updated bypass

4 years ago · f6fb83dff7
parent 08b972db53
commit f6fb83dff7
12 changed files with 87 additions and 25 deletions
--- a/anticheat/libtersafe.idb
+++ b/anticheat/libtersafe.idb
--- a/ligma-cheat/ligma-cheat/SDK/il2cpp/il2cpp.h
+++ b/ligma-cheat/ligma-cheat/SDK/il2cpp/il2cpp.h
@ -11,6 +11,6 @@
 #include <vector>

 namespace il2cpp {
-bool attach(const char *libname = "libil2cpp.so");
-std::uintptr_t il2cpp_base();
+	bool attach(const char *libname = "libil2cpp.so");
+	std::uintptr_t il2cpp_base();
 }; // namespace il2cpp
--- a/ligma-cheat/ligma-cheat/SDK/il2cpp/il2cpp_type.h
+++ b/ligma-cheat/ligma-cheat/SDK/il2cpp/il2cpp_type.h
@ -1,5 +1,10 @@
 #pragma once
 #include <math.h>
+#include <cstddef>
+#include <cstdint>
+#include <string.h>
+#include <wchar.h>
+#include <malloc.h>

 struct virt_invoke_data {
  std::uintptr_t method_ptr;
@ -97,17 +102,17 @@ struct il2cpp_string {
  int32_t length;
  wchar_t start_char;

-  static il2cpp_string *newString(const wchar_t *string) {
+  static il2cpp_string *new_string(const wchar_t *string) {
    const auto result = reinterpret_cast<il2cpp_string *>(malloc(
-        sizeof(il2cpp_string) + (std::wcslen(string) * sizeof(wchar_t))));
-    memcpy(&result->start_char, string, std::wcslen(string) * sizeof(wchar_t));
+        sizeof(il2cpp_string) + (wcslen(string) * sizeof(wchar_t))));
+    memcpy(&result->start_char, string, wcslen(string) * sizeof(wchar_t));
    return result;
  }

-  static il2cpp_string *newString(const char *string) {
+  static il2cpp_string *new_string(const char *string) {
    const auto result = reinterpret_cast<il2cpp_string *>(
-        malloc(sizeof(il2cpp_string) + (std::strlen(string))));
-    memcpy(&result->start_char, string, std::strlen(string));
+        malloc(sizeof(il2cpp_string) + (strlen(string))));
+    memcpy(&result->start_char, string, strlen(string));
    return result;
  }

--- a/ligma-cheat/ligma-cheat/bypass/bypass.cpp
+++ b/ligma-cheat/ligma-cheat/bypass/bypass.cpp
@ -21,25 +21,37 @@ namespace ligma
 				[&](std::uintptr_t module_base, void* module_handle) -> bool 
 				{
 					LOGI("libtersafe.so -> %p, module_handle -> %p", module_base, module_handle);
-
-					// all imports just return null now....
-					ligma::hook::dlsym_hook({ module_handle, "^.*" }, &null_sub);
 					return false;
 				}
 			);
-
 			fopen_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "fopen");
 			system_prop_get = dlsym(dlopen("libc.so", RTLD_NOLOAD), "__system_property_get");
+			strcat_ptr = dlsym(dlopen("libc.so", RTLD_NOLOAD), "strcat");

-			ligma::hook::make_hook(fopen_ptr, reinterpret_cast<void*>(&fopen_hook));
-			ligma::hook::make_hook(system_prop_get, reinterpret_cast<void*>(&system_property_hook));
+			ligma::hook::make_hook(strcat_ptr, &strcat_hook);
+			ligma::hook::make_hook(fopen_ptr, &fopen_hook);
+			ligma::hook::make_hook(system_prop_get, &system_property_hook);
 		}

