Skip to content

Instantly share code, notes, and snippets.

@haram

haram/be_fn.hpp

Last active May 14, 2024 15:37
Show Gist options
  • Save haram/50376a1f5d85db11d81bd2ca84072ecd to your computer and use it in GitHub Desktop.
Save haram/50376a1f5d85db11d81bd2ca84072ecd to your computer and use it in GitHub Desktop.
Download ZIP
Replicate BattlEye initialization to dump data out of it
Raw
be_fn.hpp
#pragma once
#include <stdint.h>
#include <stdio.h>
namespace be
{
void print_message( const char* msg )
{
printf( "[BATTLEYE] %s\n", msg );
}
void request_restart( int32_t reason )
{
printf( "[BATTLEYE] requested restart with reason 0x%x\n", reason );
}
void send_packet( void* packet, int32_t len )
{
printf( "[BATTLEYE] called send packet\n" );
}
}
Raw
be_structs.hpp
#pragma once
#include <stdint.h>
namespace be
{
struct battleye_data_t
{
void* pfn_exit;
void* pfn_run;
void* pfn_command;
void* pfn_received_packet;
void* pfn_on_receive_auth;
void* pfn_add_peer;
void* pfn_remove_peer;
uint8_t* encryption_key;
int32_t encryption_len;
void* pfn_encrypt_packet;
void* pfn_decrypt_packet;
};
struct game_data_t
{
const char* game_version;
uint32_t ip_address;
uint16_t ip_port;
void ( *pfn_print_msg )( const char* );
void ( *pfn_request_restart )( int );
void ( *pfn_send_packet )( void*, int );
void ( *pfn_disconnect_peer )( void*, int, const char* );
};
}
Raw
main.cpp
#include <windows.h>
#include <iostream>
#include "be_structs.hpp"
#include "be_fn.hpp"
int main( )
{
const auto lib = LoadLibraryA( "BEClient_x64.dll" );
const auto init_fn = ( bool( * )( int32_t, be::game_data_t*, be::battleye_data_t* ) )( GetProcAddress( lib, "Init" ) );
be::battleye_data_t be_data{};
be::game_data_t game_data{};
game_data.game_version = "Escape from Tarkov 0.12.6.7865";
game_data.ip_address = 0;
game_data.ip_port = 0;
game_data.pfn_print_msg = &be::print_message;
game_data.pfn_send_packet = &be::send_packet;
game_data.pfn_request_restart = &be::request_restart;
game_data.pfn_disconnect_peer = nullptr;
uint8_t* encryption_key = ( uint8_t* )( malloc( 256 ) );
be_data.encryption_key = encryption_key;
be_data.encryption_len = 256;
init_fn( 4, &game_data, &be_data );
printf( "[BATTLEYE] pfnDecryptServerPacket : 0x%p\n", ( char* )( be_data.pfn_decrypt_packet ) - ( char* )( lib ) );
free( encryption_key );
std::cin.ignore( );
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment