From 77b52da44b263df4884be2f35f885d8edccbb6fa Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 19 Dec 2018 00:13:24 +1300 Subject: added new loader project :) merry christmas --- csgo-loader/csgo-server/Login/RemoteLogin.cpp | 51 ++++++++++++++++++++++ csgo-loader/csgo-server/Login/RemoteLogin.hpp | 61 +++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 csgo-loader/csgo-server/Login/RemoteLogin.cpp create mode 100644 csgo-loader/csgo-server/Login/RemoteLogin.hpp (limited to 'csgo-loader/csgo-server/Login') diff --git a/csgo-loader/csgo-server/Login/RemoteLogin.cpp b/csgo-loader/csgo-server/Login/RemoteLogin.cpp new file mode 100644 index 0000000..880c072 --- /dev/null +++ b/csgo-loader/csgo-server/Login/RemoteLogin.cpp @@ -0,0 +1,51 @@ +#include + +#define EXPECTED_CLIENT_HEADER 0xDEADBEEF + +namespace Login { + bool RemoteLoginServer::Start(ByteArray &RawLoginHeader) { + if(RawLoginHeader.empty()) + return false; + + // Epic direct casts :---DDDD + m_Header = *reinterpret_cast(&RawLoginHeader[0]); + return true; + } + + RemoteLoginResponse RemoteLoginServer::GetLoginResponse() { + // The header seems to be wrong, tell the client to update. + if(m_Header.m_ClientHeader != EXPECTED_CLIENT_HEADER) + return RemoteLoginResponse::OUTDATED_CLIENT; + + // TODO: Check login, HWID, bans with websockets. + + // User failed to obtain HWID? + if(!m_Header.m_HardwareId) { + // TODO: Shadow ban the user. + + //return RemoteLoginResponse::INVALID_HARDWARE; + } + + // Checksum validation. + uint8_t Checksum = m_Header.m_IntegrityBit1 + | m_Header.m_IntegrityBit2 + | m_Header.m_IntegrityBit3; + + if(Checksum || Checksum != m_Header.m_IntegrityBit4) { + // TODO: Shadow ban the user. + return RemoteLoginResponse::INTEGRITY_FAILURE; + } + + // Assume that they are authorised to use the cheat. + return RemoteLoginResponse::ACCESS_SPECIAL_USER; + } + + ByteArray RemoteLoginServer::GetResponse() { + // The way the server handles data transmission is homosexual. + // That is the only reason this autism is here. + ByteArray Response; + Response.push_back(GetLoginResponse()); + + return Response; + } +} \ No newline at end of file diff --git a/csgo-loader/csgo-server/Login/RemoteLogin.hpp b/csgo-loader/csgo-server/Login/RemoteLogin.hpp new file mode 100644 index 0000000..36b7252 --- /dev/null +++ b/csgo-loader/csgo-server/Login/RemoteLogin.hpp @@ -0,0 +1,61 @@ +#pragma once + +#include +#include +#include + +using ByteArray = std::vector; + +namespace Login { + // Login header that is sent over to the server + struct RemoteLoginHeader { + // The first four bytes are encoded by the client. + // This will carry the client version which can be checked. + uint32_t m_ClientHeader; + + // The username is raw text. + // TODO: Hash the password client-side. + char m_Username[128]; + char m_Password[128]; + + // This will provide the hardware ID of the machine. + uint32_t m_HardwareId; + + // These fields will be set according + // to security check results. + uint8_t m_IntegrityBit1; // Detour detected on NTDLL function + uint8_t m_IntegrityBit2; // Detour detected on dummy function + uint8_t m_IntegrityBit3; // Virtual machine/Debugger detected + uint8_t m_IntegrityBit4; // m_IntegrityBit1 | m_IntegrityBit2 | m_IntegrityBit3 (checksum) + }; + + // Possible server responses + // The hardware ID is encoded (XORed with the message ID) within the message for + // shadow ban/forum ban purposes. :) + enum RemoteLoginResponse : uint8_t { + OUTDATED_CLIENT = 'A', // '[000A:{HWID}] Your client is outdated. Please download the latest client at 'moneybot.cc'.' + ACCESS_AUTHORISED = 'B', // Allows the user to continue with injection. + INVALID_CREDENTIALS = 'C', // '[000C:{HWID}] Your credentials are invalid. Please check your spelling and try again.' + USER_BANNED = 'D', // '[000D:{HWID}] Your account is banned. Please contact 'admin@moneybot.cc' for additional information.' + INVALID_HARDWARE = 'E', // '[000E:{HWID}] Please contact an administrator to request a hardware ID reset.' + INTEGRITY_FAILURE = 'F', // '[000F:{HWID}] Failed to verify session. Please contact an administrator.' AKA the 'shadow ban', blacklists user from loader but not from forums. + NO_SUBSCRIPTION = 'G', // '[000G:{HWID}] No active subscription.' + ACCESS_SPECIAL_USER = 'H', // Allows the user to continue, sets the m_SpecialAccess var + }; + // Implementation of the server (handles login bullshit). + class RemoteLoginServer { + RemoteLoginHeader m_Header; + + // Polls the server for data, responds with whether or not the client + // is allowed to use the cheat. + RemoteLoginResponse GetLoginResponse(); + + public: + // Initialises the login header. + bool Start(ByteArray &RawLoginHeader); + + ByteArray GetResponse(); + + // TODO: Implement shadow banning based on IP and HWID. + }; +} \ No newline at end of file -- cgit v1.2.3