - error: {}", GetLastError());
         return false;
     }
 
@@ -43,7 +54,7 @@ bool setProxy(bool enable, const std::string& proxyAddr)
 }
 
 bool running = true;
-Proxy* g_Proxy = nullptr;
+Proxy* proxy = nullptr;
 
 void cleanup()
 {
@@ -53,14 +64,14 @@ void cleanup()
     if (cleaned) return;
     cleaned = true;
 
-    if (g_Proxy)
+    Log::info("Restoring system proxy settings");
+    setProxyAddress(false, "");
+
+    if (proxy)
     {
         Log::info("Shutting down proxy");
-        g_Proxy->Shutdown();
+        proxy->shutdown();
     }
-
-    Log::info("Restoring system proxy settings");
-    setProxy(false, "");
 }
 
 BOOL WINAPI consoleHandler(DWORD dwType)
@@ -77,6 +88,8 @@ BOOL WINAPI consoleHandler(DWORD dwType)
 
 int main()
 {
+    srand(static_cast<unsigned int>(time(NULL)));
+
     Log::createConsole();
     SetConsoleCtrlHandler(consoleHandler, TRUE);
     atexit(cleanup);
@@ -87,13 +100,14 @@ int main()
         proxy setup
     */
     Log::info("Starting proxy");
-    g_Proxy = new Proxy();
-    if (!g_Proxy->Init())
+    proxy = new Proxy();
+    if (!proxy->init())
     {
         Log::error("Proxy failed to start");
         return 1;
     }
-    setProxy(true, std::format("127.0.0.1:{}", PROXY_PORT));
+    proxy->addWhitelistDomain("bhvrdbd.com");
+    setProxyAddress(true, std::format("127.0.0.1:{}", PROXY_PORT));
 
     /*
         Spoofer setup
@@ -101,7 +115,7 @@ int main()
     Log::info("Spoofer init");
     Spoofer* spoofer = new Spoofer();
 
-    spoofer->init(g_Proxy);
+    spoofer->init(proxy);
 
     /*
         pause

src/unlocker/proxy.h

@@ -3,9 +3,13 @@
 #include <thread>
 #include <atomic>
 #include <string>
+#include <vector>
+#include <queue>
+#include <mutex>
+#include <condition_variable>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include "cert_manager.h"
+#include "ssl.h"
 #include <nerutils/callback.h>
 
 /*
@@ -13,6 +17,7 @@
         use random port, test availability
 */
 #define PROXY_PORT 58421
+#define PROXY_THREAD_COUNT 256
 
 typedef unsigned __int64 SOCKET;
 
@@ -22,12 +27,14 @@ class Proxy
         Proxy();
         ~Proxy();
 
-        bool Init();
-        void Shutdown();
+        bool init();
+        void shutdown();
 
         CallbackEvent<std::string&, const std::string&, std::string&> OnClientRequest;
         CallbackEvent<const std::string&, std::string&, std::string&> OnServerResponse;
 
+        void addWhitelistDomain(const std::string& domain);
+
     private:
         void loop();
         void handleClient(SOCKET clientSocket);
@@ -39,6 +46,13 @@ class Proxy
         std::thread _workerThread;
         std::atomic<bool> _running = false;
 
+        std::vector<std::thread> _poolThreads;
+        std::queue<SOCKET> _clientQueue;
+        std::mutex _queueMutex;
+        std::condition_variable _queueCond;
+
         CertManager _certManager;
         SSL_CTX* _clientCtx = nullptr;
+
+        std::vector<std::string> _whitelistDomains;
 };

src/unlocker/spoofing.cpp

@@ -1,11 +1,14 @@
-#include "spoofing.h"
+#include "spoofing.h"
+#include "utils.h"
 
+#include <string>
 #include <fstream>
-#include <algorithm>
-#include <unordered_set>
 #include <random>
+#include <vector>
+#include <regex>
+#include <thread>
 
-#include <minwindef.h>
+#include <time.h>
 
 #include <nerutils/log.h>
 
@@ -13,24 +16,35 @@
 
 using json = nlohmann::json;
 
-std::string getExeDir()
+static std::random_device rd;
+static std::mt19937 gen(rd());
+
+/*
+    utils
+*/
+std::unordered_set<std::string> slasherNames = {
+    "Chuckles",  "Bob", "HillBilly", "Nurse",  "Shape",  "Witch",     "Killer07",   "Cannibal", "Bear",
+    "Nightmare", "Pig", "Clown",     "Spirit", "Plague", "Ghostface", "Demogorgon", "Oni",      "Gunslinger"};
+
+bool isSlasher(std::string name)
 {
-    char buffer[MAX_PATH];
-    GetModuleFileNameA(NULL, buffer, MAX_PATH);
-    std::string path(buffer);
-    size_t pos = path.find_last_of("\\/");
-    if (pos != std::string::npos) return path.substr(0, pos + 1);
-    return "";
+    if (slasherNames.contains(name) || (name.length() == 3 && name[0] == 'K')) return true;
+    return false;
 }
 
+/*
+    setup / init
+*/
 void Spoofer::init(Proxy* proxy)
 {
-    loadData();
     registerListeners(proxy);
+    loadData();
+    loadConfig();
 }
 
 void Spoofer::registerListeners(Proxy* proxy)
 {
+    Log::info("Registering Proxy event listeners for spoofer");
     proxy->OnServerResponse.addListener([this](const std::string& url, std::string& body, std::string& respHeaders) {
         this->serverResponseHandler(url, body, respHeaders);
     });
@@ -40,205 +54,180 @@ void Spoofer::registerListeners(Proxy* proxy)
     });
 }
 
+#define LOADDATA(fileName, type, camperSet, slasherSet, errorMsg)                                                      \
+    std::string path##type = utils::getExePath() + fileName;                                                           \
+    std::ifstream file##type(path##type);                                                                              \
+    if (file##type.is_open())                                                                                          \
+    {                                                                                                                  \
+        std::stringstream buff;                                                                                        \
+        buff << file##type.rdbuf();                                                                                    \
+        if (!parseStackable(buff.str(), camperSet, slasherSet))                                                        \
+            Log::error("Failed to parse {} - {}", fileName, errorMsg);                                                 \
+        else                                                                                                           \
+            Log::verbose("Loaded {} camper ids and {} slasher ids from {}", camperSet.size(), slasherSet.size(),       \
+                         fileName);                                                                                    \
+    }                                                                                                                  \
+    else                                                                                                               \
+        Log::warning("Missing {} - {}", fileName, errorMsg);
+
 void Spoofer::loadData()
 {
-    Log::info("Loading dump data");
+    Log::info("Loading data");
 
