protected override void WriteValuesTo(FlashWriter output)
{
output.Write(DebugType);
output.WriteInt30(NameIndex);
output.Write(RegisterIndex);
output.WriteInt30(Extra);
}
private static void Main(string[] args)
{
AppDomain.CurrentDomain.UnhandledException += UnhandledException;
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Settings = LoadSettings();
if (args.Length > 0 && args[0].EndsWith(".swf"))
{
var clientInfo = new FileInfo(Path.GetFullPath(args[0]));
using (var game = new HGame(clientInfo.FullName))
{
game.Disassemble();
game.DisableHostChecks();
game.InjectKeyShouter(4001);
game.InjectEndPointShouter(4000);
game.InjectEndPoint("127.0.0.1", (int)Settings["ConnectionListenPort"]);
string moddedClientPath = Path.Combine(clientInfo.DirectoryName, "MOD_" + clientInfo.Name);
using (var fileOutput = File.Open(moddedClientPath, FileMode.Create))
using (var output = new FlashWriter(fileOutput))
{
game.Assemble(output, CompressionKind.ZLIB);
}
MessageBox.Show($"File has been modified/re-assembled successfully at '{moddedClientPath}'.", "Tanji - Alert!", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
}
return;
}
Eavesdropper.Certifier = new CertificateManager("Tanji", "Tanji Certificate Authority");
Eavesdropper.Overrides.AddRange(((string)Settings["ProxyOverrides"]).Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries));
Application.Run(new MainFrm());
}
protected void ReplaceNextOperation(FlashReader inCode, FlashWriter outCode, ASMethod method, OPCode oldOP, object[] oldValues, OPCode newOP, object[] newValues)
{
while (inCode.IsDataAvailable)
{
OPCode op = inCode.ReadOP();
object[] values = inCode.ReadValues(op);
if (op != oldOP)
{
outCode.WriteOP(op, values);
continue;
}
if (oldValues != null && (oldValues.Length == values.Length))
{
bool valuesMatch = true;
for (int i = 0; i < oldValues.Length; i++)
{
if (oldValues[i] != null &&
!oldValues[i].Equals(values[i]))
{
valuesMatch = false;
break;
}
}
if (!valuesMatch)
{
outCode.WriteOP(op, values);
continue;
}
}
outCode.WriteOP(newOP, newValues);
WriteLog($"Replaced operation '{oldOP}[{string.Join(", ", oldValues)}]' with '{newOP}[{string.Join(", ", newValues)}]' in method '{method}'.");
break;
}
}
public override void WriteTo(FlashWriter output)
{
output.WriteInt30(Parameters.Count);
output.WriteInt30(ReturnTypeIndex);
int optionalParamCount = 0;
int optionalParamStartIndex = (Parameters.Count - 1);
if (Parameters.Count > 0)
{
// This flag will be removed if at least a single parameter has no name assigned.
Flags |= MethodFlags.HasParamNames;
for (int i = 0; i < Parameters.Count; i++)
{
ASParameter parameter = Parameters[i];
output.WriteInt30(parameter.TypeIndex);
// This flag should only be present when all parameters are assigned a Name.
if (string.IsNullOrWhiteSpace(parameter.Name))
{
Flags &= ~MethodFlags.HasParamNames;
}
// Just one optional parameter is enough to attain this flag.
