Merge branch 'main' of https://github.com/ProjectPolygon/PolygonDLLUtilities

2022-06-05 11:11:16 +01:00 · 2022-06-05 11:11:16 +01:00 · 7e1b7a3bf0
parent 0e625f2bf0 67b225414c
commit 7e1b7a3bf0
6 changed files with 77 additions and 12 deletions
--- a/PolygonClientUtilities/Config.h
+++ b/PolygonClientUtilities/Config.h
@ -25,7 +25,6 @@
 #define ADDRESS_DATAMODEL__GETJOBID                0x005CACC0
 #define ADDRESS_STANDARDOUT__PRINT                 0x0059F340
 // #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING     0x004FC1A0
-#define ADDRESS_HTTP__TRUSTCHECK                   0x005A2680
 #define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64       0x0079ECF0
 #define ADDRESS_SERVERREPLICATOR__SENDTOP          0x00506910
 #define ADDRESS_SERVERREPLICATOR__PROCESSPACKET    0x00507420
@ -33,6 +32,7 @@
 #define ADDRESS_DATAMODEL__CREATEDATAMODEL         0x005DC150
 #define ADDRESS_GAME__CONSTRUCT                    0x0047DBF0
 #define ADDRESS_HTTP__HTTPGETPOSTWININET           0x006A9210
+#define ADDRESS_HTTP__TRUSTCHECK                   0x005A2680 

 // MFC specific definitions
 #define CLASSLOCATION_CROBLOXAPP                   0x00BFF898
--- a/PolygonClientUtilities/Crypt.cpp
+++ b/PolygonClientUtilities/Crypt.cpp
@ -36,5 +36,66 @@ void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, int
    signatureBase64 = std::string(reinterpret_cast<const char*>(v21), a14);

    // Verify the signature
+    try
+    {
+        // Read public key
+        EVP_PKEY* key = NULL;
+        BIO* bio = BIO_new_mem_buf((void*)Util::publicKey.c_str(), Util::publicKey.length());

+        if (bio == NULL)
+        {
+            throw std::runtime_error("");
+        }
+
+        key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+        BIO_free(bio);
+
+        // Create context
+        EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(key, NULL);
+
+        if (!ctx)
+        {
+            throw std::runtime_error("");
+        }
+
+        if (EVP_PKEY_verify_init(ctx) <= 0)
+        {
+            throw std::runtime_error("");
+        }
+
+        if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        {
+            throw std::runtime_error("");
+        }
+
+        if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()) <= 0)
+        {
+            throw std::runtime_error("");
+        }
+
+        // Verify signature against the message
+        unsigned char* signature = Util::base64Decode(signatureBase64);
+        unsigned char* data = new unsigned char[message.length()];
+        
+        std::copy(message.begin(), message.end(), data);
+
+        int result = EVP_PKEY_verify(ctx, signature, sizeof(signature), data, strlen((char*)data));
+
+        // Dispose objects
+        EVP_PKEY_free(key);
+        EVP_PKEY_CTX_free(ctx);
+
+        delete[] signature;
+        delete[] data;
+
+        // Check
+        if (result != 1)
+        {
+            throw std::runtime_error("");
+        }
+    }
+    catch (...)
+    {
+        throw std::runtime_error("");
+    }
 }
--- a/PolygonClientUtilities/Crypt.h
+++ b/PolygonClientUtilities/Crypt.h
@ -2,7 +2,9 @@

 #include "Classes.h"
 #include <openssl/evp.h>
+#include <openssl/rsa.h>
 #include <openssl/pem.h>
+#include <openssl/bio.h>

 typedef void(__thiscall* Crypt__verifySignatureBase64_t)(HCRYPTPROV* _this, int a2, BYTE* pbData, int a4, int a5, int a6, DWORD dwDataLen, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15);
 void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, int a2, BYTE* pbData, int a4, int a5, int a6, DWORD dwDataLen, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15);
--- a/PolygonClientUtilities/StandardOut.h
+++ b/PolygonClientUtilities/StandardOut.h
@ -1,7 +1,6 @@
 #pragma once

 #include "Classes.h"
-#include <string>

 void InitializeOutput();

--- a/PolygonClientUtilities/Util.cpp
+++ b/PolygonClientUtilities/Util.cpp
@ -2,13 +2,13 @@
 #include "Util.h"
 #include <string_view>

-const std::string Util::publicKey = 
-        "-----BEGIN RSA PUBLIC KEY-----"
-        "BgIAAACkAABSU0ExAAQAAAEAAQABmKy9m0NxBRoXTuQPZU8BeM"
-        "fwBisHcYBy93KSlQB3emeiW/pEMj9YWn2k7JkHiqcjuH+XE5PW"
-        "K+q9s8oLQsnXTdTYa2l+1BhypP5jefgq0ZHITTIMBfE7rTI39p"
-        "pzs0ayXKINQMIsBzXaJm25v5gP+vlz4cupJPq+jy9De+kcyw=="
-        "-----END RSA PUBLIC KEY-----";
+const std::string Util::publicKey =
+    "-----BEGIN PUBLIC KEY-----\n"
+    "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLHOl7Qy+Pvvokqcvhc/n6D5i/\n"
+    "uW0m2jUHLMJADaJcskazc5r2NzKtO/EFDDJNyJHRKvh5Y/6kchjUfmlr2NRN18lC\n"
+    "C8qzveor1pMTl3+4I6eKB5nspH1aWD8yRPpbomd6dwCVknL3coBxBysG8Md4AU9l\n"
+    "D+ROFxoFcUObvayYAQIDAQAB\n"
+    "-----END PUBLIC KEY-----";

 const std::vector<std::string> Util::allowedHosts
 {
@ -80,7 +80,7 @@ std::string Util::toLower(std::string s)
 }

 // https://stackoverflow.com/a/44562527
-std::vector<unsigned char> Util::base64Decode(const std::string_view data)
+unsigned char* Util::base64Decode(const std::string_view data)
 {
    // table from '+' to 'z'
    const uint8_t lookup[] = {
@ -118,5 +118,8 @@ std::vector<unsigned char> Util::base64Decode(const std::string_view data)
        }
    }

-    return out;
+    unsigned char* blob = new unsigned char[out.size()];
+    std::copy(out.begin(), out.end(), blob);
+
+    return blob;
 }
--- a/PolygonClientUtilities/Util.h
+++ b/PolygonClientUtilities/Util.h
@ -13,5 +13,5 @@ public:
    static std::map<std::string, std::string> parseArgs(std::string args);
    static bool isASCII(const std::string& s);
    static std::string toLower(std::string s);
-    static std::vector<unsigned char> base64Decode(const std::string_view data);
+    static unsigned char* base64Decode(const std::string_view data);
 };