fix: use config values from default member initialization

src/unlocker/cert_manager.cpp

@@ -1,222 +0,0 @@
-#include "cert_manager.h"
-#include <nerutils/log.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#include <cstdlib>
-#include <ctime>
-
-#include <processthreadsapi.h>
-#include <cstring>
-
-std::string randomizeString(size_t length)
-{
-    const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-    std::string result;
-    result.resize(length);
-    for (size_t i = 0; i < length; ++i)
-        result[i] = charset[rand() % (sizeof(charset) - 1)];
-    return result;
-}
-
-CertManager::CertManager() : _sessionPkey(nullptr) {}
-
-CertManager::~CertManager()
-{
-    if (_caPkey) EVP_PKEY_free(_caPkey);
-    if (_caCert) X509_free(_caCert);
-    if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
-
-    for (auto& pair : _hostContexts)
-        SSL_CTX_free(pair.second);
-}
-
-bool CertManager::Init()
-{
-    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
-    if (pctx)
-    {
-        EVP_PKEY_keygen_init(pctx);
-        EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
-        EVP_PKEY_keygen(pctx, &_sessionPkey);
-        EVP_PKEY_CTX_free(pctx);
-    }
-
-    if (LoadCA())
-    {
-        Log::verbose("Loaded existing CA certificate.");
-        return true;
-    }
-
-    Log::verbose("No CA found. Generating new CA certificate.");
-    return GenerateCA();
-}
-
-bool CertManager::LoadCA()
-{
-    BIO* keyBio = BIO_new_file("ca_key.pem", "r");
-    if (!keyBio) return false;
-
-    _caPkey = PEM_read_bio_PrivateKey(keyBio, nullptr, nullptr, nullptr);
-    BIO_free(keyBio);
-
-    if (!_caPkey) return false;
-
-    BIO* certBio = BIO_new_file("ca_cert.pem", "r");
-    if (!certBio) return false;
-
-    _caCert = PEM_read_bio_X509(certBio, nullptr, nullptr, nullptr);
-    BIO_free(certBio);
-
-    if (!_caCert) return false;
-
-    return true;
-}
-
-bool CertManager::GenerateCA()
-{
-    srand(static_cast<unsigned int>(time(nullptr)));
-
-    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
-    if (!pctx) return false;
-    EVP_PKEY_keygen_init(pctx);
-    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
-    EVP_PKEY_keygen(pctx, &_caPkey);
-    EVP_PKEY_CTX_free(pctx);
-
-    _caCert = X509_new();
-    X509_set_version(_caCert, 2);
-    ASN1_INTEGER_set(X509_get_serialNumber(_caCert), 1);
-    X509_gmtime_adj(X509_get_notBefore(_caCert), 0);
-    X509_gmtime_adj(X509_get_notAfter(_caCert), 31536000L); // 1 year
-
-    std::string org = randomizeString(16);
-    std::string cn = randomizeString(16);
-
-    X509_NAME* name = X509_get_subject_name(_caCert);
-    X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)org.c_str(), -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)cn.c_str(), -1, -1, 0);
-    X509_set_issuer_name(_caCert, name);
-    X509_set_pubkey(_caCert, _caPkey);
-
-    X509V3_CTX ctxV3;
-    X509V3_set_ctx_nodb(&ctxV3);
-    X509V3_set_ctx(&ctxV3, _caCert, _caCert, nullptr, nullptr, 0);
-    X509_EXTENSION* extCA = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_basic_constraints, "critical,CA:TRUE");
-    if (extCA)
-    {
-        X509_add_ext(_caCert, extCA, -1);
-        X509_EXTENSION_free(extCA);
-    }
-
-    X509_sign(_caCert, _caPkey, EVP_sha256());
-
-    BIO* keyBioOut = BIO_new_file("ca_key.pem", "w");
-    if (keyBioOut)
-    {
-        PEM_write_bio_PrivateKey(keyBioOut, _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
-        BIO_free(keyBioOut);
-    }
-
-    BIO* certBioOut = BIO_new_file("ca_cert.pem", "w");
-    if (certBioOut)
-    {
-        PEM_write_bio_X509(certBioOut, _caCert);
-        BIO_free(certBioOut);
-    }
-
-    Log::info("Generated new CA key and certificate files. Installing to Windows Root CA store automatically...");
-
-    STARTUPINFOA si;
-    memset(&si, 0, sizeof(si));
-    si.cb = sizeof(si);
-    PROCESS_INFORMATION pi;
-    memset(&pi, 0, sizeof(pi));
-    char cmd[] = "certutil.exe -user -addstore root ca_cert.pem";
-    if (CreateProcessA(NULL, cmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi))
-    {
-        WaitForSingleObject(pi.hProcess, INFINITE);
-        CloseHandle(pi.hProcess);
-        CloseHandle(pi.hThread);
-    }
-
-    return true;
-}
-
-SSL_CTX* CertManager::CreateHostContext(const std::string& host)
-{
-    std::lock_guard<std::mutex> lock(_mutex);
-
-    auto it = _hostContexts.find(host);
-    if (it != _hostContexts.end())
-    {
-        return it->second;
-    }
-
-    EVP_PKEY* pkey = _sessionPkey;
-    if (!pkey) return nullptr;
-
-    X509* cert = X509_new();
-    X509_set_version(cert, 2);
-    ASN1_INTEGER_set(X509_get_serialNumber(cert), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
-    X509_gmtime_adj(X509_get_notBefore(cert), 0);
-    X509_gmtime_adj(X509_get_notAfter(cert), 31536000L);
-
-    std::string dynamicOrg = randomizeString(16);
-
-    X509_NAME* name = X509_get_subject_name(cert);
-    X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"US", -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)dynamicOrg.c_str(), -1, -1, 0);
-    X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char*)(host.c_str()), -1, -1, 0);
-    X509_set_issuer_name(cert, X509_get_subject_name(_caCert));
-    X509_set_pubkey(cert, pkey);
-
-    X509V3_CTX ctxV3;
-    X509V3_set_ctx_nodb(&ctxV3);
-    X509V3_set_ctx(&ctxV3, _caCert, cert, nullptr, nullptr, 0);
-    std::string san = "DNS:" + host;
-    X509_EXTENSION* extSAN = X509V3_EXT_conf_nid(nullptr, &ctxV3, NID_subject_alt_name, san.c_str());
-    if (extSAN)
-    {
-        X509_add_ext(cert, extSAN, -1);
-        X509_EXTENSION_free(extSAN);
-    }
-
-    X509_sign(cert, _caPkey, EVP_sha256());
-
-    SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
-
-    SSL_CTX_set_alpn_select_cb(
-        ctx,
-        [](SSL* /*ssl*/, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen,
-           void* /*arg*/) -> int {
-            for (unsigned int i = 0; i < inlen;)
-            {
-                unsigned int len = in[i];
-                if (len == 8 && memcmp(&in[i + 1], "http/1.1", 8) == 0)
-                {
-                    *out = &in[i + 1];
-                    *outlen = (unsigned char)len;
-                    return SSL_TLSEXT_ERR_OK;
-                }
-                i += len + 1;
-            }
-            return SSL_TLSEXT_ERR_NOACK;
-        },
-        nullptr);
-
-    SSL_CTX_use_certificate(ctx, cert);
-    SSL_CTX_use_PrivateKey(ctx, pkey);
-
-    X509_free(cert);
-
-    _hostContexts[host] = ctx;
-    return ctx;
-}

