From 8288df1eb38f673a3d96a61e095054106f6ccd33 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Wed, 26 Apr 2023 10:39:40 +0200
Subject: [PATCH 1/4] Smol fix

---
 src/client/game/symbols.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client/game/symbols.hpp b/src/client/game/symbols.hpp
index d6bb03aa..cd3cd129 100644
--- a/src/client/game/symbols.hpp
+++ b/src/client/game/symbols.hpp
@@ -152,7 +152,7 @@ namespace game
 	WEAK symbol<void(bool frontend)> UI_CoD_Init{0x141F29010, 0x1404A0A50};
 	WEAK symbol<void()> UI_CoD_LobbyUI_Init{0x141F2BD80, 0x1404A1F50};
 	WEAK symbol<void()> UI_CoD_Shutdown{0x141F32E10, 0x0};
-	WEAK symbol<void(const char*, const char*, int, game::hks::lua_State*)> UI_AddMenu{0x1427018F0, 0x0};
+	WEAK symbol<void(const char*, const char*, int, hks::lua_State*)> UI_AddMenu{0x1427018F0, 0x0};
 	WEAK symbol<const char*(int)> UI_CoD_GetRootNameForController{0x141F28940, 0x0};
 	WEAK symbol<void(hks::lua_State*, const char*)> Lua_CoD_LoadLuaFile{0x141F11A20, 0x0};
 	WEAK symbol<void(int localClientNum)> CG_LUIHUDRestart{0x140F7E970};

From deead46222736bae6e58a62526c16b2d6c248a60 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Wed, 26 Apr 2023 10:44:35 +0200
Subject: [PATCH 2/4] Sign dummy message

---
 src/client/component/auth.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/client/component/auth.cpp b/src/client/component/auth.cpp
index 91931526..9264d060 100644
--- a/src/client/component/auth.cpp
+++ b/src/client/component/auth.cpp
@@ -106,6 +106,9 @@ namespace auth
 		std::string serialize_connect_data(const char* data, const int length)
 		{
 			utils::byte_buffer buffer{};
+			buffer.write_string(get_key().serialize(PK_PUBLIC));
+			buffer.write_string(utils::cryptography::ecc::sign_message(get_key(), "hello"));
+
 			profile_infos::get_profile_info().value_or(profile_infos::profile_info{}).serialize(buffer);
 
 			buffer.write_string(data, static_cast<size_t>(length));
@@ -210,6 +213,16 @@ namespace auth
 		void dispatch_connect_packet(const game::netadr_t& target, const std::string& data)
 		{
 			utils::byte_buffer buffer(data);
+
+			utils::cryptography::ecc::key key{};
+			key.deserialize(buffer.read_string());
+
+			if (!utils::cryptography::ecc::verify_message(key, "hello", buffer.read_string()))
+			{
+				network::send(target, "error", "Bad signature");
+				return;
+			}
+
 			const profile_infos::profile_info info(buffer);
 
 			const auto connect_data = buffer.read_string();
@@ -224,6 +237,11 @@ namespace auth
 
 			const utils::info_string info_string(params[1]);
 			const auto xuid = strtoull(info_string.get("xuid").data(), nullptr, 16);
+			if (xuid != key.get_hash())
+			{
+				network::send(target, "error", "Bad XUID");
+				return;
+			}
 
 			profile_infos::add_and_distribute_profile_info(target, xuid, info);
 

From 0aebbf4ee2377dc6abc7059299bf6f7adea5ac74 Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Wed, 26 Apr 2023 10:49:15 +0200
Subject: [PATCH 3/4] Add more entropy

---
 src/common/utils/cryptography.cpp | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/common/utils/cryptography.cpp b/src/common/utils/cryptography.cpp
index 824cb9a7..802f8bcf 100644
--- a/src/common/utils/cryptography.cpp
+++ b/src/common/utils/cryptography.cpp
@@ -1,5 +1,8 @@
 #include "string.hpp"
 #include "cryptography.hpp"
+
+#include <random>
+
 #include "nt.hpp"
 #include "finally.hpp"
 
@@ -116,11 +119,17 @@ namespace utils::cryptography
 
 				int i[4]; // uninitialized data
 				auto* i_ptr = &i;
-				this->add_entropy(reinterpret_cast<uint8_t*>(&i), sizeof(i));
-				this->add_entropy(reinterpret_cast<uint8_t*>(&i_ptr), sizeof(i_ptr));
+				this->add_entropy(&i, sizeof(i));
+				this->add_entropy(&i_ptr, sizeof(i_ptr));
 
 				auto t = time(nullptr);
-				this->add_entropy(reinterpret_cast<uint8_t*>(&t), sizeof(t));
+				this->add_entropy(&t, sizeof(t));
+
+				std::random_device rd{};
+				for (auto j = 0; j < 4; ++j) {
+					const auto x = rd();
+					this->add_entropy(&x, sizeof(x));
+				}
 			}
 		};
 

