From 0340821cc614fda2a94a96c255d16105dd2f6f9a Mon Sep 17 00:00:00 2001 From: boris Date: Sat, 29 Dec 2018 22:15:34 +1300 Subject: tcp is being autistic -_- --- csgo-loader/ThemidaSettings._ini | 100 ++++++++++++++++++++- csgo-loader/ThemidaSettings.tmd | Bin 11117 -> 11211 bytes csgo-loader/csgo-client/Client.cpp | 26 ++++-- csgo-loader/csgo-client/Client.hpp | 2 + csgo-loader/csgo-client/Networking/TCPClient.cpp | 4 +- csgo-loader/csgo-client/Security/Encryption.cpp | 94 +++++++------------ csgo-loader/csgo-client/Security/Encryption.hpp | 4 + .../csgo-client/Security/RuntimeSecurity.cpp | 14 +-- csgo-loader/csgo-client/csgo-client.vcxproj | 2 +- csgo-loader/csgo-server/Networking/TCPServer.cpp | 18 ++-- csgo-loader/csgo-server/Networking/TCPServer.hpp | 2 +- csgo-loader/csgo-server/Security/Encryption.cpp | 8 -- csgo-loader/csgo-server/Server.cpp | 14 ++- 13 files changed, 192 insertions(+), 96 deletions(-) diff --git a/csgo-loader/ThemidaSettings._ini b/csgo-loader/ThemidaSettings._ini index 45c11e6..bbe4bb3 100644 --- a/csgo-loader/ThemidaSettings._ini +++ b/csgo-loader/ThemidaSettings._ini @@ -12,7 +12,7 @@ cbAntiDumpers.Checked="True" cbAntiPatching.ItemIndex=1 cbAPIWrapping.Checked="True" cbAssembliesProtect.Checked="False" -cbAutoHandleVirtualMachines.Checked="True" +cbAutoHandleVirtualMachines.Checked="False" cbAvoidDoubleAPI.Checked="False" cbBanHardwareIDpartial.Checked="False" cbBanLicenseWhenBannedHardwareID.Checked="False" @@ -268,3 +268,101 @@ SplashMouse.Checked="False" SplashNumSeconds.Value=0.0 SplashTime.Checked="True" +[Themida] +autoblocks=False +blocknumber=0 +blockscrc32= +crc32="$B78FE84C" +CustMsgDLLFunction0= +CustomVMCpus[0]="1" +CustomVMCpus[1]="1" +CustomVMId[0]="0xD4A79901" +CustomVMId[1]="0xD4A7990A" +CustomVMIntegrityCheck[0]="True" +CustomVMIntegrityCheck[1]="True" +CustomVM_Number=2 +messages=hex:01,02,00,06,17,4D,73,67,49,44,30,20,3A,20,47,6C,6F,62,61,6C,20,\ + 43,61,70,74,69,6F,6E,02,02,02,02,02,00,02,01,06,01,20,02,FF,02,FF,02,00,02,\ + 00,06,17,4D,73,67,49,44,31,20,3A,20,44,65,62,75,67,67,65,72,20,66,6F,75,6E,\ + 64,02,02,02,02,02,00,02,01,06,30,5B,30,30,30,46,3A,30,30,30,30,33,41,30,30,\ + 5D,20,41,20,64,65,62,75,67,67,65,72,20,69,73,20,70,72,65,73,65,6E,74,20,69,\ + 6E,20,6D,65,6D,6F,72,79,2E,02,03,02,03,02,00,02,01,06,33,50,6C,65,61,73,65,\ + 20,75,6E,6C,6F,61,64,20,61,6E,79,20,64,65,62,75,67,67,69,6E,67,20,73,6F,66,\ + 74,77,61,72,65,20,61,6E,64,20,74,72,79,20,61,67,61,69,6E,2E,02,FF,02,FF,02,\ + 00,02,00,06,1F,4D,73,67,49,44,32,20,3A,20,4D,6F,6E,69,74,6F,72,20,73,6F,66,\ + 74,77,61,72,65,20,66,6F,75,6E,64,02,02,02,02,02,00,02,01,06,30,5B,30,30,30,\ + 46,3A,30,30,30,30,33,41,30,30,5D,20,41,20,64,65,62,75,67,67,65,72,20,69,73,\ + 20,70,72,65,73,65,6E,74,20,69,6E,20,6D,65,6D,6F,72,79,2E,02,03,02,03,02,00,\ + 02,01,06,33,50,6C,65,61,73,65,20,75,6E,6C,6F,61,64,20,61,6E,79,20,64,65,62,\ + 75,67,67,69,6E,67,20,73,6F,66,74,77,61,72,65,20,61,6E,64,20,74,72,79,20,61,\ + 67,61,69,6E,2E,02,FF,02,FF,02,00,02,00,06,1C,4D,73,67,49,44,33,20,3A,20,43,\ + 72,61,63,6B,69,6E,67,20,74,6F,6F,6C,20,66,6F,75,6E,64,02,02,02,02,02,00,02,\ + 