src/unlocker/cert_manager.h

@@ -1,27 +0,0 @@
-#pragma once
-
-#include <string>
-#include <unordered_map>
-#include <mutex>
-#include <openssl/ssl.h>
-
-class CertManager
-{
-    public:
-        CertManager();
-        ~CertManager();
-
-        bool Init();
-        SSL_CTX* CreateHostContext(const std::string& host);
-
-    private:
-        bool GenerateCA();
-        bool LoadCA();
-
-        EVP_PKEY* _caPkey = nullptr;
-        X509* _caCert = nullptr;
-        EVP_PKEY* _sessionPkey = nullptr;
-
-        std::mutex _mutex;
-        std::unordered_map<std::string, SSL_CTX*> _hostContexts;
-};

src/unlocker/main.cpp

@@ -5,34 +5,45 @@
 
 #include <windows.h>
 #include <wininet.h>
+#include <ctime>
 
-bool setProxy(bool enable, const std::string& proxyAddr)
+bool setProxyAddress(bool enable, const std::string& proxyAddr)
 {
     INTERNET_PER_CONN_OPTION_LIST list;
     INTERNET_PER_CONN_OPTION options[3];
-    unsigned long listSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
+
+    ZeroMemory(&list, sizeof(list));
+    ZeroMemory(options, sizeof(options));
 
     options[0].dwOption = INTERNET_PER_CONN_FLAGS;
+
     if (enable)
+    {
+        if (proxyAddr.empty()) return false;
+
         options[0].Value.dwValue = PROXY_TYPE_PROXY | PROXY_TYPE_DIRECT;
+
+        options[1].dwOption = INTERNET_PER_CONN_PROXY_SERVER;
+        options[1].Value.pszValue = const_cast<char*>(proxyAddr.c_str());
+
+        options[2].dwOption = INTERNET_PER_CONN_PROXY_BYPASS;
+        options[2].Value.pszValue = (char*)"<local>";
+
+        list.dwOptionCount = 3;
+    }
     else
+    {
         options[0].Value.dwValue = PROXY_TYPE_DIRECT;
-
+        list.dwOptionCount = 1;
-    options[1].dwOption = INTERNET_PER_CONN_PROXY_SERVER;
+    }
-    options[1].Value.pszValue = const_cast<char*>(proxyAddr.c_str());
-
-    options[2].dwOption = INTERNET_PER_CONN_PROXY_BYPASS;
-    options[2].Value.pszValue = const_cast<char*>("<local>");
 
     list.dwSize = sizeof(INTERNET_PER_CONN_OPTION_LIST);
     list.pszConnection = NULL;
-    list.dwOptionCount = 3;
-    list.dwOptionError = 0;
     list.pOptions = options;
 
