diff --git a/PolygonClientUtilities/Config.h b/PolygonClientUtilities/Config.h index 8f19a20..fcf3676 100644 --- a/PolygonClientUtilities/Config.h +++ b/PolygonClientUtilities/Config.h @@ -6,9 +6,9 @@ // RobloxApp (2010) #ifdef MFC2010 #define ADDRESS_STANDARDOUT__PRINT 0x0059F340 -#define ADDRESS_STANDARDOUT__PRINTF 0x0059F8B0 #define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING 0x004FC1A0 #define ADDRESS_HTTP__TRUSTCHECK 0x005A2680 +#define ADDRESS_CRYPT__VERIFYSIGNATUREBASE64 0x0079ECF0 #define ADDRESS_CAPP__CREATEGAME 0x00405D20 #define ADDRESS_CAPP__ROBLOXAUTHENTICATE 0x00408060 #define ADDRESS_CROBLOXAPP__INITINSTANCE 0x00452900 @@ -21,7 +21,9 @@ // RobloxApp (2011) #ifdef MFC2011 #define ADDRESS_STANDARDOUT__PRINT 0x005B25E0 +#define ADDRESS_NETWORK__RAKNETADDRESSTOSTRING 0x0 #define ADDRESS_HTTP__TRUSTCHECK 0x005B7050 +#define ADDRESS_HTTP__VERIFYSIGNATUREBASE64 0x00809EC0 #define ADDRESS_CAPP__CREATEGAME 0x0 #define ADDRESS_CAPP__ROBLOXAUTHENTICATE 0x0 #define ADDRESS_CROBLOXAPP__INITINSTANCE 0x004613C0 diff --git a/PolygonClientUtilities/Debug/PolygonClientUtilities.ilk b/PolygonClientUtilities/Debug/PolygonClientUtilities.ilk index 0d56546..b0b964a 100644 Binary files a/PolygonClientUtilities/Debug/PolygonClientUtilities.ilk and b/PolygonClientUtilities/Debug/PolygonClientUtilities.ilk differ diff --git a/PolygonClientUtilities/Logger.cpp b/PolygonClientUtilities/Logger.cpp index 42d7a31..55a2c49 100644 --- a/PolygonClientUtilities/Logger.cpp +++ b/PolygonClientUtilities/Logger.cpp @@ -14,6 +14,13 @@ void Logger::Initialize(const std::string jobId) Logger::handle = CreateFileA("CONOUT$", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); SetStdHandle(STD_OUTPUT_HANDLE, Logger::handle); + // lol + printf("Access key read: \n"); + printf("Current Access key: \n"); + printf("Service starting...\n"); + printf("Intializing Roblox Web Service\n"); + printf("Service Started on port 64989\n"); + Logger::outputLog = std::ofstream(jobId + std::string("-Output.txt")); Logger::httpLog = std::ofstream(jobId + std::string("-Http.txt")); } diff --git a/PolygonClientUtilities/RobloxMFCHooks.cpp b/PolygonClientUtilities/RobloxMFCHooks.cpp index 1ea3ddb..6969100 100644 --- a/PolygonClientUtilities/RobloxMFCHooks.cpp +++ b/PolygonClientUtilities/RobloxMFCHooks.cpp @@ -14,9 +14,137 @@ static std::wstring authenticationTicket; static std::wstring joinScriptUrl; static std::string jobId; +// Functions // + +Http__trustCheck_t Http__trustCheck = (Http__trustCheck_t)ADDRESS_HTTP__TRUSTCHECK; +Crypt__verifySignatureBase64_t Crypt__verifySignatureBase64 = (Crypt__verifySignatureBase64_t)ADDRESS_CRYPT__VERIFYSIGNATUREBASE64; +#ifdef ARBITERBUILD +StandardOut__print_t StandardOut__print = (StandardOut__print_t)ADDRESS_STANDARDOUT__PRINT; +// Network__RakNetAddressToString_t Network__RakNetAddressToString = (Network__RakNetAddressToString_t)ADDRESS_NETWORK__RAKNETADDRESSTOSTRING; +#endif #if defined(MFC2010) || defined(MFC2011) CRobloxApp__InitInstance_t CRobloxApp__InitInstance = (CRobloxApp__InitInstance_t)ADDRESS_CROBLOXAPP__INITINSTANCE; +CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam = (CRobloxCommandLineInfo__ParseParam_t)ADDRESS_CROBLOXCOMMANDLINEINFO__PARSEPARAM; +#endif +// Hook Definitions // + +BOOL __fastcall Http__trustCheck_hook(const char* url) +{ + const std::vector allowedHosts + { + "polygon.pizzaboxer.xyz", + "polygondev.pizzaboxer.xyz", + "polygonapi.pizzaboxer.xyz", + + "roblox.com", + "www.roblox.com", + "assetdelivery.roblox.com", + + "tadah.rocks", + "www.tadah.rocks" + }; + + const std::vector allowedSchemes + { + "http", + "https", + "ftp", + }; + + const std::vector allowedEmbeddedSchemes + { + "javascript", + "jscript", + "res", + }; + + LUrlParser::ParseURL