01,06,30,5B,30,30,30,46,3A,30,30,30,30,33,41,30,30,5D,20,41,20,64,65,62,75,\ + 67,67,65,72,20,69,73,20,70,72,65,73,65,6E,74,20,69,6E,20,6D,65,6D,6F,72,79,\ + 2E,02,03,02,03,02,00,02,01,06,33,50,6C,65,61,73,65,20,75,6E,6C,6F,61,64,20,\ + 61,6E,79,20,64,65,62,75,67,67,69,6E,67,20,73,6F,66,74,77,61,72,65,20,61,6E,\ + 64,20,74,72,79,20,61,67,61,69,6E,2E,02,FF,02,FF,02,00,02,00,06,17,4D,73,67,\ + 49,44,34,20,3A,20,46,69,6C,65,20,63,6F,72,72,75,70,74,65,64,02,02,02,02,02,\ + 00,02,01,06,2E,5B,30,30,30,46,3A,30,30,30,30,33,42,30,30,5D,20,41,6E,20,69,\ + 6E,74,65,67,72,69,74,79,20,63,68,65,63,6B,20,68,61,73,20,66,61,69,6C,65,64,\ + 2E,02,03,02,03,02,00,02,01,06,31,50,6C,65,61,73,65,20,64,6F,77,6E,6C,6F,61,\ + 64,20,74,68,65,20,6C,61,74,65,73,74,20,76,65,72,73,69,6F,6E,20,6F,66,20,74,\ + 68,65,20,63,6C,69,65,6E,74,2E,02,FF,02,FF,02,00,02,00,06,28,4D,73,67,49,44,\ + 36,20,3A,20,28,4E,6F,74,20,64,69,73,70,6C,61,79,65,64,20,69,6E,20,74,68,69,\ + 73,20,76,65,72,73,69,6F,6E,29,02,02,02,02,02,00,02,01,06,40,43,61,6E,6E,6F,\ + 74,20,55,70,64,61,74,65,20,6F,72,65,61,6E,73,2E,73,79,73,20,64,72,69,76,65,\ + 72,2E,20,50,6C,65,61,73,65,2C,20,6D,61,6B,65,20,73,75,72,65,20,74,68,61,74,\ + 20,79,6F,75,20,68,61,76,65,02,03,02,03,02,00,02,01,06,4E,61,64,6D,69,6E,69,\ + 73,74,72,61,74,6F,72,27,73,20,70,65,72,6D,69,74,73,20,74,68,65,20,66,69,72,\ + 73,74,20,74,69,6D,65,20,74,68,61,74,20,79,6F,75,20,61,72,65,20,67,6F,69,6E,\ + 67,20,74,6F,20,72,75,6E,20,74,68,69,73,20,70,72,6F,67,72,61,6D,2E,02,FF,02,\ + FF,02,00,02,00,06,28,4D,73,67,49,44,37,20,3A,20,28,4E,6F,74,20,64,69,73,70,\ + 6C,61,79,65,64,20,69,6E,20,74,68,69,73,20,76,65,72,73,69,6F,6E,29,02,02,02,\ + 02,02,00,02,01,06,38,43,61,6E,6E,6F,74,20,6F,70,65,6E,20,6F,72,65,61,6E,73,\ + 2E,76,78,64,20,64,72,69,76,65,72,2E,20,4D,61,6B,65,20,73,75,72,65,20,74,68,\ + 61,74,20,6F,72,65,61,6E,73,2E,76,78,64,02,03,02,03,02,00,02,01,06,1F,69,73,\ + 20,6E,6F,74,20,6F,70,65,6E,20,62,79,20,61,6E,6F,74,68,65,72,20,70,72,6F,67,\ + 72,61,6D,2E,02,FF,02,FF,02,00,02,00,06,28,4D,73,67,49,44,38,20,3A,20,28,4E,\ + 6F,74,20,64,69,73,70,6C,61,79,65,64,20,69,6E,20,74,68,69,73,20,76,65,72,73,\ + 69,6F,6E,29,02,02,02,02,02,00,02,01,06,4B,53,65,63,75,72,65,45,6E,67,69,6E,\ + 65,20,64,72,69,76,65,72,20,63,61,6E,6E,6F,74,20,62,65,20,75,70,64,61,74,65,\ + 64,20,62,65,63,61,75,73,65,20,74,68,65,72,65,20,61,72,65,20,73,6F,6D,65,20,\ + 70,72,6F,67,72,61,6D,73,20,75,73,69,6E,67,02,03,02,03,02,00,02,01,06,3E,69,\ + 74,2E,20,59,6F,75,20,6E,65,65,64,20,74,6F,20,63,6C,6F,73,65,20,74,68,6F,73,\ + 65,20,70,72,6F,67,72,61,6D,73,20,6F,72,20,72,65,73,74,61,72,74,20,79,6F,75,\ + 72,20,63,6F,6D,70,75,74,65,72,2E,02,FF,02,FF,02,00,02,01,06,0C,52,65,73,74,\ + 61,72,74,20,6E,6F,77,3F,02,FF,02,FF,02,00,02,00,06,28,4D,73,67,49,44,39,20,\ + 3A,20,28,4E,6F,74,20,64,69,73,70,6C,61,79,65,64,20,69,6E,20,74,68,69,73,20,\ + 76,65,72,73,69,6F,6E,29,02,02,02,02,02,00,02,01,06,29,59,6F,75,20,6E,65,65,\ + 64,20,74,6F,20,72,65,73,74,61,72,74,20,74,68,65,20,73,79,73,74,65,6D,20,74,\ + 6F,20,66,69,6E,69,73,68,20,02,03,02,03,02,00,02,01,06,2A,74,68,65,20,69,6E,\ + 73,74,61,6C,6C,61,74,69,6F,6E,20,6F,66,20,74,68,65,20,64,72,69,76,65,72,2E,\ + 20,52,65,73,65,74,20,6E,6F,77,3F,02,FF,02,FF,02,00,02,00,06,29,4D,73,67,49,\ + 44,31,30,20,3A,20,28,4E,6F,74,20,64,69,73,70,6C,61,79,65,64,20,69,6E,20,74,\ + 68,69,73,20,76,65,72,73,69,6F,6E,29,02,02,02,02,02,00,02,01,06,17,43,61,6E,\ + 6E,6F,74,20,77,72,69,74,65,20,6F,72,65,61,6E,73,2E,76,78,64,02,03,02,03,02,\ + 00,02,01,06,3E,4D,61,6B,65,20,73,75,72,65,20,74,68,61,74,20,74,68,69,73,20,\ + 66,69,6C,65,20,69,73,20,6E,6F,74,20,62,65,69,6E,67,20,75,73,65,64,20,62,79,\ + 20,61,6E,6F,74,68,65,72,20,70,72,6F,67,72,61,6D,2E,02,FF,02,FF,02,00,02,00,\ + 06,25,4D,73,67,49,44,31,32,20,3A,20,49,6E,74,65,72,6E,61,6C,20,65,78,63,65,\ + 70,74,69,6F,6E,20,6F,63,63,75,72,72,65,64,02,02,02,02,02,00,02,01,06,2A,5B,\ + 30,30,30,46,3A,25,30,38,78,5D,20,41,6E,20,69,6E,74,65,67,72,69,74,79,20,63,\ + 68,65,63,6B,20,68,61,73,20,66,61,69,6C,65,64,2E,02,03,02,03,02,00,02,01,06,\ + 52,49,66,20,74,68,65,20,70,72,6F,62,6C,65,6D,20,70,65,72,73,69,73,74,73,2C,\ + 20,63,6F,6E,74,61,63,74,20,61,6E,20,61,64,6D,69,6E,69,73,74,72,61,74,6F,72,\ + 20,61,6E,64,20,70,72,6F,76,69,64,65,20,74,68,65,6D,20,74,68,65,20,65,72,72,\ + 6F,72,20,63,6F,64,65,2E,02,FF,02,FF,02,00,02,00,06,21,4D,73,67,49,44,31,33,\ + 3A,20,56,69,72,74,75,61,6C,20,4D,61,63,68,69,6E,65,20,44,65,74,65,63,74,65,\ + 64,02,02,02,02,02,00,02,01,06,33,5B,30,30,30,46,3A,30,30,30,30,33,43,30,30,\ + 5D,20,41,20,76,69,72,74,75,61,6C,20,65,6E,76,69,72,6F,6E,6D,65,6E,74,20,77,\ + 61,73,20,64,65,74,65,63,74,65,64,2E,02,03,02,03,02,00,02,01,06,46,50,6C,65,\ + 61,73,65,20,64,69,73,61,62,6C,65,20,61,6E,79,20,68,79,70,65,72,76,69,73,6F,\ + 72,20,2F,20,76,69,72,74,75,61,6C,20,6D,61,63,68,69,6E,65,73,20,79,6F,75,20,\ + 6D,69,67,68,74,20,62,65,20,72,75,6E,6E,69,6E,67,2E,02,FF,02,FF,02,00,00 +NumMAPfunctions=0 +VirtualizeCoreWithVM="EAGLE64 (White)" +VirtualizeVMmacroWithVM="EAGLE64 (White)" +XBundlerEna=0 +XBundlerNumFiles=0 +XBundlerOpenDialogEnable=0 + diff --git a/csgo-loader/ThemidaSettings.tmd b/csgo-loader/ThemidaSettings.tmd index 8505b09..4d0df4e 100644 Binary files a/csgo-loader/ThemidaSettings.tmd and b/csgo-loader/ThemidaSettings.tmd differ diff --git a/csgo-loader/csgo-client/Client.cpp b/csgo-loader/csgo-client/Client.cpp index a7d27a7..b9d7b3d 100644 --- a/csgo-loader/csgo-client/Client.cpp +++ b/csgo-loader/csgo-client/Client.cpp @@ -3,19 +3,18 @@ /* TODO: - Finish off security on client: - - Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB. + - Hook OpenProcess, ExitProcess, WSARecv, WSASend and check if function is OOB. [DONE] - Use VM check that Nave gave me. - Run a thread to check for blacklisted drivers periodically (also blacklist VBox) - Run a thread to check if there is more than X threads running in the loader. - Add dump protection (closes csgo.exe if a handle is detected, probably explorer shellcode) - Add HWID generation - - Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that) - - If the hook is triggered, ban the user. - - Don't forget about the security callback; leave implementation up to Nave. + - Hook DbgBreakPoint and DbgUiRemoteBreakin (instead of bytepatching, some debuggers will