-    if (!InternetSetOptionA(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, listSize))
+    if (!InternetSetOption(NULL, INTERNET_OPTION_PER_CONNECTION_OPTION, &list, sizeof(list)))
     {
-        Log::error("Failed to set proxy options, Err: {}", GetLastError());
+        Log::error("Failed to set proxy options - error: {}", GetLastError());
         return false;
     }
 
@@ -43,7 +54,7 @@ bool setProxy(bool enable, const std::string& proxyAddr)
 }
 
 bool running = true;
-Proxy* g_Proxy = nullptr;
+Proxy* proxy = nullptr;
 
 void cleanup()
 {
@@ -53,14 +64,14 @@ void cleanup()
     if (cleaned) return;
     cleaned = true;
 
-    if (g_Proxy)
+    Log::info("Restoring system proxy settings");
+    setProxyAddress(false, "");
+
+    if (proxy)
     {
         Log::info("Shutting down proxy");
-        g_Proxy->Shutdown();
+        proxy->shutdown();
     }
-
-    Log::info("Restoring system proxy settings");
-    setProxy(false, "");
 }
 
 BOOL WINAPI consoleHandler(DWORD dwType)
@@ -77,6 +88,8 @@ BOOL WINAPI consoleHandler(DWORD dwType)
 
 int main()
 {
+    srand(static_cast<unsigned int>(time(NULL)));
+
     Log::createConsole();
     SetConsoleCtrlHandler(consoleHandler, TRUE);
     atexit(cleanup);
@@ -87,13 +100,14 @@ int main()
         proxy setup
     */
     Log::info("Starting proxy");
-    g_Proxy = new Proxy();
+    proxy = new Proxy();
-    if (!g_Proxy->Init())
+    if (!proxy->init())
     {
         Log::error("Proxy failed to start");
         return 1;
     }
-    setProxy(true, std::format("127.0.0.1:{}", PROXY_PORT));
+    proxy->addWhitelistDomain("bhvrdbd.com");
+    setProxyAddress(true, std::format("127.0.0.1:{}", PROXY_PORT));
 
     /*
         Spoofer setup
@@ -101,7 +115,7 @@ int main()
     Log::info("Spoofer init");
     Spoofer* spoofer = new Spoofer();
 
-    spoofer->init(g_Proxy);
+    spoofer->init(proxy);
 
     /*
         pause

src/unlocker/proxy.h

@@ -3,9 +3,13 @@
 #include <thread>
 #include <atomic>
 #include <string>
+#include <vector>
+#include <queue>
+#include <mutex>
+#include <condition_variable>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include "cert_manager.h"
+#include "ssl.h"
 #include <nerutils/callback.h>
 
 /*
@@ -13,6 +17,7 @@
         use random port, test availability
 */
 #define PROXY_PORT 58421
+#define PROXY_THREAD_COUNT 256
 
 typedef unsigned __int64 SOCKET;
 
@@ -22,12 +27,14 @@ class Proxy
         Proxy();
         ~Proxy();
 
-        bool Init();
+        bool init();
-        void Shutdown();
+        void shutdown();
 
         CallbackEvent<std::string&, const std::string&, std::string&> OnClientRequest;
         CallbackEvent<const std::string&, std::string&, std::string&> OnServerResponse;
 
+        void addWhitelistDomain(const std::string& domain);
+
     private:
         void loop();
         void handleClient(SOCKET clientSocket);
@@ -39,6 +46,13 @@ class Proxy
         std::thread _workerThread;
         std::atomic<bool> _running = false;
 
+        std::vector<std::thread> _poolThreads;
+        std::queue<SOCKET> _clientQueue;
+        std::mutex _queueMutex;
+        std::condition_variable _queueCond;
+
         CertManager _certManager;
         SSL_CTX* _clientCtx = nullptr;
+
+        std::vector<std::string> _whitelistDomains;
 };

src/unlocker/spoofing.cpp

@@ -14,6 +14,8 @@
 
 #include <nlohmann/json.hpp>
 
+#define PLACEHOLDER_ITEMID "Anniversary2025Offering"
+
 using json = nlohmann::json;
 
 static std::random_device rd;
@@ -39,6 +41,7 @@ void Spoofer::init(Proxy* proxy)
 {
     registerListeners(proxy);
     loadData();
+    loadConfig();
 }
 
 void Spoofer::registerListeners(Proxy* proxy)
@@ -90,6 +93,40 @@ void Spoofer::loadData()
     LOADDATA("perks.json", Perks, _camperPerkIds, _slasherPerkIds, "Perks won't be added");
 }
 