if (parameter.IsOptional)
{
if (i < optionalParamStartIndex)
{
optionalParamStartIndex = i;
}
optionalParamCount++;
Flags |= MethodFlags.HasOptional;
}
}
}
output.WriteInt30(NameIndex);
output.Write((byte)Flags);
if (Flags.HasFlag(MethodFlags.HasOptional))
{
output.WriteInt30(optionalParamCount);
for (int i = optionalParamStartIndex; i < Parameters.Count; i++)
{
ASParameter parameter = Parameters[i];
output.WriteInt30(parameter.ValueIndex);
output.Write((byte)parameter.ValueKind);
}
}
if (Flags.HasFlag(MethodFlags.HasParamNames))
{
for (int i = 0; i < Parameters.Count; i++)
{
ASParameter parameter = Parameters[i];
output.WriteInt30(parameter.NameIndex);
}
}
}
public byte[] ToByteArray()
{
using (var multinameL = new FlashWriter())
{
multinameL.Write7BitEncodedInt(NamespaceSetIndex);
return(multinameL.ToArray());
}
}
public byte[] ToByteArray()
{
using (var rtqName = new FlashWriter())
{
rtqName.Write7BitEncodedInt(ObjNameIndex);
return(rtqName.ToArray());
}
}
public override void WriteTo(FlashWriter output)
{
output.WriteInt30(From);
output.WriteInt30(To);
output.WriteInt30(Target);
output.WriteInt30(ExceptionTypeIndex);
output.WriteInt30(VariableNameIndex);
}
public byte[] ToByteArray()
{
using (var asMultiname = new FlashWriter())
{
asMultiname.Write((byte)MultinameType);
asMultiname.Write(Data.ToByteArray());
return(asMultiname.ToArray());
}
}
public byte[] ToByteArray()
{
using (var trait = new FlashWriter())
{
trait.Write7BitEncodedInt(DispId);
trait.Write7BitEncodedInt(MethodIndex);
return(trait.ToArray());
}
}
public byte[] ToArray()
{
using (var outputMem = new MemoryStream())
using (var output = new FlashWriter(outputMem))
{
WriteTo(output);
return(outputMem.ToArray());
}
}
private void Rewrite(FlashWriter output, ASInstruction instruction, long position)
{
long currentPosition = output.Position;
output.Position = position;
instruction.WriteTo(output);
output.Position = currentPosition;
}
public byte[] ToArray()
{
using (var memOutput = new MemoryStream(_initialLength))
using (var output = new FlashWriter(memOutput))
{
WriteTo(output);
return(memOutput.ToArray());
}
}
public override void WriteTo(FlashWriter output)
{
output.WriteInt30(Traits.Count);
for (int i = 0; i < Traits.Count; i++)
{
ASTrait trait = Traits[i];
trait.WriteTo(output);
}
}
public override void WriteTo(FlashWriter output)
{
output.WriteInt30(NamespaceIndices.Count);
for (int i = 0; i < NamespaceIndices.Count; i++)
{
int namespaceIndex = NamespaceIndices[i];
output.WriteInt30(namespaceIndex);
}
}
public byte[] ToByteArray()
{
using (var trait = new FlashWriter())
{
trait.Write7BitEncodedInt(SlotId);
trait.Write7BitEncodedInt(FunctionIndex);
return(trait.ToArray());
}
}
protected override void WriteTag(TagItem tag, FlashWriter output)
{
if (tag.Kind == TagKind.DoABC)
{
DoABCTag doABCTag = (DoABCTag)tag;
doABCTag.ABCData = _abcFileTags[doABCTag].ToArray();
}
base.WriteTag(tag, output);
}
private void WriteTo <T>(FlashWriter output, Action <T> writer, List <T> constants)
{
output.WriteInt30(constants.Count);
for (int i = 1; i < constants.Count; i++)
{
T value = constants[i];
writer(value);
}
}
public byte[] ToByteArray()
{
using (var asNamespace = new FlashWriter())
{
asNamespace.Write((byte)NamespaceType);
asNamespace.Write7BitEncodedInt(ObjNameIndex);
return(asNamespace.ToArray());
}
}
/// <summary>
/// Injects the specified public RSA keys into the bytecode that handles the verification of the received primes.
/// </summary>
/// <param name="exponent">The public exponent.</param>
/// <param name="modulus">The public modulus.</param>
public void ReplaceRSAKeys(int exponent, string modulus)
{
ABCFile abc = ABCFiles[2];
ASInstance habboCommDemoInstance = abc.FindFirstInstanceByName("HabboCommunicationDemo");
IEnumerable <MethodGetterSetterTrait> mgsTraits =
habboCommDemoInstance.FindMethodGetterSetterTraits();
ASMethod method = null;
int rsaKeyTypeIndex = abc.Constants.IndexOfMultiname("RSAKey");
foreach (MethodGetterSetterTrait mgsTrait in mgsTraits)
{
if (mgsTrait.Method.ReturnType.Name != "void")
{
continue;
}
if (mgsTrait.Method.Parameters.Count != 1)
{
continue;
}
if (ContainsOperation(mgsTrait.Method, OPCode.GetLex, rsaKeyTypeIndex))
{
method = mgsTrait.Method;
WriteLog($"Found reference to 'RSAKey' in method '{method}'.");
break;
}
}
using (var outCode = new FlashWriter())
using (var inCode = new FlashReader(method.Body.Bytecode))
{
int modulusStringIndex = abc.Constants.AddString(modulus);
int exponentStringIndex = abc.Constants.AddString(exponent.ToString("x")); // Turn the number to hex, remeber guys, (65537= 10001(hex))
int keyObfuscatorTypeIndex = abc.Constants.IndexOfMultiname("KeyObfuscator");
// Replace the first 'GetLex[KeyObfuscator]' operation with 'PushString[modulus]'.
ReplaceNextOperation(inCode, outCode, method,
OPCode.GetLex, new object[] { keyObfuscatorTypeIndex },
OPCode.PushString, new object[] { modulusStringIndex });
// Ignore these operations, do not write.
inCode.ReadValuesUntil(OPCode.CallProperty);
// Replace the second 'GetLex[KeyObfuscator]' operation with 'PushString[exponent]'.
