fix certs, add winhttpsetoption hook
This commit is contained in:
parent
fd2ad4424c
commit
56d89486f6
@ -1,6 +1,7 @@
|
|||||||
$(BUILD_DIR_ZIP)/siva.zip:
|
$(BUILD_DIR_ZIP)/siva.zip:
|
||||||
$(V)echo ... $@
|
$(V)echo ... $@
|
||||||
$(V)mkdir -p $(BUILD_DIR_ZIP)/siva
|
$(V)mkdir -p $(BUILD_DIR_ZIP)/siva
|
||||||
|
$(V)mkdir -p $(BUILD_DIR_ZIP)/siva/cert
|
||||||
$(V)cp $(BUILD_DIR_32)/subprojects/capnhook/inject/inject.exe \
|
$(V)cp $(BUILD_DIR_32)/subprojects/capnhook/inject/inject.exe \
|
||||||
$(BUILD_DIR_32)/sivahook/sivahook.dll \
|
$(BUILD_DIR_32)/sivahook/sivahook.dll \
|
||||||
$(BUILD_DIR_ZIP)/siva
|
$(BUILD_DIR_ZIP)/siva
|
||||||
@ -16,8 +17,8 @@ $(BUILD_DIR_ZIP)/siva.zip:
|
|||||||
$(BUILD_DIR_ZIP)/siva
|
$(BUILD_DIR_ZIP)/siva
|
||||||
$(V)mv $(BUILD_DIR_ZIP)/siva/iDmacDrv.dll \
|
$(V)mv $(BUILD_DIR_ZIP)/siva/iDmacDrv.dll \
|
||||||
$(BUILD_DIR_ZIP)/siva/iDmacDrv64.dll
|
$(BUILD_DIR_ZIP)/siva/iDmacDrv64.dll
|
||||||
$(V)cp pki/cert.p12 \
|
$(V)cp pki/nesys.cer \
|
||||||
$(BUILD_DIR_ZIP)/siva
|
$(BUILD_DIR_ZIP)/siva/cert
|
||||||
$(V)strip $(BUILD_DIR_ZIP)/siva/*.{exe,dll}
|
$(V)strip $(BUILD_DIR_ZIP)/siva/*.{exe,dll}
|
||||||
$(V)cd $(BUILD_DIR_ZIP)/siva ; zip -r ../siva.zip *
|
$(V)cd $(BUILD_DIR_ZIP)/siva ; zip -r ../siva.zip *
|
||||||
|
|
||||||
|
@ -502,9 +502,15 @@ static WINHTTPAPI BOOL hook_WinHttpCrackUrl(
|
|||||||
const struct dns_hook_entry *pos;
|
const struct dns_hook_entry *pos;
|
||||||
wchar_t bfr[1024] = {0};
|
wchar_t bfr[1024] = {0};
|
||||||
if (!next_WinHttpCrackUrl(pwszUrl, dwUrlLength, dwFlags, lpUrlComponents)) {
|
if (!next_WinHttpCrackUrl(pwszUrl, dwUrlLength, dwFlags, lpUrlComponents)) {
|
||||||
|
dprintf("DNS: next_WinHttpCrackUrl FAIL %08X\n", (int)GetLastError());
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (dns_hook_lock.DebugInfo == 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
dprintf("DNS: crack URL %S\n", lpUrlComponents->lpszHostName);
|
dprintf("DNS: crack URL %S\n", lpUrlComponents->lpszHostName);
|
||||||
|
|
||||||
EnterCriticalSection(&dns_hook_lock);
|
EnterCriticalSection(&dns_hook_lock);
|
||||||
@ -520,7 +526,7 @@ static WINHTTPAPI BOOL hook_WinHttpCrackUrl(
|
|||||||
} else {
|
} else {
|
||||||
wcscat_s(bfr, _countof(bfr), pos->to);
|
wcscat_s(bfr, _countof(bfr), pos->to);
|
||||||
wcscat_s(bfr, _countof(bfr), path);
|
wcscat_s(bfr, _countof(bfr), path);
|
||||||
//dprintf("DNS: Replaced cracked url %S (%d) -> %S\n", lpUrlComponents->lpszHostName, (int)lpUrlComponents->dwHostNameLength, bfr);
|
dprintf("DNS: Replaced cracked url %S (%d) -> %S\n", lpUrlComponents->lpszHostName, (int)lpUrlComponents->dwHostNameLength, bfr);
|
||||||
lpUrlComponents->lpszHostName = bfr;
|
lpUrlComponents->lpszHostName = bfr;
|
||||||
lpUrlComponents->dwHostNameLength = wcslen(pos->to);
|
lpUrlComponents->dwHostNameLength = wcslen(pos->to);
|
||||||
}
|
}
|
||||||
|
3
initpki
3
initpki
@ -23,6 +23,3 @@ openssl x509 -req -sha256 -days 3650 -in pki/PREMIUM.csr -CA pki/nesys.cer -CAke
|
|||||||
# Generate server cert and key
|
# Generate server cert and key
|
||||||
openssl req -newkey rsa:2048 -nodes -keyout pki/server.key -out pki/server.csr -subj "/C=JP/ST=A/L=A/CN=*.nesys.jp"
|
openssl req -newkey rsa:2048 -nodes -keyout pki/server.key -out pki/server.csr -subj "/C=JP/ST=A/L=A/CN=*.nesys.jp"
|
||||||