parsedUrl = LUrlParser::ParseURL::parseURL(url); + + if (!parsedUrl.isValid()) + return false; + +#ifdef ARBITERBUILD + Logger::Log(LogType::Http, url); +#endif + + if (std::string("about:blank") == url) + return true; + + if (std::find(allowedSchemes.begin(), allowedSchemes.end(), parsedUrl.scheme_) != allowedSchemes.end()) + return std::find(allowedHosts.begin(), allowedHosts.end(), parsedUrl.host_) != allowedHosts.end(); + + if (std::find(allowedEmbeddedSchemes.begin(), allowedEmbeddedSchemes.end(), parsedUrl.scheme_) != allowedEmbeddedSchemes.end()) + return true; + + return false; +} + +void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, char a2, int a3, int a4, int a5, int a6, int a7, int a8, char a9, int a10, int a11, int a12, int a13, int a14, int a15) +{ + // the actual function signature is (HCRYPTPROV* _this, std::string message, std::string signatureBase64) + // but for some reason it throws a memory access violation when you pass the parameters back into the function, without even modifying them + // each char represents the beginning of new std::string (with the int parameters, that totalls to a length of 24 bytes) + // the signature length is stored in a14 though so we can just use that + + if (a14 > 1024) + { + std::ostringstream error; + error << "Signature too large. " << a14 << " > 1024"; + throw std::runtime_error(error.str()); + } + + Crypt__verifySignatureBase64(_this, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15); +} + +#ifdef ARBITERBUILD +void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message) +{ + StandardOut__print(_this, type, message); + + if (Logger::handle) + { +#ifdef NDEBUG + // for some reason, the location of the message pointer is offset 4 bytes when compiled as release + // i assume doing this is safe? most of the examples ive seen use reinterpret_cast but this seems to work fine + int messagePtr = (int)message; + messagePtr += 4; + std::string* message = (std::string*)messagePtr; + +#endif + switch (type) + { + case 1: // RBX::MESSAGE_OUTPUT: + Logger::Log(LogType::Output, std::string("[MESSAGE_OUTPUT] ") + *message); + SetConsoleTextAttribute(Logger::handle, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + break; + case 0: // RBX::MESSAGE_INFO: + Logger::Log(LogType::Output, std::string("[MESSAGE_INFO] ") + *message); + SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE); + break; + case 2: // RBX::MESSAGE_WARNING: + Logger::Log(LogType::Output, std::string("[MESSAGE_WARNING] ") + *message); + SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN); + break; + case 3: // RBX::MESSAGE_ERROR: + Logger::Log(LogType::Output, std::string("[MESSAGE_ERROR] ") + *message); + SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_INTENSITY); + break; + } + + printf("%s\n", message->c_str()); + SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE); + } +} + +// std::string __fastcall Network__RakNetAddressToString_hook(int raknetAddress, bool writePort, char portDelineator) +// { +// Network__RakNetAddressToString(raknetAddress, writePort, portDelineator); +// return std::string("hi"); +// } +#endif + +#if defined(MFC2010) || defined(MFC2011) BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this) { if (!CRobloxApp__InitInstance(_this)) @@ -45,8 +173,6 @@ BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this) return TRUE; } -CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam = (CRobloxCommandLineInfo__ParseParam_t)ADDRESS_CROBLOXCOMMANDLINEINFO__PARSEPARAM; - void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo* _this, void*, const char* pszParam, BOOL bFlag, BOOL bLast) { if (hasJoinArg && joinScriptUrl.empty()) @@ -124,106 +250,4 @@ void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo* CRobloxCommandLineInfo__ParseParam(_this, pszParam, bFlag, bLast); } -#endif - -Http__trustCheck_t Http__trustCheck = (Http__trustCheck_t)ADDRESS_HTTP__TRUSTCHECK; - -BOOL __fastcall Http__trustCheck_hook(const char* url) -{ - const std::vector allowedHosts - { - "polygon.pizzaboxer.xyz", - "polygondev.pizzaboxer.xyz", - "polygonapi.pizzaboxer.xyz", - - "roblox.com", - "www.roblox.com", - "assetdelivery.roblox.com", - - "tadah.rocks", - "www.tadah.rocks" - }; - - const std::vector allowedSchemes - { - "http", - "https", - "ftp", - }; - - const std::vector allowedEmbeddedSchemes - { - "javascript", - "jscript", - "res", - }; - - LUrlParser::ParseURL parsedUrl = LUrlParser::ParseURL::parseURL(url); - - if (!parsedUrl.isValid()) - return false; - -#ifdef ARBITERBUILD - Logger::Log(LogType::Http, url); -#endif - - if (std::string("about:blank") == url) - return true; - - if (std::find(allowedSchemes.begin(), allowedSchemes.end(), parsedUrl.scheme_) != allowedSchemes.end()) - return std::find(allowedHosts.begin(), allowedHosts.end(), parsedUrl.host_) != allowedHosts.end(); - - if (std::find(allowedEmbeddedSchemes.begin(), allowedEmbeddedSchemes.end(), parsedUrl.scheme_) != allowedEmbeddedSchemes.end()) - return true; - - return false; -} - -#ifdef ARBITERBUILD -StandardOut__print_t StandardOut__print = (StandardOut__print_t)ADDRESS_STANDARDOUT__PRINT; - -void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message) -{ - StandardOut__print(_this, type, message); - - if (Logger::handle) - { -#ifdef NDEBUG - int bytePtr = (int)message; - bytePtr += 4; - std::string* message = (std::string*)bytePtr; -#endif - - switch (type) - { - case 1: // RBX::MESSAGE_OUTPUT: - Logger::Log(LogType::Output, std::string("[MESSAGE_OUTPUT] ") + *message); - SetConsoleTextAttribute(Logger::handle, FOREGROUND_BLUE | FOREGROUND_INTENSITY); - break; - case 0: // RBX::MESSAGE_INFO: - Logger::Log(LogType::Output, std::string("[MESSAGE_INFO] ") + *message); - SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE); - break; - case 2: // RBX::MESSAGE_WARNING: - Logger::Log(LogType::Output, std::string("[MESSAGE_WARNING] ") + *message); - SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN); - break; - case 3: // RBX::MESSAGE_ERROR: - Logger::Log(LogType::Output, std::string("[MESSAGE_ERROR] ") + *message); - SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_INTENSITY); - break; - } - - printf("%s\n", message->c_str()); - SetConsoleTextAttribute(Logger::handle, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE); - } -} - -// Network__RakNetAddressToString_t Network__RakNetAddressToString = (Network__RakNetAddressToString_t)ADDRESS_NETWORK__RAKNETADDRESSTOSTRING; - -// std::string __fastcall Network__RakNetAddressToString_hook(int raknetAddress, bool writePort, char portDelineator) -// { -// Network__RakNetAddressToString(raknetAddress, writePort, portDelineator); -// return std::string("hi"); -// } #endif \ No newline at end of file diff --git a/PolygonClientUtilities/RobloxMFCHooks.h b/PolygonClientUtilities/RobloxMFCHooks.h index fcd7e77..425c248 100644 --- a/PolygonClientUtilities/RobloxMFCHooks.h +++ b/PolygonClientUtilities/RobloxMFCHooks.h @@ -2,31 +2,41 @@ #include "RobloxMFCClasses.h" -#if defined(MFC2010) || defined(MFC2011) -typedef BOOL(__thiscall* CRobloxApp__InitInstance_t)(CRobloxApp* _this); -extern CRobloxApp__InitInstance_t CRobloxApp__InitInstance; - -BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this); - -typedef void(__thiscall* CRobloxCommandLineInfo__ParseParam_t)(CRobloxCommandLineInfo* _this, const char* pszParam, BOOL bFlag, BOOL bLast); -extern CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam; - -void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo* _this, void*, const