summaryrefslogtreecommitdiff
path: root/csgo-loader/csgo-client
diff options
context:
space:
mode:
Diffstat (limited to 'csgo-loader/csgo-client')
-rw-r--r--csgo-loader/csgo-client/Client.cpp26
-rw-r--r--csgo-loader/csgo-client/Client.hpp2
-rw-r--r--csgo-loader/csgo-client/Networking/TCPClient.cpp4
-rw-r--r--csgo-loader/csgo-client/Security/Encryption.cpp94
-rw-r--r--csgo-loader/csgo-client/Security/Encryption.hpp4
-rw-r--r--csgo-loader/csgo-client/Security/RuntimeSecurity.cpp14
-rw-r--r--csgo-loader/csgo-client/csgo-client.vcxproj2
7 files changed, 69 insertions, 77 deletions
diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp
index a7d27a7..b9d7b3d 100644
--- a/csgo-loader/csgo-client/Client.cpp
+++ b/csgo-loader/csgo-client/Client.cpp
@@ -3,19 +3,18 @@
/*
TODO:
- Finish off security on client:
- - Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB.
+ - Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB. [DONE]
- Use VM check that Nave gave me.
- Run a thread to check for blacklisted drivers periodically (also blacklist VBox)
- Run a thread to check if there is more than X threads running in the loader.
- Add dump protection (closes csgo.exe if a handle is detected, probably explorer shellcode)
- Add HWID generation
- - Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that)
- - If the hook is triggered, ban the user.
- - Don't forget about the security callback; leave implementation up to Nave.
+ - Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that) [DONE]
+ - Don't forget about the security callback; leave implementation up to Nave. [DONE]
- Apply Themida macros inside important functions:
- - Apply mutation on Security hooks and main function.
- - Apply fast VM on syscall manager, process functions
+ - Apply mutation on Security hooks and main function. [DONE]
+ - Apply fast VM on syscall manager, process functions
- Apply robust VM on TCP, login
- Apply heavy VM on Encryption, recv/send wrappers.
@@ -37,7 +36,7 @@
int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow)
{
- WRAP_IF_DEBUG(Utils::OpenConsole());
+ /*WRAP_IF_DEBUG*/(Utils::OpenConsole());
// Autistic workaround for Hooked_OpenProcess crashing
// when Device->CreateDevice is invoked...
@@ -76,6 +75,19 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow)
if(!Client.Start(LOCAL_IP, SERVER_PORT))
ERROR_ASSERT("[000F:0002A000] Server did not accept the connection.");
+ ByteArray Bytes{ 0, 1, 2, 3, 4, 5 };
+ Client.SendBytes(Bytes);
+
+
+ ByteArray Bytes2 = Client.ReceiveBytes();
+
+ printf("%zd\n", Bytes2.size());
+
+ for(auto &It : Bytes2)
+ printf("%02x ", It);
+
+ printf("\n");
+
// Allow the user to input their log-in data.
UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN;
diff --git a/csgo-loader/csgo-client/Client.hpp b/csgo-loader/csgo-client/Client.hpp
index fb1f623..016e3d3 100644
--- a/csgo-loader/csgo-client/Client.hpp
+++ b/csgo-loader/csgo-client/Client.hpp
@@ -37,5 +37,7 @@ namespace Utils
// :^)
SetConsoleTitleA("moneyclient $");
+
+ printf("[DEBUG] Hello!\n");
}
} \ No newline at end of file
diff --git a/csgo-loader/csgo-client/Networking/TCPClient.cpp b/csgo-loader/csgo-client/Networking/TCPClient.cpp
index 3bcd0c3..aeb2dfc 100644
--- a/csgo-loader/csgo-client/Networking/TCPClient.cpp
+++ b/csgo-loader/csgo-client/Networking/TCPClient.cpp
@@ -32,7 +32,7 @@ namespace Networking
// Emplace all received bytes.
for(int n = 0; n < Received; ++n)
{
- ReceivedBytes.push_back(RecvBuffer[n]);
+ ReceivedBytes.emplace_back(RecvBuffer[n]);
}
// No more bytes left to receive.
