diff --git a/PolygonClientUtilities/Classes.h b/PolygonClientUtilities/Classes.h index c9fddb4..4f46b75 100644 --- a/PolygonClientUtilities/Classes.h +++ b/PolygonClientUtilities/Classes.h @@ -9,6 +9,16 @@ struct DataModel std::string jobId; }; +struct Http +{ + void* padding1[1]; + std::string alternateUrl; + void* padding2[4]; + std::string url; +}; + +// const auto DataModel__createDataModel = (void * (__thiscall*)(int a1, char a2))ADDRESS_DATAMODEL__CREATEDATAMODEL; + struct Packet { void* padding1[7]; diff --git a/PolygonClientUtilities/Config.h b/PolygonClientUtilities/Config.h index e915790..4689372 100644 --- a/PolygonClientUtilities/Config.h +++ b/PolygonClientUtilities/Config.h @@ -1,8 +1,8 @@ #pragma once -#define PLAYER2012 +#define MFC2010 #define PLAYERBUILD -// #define ARBITERBUILD +#define ARBITERBUILD // #define DEBUG_SERVERREPLICATOR__PROCESSPACKET @@ -23,12 +23,15 @@ #define ADDRESS_DATAMODEL__GETJOBID 0x005CACC0 #define ADDRESS_STANDARDOUT__PRINT 0x0059F340 -#define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING 0x004FC1A0 +// #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING 0x004FC1A0 #define ADDRESS_HTTP__TRUSTCHECK 0x005A2680 #define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64 0x0079ECF0 #define ADDRESS_SERVERREPLICATOR__SENDTOP 0x00506910 #define ADDRESS_SERVERREPLICATOR__PROCESSPACKET 0x00507420 #define ADDRESS_SERVERREPLICATOR__PROCESSTICKET 0x0 +#define ADDRESS_DATAMODEL__CREATEDATAMODEL 0x005DC150 +#define ADDRESS_GAME__CONSTRUCT 0x0047DBF0 +#define ADDRESS_HTTP_HTTPGETPOSTWININET 0x006A9210 // MFC specific definitions #define CLASSLOCATION_CROBLOXAPP 0x00BFF898 diff --git a/PolygonClientUtilities/DebugDatamodel.cpp b/PolygonClientUtilities/DebugDatamodel.cpp new file mode 100644 index 0000000..c03540a --- /dev/null +++ b/PolygonClientUtilities/DebugDatamodel.cpp @@ -0,0 +1,22 @@ +#include "pch.h" +#include "DebugDatamodel.h" + +DataModel__createDataModel_t DataModel__createDataModel = (DataModel__createDataModel_t)0; // ADDRESS_DATAMODEL__CREATEDATAMODEL; + +int __fastcall DataModel__createDataModel_hook(int, int, int, bool startHeartbeat) +{ + printf("DataModel::createDataModel called\n"); + + printf("Value of startHeartbeat: %#010x\n", startHeartbeat); + + return DataModel__createDataModel(startHeartbeat); +} + +/* DataModel__createDataModel_t DataModel__createDataModel = (DataModel__createDataModel_t)ADDRESS_GAME__CONSTRUCT; + +int __fastcall DataModel__createDataModel_hook(int _this) +{ + printf("Game::Game called\n"); + printf("Value of _this: %#010X\n", _this); + return DataModel__createDataModel(_this); +} */ \ No newline at end of file diff --git a/PolygonClientUtilities/DebugDatamodel.h b/PolygonClientUtilities/DebugDatamodel.h new file mode 100644 index 0000000..5ffe78e --- /dev/null +++ b/PolygonClientUtilities/DebugDatamodel.h @@ -0,0 +1,12 @@ +#pragma once + +#include "Classes.h" + +typedef int (__thiscall* DataModel__createDataModel_t)(bool startHeartbeat); +int __fastcall DataModel__createDataModel_hook(int, int, int, bool startHeartbeat); +extern DataModel__createDataModel_t DataModel__createDataModel; + +// Game::Game +/* typedef int(__thiscall* DataModel__createDataModel_t)(int _this); +int __fastcall