SporeMods: fix mod by not using a custom OpenSSL version

Rosalie241 · Nov 7, 2024 · 631c20b · 631c20b
1 parent 510bab3
commit 631c20b
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 142 deletions.
diff --git a/SporeMods/SporeServer/OpenSSL.cpp → SporeMods/SporeServer/Network.cpp b/SporeMods/SporeServer/OpenSSL.cpp → SporeMods/SporeServer/Network.cpp
@@ -7,22 +7,17 @@
 //  You should have received a copy of the GNU Affero General Public License
 //  along with this program. If not, see <https://www.gnu.org/licenses/>.
 //
-// dllmain.cpp : Defines the entry point for the DLL application.
 
 //
 // Includes
 // 
 
 #include "stdafx.h"
-#include "OpenSSL.hpp"
+#include "Network.hpp"
 
 // needed for connect
 #include <WinSock2.h>
 
-// needed for SSL_connect, SSL_read, SSL_write
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
 // needed for mutex lock
 #include <mutex>
 
@@ -40,13 +35,9 @@
 // Global variables
 //
 
-static SSL*         OpenSSL_SSL = nullptr;
-static SSL_CTX*     OpenSSL_CTX = nullptr;
-static std::mutex   OpenSSL_MTX;
-static int          OpenSSL_ThreadId = -1;
-static bool         SporeServerPortOverride = false;
-static uint16_t     SporeServerPort;
-static bool         SporeServerSslVerification = true;
+static bool     SporeServerPortOverride = false;
+static uint16_t SporeServerPort;
+static bool     SporeServerSslVerification = true;
 
 //
 // Detour functions
@@ -65,104 +56,23 @@ static int WINAPI connect_detour(SOCKET s, const sockaddr* name, int namelen)
         ((sockaddr_in*)name)->sin_port = htons(SporeServerPort);
     }
 
-    int ret = connect_real(s, name, namelen);
-
-    // we don't need openssl things
-    // when it can't connect or if it's HTTP
-    if (ret != 0 || !https)
-    {
-        return ret;
-    }
-
-    // does the game use this function?
-    if (SSL_set_fd(OpenSSL_SSL, s) != 1)
-    {
-        return -1;
-    }
-
-    return 0;
+    return connect_real(s, name, namelen);
 }
 
-static int (WINAPI* closesocket_real)(SOCKET) = closesocket;
-static int WINAPI closesocket_detour(SOCKET s)
+static_detour(SSL_CTX_set_verify, void(void*, int, void*))
 {
-    // unlock the mutex here,
-    // the game always calls closesocket
-    if (OpenSSL_ThreadId == GetCurrentThreadId())
-    {
-        OpenSSL_ThreadId = -1;
-        OpenSSL_MTX.unlock();
-    }
-
-    return closesocket_real(s);
-}
-
-static_detour(SSLCtxNewDetour, void* (void*)) {
-    void* detoured(void* meth)
-    {
-        OpenSSL_CTX = SSL_CTX_new(TLS_method());
-        if (OpenSSL_CTX == nullptr)
-        {
-            return nullptr;
-        }
-
-        return original_function(meth);
-    }
-};
-
-static_detour(SSLNewDetour, void* (void*)) {
-    void* detoured(void* ssl_ctx)
-    {
-        // TODO, figure out what kinda locking the game uses
-        OpenSSL_MTX.lock();
-        OpenSSL_ThreadId = GetCurrentThreadId();
-
-        OpenSSL_SSL = SSL_new(OpenSSL_CTX);
-        if (OpenSSL_SSL == nullptr)
-        {
-            return nullptr;
-        }
-
-        return original_function(ssl_ctx);
-    }
-};
-
-static_detour(SSLClearDetour, int(void*)) {
-    int detoured(void* ssl)
-    {
-        if (SSL_clear(OpenSSL_SSL) != 1)
-        {
-            return 0;
-        }
-
-        return original_function(ssl);
-    }
-};
-
-static_detour(SSLConnectDetour, int(void*)) {
-    int detoured(void* ssl)
-    {
-        return SSL_connect(OpenSSL_SSL);
-    }
-};
-
-static_detour(SSLReadDetour, int(void*, void*, int)) {
-    int detoured(void* ssl, void* buffer, int num)
-    {
-        return SSL_read(OpenSSL_SSL, buffer, num);
-    }
-};
-
-
-static_detour(SSLWriteDetour, int(void*, const void*, int)) {
-    int detoured(void* ssl, const void* buffer, int num)
+    void detoured(void* ssl, int mode, void* callback)
     {
-        return SSL_write(OpenSSL_SSL, buffer, num);
+        // force SSL_VERIFY_NONE to disable verifying CA chain,
+        // this isn't that insecure because we force a hash match
+        // in NetSSLVerifyConnection anyways
+        // TODO: figure out how Spore sets the CA certificates
+        return original_function(ssl, 0x00, callback);
     }
 };
 