check that) [DONE] + - Don't forget about the security callback; leave implementation up to Nave. [DONE] - Apply Themida macros inside important functions: - - Apply mutation on Security hooks and main function. - - Apply fast VM on syscall manager, process functions + - Apply mutation on Security hooks and main function. [DONE] + - Apply fast VM on syscall manager, process functions - Apply robust VM on TCP, login - Apply heavy VM on Encryption, recv/send wrappers. @@ -37,7 +36,7 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) { - WRAP_IF_DEBUG(Utils::OpenConsole()); + /*WRAP_IF_DEBUG*/(Utils::OpenConsole()); // Autistic workaround for Hooked_OpenProcess crashing // when Device->CreateDevice is invoked... @@ -76,6 +75,19 @@ int __stdcall WinMain(HINSTANCE inst, HINSTANCE prev, char* str, int cmdshow) if(!Client.Start(LOCAL_IP, SERVER_PORT)) ERROR_ASSERT("[000F:0002A000] Server did not accept the connection."); + ByteArray Bytes{ 0, 1, 2, 3, 4, 5 }; + Client.SendBytes(Bytes); + + + ByteArray Bytes2 = Client.ReceiveBytes(); + + printf("%zd\n", Bytes2.size()); + + for(auto &It : Bytes2) + printf("%02x ", It); + + printf("\n"); + // Allow the user to input their log-in data. UserInterface->m_Data.m_ExecutionState = UserExperience::EXECUTION_LOG_IN; diff --git a/csgo-loader/csgo-client/Client.hpp b/csgo-loader/csgo-client/Client.hpp index fb1f623..016e3d3 100644 --- a/csgo-loader/csgo-client/Client.hpp +++ b/csgo-loader/csgo-client/Client.hpp @@ -37,5 +37,7 @@ namespace Utils // :^) SetConsoleTitleA("moneyclient $"); + + printf("[DEBUG] Hello!\n"); } } \ No newline at end of file diff --git a/csgo-loader/csgo-client/Networking/TCPClient.cpp b/csgo-loader/csgo-client/Networking/TCPClient.cpp index 3bcd0c3..aeb2dfc 100644 --- a/csgo-loader/csgo-client/Networking/TCPClient.cpp +++ b/csgo-loader/csgo-client/Networking/TCPClient.cpp @@ -32,7 +32,7 @@ namespace Networking // Emplace all received bytes. for(int n = 0; n < Received; ++n) { - ReceivedBytes.push_back(RecvBuffer[n]); + ReceivedBytes.emplace_back(RecvBuffer[n]); } // No more bytes left to receive. @@ -86,7 +86,7 @@ namespace Networking // Allow the socket to time-out. timeval timeout; - timeout.tv_sec = 5; + timeout.tv_sec = 30; if(setsockopt(m_Socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof timeout) == INVALID_SOCKET) return false; diff --git a/csgo-loader/csgo-client/Security/Encryption.cpp b/csgo-loader/csgo-client/Security/Encryption.cpp index 460bda9..6bc3640 100644 --- a/csgo-loader/csgo-client/Security/Encryption.cpp +++ b/csgo-loader/csgo-client/Security/Encryption.cpp @@ -106,19 +106,17 @@ namespace Wrapper { Aes256 aes(key); - WRAP_IF_RELEASE(VM_FISH_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); aes.encrypt_start(plain.size(), encrypted); aes.encrypt_continue(plain, encrypted); aes.encrypt_end(encrypted); - WRAP_IF_RELEASE(VM_FISH_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); return encrypted.size(); } -#pragma optimize("", on) - ByteArray::size_type Aes256::encrypt(const ByteArray& key, const unsigned char* plain, const ByteArray::size_type plain_length, ByteArray& encrypted) { Aes256 