-    std::string catalogDumpPath = getExeDir() + "catalog.json";
-    std::ifstream catalogFile(catalogDumpPath);
+    std::string catalogPath = utils::getExePath() + "catalog.json";
+    std::ifstream catalogFile(catalogPath);
     if (catalogFile.is_open())
     {
-        std::stringstream buffer;
-        buffer << catalogFile.rdbuf();
-        parseCatalog(buffer.str());
+        std::stringstream buff;
+        buff << catalogFile.rdbuf();
+        if (!parseCatalog(buff.str())) Log::warning("Failed to parse catalog.json - Customizations won't be unlocked");
     }
     else
-        Log::warning("Missing catalog.json");
+        Log::warning("Missing catalog.json - Customizations won't be unlocked");
 
-    std::string itemDumpPath = getExeDir() + "items.json";
-    std::ifstream itemFile(itemDumpPath);
-    if (itemFile.is_open())
+    LOADDATA("items.json", Items, _camperItemIds, _slasherPowerIds, "Items won't be added");
+    LOADDATA("offerings.json", Offerings, _camperOfferingIds, _slasherOfferingIds, "Offerings won't be added");
+    LOADDATA("addons.json", Addons, _camperAddonIds, _slasherAddonIds, "Addons won't be added");
+    LOADDATA("perks.json", Perks, _camperPerkIds, _slasherPerkIds, "Perks won't be added");
+}
+
+void Spoofer::loadConfig()
+{
+    std::string configPath = utils::getExePath() + "config.json";
+    std::ifstream configFile(configPath);
+
+    if (configFile.is_open())
     {
         try
         {
-            std::string content((std::istreambuf_iterator<char>(itemFile)), std::istreambuf_iterator<char>());
-            json doc = json::parse(content);
-
-            if (doc.contains("Camper") && doc["Camper"].is_object())
-                if (doc["Camper"].contains("Items") && doc["Camper"]["Items"].is_array())
-                    for (const auto& item : doc["Camper"]["Items"])
-                        if (item.is_string()) _camperItemIds.insert(item.get<std::string>());
-
-            if (doc.contains("Slasher") && doc["Slasher"].is_object())
-                if (doc["Slasher"].contains("Powers") && doc["Slasher"]["Powers"].is_array())
-                    for (const auto& item : doc["Slasher"]["Powers"])
-                        if (item.is_string()) _slasherPowerIds.insert(item.get<std::string>());
+            json configJson = json::parse(configFile);
+            _config.spoofCharacterOwnership = configJson.value("spoofCharacterOwnership", false);
+            _config.spoofInventory = configJson.value("spoofInventory", true);
+            _config.spoofCustomization = configJson.value("spoofCustomization", true);
+            Log::info("Loaded config: Ownership={}, Inventory={}, Customization={}", _config.spoofCharacterOwnership,
+                      _config.spoofInventory, _config.spoofCustomization);
         }
-        catch (const json::parse_error& e)
+        catch (...)
         {
-            Log::error("JSON parse error in {}: {}", "items.json", e.what());
+            Log::error("Failed to parse config.json, using defaults");
         }
     }
     else
-        Log::warning("Missing items.json");
-
-    std::string offeringDumpPath = getExeDir() + "offerings.json";
-    std::ifstream offeringsFile(offeringDumpPath);
-    if (offeringsFile.is_open())
     {
+        Log::info("config.json not found, using default settings");
+        json defaultConfig = {
+            {"spoofCharacterOwnership", true}, {"spoofInventory", true}, {"spoofCustomization", true}};
+        std::ofstream out(configPath);
+        out << defaultConfig.dump(4);
+    }
+}
+
+/*
+    data parsing
+*/
+bool Spoofer::parseCatalog(std::string data)
+{
+    json doc = json::parse(data, nullptr, false);
+
+    if (doc.is_discarded())
+    {
+        Log::error("Failed to parse catalog");
+        return false;
+    }
+
     try
     {
-            std::string content((std::istreambuf_iterator<char>(offeringsFile)), std::istreambuf_iterator<char>());
-            json doc = json::parse(content);
+        const auto& catalogData = doc.at("data");
 
-            if (doc.contains("Slashers") && doc["Slashers"].is_array())
-                for (const auto& offering : doc["Slashers"])
-                    if (offering.is_string()) _slasherOfferingIds.insert(offering.get<std::string>());
-
-            if (doc.contains("Campers") && doc["Campers"].is_array())
-                for (const auto& offering : doc["Campers"])
-                    if (offering.is_string()) _camperOfferingIds.insert(offering.get<std::string>());
-        }
-        catch (const json::parse_error& e)
+        auto extractIds = [&](const std::string& key, std::unordered_set<std::string>& targetSet) {
+            if (catalogData.contains(key) && catalogData[key].contains("items"))
+                for (const auto& id : catalogData[key]["items"])
                 {
-            Log::error("JSON parse error in {}: {}", "offerings.json", e.what());
-        }
+                    if (id.is_string()) targetSet.insert(id.get<std::string>());
                 }
             else
-        Log::warning("Missing offerings.json");
+                Log::warning("Catalog missing or invalid category: {}", key);
+        };
 
