fix: #867

Author: SkullzOTS

modules/game_features/features.lua

@@ -5,6 +5,7 @@ controller:registerEvents(g_game, {
         -- g_game.enableFeature(GameSmoothWalkElevation)
         -- g_game.enableFeature(GameNegativeOffset)
         -- g_game.enableFeature(GameWingsAurasEffectsShader)
+        -- g_game.enableFeature(GameAllowCustomBotScripts)
 
         g_game.enableFeature(GameFormatCreatureName)
 

modules/gamelib/const.lua

@@ -200,6 +200,7 @@ GameNegativeOffset = 116
 GameItemTooltipV8 = 117 
 GameWingsAurasEffectsShader = 118
 GameForgeConvergence = 119
+GameAllowCustomBotScripts = 120
 
 TextColors = {
     red = '#f55e5e',    -- '#c83200'

src/client/const.h

@@ -548,6 +548,7 @@ namespace Otc
         GameItemTooltipV8 = 117,
         GameWingsAurasEffectsShader = 118,
         GameForgeConvergence = 119,
+        GameAllowCustomBotScripts = 120,
         LastGameFeature
     };
 

src/client/spritemanager.cpp

@@ -51,7 +51,7 @@ void SpriteManager::load() {
     if (g_app.isLoadingAsyncTexture()) {
         for (auto& file : m_spritesFiles)
             file = std::make_unique<FileStream_m>(g_resources.openFile(m_lastFileName));
-    } else (m_spritesFiles[0] = std::make_unique<FileStream_m>(g_resources.openFile(m_lastFileName)))->file->cache();
+    } else (m_spritesFiles[0] = std::make_unique<FileStream_m>(g_resources.openFile(m_lastFileName)))->file->cache(true);
 }
 
 bool SpriteManager::loadSpr(std::string file)
@@ -63,10 +63,6 @@ bool SpriteManager::loadSpr(std::string file)
         m_lastFileName = g_resources.guessFilePath(file, "spr");
         load();
 
-        if (g_app.isEncrypted()) {
-            ResourceManager::decrypt(getSpriteFile()->m_data.data(), getSpriteFile()->m_data.size());
-        }
-
         m_signature = getSpriteFile()->getU32();
         m_spritesCount = g_game.getFeature(Otc::GameSpritesU32) ? getSpriteFile()->getU32() : getSpriteFile()->getU16();
         m_spritesOffset = getSpriteFile()->tell();
@@ -251,4 +247,4 @@ ImagePtr SpriteManager::getSpriteImage(int id, const FileStreamPtr& file) {
         g_logger.error(stdext::format("Failed to get sprite id %d: %s", id, e.what()));
         return nullptr;
     }
-}
+}

src/client/thingtypemanager.cpp

@@ -82,11 +82,7 @@ bool ThingTypeManager::loadDat(std::string file)
         file = g_resources.guessFilePath(file, "dat");
 
         const auto& fin = g_resources.openFile(file);
-        fin->cache();
-
-#if ENABLE_ENCRYPTION == 1
-        ResourceManager::decrypt(fin->m_data.data(), fin->m_data.size());
-#endif
+        fin->cache(true);
 
         m_datSignature = fin->getU32();
         m_contentRevision = static_cast<uint16_t>(m_datSignature);
@@ -497,4 +493,4 @@ void ThingTypeManager::loadXml(const std::string& file)
 
 #endif
 
-/* vim: set ts=4 sw=4 et: */
+/* vim: set ts=4 sw=4 et: */

src/framework/config.h

@@ -36,6 +36,7 @@
 #define ENABLE_ENCRYPTION_BUILDER 0
 // for security reasons make sure you are using password with at last 100+ characters
 #define ENCRYPTION_PASSWORD "SET_YOUR_PASSWORD_HERE"
+#define ENCRYPTION_HEADER "SET_YOUR_HEADER_HERE"
 
 // DISCORD RPC (https://discord.com/developers/applications)
 // Note: Only for VSSolution, doesn't work with CMAKE

src/framework/core/filestream.cpp

@@ -59,21 +59,36 @@ FileStream::~FileStream()
         close();
 }
 
-void FileStream::cache()
+void FileStream::cache(bool useEnc)
 {
     m_caching = true;
 
     if (!m_writeable) {
         if (!m_fileHandle)
             return;
 
-        // cache entire file into data buffer
+        // Cache entire file into data buffer
         m_pos = PHYSFS_tell(m_fileHandle);
         PHYSFS_seek(m_fileHandle, 0);
         const int size = PHYSFS_fileLength(m_fileHandle);
         m_data.resize(size);
+
         if (PHYSFS_readBytes(m_fileHandle, m_data.data(), size) == -1)
             throwError("unable to read file data", true);
+
+#if ENABLE_ENCRYPTION == 1
+        if (useEnc) {
+            if (m_data.size() >= std::string(ENCRYPTION_HEADER).size() &&
+                std::memcmp(m_data.data(), ENCRYPTION_HEADER, std::string(ENCRYPTION_HEADER).size()) == 0) {
+                m_data.erase(m_data.begin(), m_data.begin() + std::string(ENCRYPTION_HEADER).size());
+            }
+
+            uint8_t* decryptedData = ResourceManager::decrypt(m_data.data(), m_data.size());
+            m_data.resize(size - std::string(ENCRYPTION_HEADER).size());
+            memcpy(m_data.data(), decryptedData, m_data.size());
+            delete[] decryptedData;
+        }
+#endif
         PHYSFS_close(m_fileHandle);
         m_fileHandle = nullptr;
     }
@@ -455,4 +470,4 @@ void FileStream::throwError(const std::string_view message, bool physfsError) co
     if (physfsError)
         completeMessage += ": "s + PHYSFS_getErrorByCode(PHYSFS_getLastErrorCode());
     throw Exception(completeMessage);
-}
+}

src/framework/core/filestream.h

@@ -37,7 +37,7 @@ class FileStream : public std::enable_shared_from_this<FileStream>
     FileStream(std::string name, const std::string_view buffer);
     ~FileStream();
 
