summaryrefslogtreecommitdiff
path: root/csgo-loader/csgo-client/Login
diff options
context:
space:
mode:
Diffstat (limited to 'csgo-loader/csgo-client/Login')
-rw-r--r--csgo-loader/csgo-client/Login/RemoteLogin.cpp75
-rw-r--r--csgo-loader/csgo-client/Login/RemoteLogin.hpp78
2 files changed, 153 insertions, 0 deletions
diff --git a/csgo-loader/csgo-client/Login/RemoteLogin.cpp b/csgo-loader/csgo-client/Login/RemoteLogin.cpp
new file mode 100644
index 0000000..45f7953
--- /dev/null
+++ b/csgo-loader/csgo-client/Login/RemoteLogin.cpp
@@ -0,0 +1,75 @@
+#include <Login/RemoteLogin.hpp>
+#include <UserExperience/UserInterface.hpp>
+
+// Change this whenever a major client update is made.
+// NOTE: You must change this on the server as well.
+#define CURRENT_CLIENT_HEADER 0xDEADBEEF
+
+namespace Login {
+ void RemoteLoginTransaction::Start(const char *Username, const char *Password) {
+ // Initialise the header with the client header.
+ m_Header.m_ClientHeader = CURRENT_CLIENT_HEADER;
+
+ // Initialise the header with the username and password.
+ strcpy_s< 128 >(m_Header.m_Username, Username);
+ strcpy_s< 128 >(m_Header.m_Password, Password);
+
+ // Initialise the header with the Hardware ID.
+ m_Header.m_HardwareId = GetHardwareId();
+
+ // TODO: Verify integrity of system.
+ m_Header.m_IntegrityBit1 = 0; // 0 for integrity passed, random bit for failure
+ m_Header.m_IntegrityBit2 = 0;
+ m_Header.m_IntegrityBit3 = 0;
+
+ // The checksum bit, the server will check this first to detect possible tampering.
+ m_Header.m_IntegrityBit4 = m_Header.m_IntegrityBit1
+ | m_Header.m_IntegrityBit2
+ | m_Header.m_IntegrityBit3;
+ }
+
+ // TODO: Hardware ID check.
+ ByteArray RemoteLoginTransaction::DoWmiQuery(const char *Query) {
+ ByteArray Response{};
+
+ return Response;
+ }
+
+ uint32_t RemoteLoginTransaction::GetHardwareId() {
+ return 123456789;
+ }
+
+ bool RemoteLoginTransaction::TranslateResponse(ByteArray &RawResponse) {
+ RemoteLoginResponse ServerResponse = *reinterpret_cast<RemoteLoginResponse *>(&RawResponse[0]);
+
+ switch(ServerResponse) {
+ case RemoteLoginResponse::ACCESS_SPECIAL_USER:
+ // Allow the user to load special access cheats.
+ UserInterface->m_Data.m_SpecialAccess = true;
+ case RemoteLoginResponse::ACCESS_AUTHORISED:
+ return true;
+ case RemoteLoginResponse::OUTDATED_CLIENT:
+ INFO_ASSERT("[000A:%08x] Your client is outdated.\nPlease download the latest client at 'moneybot.cc'.", m_Header.m_HardwareId);
+ break;
+ case RemoteLoginResponse::INTEGRITY_FAILURE:
+ INFO_ASSERT("[000F:%08x] Failed to verify session.\nPlease contact an administrator.", m_Header.m_HardwareId);
+ break;
+ case RemoteLoginResponse::USER_BANNED:
+ INFO_ASSERT("[000D:%08x] Your account is banned.\nPlease contact 'admin@moneybot.cc' for additional information.", m_Header.m_HardwareId);
+ break;
+ case RemoteLoginResponse::INVALID_HARDWARE:
+ UserInterface->m_Data.m_Error = UserExperience::ERROR_INVALID_HWID;
+ //INFO_ASSERT("[000C:%08x] Hardware ID mismatch.\nPlease contact an administrator to request a hardware ID reset.", m_Header.m_HardwareId);
+ break;
+ case RemoteLoginResponse::INVALID_CREDENTIALS:
+ UserInterface->m_Data.m_Error = UserExperience::ERROR_SHADOW_BAN;
+ //INFO_ASSERT("[000C:%08x] Your credentials are invalid. Please check your spelling and try again.", m_Header.m_HardwareId ^ RemoteLoginResponse::INVALID_CREDENTIALS);
+ break;
+ case RemoteLoginResponse::NO_SUBSCRIPTION:
+ INFO_ASSERT("[000G:%08x] No active subscription found.", m_Header.m_HardwareId ^ RemoteLoginResponse::NO_SUBSCRIPTION);
+ break;
+ }
+
+ return false;
+ }
+} \ No newline at end of file
diff --git a/csgo-loader/csgo-client/Login/RemoteLogin.hpp b/csgo-loader/csgo-client/Login/RemoteLogin.hpp
new file mode 100644
index 0000000..e543d27
--- /dev/null
+++ b/csgo-loader/csgo-client/Login/RemoteLogin.hpp
@@ -0,0 +1,78 @@
+#pragma once
+
+#include <cstdint>
+#include <algorithm>
+#include <vector>
+
+using ByteArray = std::vector<uint8_t>;
+
+namespace Login {
+ // Login header that is sent over to the server
+ struct RemoteLoginHeader {
+ // The first four bytes are encoded by the client.