+void Spoofer::loadConfig()
+{
+    std::string configPath = utils::getExePath() + "config.json";
+    std::ifstream configFile(configPath);
+
+    if (configFile.is_open())
+    {
+        try
+        {
+            json configJson = json::parse(configFile);
+            _config.spoofCharacterOwnership =
+                configJson.value("spoofCharacterOwnership", _config.spoofCharacterOwnership);
+            _config.spoofInventory = configJson.value("spoofInventory", _config.spoofInventory);
+            _config.spoofCustomization = configJson.value("spoofCustomization", _config.spoofCustomization);
+        }
+        catch (...)
+        {
+            Log::error("Failed to parse config.json, using defaults");
+        }
+    }
+    else
+    {
+        Log::info("config.json not found, using default settings");
+        json defaultConfig = {{"spoofCharacterOwnership", _config.spoofCharacterOwnership},
+                              {"spoofInventory", _config.spoofInventory},
+                              {"spoofCustomization", _config.spoofCustomization}};
+        std::ofstream out(configPath);
+        out << defaultConfig.dump(4);
+    }
+
+    Log::info("Loaded config: Ownership={}, Inventory={}, Customization={}", _config.spoofCharacterOwnership,
+              _config.spoofInventory, _config.spoofCustomization);
+}
+
 /*
     data parsing
 */
@@ -170,7 +207,7 @@ std::string Spoofer::getRandomItem()
     for (auto* s : allSets)
         if (!s->empty()) validSets.push_back(s);
 
-    if (validSets.empty()) return "Spring2024Offering";
+    if (validSets.empty()) return PLACEHOLDER_ITEMID;
 
     std::uniform_int_distribution<> setDist(0, static_cast<int>(validSets.size()) - 1);
     const auto& selectedSet = *validSets[setDist(gen)];
@@ -241,110 +278,89 @@ void Spoofer::modifyCharacterData(json& js)
     }
 
     std::string name = js["characterName"];
-    bool slasher = isSlasher(js["characterName"]);
 
-    bool needsSpoofing = false;
+    if (_config.spoofCharacterOwnership)
-    if (js.value("isEntitled", true) == false)
     {
-        _unownedCharacters.insert(name);
+        bool needsSpoofing = false;
-        js["isEntitled"] = true;
-        js["purchaseInfo"] = {{"quantity", 1},
-                              {"origin", "PlayerInventory"},
-                              {"reason", "Item(s) added via Purchase"},
-                              {"lastUpdateAt", std::time(nullptr)},
-                              {"objectId", name}};
-        needsSpoofing = true;
-    }
-    else if (_unownedCharacters.contains(name))
-        needsSpoofing = true;
 
-    /*
+        if (js.value("isEntitled", false) == false)
-        modifications for unowned characters (spoof level and fake bloodweb)
-    */
-    if (needsSpoofing)
-    {
-        if (js.contains("bloodWebLevel") && js["bloodWebLevel"].is_number() && js["bloodWebLevel"] <= 15)
-            if (!js.contains("prestigeLevel") || (js["prestigeLevel"].is_number() && js["prestigeLevel"] <= 0))
-                js["bloodWebLevel"] = 16;
-
-        if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
-    }
-    else
-    {
-        /*
-            ghost node hotfix (untested)
-        */
-        /* if (js.contains("bloodWebData") && js["bloodWebData"].contains("ringData"))
         {
-            auto& ringData = js["bloodWebData"]["ringData"];
+            _unownedCharacters.insert(name);
+            js["isEntitled"] = true;
+            js["purchaseInfo"] = {{"quantity", 1},
+                                  {"origin", "PlayerInventory"},
+                                  {"reason", "Item(s) added via Purchase"},
+                                  {"lastUpdateAt", std::time(nullptr)},
+                                  {"objectId", name}};
+            needsSpoofing = true;
+        }
+        else if (_unownedCharacters.contains(name))
+            needsSpoofing = true;
 
-            for (auto& ring : ringData)
+        /*
-            {
+            modifications for unowned characters (spoof level and fake bloodweb)
-                if (ring.contains("nodeData") && ring["nodeData"].is_array())
+        */
-                {
+        if (needsSpoofing)
-                    for (auto& node : ring["nodeData"])
+        {
-                    {
+            if (js.contains("bloodWebLevel") && js["bloodWebLevel"].is_number() && js["bloodWebLevel"] <= 15)
-                        if (node.contains("nodeId") && node["nodeId"] != "0")
+                if (!js.contains("prestigeLevel") || (js["prestigeLevel"].is_number() && js["prestigeLevel"] <= 0))
-                        {
+                    js["bloodWebLevel"] = 16;
-                            if (!node.contains("contentId") || node["contentId"].get<std::string>().empty())
+
-                            {
+            if (js.contains("bloodWebData")) generateBloodweb(js["bloodWebData"]);
-                                node["contentId"] = "Spring2024Offering";
+        }
-                                if (!node.contains("state"))
-                                    node["state"] = "Available";
-                            }
-                        }
-                    }
-                }
-            }
-        }*/
     }
 