-    std::string addonDumpPath = getExeDir() + "addons.json";
-    std::ifstream addonFile(addonDumpPath);
-    if (addonFile.is_open())
-    {
-        try
-        {
-            std::string content((std::istreambuf_iterator<char>(addonFile)), std::istreambuf_iterator<char>());
-            json doc = json::parse(content);
-
-            if (doc.contains("Slashers") && doc["Slashers"].is_array())
-                for (const auto& item : doc["Slashers"])
-                    if (item.is_string()) _slasherAddonIds.insert(item.get<std::string>());
-
-            if (doc.contains("Campers") && doc["Campers"].is_array())
-                for (const auto& power : doc["Campers"])
-                    if (power.is_string()) _camperAddonIds.insert(power.get<std::string>());
+        extractIds("item", _catalogItemIds);
+        extractIds("outfit", _catalogOutfitIds);
     }
-        catch (const json::parse_error& e)
+    catch (const json::exception& e)
     {
-            Log::error("JSON parse error in {}: {}", "addons.json", e.what());
+        Log::error("Invalid catalog format: {}", e.what());
+        return false;
     }
-    }
-    else
-        Log::warning("Missing addons.json");
-
-    try
-    {
-        std::string perkDumpPaths = getExeDir() + "perks.json";
-        std::ifstream perkFile(perkDumpPaths);
-        if (perkFile.is_open())
-        {
-            std::string content((std::istreambuf_iterator<char>(perkFile)), std::istreambuf_iterator<char>());
-            json doc = json::parse(content);
-
-            if (doc.contains("Slashers") && doc["Slashers"].is_array())
-                for (const auto& item : doc["Slashers"])
-                    if (item.is_string()) _slasherPerkIds.insert(item.get<std::string>());
-
-            if (doc.contains("Campers") && doc["Campers"].is_array())
-                for (const auto& power : doc["Campers"])
-                    if (power.is_string()) _camperPerkIds.insert(power.get<std::string>());
-        }
-        else
-            Log::warning("Missing perks.json");
-    }
-    catch (const json::parse_error& e)
-    {
-        Log::error("JSON parse error in {}: {}", "perks.json", e.what());
-        return;
-    }
-
-    Log::info("Loaded: Camper items={}, Slasher powers={}, "
-              "Slasher addons={}, Camper addons={}, Camper perks={}, Slasher perks={}"
-              "Slasher offerings={}, Camper offerings={}",
-              _camperItemIds.size(), _slasherPowerIds.size(), _slasherAddonIds.size(), _camperAddonIds.size(),
-              _camperPerkIds.size(), _slasherPerkIds.size(), _slasherOfferingIds.size(), _camperOfferingIds.size());
-}
-
-void Spoofer::parseCatalog(std::string data)
-{
-    try
-    {
-        json doc = json::parse(data);
-
-        if (doc.contains("data")) doc = doc["data"];
-
-        if (doc.contains("item") && doc["item"].contains("items") && doc["item"]["items"].is_array())
-            for (const auto& item : doc["item"]["items"])
-                if (item.is_string()) _catalogItemIds.insert(item.get<std::string>());
-
-        if (doc.contains("outfit") && doc["outfit"].contains("items") && doc["outfit"]["items"].is_array())
-            for (const auto& item : doc["outfit"]["items"])
-                if (item.is_string()) _catalogOutfitIds.insert(item.get<std::string>());
 
     Log::info("Parsed {} items and {} outfits from catalog", _catalogItemIds.size(), _catalogOutfitIds.size());
-    }
-    catch (const json::parse_error& e)
-    {
-        Log::error("JSON parse error in {}: {}", "parseCatalog", e.what());
-    }
+
+    return true;
 }
 
-void Spoofer::parseAndDumpCatalog(std::string& data)
+bool Spoofer::parseStackable(std::string data, std::unordered_set<std::string>& camperSet,
+                             std::unordered_set<std::string>& slasherSet)
 {
-    std::string path = getExeDir() + "catalog.json";
-    std::ofstream file(path);
-    file << data;
-    file.close();
-    Log::info("Raw catalog saved to {}", path);
-
-    parseCatalog(data);
+    json doc = json::parse(data, nullptr, false);
+    if (doc.is_discarded())
+    {
+        Log::error("JSON parse error @ parseStackable");
+        return false;
     }
 
-std::unordered_set<std::string> killerNames = {
-    "Chuckles",  "Bob", "HillBilly", "Nurse",  "Shape",  "Witch",     "Killer07",   "Cannibal", "Bear",
-    "Nightmare", "Pig", "Clown",     "Spirit", "Plague", "Ghostface", "Demogorgon", "Oni",      "Gunslinger"};
-
-void Spoofer::modifyCharacterData(json& js)
+    auto populate = [&](const std::string& key, std::unordered_set<std::string>& targetSet) {
+        if (doc.contains(key) && doc[key].is_array())
+            for (const auto& item : doc[key])
             {
-    std::unordered_set<std::string> existingItemIds;
-    bool isSlasher = false;
+                if (item.is_string()) targetSet.insert(item.get<std::string>());
+            }
+        else
+            Log::warning("Missing stackables array ({})", key);
+    };
 
-    if (js.contains("characterName") && js["characterName"].is_string())
-    {
-        std::string name = js["characterName"];
-        if (killerNames.contains(name) || (name.length() == 3 && name[0] == 'K')) isSlasher = true;
+    populate("Slashers", slasherSet);
+    populate("Campers", camperSet);
+
+    return true;
 }
 
-    if (js.contains("prestigeLevel") && js["prestigeLevel"].get<int>() <= 1)
-        if (js.contains("bloodWebLevel") && js["bloodWebLevel"].get<int>() <= 15) js["bloodWebLevel"] = 16;
-
-    if (js.contains("bloodWebData"))
+/*
+    misc functions
+*/
+std::string Spoofer::getRandomItem()
 {
-        static std::random_device rd;
-        static std::mt19937 rng(rd());
+    std::vector<const std::unordered_set<std::string>*> allSets = {
+        &_camperItemIds,  &_slasherPowerIds, &_camperOfferingIds, &_slasherOfferingIds,
+        &_camperAddonIds, &_slasherAddonIds, &_camperPerkIds,     &_slasherPerkIds};
 
-        std::unordered_set<std::string> stackableIds;
-        stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
-        stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
-        stackableIds.insert(_camperAddonIds.begin(), _camperAddonIds.end());
-        stackableIds.insert(_slasherAddonIds.begin(), _slasherAddonIds.end());
-        stackableIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
+    std::vector<const std::unordered_set<std::string>*> validSets;
+    for (auto* s : allSets)
+        if (!s->empty()) validSets.push_back(s);
 
-        std::string selectedContentId = "Spring2024Offering";
-        auto it = stackableIds.begin();
-        std::advance(it, std::uniform_int_distribution<>(0, static_cast<int>(_camperOfferingIds.size()) - 1)(rng));
-        selectedContentId = *it;
+    if (validSets.empty()) return "Spring2024Offering";
+
+    std::uniform_int_distribution<> setDist(0, static_cast<int>(validSets.size()) - 1);
+    const auto& selectedSet = *validSets[setDist(gen)];
+
+    std::uniform_int_distribution<> itemDist(0, static_cast<int>(selectedSet.size()) - 1);
+    auto it = selectedSet.begin();
+    std::advance(it, itemDist(gen));
+
+    return *it;
+}
+
+int Spoofer::getRandomQuantity()
+{
+    std::uniform_int_distribution<> dist(64, 97);
+    return dist(gen);
+}
+
+void Spoofer::generateBloodweb(nlohmann::json& js)
+{
+    if (!js.is_object()) js = json::object();
 
     std::vector<std::string> paths;
     json ringDataArray = json::array();
 