aes(key); @@ -130,25 +128,21 @@ namespace Wrapper return encrypted.size(); } -#pragma optimize("", off) - ByteArray::size_type Aes256::decrypt(const ByteArray& key, const ByteArray& encrypted, ByteArray& plain) { Aes256 aes(key); - WRAP_IF_RELEASE(VM_FISH_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); aes.decrypt_start(encrypted.size()); aes.decrypt_continue(encrypted, plain); aes.decrypt_end(plain); - WRAP_IF_RELEASE(VM_FISH_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); return plain.size(); } -#pragma optimize("", on) - ByteArray::size_type Aes256::decrypt(const ByteArray& key, const unsigned char* encrypted, const ByteArray::size_type encrypted_length, ByteArray& plain) { Aes256 aes(key); @@ -254,13 +248,11 @@ namespace Wrapper return encrypted.size(); } -#pragma optimize("", off) - void Aes256::encrypt(unsigned char* buffer) { unsigned char i, rcon; - WRAP_IF_RELEASE(VM_SHARK_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); copy_key(); add_round_key(buffer, 0); @@ -278,11 +270,9 @@ namespace Wrapper expand_enc_key(&rcon); add_round_key(buffer, i); - WRAP_IF_RELEASE(VM_SHARK_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } -#pragma optimize("", on) - ByteArray::size_type Aes256::decrypt_start(const ByteArray::size_type encrypted_length) { unsigned char j; @@ -370,13 +360,11 @@ namespace Wrapper return plain.size(); } -#pragma optimize("", off) - void Aes256::decrypt(unsigned char* buffer) { unsigned char i, rcon = 1; - WRAP_IF_RELEASE(VM_SHARK_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); copy_key(); for(i = NUM_ROUNDS / 2; i > 0; --i) @@ -397,12 +385,9 @@ namespace Wrapper } add_round_key(buffer, i); - WRAP_IF_RELEASE(VM_SHARK_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } -#pragma optimize("", on) - -#pragma optimize("", off) void Aes256::expand_enc_key(unsigned char* rc) { unsigned char i; @@ -422,6 +407,10 @@ namespace Wrapper m_rkey[i + 2] = m_rkey[i + 2] ^ m_rkey[i - 2]; m_rkey[i + 3] = m_rkey[i + 3] ^ m_rkey[i - 1]; } + + WRAP_IF_RELEASE(MUTATE_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); + m_rkey[16] = m_rkey[16] ^ sbox[m_rkey[12]]; m_rkey[17] = m_rkey[17] ^ sbox[m_rkey[13]]; m_rkey[18] = m_rkey[18] ^ sbox[m_rkey[14]]; @@ -435,13 +424,9 @@ namespace Wrapper m_rkey[i + 3] = m_rkey[i + 3] ^ m_rkey[i - 1]; } - WRAP_IF_RELEASE(MUTATE_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } -#pragma optimize("", on) - -#pragma optimize("", off) - void Aes256::expand_dec_key(unsigned char* rc) { unsigned char i; @@ -461,6 +446,9 @@ namespace Wrapper m_rkey[18] = m_rkey[18] ^ sbox[m_rkey[14]]; m_rkey[19] = m_rkey[19] ^ sbox[m_rkey[15]]; + WRAP_IF_RELEASE(MUTATE_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); + for(i = 12; i > 0; i -= 4) { m_rkey[i + 0] = m_rkey[i + 0] ^ m_rkey[i - 4]; @@ -475,11 +463,9 @@ namespace Wrapper m_rkey[2] = m_rkey[2] ^ sbox[m_rkey[31]]; m_rkey[3] = m_rkey[3] ^ sbox[m_rkey[28]]; - WRAP_IF_RELEASE(MUTATE_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } -#pragma optimize("", on) - void Aes256::sub_bytes(unsigned char* buffer) { unsigned char i = KEY_SIZE / 2; @@ -514,13 +500,11 @@ namespace Wrapper buffer[i] ^= m_rkey[(round & 1) ? i + 16 : i]; } -#pragma optimize("", off) - void Aes256::shift_rows(unsigned char* buffer) { unsigned char i, j, k, l; /* to make it potentially parallelable :) */ - WRAP_IF_RELEASE(MUTATE_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); i = buffer[1]; buffer[1] = buffer[5]; @@ -532,6 +516,9 @@ namespace Wrapper buffer[10] = buffer[2]; buffer[2] = j; + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); + WRAP_IF_RELEASE(MUTATE_START); + k = buffer[3]; buffer[3] = buffer[15]; buffer[15] = buffer[11]; @@ -545,15 +532,11 @@ namespace Wrapper WRAP_IF_RELEASE(MUTATE_END); } -#pragma optimize("", on) - -#pragma optimize("", off) - void Aes256::shift_rows_inv(unsigned char* buffer) { unsigned char i, j, k, l; /* same as above :) */ - WRAP_IF_RELEASE(MUTATE_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); i = buffer[1]; buffer[1] = buffer[13]; @@ -565,6 +548,9 @@ namespace Wrapper buffer[2] = buffer[10]; buffer[10] = j; + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); + WRAP_IF_RELEASE(MUTATE_START); + k = buffer[3]; buffer[3] = buffer[7]; buffer[7] = buffer[11]; @@ -578,15 +564,11 @@ namespace Wrapper WRAP_IF_RELEASE(MUTATE_END); } -#pragma optimize("", on) - -#pragma optimize("", off) - void Aes256::mix_columns(unsigned char* buffer) { unsigned char i, a, b, c, d, e; - WRAP_IF_RELEASE(VM_FISH_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); for(i = 0; i < 16; i += 4) { @@ -603,19 +585,14 @@ namespace Wrapper buffer[i + 3] ^= e ^ rj_xtime(d^a); } - WRAP_IF_RELEASE(VM_FISH_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } -#pragma optimize("", on) - - -#pragma optimize("", off) - void Aes256::mix_columns_inv(unsigned char* buffer) { unsigned char i, a, b, c, d, e, x, y, z; - WRAP_IF_RELEASE(VM_FISH_BLACK_START); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_START); for(i = 0; i < 16; i += 4) { @@ -634,7 +611,7 @@ namespace Wrapper buffer[i + 3] ^= y ^ rj_xtime(d^a); } - WRAP_IF_RELEASE(VM_FISH_BLACK_END); + WRAP_IF_RELEASE(VM_EAGLE_BLACK_END); } #pragma optimize("", on) @@ -653,7 +630,10 @@ namespace Wrapper if(EncryptionKey.empty()) Start(); - m_EncryptionKey.reserve(EncryptionKey.size()); + WRAP_IF_DEBUG(printf("[DEBUG] Received handshake: %zd bytes.\n[DEBUG] Data: ", EncryptionKey.size());); + WRAP_IF_DEBUG(for(auto &It : EncryptionKey) { printf("%02x ", It); }); + WRAP_IF_DEBUG(printf("\n")); + std::copy(EncryptionKey.begin(), EncryptionKey.end(), m_EncryptionKey.begin()); } @@ -662,11 +642,7 @@ namespace Wrapper // Encrypt outgoing data. ByteArray Encrypted; - #ifdef DEBUG - Encrypted = Data; - #else Aes256::encrypt(m_EncryptionKey, Data, Encrypted); - #endif return Encrypted; } @@ -676,11 +652,7 @@ namespace Wrapper // Decrypt incoming data. ByteArray Decrypted; - #ifdef DEBUG - Decrypted = Data; - #else Aes256::decrypt(m_EncryptionKey, Data, Decrypted); - #endif return Decrypted; } diff --git a/csgo-loader/csgo-client/Security/Encryption.hpp b/csgo-loader/csgo-client/Security/Encryption.hpp index b1c49dc..c544aa3 100644 --- a/csgo-loader/csgo-client/Security/Encryption.hpp +++ b/csgo-loader/csgo-client/Security/Encryption.hpp @@ -75,6 +75,10 @@ namespace Wrapper HCRYPTPROV m_CryptProvider; public: + Encryption() { + m_EncryptionKey = ByteArray(32); + } + // Generate a random cryptographic key. // OPTIONAL: You can pass a premade encryption key as a parameter. void Start(); diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp index aceab25..739ce5d 100644 --- a/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp +++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.cpp @@ -141,7 +141,7 @@ namespace Security void RuntimeSecurity::PatchDebugFunctions() { - WRAP_IF_RELEASE(VM_DOLPHIN_WHITE_START); + WRAP_IF_RELEASE(VM_EAGLE_WHITE_START); WRAP_IF_RELEASE(STR_ENCRYPT_START); HMODULE Module = GetModuleHandleA("ntdll.dll"); @@ -171,7 +171,7 @@ namespace Security uintptr_t Exports[] = { Export_DbgUiRemoteBreakin, Export_DbgBreakPoint, - Export_NtContinue + //Export_NtContinue // This causes a lot of crashes ATM while debugging, leave this out till release. }; for(auto &It : Exports) @@ -188,7 +188,7 @@ namespace Security } WRAP_IF_RELEASE(STR_ENCRYPT_END); - WRAP_IF_RELEASE(VM_DOLPHIN_WHITE_END); + WRAP_IF_RELEASE(VM_EAGLE_WHITE_END); } void RuntimeSecurity::DispatchSecurityThreads() @@ -218,10 +218,11 @@ namespace Security // Read the PEB from the TIB. // Offset for x86 is 0x30 ; mov ..., dword ptr fs:[0x30] // Offset for x64 is 0x60 ; mov ..., qword ptr gs:[0x60] - PEB *ProcessEnvBlock = (PEB *)__readgsqword(0x60); - if(ProcessEnvBlock->BeingDebugged) - SecurityCallback(); + //PEB *ProcessEnvBlock = (PEB *)__readgsqword(0x60); + // + //if(ProcessEnvBlock->BeingDebugged) + // SecurityCallback(); } void RuntimeSecurity::CheckForDrivers() @@ -247,6 +248,7 @@ namespace Security DispatchSecurityThreads(); // Patch DbgUiRemoteBreakin, DbgBreakPoint, NtContinue + // This also fucks up detours for some reason... only extra protection :-) PatchDebugFunctions(); return true; diff --git a/csgo-loader/csgo-client/csgo-client.vcxproj b/csgo-loader/csgo-client/csgo-client.vcxproj index 5c8ff74..4467b0e 100644 --- a/csgo-loader/csgo-client/csgo-client.vcxproj +++ b/csgo-loader/csgo-client/csgo-client.vcxproj @@ -98,6 +98,7 @@ true v141 MultiByte + false Application @@ -156,7 +157,6 @@ true stdcpp17 4100;4189;4244;4267;4522;4714;4838;4307;4706;4702 - MultiThreadedDLL RequireAdministrator diff --git a/csgo-loader/csgo-server/Networking/TCPServer.cpp b/csgo-loader/csgo-server/Networking/TCPServer.cpp index 739cbdd..c381c85 100644 --- a/csgo-loader/csgo-server/Networking/TCPServer.cpp +++ b/csgo-loader/csgo-server/Networking/TCPServer.cpp @@ -4,7 +4,7 @@ namespace Networking { void TCPConnection::Close() { - printf("[ <= ] %s disconnected!\n", m_IpAddress); + printf("[ <= ] disconnected\n"); if(m_Socket) closesocket(m_Socket); @@ -20,10 +20,10 @@ namespace Networking if(m_IpAddress) - printf("[ => ] Sending %zd bytes to %s.