+ // This will carry the client version which can be checked.
+ uint32_t m_ClientHeader;
+
+ // The username is raw text.
+ // TODO: Hash the password client-side.
+ char m_Username[128];
+ char m_Password[128];
+
+ // This will provide the hardware ID of the machine.
+ uint32_t m_HardwareId;
+
+ // These fields will be set according
+ // to security check results.
+ uint8_t m_IntegrityBit1; // Detour detected on NTDLL function
+ uint8_t m_IntegrityBit2; // Detour detected on dummy function
+ uint8_t m_IntegrityBit3; // Virtual machine/Debugger detected
+ uint8_t m_IntegrityBit4; // m_IntegrityBit1 | m_IntegrityBit2 | m_IntegrityBit3 (checksum)
+ };
+
+ // Possible server responses
+ // The hardware ID is encoded (XORed with the message ID) within the message for
+ // shadow ban/forum ban purposes. :)
+ enum RemoteLoginResponse : uint8_t {
+ OUTDATED_CLIENT = 'A', // '[000A:{HWID}] Your client is outdated. Please download the latest client at 'moneybot.cc'.'
+ ACCESS_AUTHORISED = 'B', // Allows the user to continue with injection.
+ INVALID_CREDENTIALS = 'C', // '[000C:{HWID}] Your credentials are invalid. Please check your spelling and try again.'
+ USER_BANNED = 'D', // '[000D:{HWID}] Your account is banned. Please contact 'admin@moneybot.cc' for additional information.'
+ INVALID_HARDWARE = 'E', // '[000E:{HWID}] Please contact an administrator to request a hardware ID reset.'
+ INTEGRITY_FAILURE = 'F', // '[000F:{HWID}] Failed to verify session. Please contact an administrator.' AKA the 'shadow ban', blacklists user from loader but not from forums.
+ NO_SUBSCRIPTION = 'G', // '[000G:{HWID}] No active subscription.'
+ ACCESS_SPECIAL_USER = 'H', // Allows the user to continue, sets the m_SpecialAccess var
+ };
+
+ // Runs the security checks and creates the login header to send to the server.
+ class RemoteLoginTransaction {
+ RemoteLoginHeader m_Header;
+
+ public:
+ // Initialises the header.
+ void Start(const char *Username, const char *Password);
+
+ // Obtains the hardware ID of the current machine in use.
+ uint32_t GetHardwareId();
+
+ // Queries the WMI for data.
+ ByteArray DoWmiQuery(const char *Query);
+
+ // Translates server response, determines whether or not the
+ // user can access the client. NOTE: Server will drop the client if
+ // the response is not ACCESS_AUTHORISED.
+ bool TranslateResponse(ByteArray &RawResponse);
+
+ ByteArray GetHeader() {
+ ByteArray Header;
+
+ // Copy header to the ByteArray.
+ Header.insert(
+ Header.begin(),
+ (uint8_t *)&m_Header,
+ (uint8_t *)&m_Header + sizeof RemoteLoginHeader
+ );
+
+ return Header;
+ }
+ };
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-17 10:56:46 +0000