-    void cache();
+    void cache(bool useEnc = false);
     void close();
     void flush();
     void write(const void* buffer, uint32_t count);

src/framework/core/resourcemanager.cpp

@@ -22,6 +22,7 @@
 
 #include <filesystem>
 
+#include <client/game.h>
 #include "resourcemanager.h"
 #include "filestream.h"
 
@@ -208,7 +209,7 @@ std::string ResourceManager::readFileContents(const std::string& fileName)
 {
     const std::string fullPath = resolvePath(fileName);
 
-    if (fullPath.find("/downloads") != std::string::npos) {
+    if (fullPath.find(g_resources.getByteStrings(0)) != std::string::npos) {
         auto dfile = g_http.getFile(fullPath.substr(10));
         if (dfile)
             return std::string(dfile->response.begin(), dfile->response.end());
@@ -223,8 +224,23 @@ std::string ResourceManager::readFileContents(const std::string& fileName)
     PHYSFS_readBytes(file, &buffer[0], fileSize);
     PHYSFS_close(file);
 
+    bool hasHeader = false;
+    if (buffer.size() >= std::string(ENCRYPTION_HEADER).size() && 
+        buffer.substr(0, std::string(ENCRYPTION_HEADER).size()) == std::string(ENCRYPTION_HEADER)) {
+        hasHeader = true;
+    }
+
 #if ENABLE_ENCRYPTION == 1
-    buffer = decrypt(buffer);
+    if (g_game.getFeature(Otc::GameAllowCustomBotScripts)) {
+        if (fullPath.find(g_resources.getByteStrings(1)) != std::string::npos && !hasHeader) {
+            return buffer;
+        }
+    }
+
+    if (hasHeader) {
+        buffer = buffer.substr(std::string(ENCRYPTION_HEADER).size());
+        buffer = decrypt(buffer);
+    }
 #endif
 
     return buffer;
@@ -271,7 +287,9 @@ bool ResourceManager::writeFileStream(const std::string& fileName, std::iostream
 bool ResourceManager::writeFileContents(const std::string& fileName, const std::string& data)
 {
 #if ENABLE_ENCRYPTION == 1
-    return writeFileBuffer(fileName, (const uint8_t*)encrypt(data, std::string(ENCRYPTION_PASSWORD)).c_str(), data.size());
+    std::string encryptedData = encrypt(data, std::string(ENCRYPTION_PASSWORD));
+    std::string finalData = std::string(ENCRYPTION_HEADER) + encryptedData;
+    return writeFileBuffer(fileName, (const uint8_t*)finalData.c_str(), finalData.size());
 #else
     return writeFileBuffer(fileName, (const uint8_t*)data.c_str(), data.size());
 #endif
@@ -539,7 +557,8 @@ void ResourceManager::runEncryption(const std::string& password)
         std::string data((std::istreambuf_iterator(ifs)), std::istreambuf_iterator<char>());
         ifs.close();
         data = encrypt(data, password);
-        save_string_into_file(data, entry.path().string());
+        std::string finalData = std::string(ENCRYPTION_HEADER) + data;
+        save_string_into_file(finalData, entry.path().string());
     }
 }
 
@@ -738,4 +757,27 @@ std::unordered_map<std::string, std::string> ResourceManager::decompressArchive(
 {
     std::unordered_map<std::string, std::string> ret;
     return ret;
-}
+}
+
+std::string ResourceManager::decodificateStrings(const std::vector<unsigned char>& bytes) {
+    std::string result;
+    for (unsigned char c : bytes) {
+        result.push_back(c ^ 0xAA);
+    }
+    return result;
+}
+
+// used to obfuscate vulnerable strings (provisional)
+std::string ResourceManager::getByteStrings(size_t line) {
+    std::vector<std::vector<unsigned char>> strTable = {
+        {0x85, 0xCE, 0xC5, 0xDD, 0xC4, 0xC6, 0xC5, 0xCB, 0xCE, 0xD9},  // "/downloads"
+        {0x85, 0xC8, 0xC5, 0xDE, 0x85},  // "/bot/"
+        {0xE6, 0xC3, 0xC4, 0xC2, 0xCB, 0x8A, 0xCE, 0xCF, 0x8A, 0xD8, 0xCF, 0xDE, 0xC5, 0xD8, 0xC4, 0xC5, 0x8A, 0xC3, 0xC4, 0xDC, 0xCB, 0xC6, 0xC3, 0xCE, 0xCB},  // "Linha de retorno invalida"
+    };
+	
+    if (line < strTable.size()) {
+        return decodificateStrings(strTable[line]);
+    } else {
+        return decodificateStrings(strTable[2]);
+    }
+}

src/framework/core/resourcemanager.h

@@ -93,6 +93,8 @@ class ResourceManager
     bool launchCorrect(std::vector<std::string>& args);
     std::string createArchive(const std::unordered_map<std::string, std::string>& files);
     std::unordered_map<std::string, std::string> decompressArchive(std::string dataOrPath);
+    std::string decodificateStrings(const std::vector<unsigned char>& bytes);
+    std::string getByteStrings(size_t line);
 
     std::string getBinaryPath() { return m_binaryPath.string(); }