     /*
         item spoofing
     */
-    if (js.contains("characterItems") && js["characterItems"].is_array())
+    if (_config.spoofInventory)
     {
-        std::unordered_set<std::string> existingItemIds;
+        bool slasher = isSlasher(js["characterName"]);
 
-        std::unordered_set<std::string> stackableIds;
+        if (js.contains("characterItems") && js["characterItems"].is_array())
-        stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
-        stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
-        stackableIds.insert(_camperAddonIds.begin(), _camperAddonIds.end());
-        stackableIds.insert(_slasherAddonIds.begin(), _slasherAddonIds.end());
-        stackableIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
-
-        for (auto& item : js["characterItems"])
         {
-            /*
+            std::unordered_set<std::string> existingItemIds;
-                set existing items to rnd number
+
-            */
+            std::unordered_set<std::string> stackableIds;
-            if (item.contains("itemId") && item["itemId"].is_string())
+            stackableIds.insert(_camperItemIds.begin(), _camperItemIds.end());
+            stackableIds.insert(_camperOfferingIds.begin(), _camperOfferingIds.end());
+            stackableIds.insert(_camperAddonIds.begin(), _camperAddonIds.end());
+            stackableIds.insert(_slasherAddonIds.begin(), _slasherAddonIds.end());
+            stackableIds.insert(_slasherOfferingIds.begin(), _slasherOfferingIds.end());
+
+            for (auto& item : js["characterItems"])
             {
-                std::string itemId = item["itemId"];
+                /*
-                existingItemIds.insert(itemId);
+                    set existing items to rnd number
-                if (stackableIds.contains(itemId)) item["quantity"] = getRandomQuantity();
+                */
+                if (item.contains("itemId") && item["itemId"].is_string())
+                {
+                    std::string itemId = item["itemId"];
+                    existingItemIds.insert(itemId);
+                    if (stackableIds.contains(itemId)) item["quantity"] = getRandomQuantity();
+                }
             }
-        }
 
-        auto appendItems = [&](const std::unordered_set<std::string>& idList, bool isPerk) {
+            auto appendItems = [&](const std::unordered_set<std::string>& idList, bool isPerk) {
-            for (const auto& itemId : idList)
+                for (const auto& itemId : idList)
-                if (existingItemIds.find(itemId) == existingItemIds.end())
+                    if (existingItemIds.find(itemId) == existingItemIds.end())
-                    js["characterItems"].push_back(
+                        js["characterItems"].push_back(
-                        {{"itemId", itemId}, {"quantity", isPerk ? 3 : getRandomQuantity()}});
+                            {{"itemId", itemId}, {"quantity", isPerk ? 3 : getRandomQuantity()}});
-        };
+            };
 
-        if (!slasher)
+            if (!slasher)
-        {
+            {
-            appendItems(_camperItemIds, false);
+                appendItems(_camperItemIds, false);
-            appendItems(_camperAddonIds, false);
+                appendItems(_camperAddonIds, false);
-            appendItems(_camperOfferingIds, false);
+                appendItems(_camperOfferingIds, false);
-            appendItems(_camperPerkIds, true);
+                appendItems(_camperPerkIds, true);
-        }
+            }
-        else
+            else
-        {
+            {
-            appendItems(_slasherAddonIds, false);
+                appendItems(_slasherAddonIds, false);
-            appendItems(_slasherOfferingIds, false);
+                appendItems(_slasherOfferingIds, false);
-            appendItems(_slasherPerkIds, true);
+                appendItems(_slasherPerkIds, true);
+            }
         }
     }
 
@@ -409,8 +425,24 @@ void Spoofer::onInventoryAll(std::string& body)
             int quantity;
     };
 
-    std::vector<Category> categories = {{_camperPerkIds, 3},       {_slasherPerkIds, 3},   {_camperOfferingIds, -1},
+    std::vector<Category> categories;
-                                        {_slasherOfferingIds, -1}, {_catalogOutfitIds, 1}, {_catalogItemIds, 1}};
+    if (_config.spoofInventory)
+    {
+        categories.push_back({_camperPerkIds, 3});
+        categories.push_back({_slasherPerkIds, 3});
+        categories.push_back({_camperOfferingIds, -1});
+        categories.push_back({_slasherOfferingIds, -1});
+
+        categories.push_back({_camperItemIds, -1});
+        categories.push_back({_camperAddonIds, -1});
+        categories.push_back({_slasherAddonIds, -1});
+    }
+
+    if (_config.spoofCustomization)
+    {
+        categories.push_back({_catalogOutfitIds, 1});
+        categories.push_back({_catalogItemIds, 1});
+    }
 
     for (auto& item : itemsArr)
     {
@@ -510,38 +542,69 @@ void Spoofer::onBloodweb(std::string& body, std::string& respHeaders)
     json doc = json::parse(body, nullptr, false);
     if (doc.is_discarded()) return Log::error("JSON parse error for bloodweb response");
 