-static_detour(GameValidateCertificate, int(int, char*)) {
-    int detoured(int arg1, char* servername)
+static_detour(NetSSLVerifyConnection, int(void*, char*)) {
+    int detoured(void* ssl, char* servername)
     {
         // return success when verification is disabled
         if (!SporeServerSslVerification)
@@ -185,14 +95,16 @@ static_detour(GameValidateCertificate, int(int, char*)) {
         BOOL ret = false;
 
         // retrieve current certificate
-        X509* x509_cert = SSL_get_peer_certificate(OpenSSL_SSL);
+        // X509* x509_cert = SSL_get_peer_certificate(ssl);
+        void* x509_cert = STATIC_CALL(Address(ModAPI::ChooseAddress(0x0117db60, 0x0117b3e0)), void*, void*, ssl);
         if (x509_cert == nullptr)
         {
             goto out;
         }
 
         // extract encoded x509
-        x509_cert_len = i2d_X509(x509_cert, &x509_cert_buf);
+        // x509_cert_len = i2d_X509(x509_cert, &x509_cert_buf);
+        x509_cert_len = STATIC_CALL(Address(ModAPI::ChooseAddress(0x0117f700, 0x0117cf80)), int, Args(void*, unsigned char**), Args(x509_cert, &x509_cert_buf));
         if (x509_cert_len < 0)
         {
             goto out;
@@ -227,16 +139,18 @@ static_detour(GameValidateCertificate, int(int, char*)) {
         BYTE ignoredCertsHashes[][20] =
         {
             { // pollinator.spore.com
-                0xc8, 0xb2, 0x8f, 0xb, 0xd6,
-                0x63, 0x2, 0x1d, 0x9b, 0x9c,
-                0x36, 0x98, 0x82, 0xc, 0x76,
-                0x74, 0xc7, 0xa7, 0x15, 0xb3
+                0x26, 0x95, 0x77, 0x65,
+                0x5C, 0xDD, 0x70, 0x98,
+                0x74, 0x29, 0x72, 0x47,
+                0x99, 0xFB, 0xFF, 0x57,
+                0x38, 0xC7, 0x88, 0x74
             },
             { // community.spore.com
-                0xe6, 0xc8, 0x63, 0xf8, 0x55,
-                0xf1, 0xc3, 0x7b, 0x9b, 0x34,
-                0x78, 0xe6, 0xed, 0xaa, 0x85,
-                0x36, 0xb, 0x7, 0xf1, 0xc4
+                0xA9, 0x9B, 0xE0, 0xF2,
+                0xED, 0xC0, 0x7D, 0xA0,
+                0x7D, 0x9B, 0xC0, 0x84,
+                0x20, 0xC6, 0x3D, 0xF0,
+                0x3B, 0xD6, 0x9C, 0xC2
             }
         };
 
@@ -285,7 +199,8 @@ static_detour(GameValidateCertificate, int(int, char*)) {
     out:
         if (x509_cert != nullptr)
         {
-            X509_free(x509_cert);
+            // X509_free(x509_cert);
+            STATIC_CALL(Address(ModAPI::ChooseAddress(0x0117f730, 0x0117cfb0)), void, void*, x509_cert);
         }
         if (cert_ctx != nullptr)
         {
@@ -320,7 +235,7 @@ static_detour(GameUseHttpDetour, bool(unsigned int, unsigned int, char*)) {
 // Exported Functions
 //
 
-void OpenSSL::Initialize(void)
+void Network::Initialize(void)
 {
     if (Configuration::GetBoolValue(Configuration::Key::OverridePort))
     {
@@ -343,17 +258,11 @@ void OpenSSL::Initialize(void)
     SporeServerSslVerification = Configuration::GetBoolValue(Configuration::Key::SSLVerification);
 }
 