@@ -86,7 +86,7 @@ namespace Networking
// Allow the socket to time-out.
timeval timeout;
- timeout.tv_sec = 5;
+ timeout.tv_sec = 30;
if(setsockopt(m_Socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof timeout) == INVALID_SOCKET)
return false;
diff --git a/csgo-loader/csgo-client/Security/Encryption.cpp b/csgo-loader/csgo-client/Security/Encryption.cpp
index 460bda9..6bc3640 100644
--- a/csgo-loader/csgo-client/Security/Encryption.cpp
+++ b/csgo-loader/csgo-client/Security/Encryption.cpp
@@ -106,19 +106,17 @@ namespace Wrapper
{
Aes256 aes(key);
- WRAP_IF_RELEASE(VM_FISH_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
aes.encrypt_start(plain.size(), encrypted);
aes.encrypt_continue(plain, encrypted);
aes.encrypt_end(encrypted);
- WRAP_IF_RELEASE(VM_FISH_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
return encrypted.size();
}
-#pragma optimize("", on)
-
ByteArray::size_type Aes256::encrypt(const ByteArray& key, const unsigned char* plain, const ByteArray::size_type plain_length, ByteArray& encrypted)
{
Aes256 aes(key);
@@ -130,25 +128,21 @@ namespace Wrapper
return encrypted.size();
}
-#pragma optimize("", off)
-
ByteArray::size_type Aes256::decrypt(const ByteArray& key, const ByteArray& encrypted, ByteArray& plain)
{
Aes256 aes(key);
- WRAP_IF_RELEASE(VM_FISH_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
aes.decrypt_start(encrypted.size());
aes.decrypt_continue(encrypted, plain);
aes.decrypt_end(plain);
- WRAP_IF_RELEASE(VM_FISH_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
return plain.size();
}
-#pragma optimize("", on)
-
ByteArray::size_type Aes256::decrypt(const ByteArray& key, const unsigned char* encrypted, const ByteArray::size_type encrypted_length, ByteArray& plain)
{
Aes256 aes(key);
@@ -254,13 +248,11 @@ namespace Wrapper
return encrypted.size();
}
-#pragma optimize("", off)
-
void Aes256::encrypt(unsigned char* buffer)
{
unsigned char i, rcon;
- WRAP_IF_RELEASE(VM_SHARK_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
copy_key();
add_round_key(buffer, 0);
@@ -278,11 +270,9 @@ namespace Wrapper
expand_enc_key(&rcon);
add_round_key(buffer, i);
- WRAP_IF_RELEASE(VM_SHARK_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
-#pragma optimize("", on)
-
ByteArray::size_type Aes256::decrypt_start(const ByteArray::size_type encrypted_length)
{
unsigned char j;
@@ -370,13 +360,11 @@ namespace Wrapper
return plain.size();
}
-#pragma optimize("", off)
-
void Aes256::decrypt(unsigned char* buffer)
{
unsigned char i, rcon = 1;
- WRAP_IF_RELEASE(VM_SHARK_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
copy_key();
for(i = NUM_ROUNDS / 2; i > 0; --i)
@@ -397,12 +385,9 @@ namespace Wrapper
}
add_round_key(buffer, i);
- WRAP_IF_RELEASE(VM_SHARK_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
-#pragma optimize("", on)
-
-#pragma optimize("", off)
void Aes256::expand_enc_key(unsigned char* rc)
{
unsigned char i;
@@ -422,6 +407,10 @@ namespace Wrapper
m_rkey[i + 2] = m_rkey[i + 2] ^ m_rkey[i - 2];
m_rkey[i + 3] = m_rkey[i + 3] ^ m_rkey[i - 1];
}
+
+ WRAP_IF_RELEASE(MUTATE_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
+
m_rkey[16] = m_rkey[16] ^ sbox[m_rkey[12]];
m_rkey[17] = m_rkey[17] ^ sbox[m_rkey[13]];
m_rkey[18] = m_rkey[18] ^ sbox[m_rkey[14]];
@@ -435,13 +424,9 @@ namespace Wrapper
m_rkey[i + 3] = m_rkey[i + 3] ^ m_rkey[i - 1];
}