-    if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
+    /*
+        return fake bloodweb data
+    */
+    if (_config.spoofCharacterOwnership)
     {
-        Log::info("Spoofing bloodweb error for unowned character");
+        if (body.find("NotAllowedException") != std::string::npos && body.find("not owned") != std::string::npos)
-        json mock;
+        {
-        mock["bloodWebLevelChanged"] = false;
+            Log::info("Spoofing bloodweb error for unowned character");
-        mock["updatedWallets"] = json::array();
+            json mock;
-        mock["bloodWebLevel"] = 16;
+            mock["bloodWebLevelChanged"] = false;
-        mock["prestigeLevel"] = 0;
+            mock["updatedWallets"] = json::array();
-        mock["bloodWebData"] = json::object();
+            mock["bloodWebLevel"] = 16;
-        mock["characterItems"] = json::array();
+            mock["prestigeLevel"] = 0;
-        mock["characterName"] = this->_lastBloodWebChar;
+            mock["bloodWebData"] = json::object();
-        mock["isEntitled"] = true;
+            mock["characterItems"] = json::array();
-        mock["purchaseInfo"] = {{"quantity", 1},
+            mock["characterName"] = this->_lastBloodWebChar;
-                                {"origin", "PlayerInventory"},
+            mock["isEntitled"] = true;
-                                {"reason", "Item(s) added via Purchase"},
+            mock["purchaseInfo"] = {{"quantity", 1},
-                                {"lastUpdateAt", std::time(nullptr)},
+                                    {"origin", "PlayerInventory"},
-                                {"objectId", this->_lastBloodWebChar}};
+                                    {"reason", "Item(s) added via Purchase"},
+                                    {"lastUpdateAt", std::time(nullptr)},
+                                    {"objectId", this->_lastBloodWebChar}};
 
-        _unownedCharacters.insert(this->_lastBloodWebChar); // probably not needed but just in case
+            _unownedCharacters.insert(this->_lastBloodWebChar); // probably not needed but just in case
 
-        modifyCharacterData(mock);
+            modifyCharacterData(mock);
 
-        std::regex statusRegex(R"(HTTP\/\d\.\d\s+403)");
+            std::regex statusRegex(R"(HTTP\/\d\.\d\s+403)");
-        respHeaders = std::regex_replace(respHeaders, statusRegex, "HTTP/1.1 200");
+            respHeaders = std::regex_replace(respHeaders, statusRegex, "HTTP/1.1 200");
 
-        body = mock.dump();
+            body = mock.dump();
 #ifdef _DEBUG
-        Log::verbose("Spoofed bloodweb request for unowned character.");
+            Log::verbose("Spoofed bloodweb request for unowned character.");
 #endif
-        return;
+            return;
+        }
     }
 
+    /*
+        bloodweb fixup for perks
+        (if all perks are unlocked, the game will interpret bloodwebs with perks as invalid so perks will be replaced with PLACEHOLDER_ITEMID)
+    */
+    if (_config.spoofInventory)
+    {
+        if (doc.contains("bloodWebData") && doc["bloodWebData"].contains("ringData"))
+        {
+            for (auto& ring : doc["bloodWebData"]["ringData"])
+            {
+                if (!ring.contains("nodeData")) continue;
+                for (auto& node : ring["nodeData"])
+                {
+                    if (!node.contains("contentId")) continue;
+                    std::string contentId = node["contentId"];
+                    if (_camperPerkIds.contains(contentId) || _slasherPerkIds.contains(contentId))
+                        node["contentId"] = PLACEHOLDER_ITEMID;
+                }
+            }
+        }
+    }
+
+    /*
+        prevent bloodweb reqs from overriding inventory values
+    */
     modifyCharacterData(doc);
     body = doc.dump();
 #ifdef _DEBUG

src/unlocker/spoofing.h

@@ -9,6 +9,13 @@
 
 #include <nlohmann/json_fwd.hpp>
 
+struct SpooferConfig
+{
+        bool spoofCharacterOwnership = false;
+        bool spoofInventory = true;
+        bool spoofCustomization = true;
+};
+
 class Spoofer
 {
     public:
@@ -17,6 +24,7 @@ class Spoofer
     private:
         void registerListeners(Proxy* proxy);
         void loadData();
+        void loadConfig();
 
         bool parseCatalog(std::string data);
         bool parseStackable(std::string data, std::unordered_set<std::string>& camperSet,
@@ -37,6 +45,8 @@ class Spoofer
         void serverResponseHandler(const std::string& url, std::string& body, std::string& respHeaders);
         void clientRequestHandler(std::string& url, const std::string& body, std::string& reqHeaders);
 