-		__attribute__((noinline))
-		int null_sub()
+		char* strcat_hook(char* destination, const char* source)
 		{
-			LOGI("null_sub called, return -> null....");
-			return NULL;
+			if (!destination || !source)
+				return NULL;
+
+			if (!strncmp(destination, "retval=1", strlen("retval=1")))
+			{
+				destination[strlen("retval=1") - 1] = '0';
+				memset(destination + strlen("retval=1"), NULL, strlen("|emulator_name="));
+				LOGI("destination string after -> %s", destination);
+				return destination;
+			}
+
+			strcat_mutex.lock();
+			ligma::hook::disable(strcat_ptr);
+			const auto result = std::strcat(destination, source);
+			ligma::hook::enable(strcat_ptr);
+			strcat_mutex.unlock();
+			return result;
 		}

 		//
--- a/ligma-cheat/ligma-cheat/bypass/bypass.h
+++ b/ligma-cheat/ligma-cheat/bypass/bypass.h
@ -14,12 +14,14 @@ namespace ligma
 	{
 		inline void* fopen_ptr = nullptr;
 		inline void* system_prop_get = nullptr;
+		inline void* strcat_ptr = nullptr;

 		inline std::mutex fopen_mutex; 
 		inline std::mutex system_prop_mutex;
+		inline std::mutex strcat_mutex;

 		void init(const std::function<bool(std::uintptr_t, void*)>& callback);
-		int null_sub();
+		char* strcat_hook(char* destination, const char* source);
 		FILE* fopen_hook(const char* path, const char* mode);
 		int system_property_hook(const char* name, char* value);
 		int load_bufferx_hook(void* L, const char* buff, size_t sz, const char* name, const char* mode);
--- a/ligma-cheat/ligma-cheat/hooks/dlsym_hook.cpp
+++ b/ligma-cheat/ligma-cheat/hooks/dlsym_hook.cpp
@ -15,8 +15,7 @@ namespace ligma
 		{
 			dlsym_mutex.lock();
 			ligma::hook::disable(dlsym_ptr);
-			const auto result =
-				reinterpret_cast<decltype(&dlsym_bypass)>(dlsym_ptr)(handle, symbol);
+			const auto result = reinterpret_cast<decltype(&dlsym_bypass)>(dlsym_ptr)(handle, symbol);
 			ligma::hook::enable(dlsym_ptr);
 			dlsym_mutex.unlock();
 			return result;
@ -25,8 +24,9 @@ namespace ligma
 		__attribute__((noinline))
 		void* dlsym_handler(void* handle, const char* symbol)
 		{
+			LOGI("dlsym called... handle -> %p, symbol -> %s", handle, symbol);
 			for (const auto& [map_handle, function_ptr] : *get_dlsym_hooks())
-				if (map_handle.first == handle)
+				if (!map_handle.first || map_handle.first == handle)
 					if(std::regex_match(symbol, std::regex(map_handle.second.data())))
 						return function_ptr;

--- a/ligma-cheat/ligma-cheat/hooks/dlsym_hook.h
+++ b/ligma-cheat/ligma-cheat/hooks/dlsym_hook.h
@ -27,7 +27,7 @@ namespace ligma
 			static std::once_flag once;
 			std::call_once(once, [&]() 
 			{
-				make_hook((dlsym_ptr = dlsym(dlopen("libdl.so", RTLD_NOLOAD), "dlsym")), &dlsym_handler);
+				make_hook((dlsym_ptr = dlsym(dlopen("libdl.so", RTLD_NOW), "dlsym")), &dlsym_handler);
 				make_hook(&dlsym, &dlsym_bypass);
 			});

--- a/ligma-cheat/ligma-cheat/hooks/shithook.h
+++ b/ligma-cheat/ligma-cheat/hooks/shithook.h
@ -56,7 +56,7 @@ namespace ligma
 		std::map<void*, std::unique_ptr<detour>>* get_hooks();