openssl x509 -req -sha256 -days 3650 -in pki/server.csr -CA pki/nesys.cer -CAkey pki/nesys.key -out pki/server.cer -set_serial 0
|
openssl x509 -req -sha256 -days 3650 -in pki/server.csr -CA pki/nesys.cer -CAkey pki/nesys.key -out pki/server.cer -set_serial 0
|
||||||
|
|
||||||
# Pack the nesys CA and key into a p12
|
|
||||||
openssl pkcs12 -export -in pki/PREMIUM.cer -inkey pki/PREMIUM.key -certfile pki/nesys.cer -name "Nesica" -out pki/cert.p12
|
|
@ -1,5 +1,6 @@
|
|||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <wincrypt.h>
|
#include <wincrypt.h>
|
||||||
|
#include <winhttp.h>
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
@ -33,6 +34,13 @@ HCERTSTORE WINAPI hook_CertOpenStore(
|
|||||||
const void *pvPara
|
const void *pvPara
|
||||||
);
|
);
|
||||||
|
|
||||||
|
WINHTTPAPI BOOL hook_WinHttpSetOption(
|
||||||
|
HINTERNET hInternet,
|
||||||
|
DWORD dwOption,
|
||||||
|
LPVOID lpBuffer,
|
||||||
|
DWORD dwBufferLength
|
||||||
|
);
|
||||||
|
|
||||||
PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
PCCERT_CONTEXT (WINAPI *next_CertFindCertificateInStore)(
|
||||||
HCERTSTORE hCertStore,
|
HCERTSTORE hCertStore,
|
||||||
DWORD dwCertEncodingType,
|
DWORD dwCertEncodingType,
|
||||||
@ -50,6 +58,13 @@ HCERTSTORE (WINAPI *next_CertOpenStore)(
|
|||||||
const void *pvPara
|
const void *pvPara
|
||||||
);
|
);
|
||||||
|
|
||||||
|
WINHTTPAPI BOOL (*next_WinHttpSetOption)(
|
||||||
|
HINTERNET hInternet,
|
||||||
|
DWORD dwOption,
|
||||||
|
LPVOID lpBuffer,
|
||||||
|
DWORD dwBufferLength
|
||||||
|
);
|
||||||
|
|
||||||
static const struct hook_symbol cert_syms[] = {
|
static const struct hook_symbol cert_syms[] = {
|
||||||
{
|
{
|
||||||
.name = "CertFindCertificateInStore",
|
.name = "CertFindCertificateInStore",
|
||||||
@ -63,6 +78,14 @@ static const struct hook_symbol cert_syms[] = {
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const struct hook_symbol winhttp_syms[] = {
|
||||||
|
{
|
||||||
|
.name = "WinHttpSetOption",
|
||||||
|
.patch = hook_WinHttpSetOption,
|
||||||
|
.link = (void **) &next_WinHttpSetOption,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
HRESULT cert_hook_init(const struct cert_config *cfg)
|
HRESULT cert_hook_init(const struct cert_config *cfg)
|
||||||
{
|
{
|
||||||
assert(cfg != NULL);
|
assert(cfg != NULL);
|
||||||
@ -82,6 +105,12 @@ HRESULT cert_hook_init(const struct cert_config *cfg)
|
|||||||
(struct hook_symbol *) cert_syms,
|
(struct hook_symbol *) cert_syms,
|
||||||
_countof(cert_syms));
|
_countof(cert_syms));
|
||||||
|
|
||||||
|
proc_addr_table_push(
|
||||||
|
NULL,
|
||||||
|
"Winhttp.dll",
|
||||||
|
(struct hook_symbol *) winhttp_syms,
|
||||||
|
_countof(winhttp_syms));
|
||||||
|
|
||||||
return S_OK;
|
return S_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -92,6 +121,11 @@ void cert_hook_insert_hooks(HMODULE target)
|
|||||||
"crypt32.dll",
|
"crypt32.dll",
|
||||||
cert_syms,
|
cert_syms,
|
||||||
_countof(cert_syms));
|
_countof(cert_syms));
|
||||||
|
hook_table_apply(
|
||||||
|
target,
|
||||||
|
"winhttp.dll",
|
||||||
|
(struct hook_symbol *) winhttp_syms,
|
||||||
|
_countof(winhttp_syms));
|
||||||
}
|
}
|
||||||
|
|
||||||
PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
||||||
@ -116,7 +150,7 @@ PCCERT_CONTEXT WINAPI hook_CertFindCertificateInStore(
|
|||||||
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
wcscat_s(cert_path, _countof(cert_path), (wchar_t *)pvFindPara); // use the search string as a name
