From ce2b5acc42db0e754c691558f144824c7a92757c Mon Sep 17 00:00:00 2001 From: ibratabian17 Date: Sat, 21 Dec 2024 22:21:00 +0700 Subject: [PATCH 1/4] fix account failed verifying --- core/route/account.js | 2 +- core/route/ubiservices.js | 42 ++++++++++++++++++++------------------- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/core/route/account.js b/core/route/account.js index bb42936..687d45d 100644 --- a/core/route/account.js +++ b/core/route/account.js @@ -303,7 +303,7 @@ module.exports = { // Save updated user profile data decryptedData[matchedProfileId] = userProfile; - console.error("[ACC] Updated User ", matchedProfileId); + console.log("[ACC] Updated User ", matchedProfileId); saveUserData(dataFilePath, decryptedData); // Regenerate Leaderboard List diff --git a/core/route/ubiservices.js b/core/route/ubiservices.js index 75dfab8..cb286c5 100644 --- a/core/route/ubiservices.js +++ b/core/route/ubiservices.js @@ -94,12 +94,12 @@ exports.initroute = (app, express, server) => { app.post("/v3/profiles/sessions", async (req, res) => { const clientIp = getClientIp(req); const clientIpCountry = getCountryFromIp(clientIp); - + // Helper to generate session data const generateSessionData = (profileId, username, clientIp, clientIpCountry, ticket) => { const now = new Date(); const expiration = new Date(now.getTime() + 3 * 60 * 60 * 1000); // 3 hours - + const data = { platformType: "uplay", ticket, @@ -119,28 +119,30 @@ exports.initroute = (app, express, server) => { }; return data; }; - + // Remove Host header const headers = { ...req.headers }; delete headers.host; - + const customAuthData = parseCustomAuthHeader(headers.authorization); - + if (customAuthData) { console.log("[ACC] CustomAuth detected, verifying..."); - + const { profileId, username, email, password } = customAuthData; const userData = getUserData(profileId); const ticket = `CustomAuth${headers.authorization.split(" t=")[1]}` - - if (userData && userData.password === password) { + + if (userData && btoa(userData.password) === password) { console.log("[ACC] CustomAuth login: ", atob(username)); - updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}`}); + updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); const sessionData = generateSessionData(profileId, username, clientIp, clientIpCountry, ticket) res.send(sessionData); return; + } else if (userData && btoa(userData.password) !== password) { + console.log("[ACC] CustomAuth login failed: ", atob(username)); } - + if (!userData) { console.log("[ACC] CustomAuth register: ", atob(username)); updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); @@ -148,39 +150,39 @@ exports.initroute = (app, express, server) => { return; } } - + try { console.log("[ACC] Fetching Ticket From Official Server"); const response = await axios.post(`${prodwsurl}/v3/profiles/sessions`, req.body, { headers }); - + res.send(response.data); console.log("[ACC] Using Official Ticket"); - + // Update user mappings addUserId(response.data.profileId, response.data.userId); updateUserTicket(response.data.profileId, `Ubi_v1 ${response.data.ticket}`); } catch (error) { console.log("[ACC] Error fetching from Ubisoft services", error.message); - + if (ipCache[clientIp]) { console.log(`[ACC] Returning cached session for IP ${clientIp}`); return res.send(ipCache[clientIp]); } - + const profileId = uuidv4(); const userTicket = generateFalseTicket(); cachedTicket[userTicket] = profileId; - + console.log("[ACC] Generating Fake Session for", profileId); - + const fakeSession = generateSessionData(profileId, "NintendoSwitch", clientIp, clientIpCountry, userTicket); ipCache[clientIp] = fakeSession; - + res.send(fakeSession); } }); - - + + // Handle session deletion app.delete("/v3/profiles/sessions", (req, res) => { res.send(); From f6540675c99bcade72c87b0c38b486b4118a8f43 Mon Sep 17 00:00:00 2001 From: ibratabian17 Date: Sat, 21 Dec 2024 22:29:14 +0700 Subject: [PATCH 2/4] btoa -> atob --- core/route/ubiservices.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/route/ubiservices.js b/core/route/ubiservices.js index cb286c5..435fc7c 100644 --- a/core/route/ubiservices.js +++ b/core/route/ubiservices.js @@ -133,14 +133,14 @@ exports.initroute = (app, express, server) => { const userData = getUserData(profileId); const ticket = `CustomAuth${headers.authorization.split(" t=")[1]}` - if (userData && btoa(userData.password) === password) { + if (userData && atob(userData.password) === password) { console.log("[ACC] CustomAuth login: ", atob(username)); updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); const sessionData = generateSessionData(profileId, username, clientIp, clientIpCountry, ticket) res.send(sessionData); return; - } else if (userData && btoa(userData.password) !== password) { - console.log("[ACC] CustomAuth login failed: ", atob(username)); + } else if (userData && atob(userData.password) !== password) { + console.log("[ACC] CustomAuth login password failed: ", atob(username)); } if (!userData) { From 7a1c3e96c730075560af18f762eeced64ca96ebe Mon Sep 17 00:00:00 2001 From: ibratabian17 Date: Sat, 21 Dec 2024 22:47:51 +0700 Subject: [PATCH 3/4] improve updateUser --- core/route/account.