DataModel__createDataModel_hook(int _this); +extern DataModel__createDataModel_t DataModel__createDataModel; */ \ No newline at end of file diff --git a/PolygonClientUtilities/MFCCommandLine.cpp b/PolygonClientUtilities/MFCCommandLine.cpp index a8c2389..8f33eb6 100644 --- a/PolygonClientUtilities/MFCCommandLine.cpp +++ b/PolygonClientUtilities/MFCCommandLine.cpp @@ -24,6 +24,12 @@ BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this) CApp__RobloxAuthenticate(app, nullptr, authenticationUrl.c_str(), authenticationTicket.c_str()); } + // DataModel* datamodel = reinterpret_cast(CLASSLOCATION_CAPP); + + // printf("Attempting to create DataModel...\n"); + // char* v27; + // DataModel__createDataModel((int)&v27, 1); + #ifdef PLAYERBUILD if (hasJoinArg && !joinScriptUrl.empty()) { diff --git a/PolygonClientUtilities/PolygonClientUtilities.vcxproj b/PolygonClientUtilities/PolygonClientUtilities.vcxproj index c1ad3a4..bf40e58 100644 --- a/PolygonClientUtilities/PolygonClientUtilities.vcxproj +++ b/PolygonClientUtilities/PolygonClientUtilities.vcxproj @@ -161,10 +161,12 @@ + + @@ -175,6 +177,7 @@ + @@ -192,6 +195,7 @@ + diff --git a/PolygonClientUtilities/PolygonClientUtilities.vcxproj.filters b/PolygonClientUtilities/PolygonClientUtilities.vcxproj.filters index 7a9a6a1..e9612bd 100644 --- a/PolygonClientUtilities/PolygonClientUtilities.vcxproj.filters +++ b/PolygonClientUtilities/PolygonClientUtilities.vcxproj.filters @@ -60,6 +60,12 @@ Header Files\Hooks + + Header Files\Hooks + + + Header Files\Hooks + @@ -98,5 +104,11 @@ Source Files\Hooks + + Source Files\Hooks + + + Source Files\Hooks + \ No newline at end of file diff --git a/PolygonClientUtilities/TestHttpGetPost.cpp b/PolygonClientUtilities/TestHttpGetPost.cpp new file mode 100644 index 0000000..ebcfa6c --- /dev/null +++ b/PolygonClientUtilities/TestHttpGetPost.cpp @@ -0,0 +1,58 @@ +#include "pch.h" +#include "TestHttpGetPost.h" +#include "Util.h" +#include "LUrlParser.h" + +Http_httpGetPostWinInet_t Http_httpGetPostWinInet = (Http_httpGetPostWinInet_t)ADDRESS_HTTP_HTTPGETPOSTWININET; + +void __fastcall Http_httpGetPostWinInet_hook(Http* _this, void*, bool isPost, int a3, bool compressData, LPCSTR additionalHeaders, int a6) +{ + printf("Http::httpGetPostWinInet called\n"); + // printf("Value of isPost: %d\n", isPost); + // printf("Value of compressData: %d\n", compressData); + // printf("Value of additionalHeaders: %s\n", additionalHeaders); + // throw std::runtime_error("Jay coleman detected"); + + /* printf("Length of url: %d\n", *(int*)((int)_this + 60)); + printf("Length of url 2: %d\n", _this->url.size()); + printf("Length of alternateUrl: %d\n", _this->alternateUrl.size()); + + printf("\n"); + + printf("Location of _this+20: %08X\n", (int)_this); + printf("Location of _this->alternateUrl: %p\n", &_this->alternateUrl); + + printf("\n"); + + printf("Location of _this+40: %08X\n", (int)_this + 40); + printf("Location of _this->url: %p\n", &_this->url); + + printf("\n"); */ + + printf("Requested url: %s\n", _this->url.c_str()); + + LUrlParser::ParseURL parsedUrl = LUrlParser::ParseURL::parseURL(_this->url); + std::string urlPath = Util::toLower(parsedUrl.path_); + + if (parsedUrl.host_ == "roblox.com" || parsedUrl.host_ == "www.roblox.com") + { + if (urlPath == "asset" || urlPath == "asset/" || urlPath == "asset/default.ashx") + { + std::string assetUrl = "https://assetdelivery.roblox.com/v1/asset/?" + parsedUrl.query_; + printf("Should swap URL with: %s\n", assetUrl.c_str()); + + // yep... same access violation i got in polygonutil.dll.......... + // yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaayyyyyyyyyyyyyyyyyyyyyy + _this->url = assetUrl; + } + } + + // printf("Host: %s\n", parsedUrl.host_.c_str()); + // printf("Path: %s\n", parsedUrl.path_.c_str()); + // printf("Query: %s\n", parsedUrl.query_.c_str()); + // printf("Fragment: %s\n", parsedUrl.fragment_.c_str()); + + printf("\n"); + + Http_httpGetPostWinInet(_this, isPost, a3, compressData, additionalHeaders, a6); +} \ No newline at end of file diff --git a/PolygonClientUtilities/TestHttpGetPost.h b/PolygonClientUtilities/TestHttpGetPost.h new file mode 100644 index 0000000..34b5a71 --- /dev/null +++ b/PolygonClientUtilities/TestHttpGetPost.h @@ -0,0 +1,7 @@ +#pragma once + +#include "Classes.h" + +typedef void (__thiscall* Http_httpGetPostWinInet_t)(Http* _this, bool isPost, int a3, bool compressData, LPCSTR additionalHeaders, int a6); +void __fastcall Http_httpGetPostWinInet_hook(Http* _this, void*, bool isPost, int a3, bool compressData, LPCSTR additionalHeaders, int a6); +extern Http_httpGetPostWinInet_t Http_httpGetPostWinInet; \ No newline at end of file diff --git a/PolygonClientUtilities/Util.cpp b/PolygonClientUtilities/Util.cpp index 15bdba3..abbf8dc 100644 --- a/PolygonClientUtilities/Util.cpp +++ b/PolygonClientUtilities/Util.cpp @@ -61,4 +61,11 @@ bool Util::isASCII(const std::string& s) return !std::any_of(s.begin(), s.end(), [](char c) { return static_cast(c) > 127; }); +} + +// https://stackoverflow.com/questions/313970/how-to-convert-an-instance-of-stdstring-to-lower-case +std::string Util::toLower(std::string s) +{ + std::transform(s.begin(), s.end(), s.begin(), [](unsigned char c) { return std::tolower(c); }); + return s; } \ No newline at end of file diff --git a/PolygonClientUtilities/Util.h b/PolygonClientUtilities/Util.h index 6211ecb..a049e4b 100644 --- a/PolygonClientUtilities/Util.h +++ b/PolygonClientUtilities/Util.h @@ -11,4 +11,5 @@ public: static std::vector split(std::string s, std::string delimiter); static std::map parseArgs(std::string args); static bool isASCII(const std::string& s); + static std::string toLower(std::string s); }; \ No newline at end of file diff --git a/PolygonClientUtilities/dllmain.cpp b/PolygonClientUtilities/dllmain.cpp index 46f863a..2292725 100644 --- a/PolygonClientUtilities/dllmain.cpp +++ b/PolygonClientUtilities/dllmain.cpp @@ -1,8 +1,10 @@ #include "pch.h" #include "Config.h" #include "Patches.h" -// #include "RobloxMFCHooks.h" +//#include "RobloxMFCHooks.h" +// #include "DebugDatamodel.h" +// #include "TestHttpGetPost.h" #include "TrustCheck.h" #include "VerifySignatureBase64.h" @@ -23,6 +25,9 @@ #endif START_PATCH_LIST() +// ADD_PATCH(Http_httpGetPostWinInet, Http_httpGetPostWinInet_hook) +// ADD_PATCH(DataModel__createDataModel, DataModel__createDataModel_hook) + ADD_PATCH(Http__trustCheck, Http__trustCheck_hook) ADD_PATCH(Crypt__verifySignatureBase64, Crypt__verifySignatureBase64_hook)