-        ringDataArray.push_back({{"nodeData", json::array({{{"nodeId", "0"}, {"state", "Collected"}}})}});
+    ringDataArray.push_back({{"nodeData", {{{"nodeId", "0"}, {"state", "Collected"}}}}});
 
     int nodesPerRing[] = {6, 12, 12};
     std::vector<std::string> prevRingNodes = {"0"};
@@ -255,27 +244,82 @@ void Spoofer::modifyCharacterData(json& js)
             currentRingNodes.push_back(childId);
 
             int parentIndex = (i - 1) / (numNodes / static_cast<int>(prevRingNodes.size()));
+            std::string parentId = prevRingNodes[(std::min)(parentIndex, (int)prevRingNodes.size() - 1)];
 
-                if (parentIndex >= static_cast<int>(prevRingNodes.size()))
-                    parentIndex = static_cast<int>(prevRingNodes.size()) - 1;
-
-                std::string parentId = prevRingNodes[parentIndex];
             paths.push_back(parentId + "_" + childId);
 
-                nodeDataArray.push_back(
-                    {{"nodeId", childId}, {"state", "Collected"}, {"contentId", selectedContentId}});
-            }
+            std::string item = getRandomItem();
+            if (item.empty()) item = "Spring2024Offering";
 
+            nodeDataArray.push_back({{"nodeId", childId}, {"state", "Collected"}, {"contentId", item}});
+        }
         ringDataArray.push_back({{"nodeData", nodeDataArray}});
         prevRingNodes = std::move(currentRingNodes);
     }
 
-        js["bloodWebData"]["paths"] = paths;
-        js["bloodWebData"]["ringData"] = ringDataArray;
+    js["paths"] = paths;
+    js["ringData"] = ringDataArray;
 }
 
+/*
+    data modification
+*/
+void Spoofer::modifyCharacterData(json& js)
+{
+    if (!js.contains("characterName") || !js["characterName"].is_string())
+    {
+        Log::verbose("attempted to modify invalid char");
+        return;
+    }
+
+    std::string name = js["characterName"];
+
+    if (_config.spoofCharacterOwnership)
+    {
+        bool needsSpoofing = false;
+
+        if (js.value("isEntitled", false) == false)
+        {
+            _unownedCharacters.insert(name);
+            js["isEntitled"] = true;
+            js["purchaseInfo"] = {{"quantity", 1},
+                                  {"origin", "PlayerInventory"},
+                                  {"reason", "Item(s) added via Purchase"},
+                                  {"lastUpdateAt", std::time(nullptr)},
+                                  {"objectId", name}};
+            needsSpoofing = true;
+        }
+        else if (_unownedCharacters.contains(name))
+            needsSpoofing = true;
+
+        /*
+            modifications for unowned characters (spoof level and fake bloodweb)
+        */
+        if (needsSpoofing)
+        {
+            if (js.contains("bloodWebLevel") && js["bloodWebLevel"].is_number() && js["bloodWebLevel"] <= 15)
+                if (!js.contains("prestigeLevel") || (js["prestigeLevel"].is_number() && js["prestigeLevel"] <= 0))
+                    js["bloodWebLevel"] = 16;
+
+            if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
+        }
+    }
+    else
+    {
+        if (js.value("isEntitled", false) == false) return;
+    }
+
+    /*
+        item spoofing
+    */
+    if (_config.spoofInventory)
+    {
+        bool slasher = isSlasher(js["characterName"]);
+
         if (js.contains("characterItems") && js["characterItems"].is_array())
         {
+            std::unordered_set<std::string> existingItemIds;
+
             std::unordered_set<std::string> stackableIds;
             stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
             stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
@@ -285,205 +329,220 @@ void Spoofer::modifyCharacterData(json& js)
 
             for (auto& item : js["characterItems"])
             {
+            /*
+                set existing items to rnd number
+            */
                 if (item.contains("itemId") && item["itemId"].is_string())
                 {
                     std::string itemId = item["itemId"];
                     existingItemIds.insert(itemId);
-
-                if (_slasherPowerIds.find(itemId) != _slasherPowerIds.end())
-                    isSlasher = true;
-                else if (stackableIds.contains(itemId))
-                    item["quantity"] = 100;
+                    if (stackableIds.contains(itemId)) item["quantity"] = getRandomQuantity();
                 }
             }
 
-        if (!isSlasher)
+            auto appendItems = [&](const std::unordered_set<std::string>& idList, bool isPerk) {
+                for (const auto& itemId : idList)
+                    if (existingItemIds.find(itemId) == existingItemIds.end())
+                        js["characterItems"].push_back(
+                            {{"itemId", itemId}, {"quantity", isPerk ? 3 : getRandomQuantity()}});
+            };
+
+            if (!slasher)
             {
-            for (const std::string& itemId : _camperItemIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 100}});
-            for (const std::string& itemId : _camperAddonIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 100}});
-            for (const std::string& itemId : _camperOfferingIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 100}});
-            for (const std::string& itemId : _camperPerkIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 3}});
+                appendItems(_camperItemIds, false);
+                appendItems(_camperAddonIds, false);
+                appendItems(_camperOfferingIds, false);
+                appendItems(_camperPerkIds, true);
             }
             else
             {
-            for (const std::string& itemId : _slasherAddonIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 100}});
-            for (const std::string& itemId : _slasherOfferingIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 100}});
-            for (const std::string& itemId : _slasherPerkIds)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back({{"itemId", itemId}, {"quantity", 3}});
+                appendItems(_slasherAddonIds, false);
+                appendItems(_slasherOfferingIds, false);
+                appendItems(_slasherPerkIds, true);
             }
         }
     }
 
-void Spoofer::serverResponseHandler(const std::string& url, std::string& body, std::string& respHeaders)
-{
 #ifdef _DEBUG
-    if (url.find("bhvrdbd.com") != std::string::npos) Log::verbose("BHVR api res @ {}", url);
+    Log::verbose("Spoofed data for character {}", name);
 #endif
+}
 
-    if (url.find("api/v1/extensions/store/getCatalogItems") != std::string::npos) return parseAndDumpCatalog(body);
+/*
+    endpoint handlers
+*/
 
