feat: update heuristics for v1.66+ (#39)

* feat: update heuristics for v1.66+
TheMythologist · Aug 2, 2023 · 5c79cee · 5c79cee
1 parent 6da0cd5
commit 5c79cee
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 8 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -32,7 +32,7 @@ jobs:
         run: poetry run build
       - uses: actions/upload-artifact@v3
         with:
-          name: Guardian.exe
+          name: Guardian
           path: dist/Guardian-*.exe
       - uses: softprops/action-gh-release@v1
         with:

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Guardian
 
-Custom firewall for the game GTA Online (version 1.54 and onwards).
+Custom firewall for the game GTA Online (version 1.66 and onwards).
 
 [![Latest release](https://img.shields.io/github/v/release/TheMythologist/guardian)](https://github.com/TheMythologist/guardian/releases/latest)
 [![CI status](https://github.com/TheMythologist/guardian/workflows/build/badge.svg)](https://github.com/TheMythologist/guardian/actions?query=branch%3Amain)

diff --git a/guardian/network/sessions.py b/guardian/network/sessions.py
@@ -69,13 +69,17 @@
 
 # Interesting note: All the matchmaker requests have payload sizes that may be 16 bytes apart.
 
-HEARTBEAT_SIZES = {12, 18}
+HEARTBEAT_SIZES = {12, 18, 63}
 MATCHMAKING_SIZES = {
-    245,
-    261,
-    277,
-    293,
+    191,
+    207,
+    223,
+    239,
 }  # probably a player looking to join the session.
+DTLs = {0xFEFF, 0xFEFD}
+KNOWNS = {0x39, 0x31, 0x29}
+# RECORDS = {20, 21, 22, 23}
+
 
 KNOWN_SIZES = HEARTBEAT_SIZES.union(MATCHMAKING_SIZES)
 
@@ -196,7 +200,31 @@ def is_packet_allowed(self, packet: pydivert.Packet) -> bool:
 
         # The "special sauce" for the new filtering logic. We're using payload sizes to guess if the packet
         # has a behaviour we want to allow through.
-        return ip in self.ips or size in KNOWN_SIZES
+        if ip in self.ips or size in HEARTBEAT_SIZES:
+            return True
+
+        wrapper = 0 if size < 5 else int.from_bytes(packet.raw[28:30], "big")
+        magic_byte = packet.payload[4]
+
+        if size == wrapper:
+            offset = packet.payload[2] ^ magic_byte
+            code = 0
+            alt = 0
+            if offset == 17 and size >= 27:
+                code = int.from_bytes(packet.payload[25:27], "big")
+                alt = packet.payload[24]
+            elif offset == 49 and size >= 91:
+                code = int.from_bytes(packet.payload[89:91], "big")
+
+            magic = 0 if size < 5 else int.from_bytes([magic_byte, magic_byte], "big")
+            if (
+                code ^ magic in DTLs
+                or alt ^ magic_byte in KNOWNS
+                or code ^ magic < 0x10
+            ):
+                return True
+
+        return False
 
 
 class BlacklistSession(AbstractPacketFilter):