-void OpenSSL::AttachDetours(void)
+void Network::AttachDetours(void)
 {
-    SSLCtxNewDetour::attach(Address(ModAPI::ChooseAddress(0x0117f200, 0x0117ca80)));
-    SSLNewDetour::attach(Address(ModAPI::ChooseAddress(0x0117ed00, 0x0117c580)));
-    SSLClearDetour::attach(Address(ModAPI::ChooseAddress(0x0117ebe0, 0x0117c460)));
-    SSLConnectDetour::attach(Address(ModAPI::ChooseAddress(0x0117f5d0, 0x0117ce50)));
-    SSLReadDetour::attach(Address(ModAPI::ChooseAddress(0x0117dbb0, 0x0117b430)));
-    SSLWriteDetour::attach(Address(ModAPI::ChooseAddress(0x0117dc40, 0x0117b4c0)));
-    GameValidateCertificate::attach(Address(ModAPI::ChooseAddress(0x0094f080, 0x0094eb60)));
+    SSL_CTX_set_verify::attach(Address(ModAPI::ChooseAddress(0x0117e2b0, 0x0117bb30)));
+    NetSSLVerifyConnection::attach(Address(ModAPI::ChooseAddress(0x0094f080, 0x0094eb60)));
     GameUseHttpsDetour::attach(Address(ModAPI::ChooseAddress(0x00621740, 0x006216e0)));
     GameUseHttpDetour::attach(Address(ModAPI::ChooseAddress(0x00621800, 0x006217a0)));
     DetourAttach(&(PVOID&)connect_real, connect_detour);
-    DetourAttach(&(PVOID&)closesocket_real, closesocket_detour);
 }
diff --git a/SporeMods/SporeServer/OpenSSL.hpp → SporeMods/SporeServer/Network.hpp b/SporeMods/SporeServer/OpenSSL.hpp → SporeMods/SporeServer/Network.hpp
@@ -7,14 +7,14 @@
 //  You should have received a copy of the GNU Affero General Public License
 //  along with this program. If not, see <https://www.gnu.org/licenses/>.
 //
-#ifndef SPORENEWOPENSSL_HPP
-#define SPORENEWOPENSSL_HPP
+#ifndef SPORENETWORK_HPP
+#define SPORENETWORK_HPP
 
-namespace OpenSSL
+namespace Network
 {
     void Initialize(void);
 
     void AttachDetours(void);
 }
 
-#endif // SPORENEWOPENSSL_HPP
+#endif // SPORENETWORK_HPP
diff --git a/SporeMods/SporeServer/RedirectTraffic.cpp b/SporeMods/SporeServer/RedirectTraffic.cpp
@@ -7,7 +7,6 @@
 //  You should have received a copy of the GNU Affero General Public License
 //  along with this program. If not, see <https://www.gnu.org/licenses/>.
 //
-// dllmain.cpp : Defines the entry point for the DLL application.
 