-    if (url.find("api/v1/dbd-inventories/all") != std::string::npos)
+void Spoofer::onGetCatalogItems(std::string& body)
 {
-        try
+    std::thread t([body]() {
+        std::string outPath = utils::getExePath() + "catalog.json";
+        std::ofstream file(outPath);
+        if (file.is_open())
         {
-            json doc = json::parse(body);
+            file << body;
+            file.close();
+            Log::verbose("Raw catalog saved to {}", outPath);
+        }
+        else
+            Log::error("Unable to write to catalog.json");
+    });
+    t.detach();
+
+    parseCatalog(body);
+}
+
+void Spoofer::onGetAll(std::string& body)
+{
+    json doc = json::parse(body, nullptr, false);
+    if (doc.is_discarded()) return Log::error("JSON parse error for dbd-character-data/get-all");
+    if (!doc.contains("list") || !doc["list"].is_array())
+        return Log::error("Invalid json for dbd-character-data/get-all");
+
+    for (auto& charData : doc["list"])
+        modifyCharacterData(charData);
+
+    body = doc.dump();
+}
+
+void Spoofer::onInventoryAll(std::string& body)
+{
+    json doc = json::parse(body, nullptr, false);
+    if (doc.is_discarded()) return Log::error("JSON parse error for dbd-inventories/all");
+    if (!doc.contains("inventoryItems") || !doc["inventoryItems"].is_array())
+        return Log::error("Invalid json for JSON parse error for dbd-inventories/all");
+
     auto& itemsArr = doc["inventoryItems"];
+    std::unordered_set<std::string> existingIds;
+    int64_t now = std::time(nullptr);
 
-            std::unordered_set<std::string> foundObjects;
-            std::unordered_set<std::string> foundAddons;
-            std::unordered_set<std::string> foundPerks;
-            std::unordered_set<std::string> foundOfferings;
-            std::unordered_set<std::string> foundCatalogItems;
+    /*
+        item updates
+    */
+    struct Category
+    {
+            const std::unordered_set<std::string>& source;
+            int quantity;
+    };
 
-            std::unordered_set<std::string> offeringIds;
-            offeringIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
-            offeringIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
+    std::vector<Category> categories;
+    if (_config.spoofInventory)
+    {
+        categories.push_back({_camperPerkIds, 3});
+        categories.push_back({_slasherPerkIds, 3});
+        categories.push_back({_camperOfferingIds, -1});
+        categories.push_back({_slasherOfferingIds, -1});
 
-            std::unordered_set<std::string> catalogIds;
-            catalogIds.insert(_catalogOutfitIds.begin(), _catalogOutfitIds.end());
-            catalogIds.insert(_catalogItemIds.begin(), _catalogItemIds.end());
+        categories.push_back({_camperItemIds, -1});
+        categories.push_back({_camperAddonIds, -1});
+        categories.push_back({_slasherAddonIds, -1});
+    }
 
-            std::unordered_set<std::string> perkIds;
-            perkIds.insert(_slasherPerkIds.begin(), _slasherPerkIds.end());
-            perkIds.insert(_camperPerkIds.begin(), _camperPerkIds.end());
+    if (_config.spoofCustomization)
+    {
+        categories.push_back({_catalogOutfitIds, 1});
+        categories.push_back({_catalogItemIds, 1});
+    }
 
     for (auto& item : itemsArr)
     {
-                std::string objectId = item["objectId"];
+        std::string id = item.value("objectId", "");
+        if (id.empty()) continue;
 
-                if (perkIds.find(objectId) != perkIds.end())
+        existingIds.insert(id);
+
+        for (const auto& cat : categories)
         {
-                    foundPerks.insert(objectId);
-                    item["quantity"] = 3;
-                    continue;
+            if (cat.source.contains(id))
+            {
+                item["quantity"] = (cat.quantity == -1) ? getRandomQuantity() : cat.quantity;
+                break;
             }
-
-                if (offeringIds.find(objectId) != offeringIds.end())
-                {
-                    foundOfferings.insert(objectId);
-                    item["quantity"] = 100;
-                    continue;
-                }
-
-                if (catalogIds.find(objectId) != catalogIds.end())
-                {
-                    foundCatalogItems.insert(objectId);
-                    continue;
         }
     }
 
-            for (const std::string& id : perkIds)
+    /*
+        item inserts
+    */
+    for (const auto& cat : categories)
     {
-                if (foundPerks.find(id) == foundPerks.end())
+        for (const std::string& id : cat.source)
         {
-                    itemsArr.push_back({
-                        {"objectId", id},
-                        {"quantity", 3},
-                        {"lastUpdateAt", std::time(nullptr)},
-                    });
+            if (!existingIds.contains(id))
+            {
+                int qty = (cat.quantity == -1) ? getRandomQuantity() : cat.quantity;
+                itemsArr.push_back({{"objectId", id}, {"quantity", qty}, {"lastUpdateAt", now}});
+                existingIds.insert(id);
+            }
         }
     }
 
-            for (const std::string& id : offeringIds)
-            {
-                if (foundOfferings.find(id) == foundOfferings.end())
-                {
-                    itemsArr.push_back({
-                        {"objectId", id},
-                        {"quantity", 100},
-                        {"lastUpdateAt", std::time(nullptr)},
-                    });
-                }
-            }
-
-            for (const std::string& id : catalogIds)
-            {
-                if (foundCatalogItems.find(id) == foundCatalogItems.end())
-                {
-                    itemsArr.push_back({
-                        {"objectId", id},
-                        {"quantity", 1},
-                        {"lastUpdateAt", std::time(nullptr)},
-                    });
-                }
-            }
-
-            std::string updatedJson = doc.dump();
-            body = updatedJson;
-
-            Log::verbose("Inventory updated: Items={}, Addons={}, Perks={}, Offerings={}", foundObjects.size(),
-                         foundAddons.size(), foundPerks.size(), foundOfferings.size());
-
-            return;
-        }
-        catch (const json::parse_error& e)
-        {
-            Log::error("JSON parse error in {}: {}", url, e.what());
-            return;
-        }
-
-        return;
-    }
-
-    if (url.find("api/v1/dbd-character-data/get-all") != std::string::npos)
-    {
-        try
-        {
-            json doc = json::parse(body);
-            auto& charList = doc["list"];
-
-            for (auto& charInfo : charList)
-            {
-                if (charInfo.contains("bloodWebLevel") && charInfo.at("bloodWebLevel").get<int>() <= 15)
-                    if (!charInfo.contains("prestigeLevel") || charInfo.at("prestigeLevel").get<int>() <= 0)
-                        charInfo["bloodWebLevel"] = 16;
-
-                if (charInfo.contains("bloodWebData") && charInfo.at("bloodWebData").contains("level"))
-                    charInfo["bloodWebData"]["level"] = 1;
-
-                if (charInfo["isEntitled"] == false)
-                {
-                    charInfo["isEntitled"] = true;
-                    if (charInfo.contains("origin"))
-                    {
-                        charInfo["purchaseInfo"] = {{"quantity", 1},
-                                                    {"origin", "PlayerInventory"},
-                                                    {"reason", "Item(s) added via Purchase"},
-                                                    {"lastUpdateAt", 1770702482},
-                                                    {"objectId", charInfo["characterName"]}};
-                    }
-                }
-
-                modifyCharacterData(charInfo);
-            }
     body = doc.dump();
-        }
-        catch (const json::parse_error& e)
-        {
-            Log::error("JSON parse error in {}: {}", url, e.what());
-        }
-        return;
+    Log::verbose("Inventory spoofed");
 }
 