- WRAP_IF_RELEASE(MUTATE_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
-#pragma optimize("", on)
-
-#pragma optimize("", off)
-
void Aes256::expand_dec_key(unsigned char* rc)
{
unsigned char i;
@@ -461,6 +446,9 @@ namespace Wrapper
m_rkey[18] = m_rkey[18] ^ sbox[m_rkey[14]];
m_rkey[19] = m_rkey[19] ^ sbox[m_rkey[15]];
+ WRAP_IF_RELEASE(MUTATE_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
+
for(i = 12; i > 0; i -= 4)
{
m_rkey[i + 0] = m_rkey[i + 0] ^ m_rkey[i - 4];
@@ -475,11 +463,9 @@ namespace Wrapper
m_rkey[2] = m_rkey[2] ^ sbox[m_rkey[31]];
m_rkey[3] = m_rkey[3] ^ sbox[m_rkey[28]];
- WRAP_IF_RELEASE(MUTATE_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
-#pragma optimize("", on)
-
void Aes256::sub_bytes(unsigned char* buffer)
{
unsigned char i = KEY_SIZE / 2;
@@ -514,13 +500,11 @@ namespace Wrapper
buffer[i] ^= m_rkey[(round & 1) ? i + 16 : i];
}
-#pragma optimize("", off)
-
void Aes256::shift_rows(unsigned char* buffer)
{
unsigned char i, j, k, l; /* to make it potentially parallelable :) */
- WRAP_IF_RELEASE(MUTATE_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
i = buffer[1];
buffer[1] = buffer[5];
@@ -532,6 +516,9 @@ namespace Wrapper
buffer[10] = buffer[2];
buffer[2] = j;
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
+ WRAP_IF_RELEASE(MUTATE_START);
+
k = buffer[3];
buffer[3] = buffer[15];
buffer[15] = buffer[11];
@@ -545,15 +532,11 @@ namespace Wrapper
WRAP_IF_RELEASE(MUTATE_END);
}
-#pragma optimize("", on)
-
-#pragma optimize("", off)
-
void Aes256::shift_rows_inv(unsigned char* buffer)
{
unsigned char i, j, k, l; /* same as above :) */
- WRAP_IF_RELEASE(MUTATE_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
i = buffer[1];
buffer[1] = buffer[13];
@@ -565,6 +548,9 @@ namespace Wrapper
buffer[2] = buffer[10];
buffer[10] = j;
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
+ WRAP_IF_RELEASE(MUTATE_START);
+
k = buffer[3];
buffer[3] = buffer[7];
buffer[7] = buffer[11];
@@ -578,15 +564,11 @@ namespace Wrapper
WRAP_IF_RELEASE(MUTATE_END);
}
-#pragma optimize("", on)
-
-#pragma optimize("", off)
-
void Aes256::mix_columns(unsigned char* buffer)
{
unsigned char i, a, b, c, d, e;
- WRAP_IF_RELEASE(VM_FISH_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
for(i = 0; i < 16; i += 4)
{
@@ -603,19 +585,14 @@ namespace Wrapper
buffer[i + 3] ^= e ^ rj_xtime(d^a);
}
- WRAP_IF_RELEASE(VM_FISH_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
-#pragma optimize("", on)
-
-
-#pragma optimize("", off)
-
void Aes256::mix_columns_inv(unsigned char* buffer)
{
unsigned char i, a, b, c, d, e, x, y, z;
- WRAP_IF_RELEASE(VM_FISH_BLACK_START);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_START);
for(i = 0; i < 16; i += 4)
{
@@ -634,7 +611,7 @@ namespace Wrapper
buffer[i + 3] ^= y ^ rj_xtime(d^a);
}
- WRAP_IF_RELEASE(VM_FISH_BLACK_END);
+ WRAP_IF_RELEASE(VM_EAGLE_BLACK_END);
}
#pragma optimize("", on)
@@ -653,7 +630,10 @@ namespace Wrapper
if(EncryptionKey.empty())
Start();
- m_EncryptionKey.reserve(EncryptionKey.size());
+ WRAP_IF_DEBUG(printf("[DEBUG] Received handshake: %zd bytes.\n[DEBUG] Data: ", EncryptionKey.size()););
+ WRAP_IF_DEBUG(for(auto &It : EncryptionKey) { printf("%02x ", It); });
+ WRAP_IF_DEBUG(printf("\n"));
+
std::copy(EncryptionKey.begin(), EncryptionKey.end(), m_EncryptionKey.begin());
}
@@ -662,11 +642,7 @@ namespace Wrapper
// Encrypt outgoing data.
