blob: c3ceea321ee3d9b233eb57c7077fc7f03571042b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#pragma once
#include <cstdint>
#include <algorithm>
#include <vector>
using ByteArray = std::vector<uint8_t>;
namespace Login
{
// Login header that is sent over to the server
struct RemoteLoginHeader
{
// The first four bytes are encoded by the client.
// This will carry the client version which can be checked.
uint32_t m_ClientHeader;
// The username is raw text.
// TODO: Hash the password client-side.
char m_Username[128];
char m_Password[128];
// This will provide the hardware ID of the machine.
uint64_t m_HardwareId;
// These fields will be set according
// to security check results.
uint8_t m_IntegrityBit1; // Detour detected on NTDLL function
uint8_t m_IntegrityBit2; // Detour detected on dummy function
uint8_t m_IntegrityBit3; // Virtual machine/Debugger detected
uint8_t m_IntegrityBit4; // m_IntegrityBit1 | m_IntegrityBit2 | m_IntegrityBit3 (checksum)
};
// Possible server responses
// The hardware ID is encoded (XORed with the message ID) within the message for
// shadow ban/forum ban purposes. :)
enum RemoteLoginResponse : uint8_t
{
OUTDATED_CLIENT = 'A', // '[000A:{HWID}] Your client is outdated. Please download the latest client at 'moneybot.cc'.'
ACCESS_AUTHORISED = 'B', // Allows the user to continue with injection.
INVALID_CREDENTIALS = 'C', // '[000C:{HWID}] Your credentials are invalid. Please check your spelling and try again.'
USER_BANNED = 'D', // '[000D:{HWID}] Your account is banned. Please contact 'admin@moneybot.cc' for additional information.'
INVALID_HARDWARE = 'E', // '[000E:{HWID}] Please contact an administrator to request a hardware ID reset.'
INTEGRITY_FAILURE = 'F', // '[000F:{HWID}] Failed to verify session. Please contact an administrator.' AKA the 'shadow ban', blacklists user from loader but not from forums.
NO_SUBSCRIPTION = 'G', // '[000G:{HWID}] No active subscription.'
ACCESS_SPECIAL_USER = 'H', // Allows the user to continue, sets the m_SpecialAccess var
};
// Implementation of the server (handles login bullshit).
class RemoteLoginServer
{
RemoteLoginHeader m_Header;
// Polls the server for data, responds with whether or not the client
// is allowed to use the cheat.
RemoteLoginResponse GetLoginResponse();
public:
// Initialises the login header.
bool Start(ByteArray &RawLoginHeader);
ByteArray GetResponse();
// Expose the header for use with other classes.
RemoteLoginHeader GetHeader() { return m_Header; }
// TODO: Implement shadow banning based on IP and HWID.
};
}
|