From 928695ea93119d61b0156ebb899dc1db8e68851b Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Sun, 30 Apr 2023 12:59:52 +0200
Subject: [PATCH 4/4] Properly authenticate users

---
 src/client/component/auth.cpp    | 13 +++++++++++--
 src/client/component/network.cpp | 17 +++++++++++------
 src/client/game/structs.hpp      |  2 +-
 3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/src/client/component/auth.cpp b/src/client/component/auth.cpp
index 11494962..2e6cb3e9 100644
--- a/src/client/component/auth.cpp
+++ b/src/client/component/auth.cpp
@@ -109,7 +109,9 @@ namespace auth
 		{
 			utils::byte_buffer buffer{};
 			buffer.write_string(get_key().serialize(PK_PUBLIC));
-			buffer.write_string(utils::cryptography::ecc::sign_message(get_key(), "hello"));
+
+			const std::string challenge(reinterpret_cast<const char*>(0x15A8A7F10_g), 32);
+			buffer.write_string(utils::cryptography::ecc::sign_message(get_key(), challenge));
 
 			profile_infos::get_profile_info().value_or(profile_infos::profile_info{}).serialize(buffer);
 
@@ -219,7 +221,14 @@ namespace auth
 			utils::cryptography::ecc::key key{};
 			key.deserialize(buffer.read_string());
 
-			if (!utils::cryptography::ecc::verify_message(key, "hello", buffer.read_string()))
+			std::string challenge{};
+			challenge.resize(32);
+
+			const auto get_challenge = reinterpret_cast<void(*)(const game::netadr_t*, void*, size_t)>(game::select(
+				0x1412E15E0, 0x14016DDC0));
+			get_challenge(&target, challenge.data(), challenge.size());
+
+			if (!utils::cryptography::ecc::verify_message(key, challenge, buffer.read_string()))
 			{
 				network::send(target, "error", "Bad signature");
 				return;
diff --git a/src/client/component/network.cpp b/src/client/component/network.cpp
index 4371a17a..8b90b78e 100644
--- a/src/client/component/network.cpp
+++ b/src/client/component/network.cpp
@@ -304,28 +304,33 @@ namespace network
 		{
 			scheduler::loop(game::fragment_handler::clean, scheduler::async, 5s);
 
-			utils::hook::nop(game::select(0x1423322B6, 0x140596DF6), 4);
 			// don't increment data pointer to optionally skip socket byte
-			utils::hook::call(game::select(0x142332283, 0x140596DC3), read_socket_byte_stub);
+			utils::hook::nop(game::select(0x1423322B6, 0x140596DF6), 4);
+
 			// optionally read socket byte
-			utils::hook::call(game::select(0x1423322C1, 0x140596E01), verify_checksum_stub);
+			utils::hook::call(game::select(0x142332283, 0x140596DC3), read_socket_byte_stub);
+
 			// skip checksum verification
-			utils::hook::set<uint8_t>(game::select(0x14233249E, 0x140596F2E), 0); // don't add checksum to packet
+			utils::hook::call(game::select(0x1423322C1, 0x140596E01), verify_checksum_stub);
+
+			// don't add checksum to packet
+			utils::hook::set<uint8_t>(game::select(0x14233249E, 0x140596F2E), 0);
 
 			// Recreate NET_SendPacket to increase max packet size
 			//utils::hook::jump(game::select(0x1423323B0, 0x140596E40), net_sendpacket_stub);
 
-			utils::hook::set<uint32_t>(game::select(0x14134C6E0, 0x14018E574), 5);
 			// set initial connection state to challenging
+			utils::hook::set<uint32_t>(game::select(0x14134C6E0, 0x14018E574), 4);
 
 			// intercept command handling
 			utils::hook::call(game::select(0x14134D146, 0x14018EED0), utils::hook::assemble(handle_command_stub));
 
-			utils::hook::set<uint8_t>(game::select(0x14224DEAD, 0x1405315F9), 0xEB);
 			// don't kick clients without dw handle
+			utils::hook::set<uint8_t>(game::select(0x14224DEAD, 0x1405315F9), 0xEB);
 
 			// Skip DW stuff in NetAdr_ToString
 			utils::hook::set<uint8_t>(game::select(0x142172EF2, 0x140515881), 0xEB);
+
 			// NA_IP -> NA_RAWIP in NetAdr_ToString
 			utils::hook::set<uint8_t>(game::select(0x142172ED4, 0x140515864), game::NA_RAWIP);
 
diff --git a/src/client/game/structs.hpp b/src/client/game/structs.hpp
index 2f72549a..883c243b 100644
--- a/src/client/game/structs.hpp
+++ b/src/client/game/structs.hpp
@@ -1,6 +1,6 @@
 #pragma once
 
-#define PROTOCOL 5
+#define PROTOCOL 6
 #define SUB_PROTOCOL 1
 
 #ifdef __cplusplus