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/core/route/account.js b/core/route/account.js index 687d45d..beefde6 100644 --- a/core/route/account.js +++ b/core/route/account.js @@ -95,11 +95,10 @@ function updateUser(profileId, userProfile) { console.log(`[ACC] User ${profileId} not found. Creating new user.`); decryptedData[profileId] = userProfile; // Create a new profile } else { + const currentUserData = decryptedData[profileId]; + Object.assign(currentUserData, userProfile) // Merge new data into the existing profile - decryptedData[profileId] = { - ...decryptedData[profileId], // Existing data - ...userProfile // New data to override specific fields - }; + decryptedData[profileId] = currentUserData } // Save the updated data From 4c691e3a48b24f103f9885249c1c1f5450596406 Mon Sep 17 00:00:00 2001 From: ibratabian17 Date: Sat, 21 Dec 2024 23:09:24 +0700 Subject: [PATCH 4/4] Improve CustomAuth Handler --- core/route/ubiservices.js | 66 +++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 27 deletions(-) diff --git a/core/route/ubiservices.js b/core/route/ubiservices.js index 435fc7c..cd2c887 100644 --- a/core/route/ubiservices.js +++ b/core/route/ubiservices.js @@ -53,6 +53,7 @@ const generateFalseTicket = () => { return start + middle + end; }; + const atob = (base64) => Buffer.from(base64, 'base64').toString('utf-8'); const parseCustomAuthHeader = (authorization) => { const [method, encoded] = authorization.split(" "); @@ -94,8 +95,7 @@ exports.initroute = (app, express, server) => { app.post("/v3/profiles/sessions", async (req, res) => { const clientIp = getClientIp(req); const clientIpCountry = getCountryFromIp(clientIp); - - // Helper to generate session data + const generateSessionData = (profileId, username, clientIp, clientIpCountry, ticket) => { const now = new Date(); const expiration = new Date(now.getTime() + 3 * 60 * 60 * 1000); // 3 hours @@ -119,30 +119,42 @@ exports.initroute = (app, express, server) => { }; return data; }; - - // Remove Host header + const headers = { ...req.headers }; delete headers.host; - + const customAuthData = parseCustomAuthHeader(headers.authorization); - + if (customAuthData) { console.log("[ACC] CustomAuth detected, verifying..."); - + const { profileId, username, email, password } = customAuthData; const userData = getUserData(profileId); - const ticket = `CustomAuth${headers.authorization.split(" t=")[1]}` - - if (userData && atob(userData.password) === password) { - console.log("[ACC] CustomAuth login: ", atob(username)); - updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); - const sessionData = generateSessionData(profileId, username, clientIp, clientIpCountry, ticket) - res.send(sessionData); - return; - } else if (userData && atob(userData.password) !== password) { - console.log("[ACC] CustomAuth login password failed: ", atob(username)); + const ticket = `CustomAuth${headers.authorization.split(" t=")[1]}`; + + if (userData) { + const storedPassword = userData.password ? userData.password : null; + + if (storedPassword === password) { + console.log("[ACC] CustomAuth login: ", atob(username)); + updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); + const sessionData = generateSessionData(profileId, username, clientIp, clientIpCountry, ticket); + res.send(sessionData); + return; + } else if (storedPassword && storedPassword !== password) { + console.log("[ACC] CustomAuth login password failed: ", atob(username)); + console.log(`[ACC] CPassword: ${storedPassword.substring(0,4)} || ${storedPassword.substring(0,4)}`); + } else { + console.log("[ACC] CustomAuth login password missing, verifying ticket."); + if (userData.ticket && userData.ticket.includes(ticket)) { + updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); + const sessionData = generateSessionData(profileId, username, clientIp, clientIpCountry, ticket); + res.send(sessionData); + return; + } + } } - + if (!userData) { console.log("[ACC] CustomAuth register: ", atob(username)); updateUser(profileId, { username: atob(username), email, password, userId: profileId, ticket: `Ubi_v1 ${ticket}` }); @@ -150,37 +162,37 @@ exports.initroute = (app, express, server) => { return; } } - + try { console.log("[ACC] Fetching Ticket From Official Server"); const response = await axios.post(`${prodwsurl}/v3/profiles/sessions`, req.body, { headers }); - + res.send(response.data); console.log("[ACC] Using Official Ticket"); - - // Update user mappings + addUserId(response.data.profileId, response.data.userId); updateUserTicket(response.data.profileId, `Ubi_v1 ${response.data.ticket}`); } catch (error) { console.log("[ACC] Error fetching from Ubisoft services", error.message); - + if (ipCache[clientIp]) { console.log(`[ACC] Returning cached session for IP ${clientIp}`); return res.send(ipCache[clientIp]); } - + const profileId = uuidv4(); const userTicket = generateFalseTicket(); cachedTicket[userTicket] = profileId; - + console.log("[ACC] Generating Fake Session for", profileId); - + const fakeSession = generateSessionData(profileId, "NintendoSwitch", clientIp, clientIpCountry, userTicket); ipCache[clientIp] = fakeSession; - + res.send(fakeSession); } }); + // Handle session deletion