 		template <class T, class U>
-		void make_hook(T* addr_to_hook, U* jmp_to_addr, bool enable = true)
+		void make_hook(T addr_to_hook, U* jmp_to_addr, bool enable = true)
 		{
 			if (!addr_to_hook || !jmp_to_addr)
 				return;
--- a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
+++ b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj
@ -39,6 +39,7 @@
    <ClCompile Include="hooks\dlsym_hook.cpp" />
    <ClCompile Include="hooks\shithook.cpp" />
    <ClCompile Include="main.cpp" />
+    <ClCompile Include="SDK\il2cpp\il2cpp.cpp" />
    <ClCompile Include="utils\utils.cpp" />
  </ItemGroup>
  <ItemGroup>
@ -46,6 +47,8 @@
    <ClInclude Include="hooks\dlsym_hook.h" />
    <ClInclude Include="hooks\shithook.h" />
    <ClInclude Include="ligma.h" />
+    <ClInclude Include="SDK\il2cpp\il2cpp.h" />
+    <ClInclude Include="SDK\il2cpp\il2cpp_type.h" />
    <ClInclude Include="utils\utils.h" />
  </ItemGroup>
  <PropertyGroup Label="Globals">
--- a/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters
+++ b/ligma-cheat/ligma-cheat/ligma-cheat.vcxproj.filters
@ -25,6 +25,9 @@
    <Filter Include="source\hooks">
      <UniqueIdentifier>{f084f5b1-c94a-4e1b-ac6d-6fdeecb34ba4}</UniqueIdentifier>
    </Filter>
+    <Filter Include="headers\SDK">
+      <UniqueIdentifier>{41f37979-a1df-4b59-bf4d-23f51411f4c1}</UniqueIdentifier>
+    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="main.cpp">
@ -42,6 +45,9 @@
    <ClCompile Include="hooks\shithook.cpp">
      <Filter>source\hooks</Filter>
    </ClCompile>
+    <ClCompile Include="SDK\il2cpp\il2cpp.cpp">
+      <Filter>headers\SDK</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="bypass\bypass.h">
@ -59,5 +65,11 @@
    <ClInclude Include="hooks\dlsym_hook.h">
      <Filter>headers\hooks</Filter>
    </ClInclude>
+    <ClInclude Include="SDK\il2cpp\il2cpp.h">
+      <Filter>headers\SDK</Filter>
+    </ClInclude>
+    <ClInclude Include="SDK\il2cpp\il2cpp_type.h">
+      <Filter>headers\SDK</Filter>
+    </ClInclude>
  </ItemGroup>
 </Project>
--- a/ligma-cheat/ligma-cheat/main.cpp
+++ b/ligma-cheat/ligma-cheat/main.cpp
@ -1,4 +1,27 @@
 #include "bypass/bypass.h"
+#include "SDK/assembly-csharp.dll/gameshop.h"
+
+__attribute__((noinline))
+bool is_free(gameshop::codmshopitem* item)
+{
+	LOGI("=============== is item free called! =============");
+	LOGI("item -> %p", item);
+	return true;
+}
+
+__attribute__((noinline))
+int get_price()
+{
+	LOGI("get price called!");
+	return NULL;
+}
+
+__attribute__((noinline))
+bool unlock_all()
+{
+	LOGI("unlock all called!");
+	return true;
+}

 __attribute__((constructor))
 void init()
@ -6,6 +29,10 @@ void init()
 	ligma::bypass::init([&](std::uintptr_t il2cpp_base, void* module_handle) -> bool
 	{
 		LOGI("il2cpp base address = %p, module_handle = %p", il2cpp_base, module_handle);
+		ligma::hook::make_hook(il2cpp_base + 0x294D198, &is_free);
+		ligma::hook::make_hook(il2cpp_base + 0x294C77C, &get_price);
+		ligma::hook::make_hook(il2cpp_base + 0x294D7D8, &unlock_all);
+		ligma::hook::make_hook(il2cpp_base + 0x294D574, &unlock_all);
 		return false;
 	});
 }
--- a/ligma-cheat/ligma-cheat/utils/utils.cpp
+++ b/ligma-cheat/ligma-cheat/utils/utils.cpp
@ -29,7 +29,8 @@ namespace ligma
 			dlopen_mutex.lock();
 			ligma::hook::disable(dlopen_ptr);
 			const auto result = dlopen(filename, flags);
-			ligma::hook::enable(dlopen_ptr);
+			if(ligma::utils::get_callbacks()->size())
+				ligma::hook::enable(dlopen_ptr);
 			dlopen_mutex.unlock();

 			for (const auto& [file_key, callback] : *ligma::utils::get_callbacks())