Block Spotify updates

2020-12-13 16:12:44 -07:00 · 2020-12-13 16:12:44 -07:00 · a09cd4195e
commit a09cd4195e
parent 65dfe76258
1 changed files with 116 additions and 11 deletions
--- a/SpotifyKeyDumper/Hooks.cpp
+++ b/SpotifyKeyDumper/Hooks.cpp
@ -40,6 +40,12 @@ isValidUrl_v25 isValidUrl_v25_hook = nullptr;
 typedef int (__cdecl* getBitrate_v25)(int quality);
 getBitrate_v25 getBitrate_v25_hook = nullptr;
 typedef int (__cdecl* impDecFunc_v47)(DWORD* keyLE, int intOne, DWORD* iv, int* a4);
 impDecFunc_v47 impDecFunc_v47_hook = nullptr;
 typedef int (__thiscall* sttngsLkp_v48)(void* This, char* strLookup, size_t len);
 sttngsLkp_v48 sttngsLkp_v48_hook = nullptr;
 std::string authToken = std::string();
 std::string keyStr = std::string();
 std::string uriStr = std::string();
@ -377,6 +383,9 @@ int __cdecl getBitrate_hook_v25(int quality)
 	case 4:
 		qualityStr = "Very High";
 		break;
 	case 5:
 		qualityStr = "700k";
 		break;
 	}
 	if (!hasAlertedQuality && quality != 2 && quality != 3)
@ -415,15 +424,85 @@ char* GetKeyFuncAddrV27()
 		return (char*)0x01068F20;
 }
 /*
  This will return addrOne if addrOneByte matches the BYTE at addrOne, or return addrTwo if not
 */
 char* GetKeyFunc(char* addrOne, char* addrTwo, BYTE addrOneByte)
 {
 	if (*(BYTE*)addrOne == addrOneByte)
 		return addrOne;
-	return addrTwo;
+char* srUrlChars;
 void __cdecl printSRUrl()
 {
 	std::string testStr = std::string(srUrlChars, 95); // 104
 	std::cout << "Storage Resolve URL: " << testStr << std::endl;
 }
 __declspec(naked) void testSMHook()
 {
 	__asm
 	{
 		pushfd                        // Push flags and registers to stack to preserve state before
 		pushad
 		mov ebx, [eax]
 		mov eax, offset srUrlChars    // Get address from char pointer testStr
 		mov edi, [eax]
 		mov cx, 24                    // Iterate 24 times (copy 4 bytes each time = 96 bytes total)
 		COPY_LOOP:
 		mov eax, [ebx]
 			mov [edi], eax
 			add ebx, 4
 			add edi, 4
 			dec cx
 			jnz COPY_LOOP
 		call printSRUrl               // Set keyStr to chars from keyBuffer_v47 (and print key)
 		popad                         // Pop flags and registers back from the stack to preserve state before
 		popfd
 		jmp keyDecoder_v47_hook       // Jump to trampoline function to run overwritten instructions and continue
 	}
 }
 constexpr BYTE IV[] = {0x72, 0xE0, 0x67, 0xFB, 0xDD, 0xCB, 0xCF, 0x77, 0xEB, 0xE8, 0xBC, 0x64, 0x3F, 0x63, 0x0D, 0x93};
 int __cdecl impDecFunc_hook_v47(DWORD* keyLE, int intOne, DWORD* iv, int* a4)
 {
 	if (/*intOne == 0xA &&*/ !Utils::BadPtr(iv) && memcmp(IV, iv, 16) == 0)
 	{
 		// Swap endianness of key by 4 bytes each (+1 int; 16 total)
 		unsigned long keyBE[4] = {};
 		keyBE[0] = _byteswap_ulong(*keyLE);
 		keyBE[1] = _byteswap_ulong(*(keyLE + 1));
 		keyBE[2] = _byteswap_ulong(*(keyLE + 2));
 		keyBE[3] = _byteswap_ulong(*(keyLE + 3));
 		printf("===============================================================================\n");
 		std::cout << "Key: " << Utils::HexString((BYTE*) keyBE, 16) << std::endl;
 		std::cout << "IV:  " << Utils::HexString((BYTE*) iv, 16) << std::endl;
 		printf("===============================================================================\n");
 	}
 	return impDecFunc_v47_hook(keyLE, intOne, iv, a4);
 }
 int __fastcall sttngsLkp_hook_v48(void* This, void* _EDX, char* strLookup, size_t len)
 {
 	char* tmpStr;
 	if (!Utils::BadPtr(strLookup))
 	{
 		tmpStr = strLookup;
 		// Some strLookup's are double pointers
 		if (!Utils::BadPtr((char*)*(DWORD*)strLookup))
 			tmpStr = (char*)*(DWORD*)strLookup;
 		if (memcmp(tmpStr, "app-developer", 13) == 0)
 			return 2;
 		else if (memcmp(tmpStr, "employee", 8) == 0 || memcmp(tmpStr, "ta-environment", 14) == 0
 			|| memcmp(tmpStr, "desktop-beta-tester", 19) == 0 || memcmp(tmpStr, "PLACEHOLDER", 11) == 0)
 			return 1;
 	}
 	return sttngsLkp_v48_hook(This, strLookup, len);
 }
 void Hooks::Init()
@ -461,13 +540,13 @@ void Hooks::Init()