-    if (url.find("api/v1/dbd-character-data/") != std::string::npos)
+void Spoofer::onMessageList(std::string& body)
 {
-        try
-        {
-            json doc = json::parse(body);
+    json doc = json::parse(body, nullptr, false);
+    if (doc.is_discarded()) return Log::error("JSON parse error for dbd-messages/listV2");
 
+    auto now = std::chrono::system_clock::now();
+    auto now_seconds = std::chrono::duration_cast<std::chrono::seconds>(now.time_since_epoch()).count();
+    auto now_milliseconds = std::chrono::duration_cast<std::chrono::milliseconds>(now.time_since_epoch()).count();
+
+    json msg;
+
+    /*
+        msg base
+    */
+    msg["allowedPlatforms"] = json::array({"egs", "grdk", "ps4", "ps5", "steam", "xbox", "xsx"});
+    msg["flag"] = "READ";
+    msg["gameSpecificData"] = {};
+    msg["read"] = false;
+    msg["tag"] = json::array({"inbox"});
+    msg["expireAt"] = now_seconds + (1337 * 24 * 60 * 60);
+    msg["received"] = now_milliseconds;
+    msg["recipientId"] = "system";
+
+    /*
+        msg content
+    */
+    json bodyContent;
+    bodyContent["sections"] = json::array();
+    bodyContent["sections"].push_back(
+        {{"type", "text"},
+         {"text", "Japan is turning footsteps into electricity!<br><br>Using piezoelectric tiles, every step "
+                  "you take generates a small amount of energy. Millions of steps together can power LED "
+                  "lights and displays in busy places like Shibuya Station.<br><br>A brilliant way to create a "
+                  "sustainable and smart city — turning movement into clean, renewable energy."}});
+
+    bodyContent["image"] = {
+        {"packagedPath", "/Game/UI/UMGAssets/Icons/ItemAddons/iconAddon_powerBulb.iconAddon_powerBulb"},
+        {"contentVersion", "ccc3f02b0a671fe19a0017d6a69293876a465fd9"},
+        {"uri", ""}};
+
+    bodyContent["sections"].push_back(
+        {{"type", "itemshowcase"},
+         {"rewards", json::array({{{"type", "inventory"}, {"id", "ADDON_flashlight_oddbulb"}, {"amount", 1}}})}});
+
+    msg["message"] = {};
+    msg["message"]["title"] = "Japan is turning footsteps into electricity";
+    msg["message"]["body"] = bodyContent.dump();
+
+    doc["messages"].push_back(msg);
+
+    body = doc.dump();
+#ifdef _DEBUG
+    Log::verbose("Spoofed message list");
+#endif
+}
+
+void Spoofer::onBloodweb(std::string& body, std::string& respHeaders)
+{
+    json doc = json::parse(body, nullptr, false);
+    if (doc.is_discarded()) return Log::error("JSON parse error for bloodweb response");
+
+    if (_config.spoofCharacterOwnership)
+    {
         if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
         {
             Log::info("Spoofing bloodweb error for unowned character");
@@ -492,49 +551,70 @@ void Spoofer::serverResponseHandler(const std::string& url, std::string& body, s
             mock["updatedWallets"] = json::array();
             mock["bloodWebLevel"] = 16;
             mock["prestigeLevel"] = 0;
-                mock["bloodWebData"] = {{"ringData", json::array()}, {"paths", json::array()}};
+            mock["bloodWebData"] = json::object();
             mock["characterItems"] = json::array();
             mock["characterName"] = this->_lastBloodWebChar;
+            mock["isEntitled"] = true;
+            mock["purchaseInfo"] = {{"quantity", 1},
+                                    {"origin", "PlayerInventory"},
+                                    {"reason", "Item(s) added via Purchase"},
+                                    {"lastUpdateAt", std::time(nullptr)},
+                                    {"objectId", this->_lastBloodWebChar}};
+
+            _unownedCharacters.insert(this->_lastBloodWebChar); // probably not needed but just in case
 
             modifyCharacterData(mock);
 
-                size_t firstSpace = respHeaders.find(' ');
-                if (firstSpace != std::string::npos) respHeaders.replace(firstSpace + 1, 3, "200");
+            std::regex statusRegex(R"(HTTP\/\d\.\d\s+403)");
+            respHeaders = std::regex_replace(respHeaders, statusRegex, "HTTP/1.1 200");
 