+        SpooferConfig _config;
+
         std::unordered_set<std::string> _camperItemIds;
         std::unordered_set<std::string> _slasherPowerIds;
 

src/unlocker/ssl.cpp

@@ -0,0 +1,232 @@
+#include "ssl.h"
+#include "utils.h"
+
+#include <nerutils/log.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+
+#include <random>
+#include <cstdlib>
+#include <ctime>
+#include <cstring>
+
+#include <wincrypt.h>
+#include <processthreadsapi.h>
+
+template <typename T, void (*f)(T*)> struct Deleter
+{
+        void operator()(T* p) const { f(p); }
+};
+
+using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY, Deleter<EVP_PKEY, EVP_PKEY_free>>;
+using X509_ptr = std::unique_ptr<X509, Deleter<X509, X509_free>>;
+using SSL_CTX_ptr = std::unique_ptr<SSL_CTX, Deleter<SSL_CTX, SSL_CTX_free>>;
+using BIO_ptr = std::unique_ptr<BIO, Deleter<BIO, BIO_vfree>>;
+
+CertManager::CertManager() : _caPkey(nullptr), _caCert(nullptr), _sessionPkey(nullptr) {}
+
+CertManager::~CertManager()
+{
+    if (_caPkey) EVP_PKEY_free(_caPkey);
+    if (_caCert) X509_free(_caCert);
+    if (_sessionPkey) EVP_PKEY_free(_sessionPkey);
+
+    for (auto& pair : _hostContexts)
+        SSL_CTX_free(pair.second);
+}
+
+bool CertManager::init()
+{
+    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
+    if (!pctx) return false;
+
+    EVP_PKEY_keygen_init(pctx);
+    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
+
+    EVP_PKEY* rawPkey = nullptr;
+    if (EVP_PKEY_keygen(pctx, &rawPkey) <= 0)
+    {
+        Log::error("Failed to generate session key");
+        EVP_PKEY_CTX_free(pctx);
+        return false;
+    }
+    _sessionPkey = rawPkey;
+    EVP_PKEY_CTX_free(pctx);
+
+    if (loadCA())
+    {
+        Log::verbose("Loaded existing CA certificate");
+        return true;
+    }
+
+    Log::verbose("No CA found, generating");
+    return generateCA();
+}
+
+bool CertManager::loadCA()
+{
+    std::string path = utils::getExePath();
+
+    BIO_ptr keyBio(BIO_new_file((path + "/key.pem").c_str(), "r"));
+    if (!keyBio) return false;
+    _caPkey = PEM_read_bio_PrivateKey(keyBio.get(), nullptr, nullptr, nullptr);
+
+    BIO_ptr certBio(BIO_new_file((path + "/cert.pem").c_str(), "r"));
+    if (!certBio) return false;
+    _caCert = PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr);
+
+    return (_caPkey && _caCert);
+}
+
+void CertManager::installCert(X509* cert)
+{
+    if (!cert) return;
+
+    /*
+        X509 to DER
+    */
+    int derLen = i2d_X509(cert, nullptr);
+    if (derLen < 0) return;
+
+    unsigned char* derBuf = new unsigned char[derLen];
+    unsigned char* p = derBuf;
+    i2d_X509(cert, &p);
+
+    PCCERT_CONTEXT certCtx = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, derBuf, derLen);
+    if (certCtx)
+    {
+        HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
+        if (rootStore)
+        {
+            BOOL success = CertAddCertificateContextToStore(rootStore, certCtx, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
+
+            if (success)
+                Log::info("CA certificate installed");
+            else
+                Log::error("Failed to install CA certificate");
+
+            CertCloseStore(rootStore, 0);
+        }
+        CertFreeCertificateContext(certCtx);
+    }
+
+    delete[] derBuf;
+}
+
+bool CertManager::generateCA()
+{
+    std::random_device rd;
+    std::mt19937 gen(rd());
+
+    /*
+        key
+    */
+    EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
+    EVP_PKEY_keygen_init(pctx);
+    EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048);
+    EVP_PKEY* rawCaKey = nullptr;
+    EVP_PKEY_keygen(pctx, &rawCaKey);
+    _caPkey = rawCaKey;
+    EVP_PKEY_CTX_free(pctx);
+
+    /*
+        cert
+    */
+    X509_ptr cert(X509_new());
+    X509_set_version(cert.get(), 2);
+    ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1);
+    X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
+    X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L); // 1 year
+
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    std::string randomCN = utils::randomizeString(16);
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)randomCN.c_str(), -1, -1, 0);
+    X509_set_issuer_name(cert.get(), subjName);
+    X509_set_pubkey(cert.get(), _caPkey);
+
+    /*
+        CA constraints
+    */
+    X509V3_CTX v3ctx;
+    X509V3_set_ctx(&v3ctx, cert.get(), cert.get(), nullptr, nullptr, 0);
+    X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_basic_constraints, "critical,CA:TRUE");
+    X509_add_ext(cert.get(), ext, -1);
+    X509_EXTENSION_free(ext);
+
+    if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return false;
+
+    /*
+        out   
+    */
+    std::string path = utils::getExePath();
+    BIO_ptr kOut(BIO_new_file((path + "/key.pem").c_str(), "w"));
+    PEM_write_bio_PrivateKey(kOut.get(), _caPkey, nullptr, nullptr, 0, nullptr, nullptr);
+
+    BIO_ptr cOut(BIO_new_file((path + "/cert.pem").c_str(), "w"));
+    PEM_write_bio_X509(cOut.get(), cert.get());
+
+    /*
+        install and release
+    */
+    installCert(cert.get());
+
+    _caCert = cert.release();
+
+    return true;
+}
+
+SSL_CTX* CertManager::createHostContext(const std::string& host)
+{
+    std::lock_guard<std::mutex> lock(_mutex);
+    if (_hostContexts.count(host)) return _hostContexts[host];
+
+    /*
+        cert base
+    */
+    X509_ptr cert(X509_new());
+    X509_set_version(cert.get(), 2);
+
+    ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), static_cast<long>(std::hash<std::string>{}(host) & 0x7FFFFFFF));
+
+    X509_gmtime_adj(X509_get_notBefore(cert.get()), 0);
+    X509_gmtime_adj(X509_get_notAfter(cert.get()), 31536000L);
+
+    X509_name_st* subjName = X509_get_subject_name(cert.get());
+    X509_NAME_add_entry_by_txt(subjName, "CN", MBSTRING_ASC, (unsigned char*)host.c_str(), -1, -1, 0);
+    X509_set_issuer_name(cert.get(), X509_get_subject_name(_caCert));
+    X509_set_pubkey(cert.get(), _sessionPkey);
+
+    /*
+        SAN
+    */
+    X509V3_CTX v3ctx;
+    X509V3_set_ctx(&v3ctx, _caCert, cert.get(), nullptr, nullptr, 0);
+    std::string altName = "DNS:" + host;
+    X509_EXTENSION* ext = X509V3_EXT_conf_nid(nullptr, &v3ctx, NID_subject_alt_name, altName.c_str());
+    X509_add_ext(cert.get(), ext, -1);
+    X509_EXTENSION_free(ext);
+
+    /*
+        sign & ctx load
+    */
+    if (X509_sign(cert.get(), _caPkey, EVP_sha256()) <= 0) return nullptr;
+
+    SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
+    if (!ctx) return nullptr;
+
+    if (SSL_CTX_use_certificate(ctx, cert.get()) <= 0 || SSL_CTX_use_PrivateKey(ctx, _sessionPkey) <= 0)
+    {
+        SSL_CTX_free(ctx);
+        return nullptr;
+    }
+
+    _hostContexts[host] = ctx;
+    return ctx;
+}