char* pszParam, BOOL bFlag, BOOL bLast); -#endif +// Type Definitions // typedef void(__thiscall* Http__trustCheck_t)(const char* url); -extern Http__trustCheck_t Http__trustCheck; - -BOOL __fastcall Http__trustCheck_hook(const char* url); - +typedef void(__thiscall* Crypt__verifySignatureBase64_t)(HCRYPTPROV* _this, char a2, int a3, int a4, int a5, int a6, int a7, int a8, char a9, int a10, int a11, int a12, int a13, int a14, int a15); #ifdef ARBITERBUILD typedef void(__thiscall* StandardOut__print_t)(int _this, int type, std::string* message); -extern StandardOut__print_t StandardOut__print; - -void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message); - // typedef void(__thiscall* Network__RakNetAddressToString_t)(int raknetAddress, bool writePort, char portDelineator); -// extern Network__RakNetAddressToString_t Network__RakNetAddressToString; +#endif +#if defined(MFC2010) || defined(MFC2011) +typedef BOOL(__thiscall* CRobloxApp__InitInstance_t)(CRobloxApp* _this); +typedef void(__thiscall* CRobloxCommandLineInfo__ParseParam_t)(CRobloxCommandLineInfo* _this, const char* pszParam, BOOL bFlag, BOOL bLast); +#endif +// Externals // + +extern Http__trustCheck_t Http__trustCheck; +extern Crypt__verifySignatureBase64_t Crypt__verifySignatureBase64; +#ifdef ARBITERBUILD +extern StandardOut__print_t StandardOut__print; +// extern Network__RakNetAddressToString_t Network__RakNetAddressToString; +#endif +#if defined(MFC2010) || defined(MFC2011) +extern CRobloxApp__InitInstance_t CRobloxApp__InitInstance; +extern CRobloxCommandLineInfo__ParseParam_t CRobloxCommandLineInfo__ParseParam; +#endif + +// Hook Declarations // + +BOOL __fastcall Http__trustCheck_hook(const char* url); +void __fastcall Crypt__verifySignatureBase64_hook(HCRYPTPROV* _this, void*, char a2, int a3, int a4, int a5, int a6, int a7, int a8, char a9, int a10, int a11, int a12, int a13, int a14, int a15); +#ifdef ARBITERBUILD +void __fastcall StandardOut__print_hook(int _this, void*, int type, std::string* message); // std::string __fastcall Network__RakNetAddressToString_hook(int raknetAddress, bool writePort, char portDelineator); +#endif +#if defined(MFC2010) || defined(MFC2011) +BOOL __fastcall CRobloxApp__InitInstance_hook(CRobloxApp* _this); +void __fastcall CRobloxCommandLineInfo__ParseParam_hook(CRobloxCommandLineInfo* _this, void*, const char* pszParam, BOOL bFlag, BOOL bLast); #endif \ No newline at end of file diff --git a/PolygonClientUtilities/dllmain.cpp b/PolygonClientUtilities/dllmain.cpp index 41ab72c..cdb4d3b 100644 --- a/PolygonClientUtilities/dllmain.cpp +++ b/PolygonClientUtilities/dllmain.cpp @@ -5,14 +5,15 @@ START_PATCH_LIST() ADD_PATCH(Http__trustCheck, Http__trustCheck_hook) -#ifdef ARBITERBUILD -ADD_PATCH(StandardOut__print, StandardOut__print_hook) -// ADD_PATCH(Network__RakNetAddressToString, Network__RakNetAddressToString_hook) -#endif +ADD_PATCH(Crypt__verifySignatureBase64, Crypt__verifySignatureBase64_hook) #if defined(MFC2010) || defined(MFC2011) ADD_PATCH(CRobloxApp__InitInstance, CRobloxApp__InitInstance_hook) ADD_PATCH(CRobloxCommandLineInfo__ParseParam, CRobloxCommandLineInfo__ParseParam_hook) #endif +#ifdef ARBITERBUILD +ADD_PATCH(StandardOut__print, StandardOut__print_hook) +// ADD_PATCH(Network__RakNetAddressToString, Network__RakNetAddressToString_hook) +#endif END_PATCH_LIST() // DLLs for release will be loaded with VMProtect, so this isn't necessary diff --git a/PolygonClientUtilities/pch.h b/PolygonClientUtilities/pch.h index bb86dd1..17d5a71 100644 --- a/PolygonClientUtilities/pch.h +++ b/PolygonClientUtilities/pch.h @@ -1,10 +1,11 @@ #pragma once #include -#include #include +#include #include #include #include +#include #include #include \ No newline at end of file