 //
 // Includes

diff --git a/SporeMods/SporeServer/SporeServer.vcxproj b/SporeMods/SporeServer/SporeServer.vcxproj
@@ -44,7 +44,7 @@
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <LinkIncremental>true</LinkIncremental>
-    <IncludePath>C:\Program Files %28x86%29\OpenSSL-Win32\include;$(SporeSdkPath)Spore ModAPI;$(SporeSdkPath)EASTL-3.02.01\test\packages\EABase\include\Common;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAAssert\include;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAStdC\include;$(SporeSdkPath)EASTL-3.02.01\include;$(SporeSdkPath)Detours\include\;$(DXSDK_DIR)Include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SporeSdkPath)Spore ModAPI;$(SporeSdkPath)EASTL-3.02.01\test\packages\EABase\include\Common;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAAssert\include;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAStdC\include;$(SporeSdkPath)EASTL-3.02.01\include;$(SporeSdkPath)Detours\include\;$(DXSDK_DIR)Include;$(IncludePath)</IncludePath>
     <LibraryPath>C:\Program Files %28x86%29\OpenSSL-Win32\lib\VC\static;$(DXSDK_DIR)Lib\x86;$(SporeSdkPath)dll\$(Configuration);$(SporeSdkPath)Detours\lib.X86;$(SporeSdkPath)lib\Debug;$(SporeSdkPath)dll\Debug;$(LibraryPath)</LibraryPath>
     <TargetName>$(ProjectName)</TargetName>
     <OutDir>Bin\$(Configuration)\</OutDir>
@@ -55,7 +55,7 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <LinkIncremental>false</LinkIncremental>
-    <IncludePath>C:\Program Files %28x86%29\OpenSSL-Win32\include;$(SporeSdkPath)Spore ModAPI;$(SporeSdkPath)EASTL-3.02.01\test\packages\EABase\include\Common;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAAssert\include;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAStdC\include;$(SporeSdkPath)EASTL-3.02.01\include;$(SporeSdkPath)Detours\include\;$(DXSDK_DIR)Include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SporeSdkPath)Spore ModAPI;$(SporeSdkPath)EASTL-3.02.01\test\packages\EABase\include\Common;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAAssert\include;$(SporeSdkPath)EASTL-3.02.01\test\packages\EAStdC\include;$(SporeSdkPath)EASTL-3.02.01\include;$(SporeSdkPath)Detours\include\;$(DXSDK_DIR)Include;$(IncludePath)</IncludePath>
     <LibraryPath>C:\Program Files %28x86%29\OpenSSL-Win32\lib\VC\static;$(DXSDK_DIR)Lib\x86;$(SporeSdkPath)dll\$(Configuration);$(SporeSdkPath)Detours\lib.X86;$(SporeSdkPath)lib\Release;$(SporeSdkPath)dll\Release;$(LibraryPath)</LibraryPath>
     <TargetName>$(ProjectName)</TargetName>
     <OutDir>Bin\$(Configuration)\</OutDir>
@@ -77,7 +77,7 @@
     <Link>
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>detours.lib;SporeModAPIBase.lib;SporeModAPI.lib;libssl32MT.lib;libcrypto32MT.lib;crypt32.lib;ws2_32.lib;wsock32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>detours.lib;SporeModAPIBase.lib;SporeModAPI.lib;crypt32.lib;ws2_32.lib;wsock32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PreBuildEvent>
       <Command>if NOT EXIST "$(SporeSdkPath)dll\$(Configuration)\SporeModAPI.lib" (
@@ -102,7 +102,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
-      <AdditionalDependencies>detours.lib;SporeModAPIBase.lib;SporeModAPI.lib;libssl32MT.lib;libcrypto32MT.lib;crypt32.lib;ws2_32.lib;wsock32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>detours.lib;SporeModAPIBase.lib;SporeModAPI.lib;crypt32.lib;ws2_32.lib;wsock32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PreBuildEvent>
       <Command>if NOT EXIST "$(SporeSdkPath)dll\$(Configuration)\SporeModAPI.lib" (
@@ -112,7 +112,7 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClInclude Include="Configuration.hpp" />
-    <ClInclude Include="OpenSSL.hpp" />
+    <ClInclude Include="Network.hpp" />
     <ClInclude Include="RedirectTraffic.hpp" />
     <ClInclude Include="stdafx.h" />
     <ClInclude Include="targetver.h" />
@@ -127,7 +127,7 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
       </PrecompiledHeader>
     </ClCompile>
-    <ClCompile Include="OpenSSL.cpp" />
+    <ClCompile Include="Network.cpp" />
     <ClCompile Include="RedirectTraffic.cpp" />
     <ClCompile Include="stdafx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>

diff --git a/SporeMods/SporeServer/SporeServer.vcxproj.filters b/SporeMods/SporeServer/SporeServer.vcxproj.filters
@@ -4,7 +4,7 @@
     <ClCompile Include="dllmain.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="OpenSSL.cpp">
+    <ClCompile Include="Network.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="RedirectTraffic.cpp">
@@ -21,7 +21,7 @@
     <ClInclude Include="stdafx.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="OpenSSL.hpp">
+    <ClInclude Include="Network.hpp">
       <Filter>Header Files</Filter>
     </ClInclude>
     <ClInclude Include="RedirectTraffic.hpp">

diff --git a/SporeMods/SporeServer/dllmain.cpp b/SporeMods/SporeServer/dllmain.cpp
@@ -16,7 +16,7 @@
 #include "stdafx.h"
 
 #include "Configuration.hpp"
-#include "OpenSSL.hpp"
+#include "Network.hpp"
 #include "RedirectTraffic.hpp"
 
 //
@@ -30,7 +30,7 @@ void Initialize()
         MessageBoxA(nullptr, "Configuration::Initialize() Failed!", "SporeServer", MB_OK | MB_ICONERROR);
         return;
     }
-    OpenSSL::Initialize();
+    Network::Initialize();
     RedirectTraffic::Initialize();
 }
 
@@ -40,7 +40,7 @@ void Dispose()
 
 void AttachDetours()
 {
-    OpenSSL::AttachDetours();
+    Network::AttachDetours();
     RedirectTraffic::AttachDetours();
 }
 

diff --git a/SporeServer/appsettings.json b/SporeServer/appsettings.json
@@ -9,7 +9,7 @@
   },
   "AllowedHosts": "*",
   "ConnectionStrings": {
-    "SporeServerContextConnection": "server=localhost;user=root;password=example;database=SporeServer"
+    "SporeServerContextConnection": "server=localhost;user=root;password=password;database=SporeServer"
   },
   "AppSettings": {
     "EnableHTTPLogging": "0"