|
||||||
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
wcscat_s(cert_path, _countof(cert_path), L".cer");
|
||||||
|
|
||||||
//dprintf("Cert: Look for override cert at %S\n", cert_path);
|
dprintf("Cert: Look for override cert at %S\n", cert_path);
|
||||||
|
|
||||||
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
HANDLE f = CreateFileW((LPCWSTR)cert_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
|
||||||
@ -158,7 +192,7 @@ HCERTSTORE WINAPI hook_CertOpenStore(
|
|||||||
{
|
{
|
||||||
BYTE bfr[4096] = {0};
|
BYTE bfr[4096] = {0};
|
||||||
DWORD num_read = 0;
|
DWORD num_read = 0;
|
||||||
/*if (lpszStoreProvider <= CERT_STORE_PROV_PKCS12) {
|
if (lpszStoreProvider <= CERT_STORE_PROV_PKCS12) {
|
||||||
dprintf("Cert: Open store for %p -> %S (%04X)\n", lpszStoreProvider, (wchar_t *)pvPara, (int)dwFlags);
|
dprintf("Cert: Open store for %p -> %S (%04X)\n", lpszStoreProvider, (wchar_t *)pvPara, (int)dwFlags);
|
||||||
} else {
|
} else {
|
||||||
dprintf("Cert: Open store for %s\n", lpszStoreProvider);
|
dprintf("Cert: Open store for %s\n", lpszStoreProvider);
|
||||||
@ -175,8 +209,8 @@ HCERTSTORE WINAPI hook_CertOpenStore(
|
|||||||
}
|
}
|
||||||
dprintf("Cert: Failed to open store %08X\n", (int)err);
|
dprintf("Cert: Failed to open store %08X\n", (int)err);
|
||||||
}
|
}
|
||||||
return ret;*/
|
return ret;
|
||||||
HANDLE f = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
/*HANDLE f = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
|
||||||
if (f != INVALID_HANDLE_VALUE) {
|
if (f != INVALID_HANDLE_VALUE) {
|
||||||
dprintf("Cert: Read file %S\n", path);
|
dprintf("Cert: Read file %S\n", path);
|
||||||
@ -195,6 +229,27 @@ HCERTSTORE WINAPI hook_CertOpenStore(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, dwFlags, pvPara);
|
return next_CertOpenStore(lpszStoreProvider, dwEncodingType, hCryptProv, dwFlags, pvPara);*/
|
||||||
|
|
||||||
}
|
}
|
||||||
|
WINHTTPAPI BOOL hook_WinHttpSetOption(
|
||||||
|
HINTERNET hInternet,
|
||||||
|
DWORD dwOption,
|
||||||
|
LPVOID lpBuffer,
|
||||||
|
DWORD dwBufferLength
|
||||||
|
)
|
||||||
|
{
|
||||||
|
dprintf("Cert: hook_WinHttpSetOption %p %08X\n", hInternet, (int)dwOption);
|
||||||
|
if (dwOption == WINHTTP_OPTION_CLIENT_CERT_CONTEXT) {
|
||||||
|
// This is U G L Y and will fail on servers that actually check the client cert.
|
||||||
|
dprintf("Cert: Block WINHTTP_OPTION_CLIENT_CERT_CONTEXT\n");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else if (dwOption == WINHTTP_OPTION_SECURITY_FLAGS) {
|
||||||
|
dprintf("Cert: Add all security ignore flags\n");
|
||||||
|
int value = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_CERT_CN_INVALID; // the kitchen sink
|
||||||
|
return next_WinHttpSetOption(hInternet, dwOption, &value, dwBufferLength);
|
||||||
|
}
|
||||||
|
|
||||||
|
return next_WinHttpSetOption(hInternet, dwOption, lpBuffer, dwBufferLength);
|
||||||
|
}
|
@ -44,7 +44,7 @@ void cert_config_load(struct cert_config *cfg, const wchar_t *filename)
|
|||||||
GetPrivateProfileStringW(
|
GetPrivateProfileStringW(
|
||||||
L"cert",
|
L"cert",
|
||||||
L"path",
|
L"path",
|
||||||
L"cert.p12",
|
L"cert",
|
||||||
cfg->path,
|
cfg->path,
|
||||||
_countof(cfg->path),
|
_countof(cfg->path),
|
||||||
filename);
|
filename);
|
||||||
|
Loading…
Reference in New Issue
Block a user