             body = mock.dump();
+#ifdef _DEBUG
+            Log::verbose("Spoofed bloodweb request for unowned character.");
+#endif
             return;
         }
-            else
-            {
+    }
+
     modifyCharacterData(doc);
     body = doc.dump();
+#ifdef _DEBUG
+    Log::verbose("Spoofed bloodweb items for owned character");
+#endif
 }
-            return;
-        }
-        catch (const json::parse_error& e)
+
+/*
+    event handlers
+*/
+void Spoofer::serverResponseHandler(const std::string& url, std::string& body, std::string& respHeaders)
 {
-            Log::error("JSON parse error in {}: {}", url, e.what());
-        }
-        return;
-    }
+    if (url.find("bhvrdbd.com") == std::string::npos) return;
+    std::lock_guard<std::mutex> lock(_mtx);
+
+#ifdef _DEBUG
+    Log::verbose("BHVR api res @ {}", url);
+#endif
+
+    if (url.find("api/v1/extensions/store/getCatalogItems") != std::string::npos) return onGetCatalogItems(body);
+    if (url.find("api/v1/dbd-character-data/get-all") != std::string::npos) return onGetAll(body);
+    if (url.find("api/v1/dbd-character-data/get-all") != std::string::npos) return onGetAll(body);
+    if (url.find("api/v1/dbd-inventories/all") != std::string::npos) return onInventoryAll(body);
+    if (url.find("/api/v1/messages/listV2") != std::string::npos) return onMessageList(body);
+    if (url.find("api/v1/dbd-character-data/bloodweb") != std::string::npos ||
+        url.find("api/v1/dbd-character-data/bulk-spending-bloodweb") != std::string::npos)
+        return onBloodweb(body, respHeaders);
 }
 
 void Spoofer::clientRequestHandler(std::string& url, const std::string& body, std::string& /*reqHeaders*/)
 {
+    if (url.find("bhvrdbd.com") == std::string::npos) return;
+    std::lock_guard<std::mutex> lock(_mtx);
+
     if (url.find("api/v1/dbd-character-data/bloodweb") != std::string::npos ||
         url.find("api/v1/dbd-character-data/bulk-spending-bloodweb") != std::string::npos)
     {
-        try
-        {
-            json req = json::parse(body);
-            if (req.contains("characterName"))
-            {
-                this->_lastBloodWebChar = req["characterName"];
-                Log::info("Detected bloodweb request for character: {}", this->_lastBloodWebChar);
-            }
-        }
-        catch (...)
-        {
-        }
+        json req = json::parse(body, nullptr, false);
+        if (req.is_discarded()) return Log::error("JSON parse error for bloodweb request handler");
+        if (req.contains("characterName")) this->_lastBloodWebChar = req["characterName"];
     }
 }

src/unlocker/spoofing.h

@@ -5,8 +5,17 @@
 #include <unordered_set>
 #include <string>
 
+#include <mutex>
+
 #include <nlohmann/json_fwd.hpp>
 
+struct SpooferConfig
+{
+        bool spoofCharacterOwnership = false;
+        bool spoofInventory = false;
+        bool spoofCustomization = false;
+};
+
 class Spoofer
 {
     public:
@@ -15,15 +24,29 @@ class Spoofer
     private:
         void registerListeners(Proxy* proxy);
         void loadData();
+        void loadConfig();
 
-        void parseCatalog(std::string data);
+        bool parseCatalog(std::string data);
+        bool parseStackable(std::string data, std::unordered_set<std::string>& camperSet,
+                            std::unordered_set<std::string>& slasherSet);
 
-        void parseAndDumpCatalog(std::string& data);
+        std::string getRandomItem();
+        int getRandomQuantity();
+
+        void generateBloodweb(nlohmann::json& data);
         void modifyCharacterData(nlohmann::json& js);
 
+        void onGetCatalogItems(std::string& body);
+        void onGetAll(std::string& body);
+        void onInventoryAll(std::string& body);
+        void onMessageList(std::string& body);
+        void onBloodweb(std::string& body, std::string& respHeaders);
+
         void serverResponseHandler(const std::string& url, std::string& body, std::string& respHeaders);
         void clientRequestHandler(std::string& url, const std::string& body, std::string& reqHeaders);
 
+        SpooferConfig _config;
+
         std::unordered_set<std::string> _camperItemIds;
         std::unordered_set<std::string> _slasherPowerIds;
 
@@ -33,11 +56,14 @@ class Spoofer
         std::unordered_set<std::string> _camperAddonIds;
         std::unordered_set<std::string> _slasherAddonIds;
 
-        std::unordered_set<std::string> _slasherPerkIds;
         std::unordered_set<std::string> _camperPerkIds;
+        std::unordered_set<std::string> _slasherPerkIds;
 
         std::unordered_set<std::string> _catalogOutfitIds;
         std::unordered_set<std::string> _catalogItemIds;
 
-        std::string _lastBloodWebChar = "Ace";
+        std::unordered_set<std::string> _unownedCharacters;
+
+        std::string _lastBloodWebChar = "";
+        std::mutex _mtx;
 };