ByteArray Encrypted;
- #ifdef DEBUG
- Encrypted = Data;
- #else
Aes256::encrypt(m_EncryptionKey, Data, Encrypted);
- #endif
return Encrypted;
}
@@ -676,11 +652,7 @@ namespace Wrapper
// Decrypt incoming data.
ByteArray Decrypted;
- #ifdef DEBUG
- Decrypted = Data;
- #else
Aes256::decrypt(m_EncryptionKey, Data, Decrypted);
- #endif
return Decrypted;
}
diff --git a/csgo-loader/csgo-client/Security/Encryption.hpp b/csgo-loader/csgo-client/Security/Encryption.hpp
index b1c49dc..c544aa3 100644
--- a/csgo-loader/csgo-client/Security/Encryption.hpp
+++ b/csgo-loader/csgo-client/Security/Encryption.hpp
@@ -75,6 +75,10 @@ namespace Wrapper
HCRYPTPROV m_CryptProvider;
public:
+ Encryption() {
+ m_EncryptionKey = ByteArray(32);
+ }
+
// Generate a random cryptographic key.
// OPTIONAL: You can pass a premade encryption key as a parameter.
void Start();
diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp
index aceab25..739ce5d 100644
--- a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp
+++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp
@@ -141,7 +141,7 @@ namespace Security
void RuntimeSecurity::PatchDebugFunctions()
{
- WRAP_IF_RELEASE(VM_DOLPHIN_WHITE_START);
+ WRAP_IF_RELEASE(VM_EAGLE_WHITE_START);
WRAP_IF_RELEASE(STR_ENCRYPT_START);
HMODULE Module = GetModuleHandleA("ntdll.dll");
@@ -171,7 +171,7 @@ namespace Security
uintptr_t Exports[] = {
Export_DbgUiRemoteBreakin,
Export_DbgBreakPoint,
- Export_NtContinue
+ //Export_NtContinue // This causes a lot of crashes ATM while debugging, leave this out till release.
};
for(auto &It : Exports)
@@ -188,7 +188,7 @@ namespace Security
}
WRAP_IF_RELEASE(STR_ENCRYPT_END);
- WRAP_IF_RELEASE(VM_DOLPHIN_WHITE_END);
+ WRAP_IF_RELEASE(VM_EAGLE_WHITE_END);
}
void RuntimeSecurity::DispatchSecurityThreads()
@@ -218,10 +218,11 @@ namespace Security
// Read the PEB from the TIB.
// Offset for x86 is 0x30 ; mov ..., dword ptr fs:[0x30]
// Offset for x64 is 0x60 ; mov ..., qword ptr gs:[0x60]
- PEB *ProcessEnvBlock = (PEB *)__readgsqword(0x60);
- if(ProcessEnvBlock->BeingDebugged)
- SecurityCallback();
+ //PEB *ProcessEnvBlock = (PEB *)__readgsqword(0x60);
+ //
+ //if(ProcessEnvBlock->BeingDebugged)
+ // SecurityCallback();
}
void RuntimeSecurity::CheckForDrivers()
@@ -247,6 +248,7 @@ namespace Security
DispatchSecurityThreads();
// Patch DbgUiRemoteBreakin, DbgBreakPoint, NtContinue
+ // This also fucks up detours for some reason... only extra protection :-)
PatchDebugFunctions();
return true;
diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj b/csgo-loader/csgo-client/csgo-client.vcxproj
index 5c8ff74..4467b0e 100644
--- a/csgo-loader/csgo-client/csgo-client.vcxproj
+++ b/csgo-loader/csgo-client/csgo-client.vcxproj
@@ -98,6 +98,7 @@
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
+ <WholeProgramOptimization>false</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
@@ -156,7 +157,6 @@
<RuntimeTypeInfo>true</RuntimeTypeInfo>
<LanguageStandard>stdcpp17</LanguageStandard>
<DisableSpecificWarnings>4100;4189;4244;4267;4522;4714;4838;4307;4706;4702</DisableSpecificWarnings>
- <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
</ClCompile>
<Link>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-17 05:39:38 +0000