src/unlocker/ssl.h

@@ -0,0 +1,39 @@
+#pragma once
+
+#include <string>
+#include <unordered_map>
+#include <mutex>
+
+struct x509_st;
+struct X509_name_st;
+struct ssl_st;
+struct ssl_ctx_st;
+struct evp_pkey_st;
+
+typedef struct x509_st X509;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+class CertManager
+{
+    public:
+        CertManager();
+        ~CertManager();
+
+        bool init();
+        SSL_CTX* createHostContext(const std::string& host);
+
+    private:
+        bool generateCA();
+        bool loadCA();
+
+        void installCert(X509* cert);
+
+        EVP_PKEY* _caPkey = nullptr;
+        X509* _caCert = nullptr;
+        EVP_PKEY* _sessionPkey = nullptr;
+
+        std::mutex _mutex;
+        std::unordered_map<std::string, SSL_CTX*> _hostContexts;
+};

src/unlocker/utils.cpp

@@ -12,3 +12,13 @@ std::string utils::getExePath()
     if (pos != std::string::npos) return path.substr(0, pos + 1);
     return "";
 }
+
+std::string utils::randomizeString(size_t length)
+{
+    const char charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    std::string result;
+    result.resize(length);
+    for (size_t i = 0; i < length; ++i)
+        result[i] = charset[rand() % (sizeof(charset) - 1)];
+    return result;
+}

src/unlocker/utils.h

@@ -5,4 +5,5 @@
 namespace utils
 {
     std::string getExePath();
-}
+    std::string randomizeString(size_t length);
+} // namespace utils