 	case 45:
 		keyToLE_v28_hook = (keyToLE_v28)Utils::TrampHook32((char*)0x010CF780, (char*)keyToLE_hook_v28, 6);
 		authToken_v45_hook = (authToken_v45)Utils::TrampHook32((char*)0x00BF75F0, (char*)authToken_hook_v45, 7);
 		//openTrack_v45_hook = (openTrack_v45)Utils::TrampHook32((char*)0x00CA5740, (char*)openTrack_hook_v45, 5);
 		log_v45_hook = (log_v45)Utils::TrampHook32((char*)0x010F2370, (char*)log_hook_v45, 5);
 		fileIdWriter_v45_hook = (fileIdWriter_v45)Utils::TrampHook32((char*)0x00CBB560, (char*)fileIdWriter_hook_v45,
 			5);
 		signalEmitter_v45_hook = (signalEmitter_v45)Utils::TrampHook32((char*)0x00B095A0, (char*)signalEmitter_hook_v45,
-			5); // 00E48410
+			5);
 		getBitrate_v25_hook = (getBitrate_v25)Utils::TrampHook32((char*)0x00E48410, (char*)getBitrate_hook_v25, 6);
 		startUpdate_v47_hook = (startUpdate_v47)Utils::TrampHook32((char*)0x00A0B250, (char*)startUpdate_hook_v47, 5);
 		break;
 	case 46:
 		keyToLE_v28_hook = (keyToLE_v28)Utils::TrampHook32((char*)0x010C2FB0, (char*)keyToLE_hook_v28, 6);
@ -478,6 +557,7 @@ void Hooks::Init()
 		signalEmitter_v45_hook = (signalEmitter_v45)Utils::TrampHook32((char*)0x00B02270, (char*)signalEmitter_hook_v45,
 			5);
 		getBitrate_v25_hook = (getBitrate_v25)Utils::TrampHook32((char*)0x00E3C780, (char*)getBitrate_hook_v25, 6);
 		startUpdate_v47_hook = (startUpdate_v47)Utils::TrampHook32((char*)0x00A03020, (char*)startUpdate_hook_v47, 5);
 		break;
 	case 47:
 		keyBuffer_v47 = new char[16]; // 128 bits = 16 bytes
@ -490,9 +570,34 @@ void Hooks::Init()
 		signalEmitter_v45_hook = (signalEmitter_v45)Utils::TrampHook32((char*)0x00AFBB50, (char*)signalEmitter_hook_v45,
 			5);
 		getBitrate_v25_hook = (getBitrate_v25)Utils::TrampHook32((char*)0x00E3E460, (char*)getBitrate_hook_v25, 6);
-		//startUpdate_v47_hook = (startUpdate_v47)Utils::TrampHook32((char*)0x009FB530, (char*)startUpdate_hook_v47, 5);
+		startUpdate_v47_hook = (startUpdate_v47)Utils::TrampHook32((char*)0x009FB530, (char*)startUpdate_hook_v47, 5);
 		//uriHandler_v47_hook = (uriHandler_v47)Utils::TrampHook32((char*)0x010A39E0, (char*)uriHandler_hook_v47, 5);
 		//isValidUrl_v25_hook = (isValidUrl_v25)Utils::TrampHook32((char*)0x0105CD80, (char*)isValidUrl_hook_v25, 6);
 		//impDecFunc_v47_hook = (impDecFunc_v47)Utils::TrampHook32((char*)0x010C52F0, (char*)impDecFunc_hook_v47, 6);
 		break;
 	case 48:
 		printf("Downloading are not currently supported on 1.1.48. Please use 1.1.47.\n");
 		//keyBuffer_v47 = new char[16]; // 128 bits = 16 bytes
 		keyToLE_v28_hook = (keyToLE_v28)Utils::TrampHook32((char*)0x010E0200, (char*)keyToLE_hook_v47, 6); // Not called
 		//keyDecoder_v47_hook = (keyDecoder_v47)Utils::TrampHook32((char*)0x0153148D, (char*)keyDecoder_hook_v47, 7);
 		authToken_v45_hook = (authToken_v45)Utils::TrampHook32((char*)0x00BF7B50, (char*)authToken_hook_v45, 7);
 		log_v45_hook = (log_v45)Utils::TrampHook32((char*)0x011030E0, (char*)log_hook_v45, 5);
 		fileIdWriter_v45_hook = (fileIdWriter_v45)Utils::TrampHook32((char*)0x00CBCA60, (char*)fileIdWriter_hook_v45,
 			5);
 		signalEmitter_v45_hook = (signalEmitter_v45)Utils::TrampHook32((char*)0x00B02B70, (char*)signalEmitter_hook_v45,
 			5);
 		getBitrate_v25_hook = (getBitrate_v25)Utils::TrampHook32((char*)0x00E54D00, (char*)getBitrate_hook_v25, 6);
 		startUpdate_v47_hook = (startUpdate_v47)Utils::TrampHook32((char*)0x009FD9E0, (char*)startUpdate_hook_v47, 5);
 		//isValidUrl_v25_hook = (isValidUrl_v25)Utils::TrampHook32((char*)0x01077370, (char*)isValidUrl_hook_v25, 6);
 		// Dump song manifest URL
 		//testChars = new char[104];
 		//keyDecoder_v47_hook = (keyDecoder_v47)Utils::TrampHook32((char*)0x00EE081A, (char*)testSMHook, 5);
 		// Not called :(
 		//impDecFunc_v47_hook = (impDecFunc_v47)Utils::TrampHook32((char*)0x010DF9F0, (char*)impDecFunc_hook_v47, 6);
 		sttngsLkp_v48_hook = (sttngsLkp_v48)Utils::TrampHook32((char*)0x0056A7E0, (char*)sttngsLkp_hook_v48, 5);
 		break;
 	}
 }