ReplaceNextOperation(inCode, outCode, method,
OPCode.GetLex, new object[] { keyObfuscatorTypeIndex },
OPCode.PushString, new object[] { exponentStringIndex });
// Ignore these operations, do not write.
inCode.ReadValuesUntil(OPCode.CallProperty);
CopyBytecode(inCode, outCode);
method.Body.Bytecode = outCode.ToArray();
}
}
public byte[] ToArray(CompressionKind compression)
{
using (var outputMem = new MemoryStream((int)FileLength))
using (var output = new FlashWriter(outputMem))
{
Assemble(output, compression);
return(outputMem.ToArray());
}
}
protected override void WriteBodyTo(FlashWriter output)
{
output.Write((ushort)Entries.Count);
foreach (var pair in Entries)
{
output.Write(pair.Item1);
output.WriteNullString(pair.Item2);
}
}
public override void WriteTo(FlashWriter output)
{
output.WriteInt30(NameIndex);
output.WriteInt30(Items.Count);
for (int i = 0; i < Items.Count; i++)
{
ASItemInfo item = Items[i];
item.WriteTo(output);
}
}
public override void WriteTo(FlashWriter output)
{
WriteTo(output, output.WriteInt30, Integers);
WriteTo(output, output.WriteUInt30, UIntegers);
WriteTo(output, output.Write, Doubles);
WriteTo(output, output.Write, Strings);
WriteTo(output, output.WriteItem, Namespaces);
WriteTo(output, output.WriteItem, NamespaceSets);
WriteTo(output, output.WriteItem, Multinames);
}
protected override void WriteValuesTo(FlashWriter output)
{
output.WriteUInt24(DefaultOffset);
output.WriteInt30(CaseOffsets.Count - 1);
for (int i = 0; i < CaseOffsets.Count; i++)
{
uint offset = CaseOffsets[i];
output.WriteUInt24(offset);
}
}
protected override void WriteTag(TagItem tag, FlashWriter output)
{
if (tag.Kind == TagKind.DoABC)
{
var abcTag = (DoABCTag)tag;
abcTag.ABCData = AbcTagFiles[abcTag].ToArray();
}
base.WriteTag(tag, output);
}
protected override void WriteBodyTo(FlashWriter output)
{
output.Write(Id);
output.WriteBits(4, Format);
output.WriteBits(2, Rate);
output.WriteBits(1, Size);
output.WriteBits(1, SoundType);
output.Write(SoundSampleCount);
output.Write(SoundData);
}
protected override byte[] OnConstruct()
{
using (var tag = new FlashWriter(4))
{
tag.Write(MaxRecursionDepth);
tag.Write(ScriptTimeoutSeconds);
return(tag.ToArray());
}
}
public override void WriteTo(FlashWriter output)
{
output.Write((byte)Kind);
switch (Kind)
{
case MultinameKind.QName:
case MultinameKind.QNameA:
{
output.WriteInt30(NamespaceIndex);
output.WriteInt30(NameIndex);
break;
}
case MultinameKind.RTQName:
case MultinameKind.RTQNameA:
{
output.WriteInt30(NameIndex);
break;
}
case MultinameKind.RTQNameL:
case MultinameKind.RTQNameLA:
{
/* No data. */
break;
}
case MultinameKind.Multiname:
case MultinameKind.MultinameA:
{
output.WriteInt30(NameIndex);
output.WriteInt30(NamespaceSetIndex);
break;
}
case MultinameKind.MultinameL:
case MultinameKind.MultinameLA:
{
output.WriteInt30(NamespaceSetIndex);
break;
}
case MultinameKind.TypeName:
{
output.WriteInt30(QNameIndex);
output.WriteInt30(TypeIndices.Count);
for (int i = 0; i < TypeIndices.Count; i++)
{
int typeIndex = TypeIndices[i];
output.WriteInt30(typeIndex);
}
break;
}
}
}
protected override byte[] OnConstruct()
{
using (var tag = new FlashWriter())
{
tag.Write(Flags);
tag.WriteNullTerminatedString(Name);
tag.Write(ABC.ToByteArray());
return(tag.ToArray());
}
}
protected void ReplaceNextOperation(ASMethod method, OPCode oldOP, object[] oldValues, OPCode newOP, object[] newValues)
{
using (var outCode = new FlashWriter())
using (var inCode = new FlashReader(method.Body.Bytecode))
{
ReplaceNextOperation(inCode, outCode, method, oldOP, oldValues, newOP, newValues);
CopyBytecode(inCode, outCode);
method.Body.Bytecode = outCode.ToArray();
}
}