src/unlocker/ssl.cpp

@@ -0,0 +1,232 @@
+#include "ssl.h"
+#include "utils.h"
+
+#include <nerutils/log.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+
+#include <random>
+#include <cstdlib>
+#include <ctime>
+#include <cstring>
+
+#include <wincrypt.h>
+#include <processthreadsapi.h>
+
+template <typename T, void (*f)(T*)> struct Deleter
+{
+        void operator()(T* p) const { f(p); }
+};
+
+using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, Deleter<EVP_PKEY, EVP_PKEY_free>>;
+using X509_ptr = std::unique_ptr<X509, Deleter<X509, X509_free>>;
+using SSL_CTX_ptr = std::unique_ptr<SSL_CTX, Deleter<SSL_CTX, SSL_CTX_free>>;
+using BIO_ptr = std::unique_ptr<BIO, Deleter<BIO, BIO_vfree>>;
+
+CertManager::CertManager() : _caPkey(nullptr), _caCert(nullptr), _sessionPkey(nullptr) {}
+
+CertManager::~CertManager()
+{
+    if (_caPkey) EVP_PKEY_free(_caPkey);
+    if (_caCert) X509_free(_caCert);
+    if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
+
+    for (auto& pair : _hostContexts)
+        SSL_CTX_free(pair.second);
+}
+
+bool CertManager::init()
+{
+    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
+    if (!pctx) return false;
+
+    EVP_PKEY_keygen_init(pctx);
+    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
+
+    EVP_PKEY* rawPkey = nullptr;
+    if (EVP_PKEY_keygen(pctx, &rawPkey) <= 0)
+    {
+        Log::error("Failed to generate session key");
+        EVP_PKEY_CTX_free(pctx);
+        return false;
+    }
+    _sessionPkey = rawPkey;
+    EVP_PKEY_CTX_free(pctx);
+
+    if (loadCA())
+    {
+        Log::verbose("Loaded existing CA certificate");
+        return true;
+    }
+
+    Log::verbose("No CA found, generating");
+    return generateCA();
+}
+
+bool CertManager::loadCA()
+{
+    std::string path = utils::getExePath();
+
+    BIO_ptr keyBio(BIO_new_file((path + "/key.pem").c_str(), "r"));
+    if (!keyBio) return false;
+    _caPkey = PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr);
+
+    BIO_ptr certBio(BIO_new_file((path + "/cert.pem").c_str(), "r"));
+    if (!certBio) return false;
+    _caCert = PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr);
+
+    return (_caPkey && _caCert);
+}
+
+void CertManager::installCert(X509* cert)
+{
+    if (!cert) return;
+
+    /*
+        X509 to DER
+    */
+    int derLen = i2d_X509(cert, nullptr);
+    if (derLen < 0) return;
+
+    unsigned char* derBuf = new unsigned char[derLen];
+    unsigned char* p = derBuf;
+    i2d_X509(cert, &p);
+
+    PCCERT_CONTEXT certCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, derBuf, derLen);
+    if (certCtx)
+    {
+        HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
+        if (rootStore)
+        {
+            BOOL success = CertAddCertificateContextToStore(rootStore, certCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
+
+            if (success)
+                Log::info("CA certificate installed");
+            else
+                Log::error("Failed to install CA certificate");
+
+            CertCloseStore(rootStore, 0);
+        }
+        CertFreeCertificateContext(certCtx);
+    }
+
+    delete[] derBuf;
+}
+
+bool CertManager::generateCA()
+{
+    std::random_device rd;
+    std::mt19937 gen(rd());
+
+    /*
+        key
+    */
+    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
+    EVP_PKEY_keygen_init(pctx);
+    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
+    EVP_PKEY* rawCaKey = nullptr;
+    EVP_PKEY_keygen(pctx, &rawCaKey);
+    _caPkey = rawCaKey;
+    EVP_PKEY_CTX_free(pctx);
+
+    /*
+        cert
+    */
+    X509_ptr cert(X509_new());
+    X509_set_version(cert.get(), 2);
+    ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1);
+    X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
+    X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L); // 1 year
+
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    std::string randomCN = utils::randomizeString(16);
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)randomCN.c_str(), -1, -1, 0);
+    X509_set_issuer_name(cert.get(), subjName);
+    X509_set_pubkey(cert.get(), _caPkey);
+
+    /*
+        CA constraints
+    */
+    X509V3_CTX v3ctx;
+    X509V3_set_ctx(&v3ctx, cert.get(), cert.get(), nullptr, nullptr, 0);
+    X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_basic_constraints, "critical,CA:TRUE");
+    X509_add_ext(cert.get(), ext, -1);
+    X509_EXTENSION_free(ext);
+
+    if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return false;
+
+    /*
+        out   
+    */
+    std::string path = utils::getExePath();
+    BIO_ptr kOut(BIO_new_file((path + "/key.pem").c_str(), "w"));
+    PEM_write_bio_PrivateKey(kOut.get(), _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
+
+    BIO_ptr cOut(BIO_new_file((path + "/cert.pem").c_str(), "w"));
+    PEM_write_bio_X509(cOut.get(), cert.get());
+
+    /*
+        install and release
+    */
+    installCert(cert.get());
+
+    _caCert = cert.release();
+
+    return true;
+}
+
+SSL_CTX* CertManager::createHostContext(const std::string& host)
+{
+    std::lock_guard<std::mutex> lock(_mutex);
+    if (_hostContexts.count(host)) return _hostContexts[host];
+
+    /*
+        cert base
+    */
+    X509_ptr cert(X509_new());
+    X509_set_version(cert.get(), 2);
+
+    ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
+
+    X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
+    X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L);
+
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)host.c_str(), -1, -1, 0);
+    X509_set_issuer_name(cert.get(), X509_get_subject_name(_caCert));
+    X509_set_pubkey(cert.get(), _sessionPkey);
+
+    /*
+        SAN
+    */
+    X509V3_CTX v3ctx;
+    X509V3_set_ctx(&v3ctx, _caCert, cert.get(), nullptr, nullptr, 0);
+    std::string altName = "DNS:" + host;
+    X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_subject_alt_name, altName.c_str());
+    X509_add_ext(cert.get(), ext, -1);
+    X509_EXTENSION_free(ext);
+
+    /*
+        sign & ctx load
+    */
+    if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return nullptr;
+
+    SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
+    if (!ctx) return nullptr;
+
+    if (SSL_CTX_use_certificate(ctx, cert.get()) <= 0 || SSL_CTX_use_PrivateKey(ctx, _sessionPkey) <= 0)
+    {
+        SSL_CTX_free(ctx);
+        return nullptr;
+    }
+
+    _hostContexts[host] = ctx;
+    return ctx;
+}

src/unlocker/ssl.h

@@ -0,0 +1,39 @@
+#pragma once
+
+#include <string>
+#include <unordered_map>
+#include <mutex>
+
+struct x509_st;
+struct X509_name_st;
+struct ssl_st;
+struct ssl_ctx_st;
+struct evp_pkey_st;
+
+typedef struct x509_st X509;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+class CertManager
+{
+    public:
+        CertManager();
+        ~CertManager();
+
+        bool init();
+        SSL_CTX* createHostContext(const std::string& host);
+
+    private:
+        bool generateCA();
+        bool loadCA();
+
+        void installCert(X509* cert);
+
+        EVP_PKEY* _caPkey = nullptr;
+        X509* _caCert = nullptr;
+        EVP_PKEY* _sessionPkey = nullptr;
+
+        std::mutex _mutex;
+        std::unordered_map<std::string, SSL_CTX*> _hostContexts;
+};

src/unlocker/utils.cpp

@@ -0,0 +1,24 @@
+#include "utils.h"
+
+#include <minwindef.h>
+#include <libloaderapi.h>
+
+std::string utils::getExePath()
+{
+    char buffer[MAX_PATH];
+    GetModuleFileNameA(NULL, buffer, MAX_PATH);
+    std::string path(buffer);
+    size_t pos = path.find_last_of("\\/");
+    if (pos != std::string::npos) return path.substr(0, pos + 1);
+    return "";
+}
+
+std::string utils::randomizeString(size_t length)
+{
+    const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    std::string result;
+    result.resize(length);
+    for (size_t i = 0; i < length; ++i)
+        result[i] = charset[rand() % (sizeof(charset) - 1)];
+    return result;
+}

src/unlocker/utils.h

@@ -0,0 +1,9 @@
+#pragma once
+
+#include <string>
+
+namespace utils
+{
+    std::string getExePath();
+    std::string randomizeString(size_t length);
+} // namespace utils