\n", Bytes.size(), m_IpAddress); + printf("[ => ] %zd bytes\n", Bytes.size()); if(Result == -1) - printf("[ => ] Failed to send %zd bytes to %s. (Socket %04Ix)\n", Bytes.size(), m_IpAddress, m_Socket); + printf("[ => ] %zd bytes failed (%d)\n", Bytes.size(), WSAGetLastError()); } ByteArray TCPConnection::ReceiveRawBytes() @@ -43,7 +43,7 @@ namespace Networking // Emplace all received bytes. for(int n = 0; n < Received; ++n) { - ReceivedBytes.push_back(RecvBuffer[n]); + ReceivedBytes.emplace_back(RecvBuffer[n]); } // No more bytes left to receive. @@ -51,7 +51,7 @@ namespace Networking break; } - printf("[ <= ] Received %zd bytes from %s.\n", ReceivedBytes.size(), m_IpAddress); + printf("[ <= ] %zd bytes\n", ReceivedBytes.size()); return ReceivedBytes; } @@ -126,6 +126,14 @@ namespace Networking ByteArray EncryptionKey = Connection.GetEncryptionKey(); Connection.SendRawBytes(EncryptionKey); + // Print out handshake header + printf("[ => ] Handshake: "); + + for(auto &It : EncryptionKey) + printf("%02x ", It); + + printf("\n"); + // Detach a thread to handle the connection. std::thread thread([&] { diff --git a/csgo-loader/csgo-server/Networking/TCPServer.hpp b/csgo-loader/csgo-server/Networking/TCPServer.hpp index 092254d..31beec8 100644 --- a/csgo-loader/csgo-server/Networking/TCPServer.hpp +++ b/csgo-loader/csgo-server/Networking/TCPServer.hpp @@ -29,7 +29,7 @@ namespace Networking TCPConnection(SOCKET Connection, const char *IpAddress, Wrapper::Encryption &RSA) : m_Encryption(RSA), m_Socket(Connection), m_IpAddress(IpAddress) { - printf("[ => ] %s connected!\n", IpAddress); + printf("[ => ] connected\n"); } // Release the connection once it goes out of scope. diff --git a/csgo-loader/csgo-server/Security/Encryption.cpp b/csgo-loader/csgo-server/Security/Encryption.cpp index dc6ef84..b79a1c3 100644 --- a/csgo-loader/csgo-server/Security/Encryption.cpp +++ b/csgo-loader/csgo-server/Security/Encryption.cpp @@ -614,11 +614,7 @@ namespace Wrapper // Encrypt outgoing data. ByteArray Encrypted; - #ifdef DEBUG - Encrypted = Data; - #else Aes256::encrypt(m_EncryptionKey, Data, Encrypted); - #endif return Encrypted; } @@ -628,11 +624,7 @@ namespace Wrapper // Decrypt incoming data. ByteArray Decrypted; - #ifdef DEBUG - Decrypted = Data; - #else Aes256::decrypt(m_EncryptionKey, Data, Decrypted); - #endif return Decrypted; } diff --git a/csgo-loader/csgo-server/Server.cpp b/csgo-loader/csgo-server/Server.cpp index 3b6bdea..c475542 100644 --- a/csgo-loader/csgo-server/Server.cpp +++ b/csgo-loader/csgo-server/Server.cpp @@ -1,8 +1,14 @@ #include -void ConnectionHandler(Networking::TCPConnection &) +void ConnectionHandler(Networking::TCPConnection &Connection) { + ByteArray Bytes = Connection.ReceiveBytes(); + for(auto &It : Bytes) + printf("%02x ", It); + printf("\n"); + + Connection.SendBytes(Bytes); } int __stdcall WinMain(HINSTANCE, HINSTANCE, char*, int) @@ -14,13 +20,13 @@ int __stdcall WinMain(HINSTANCE, HINSTANCE, char*, int) // Create an instance of the TCP server. Networking::TCPServer Server; + // Attach our connection handler. + Server += ConnectionHandler; + bool Result = Server.Start(SERVER_PORT); if(Result) { - // Attach our connection handler. - Server += ConnectionHandler; - // Accept any incoming connections. for(;;) Server.AcceptConnection(); -- cgit v1.2.3