From 742d3a3b05f1fb0e5eef31a8797d0f1f00d65412 Mon Sep 17 00:00:00 2001 From: derrod Date: Mon, 10 Jan 2022 17:00:45 +0100 Subject: [PATCH] [core] Verify CDN manifest hash --- legendary/core.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/legendary/core.py b/legendary/core.py index 89cd1d5..e340127 100644 --- a/legendary/core.py +++ b/legendary/core.py @@ -10,6 +10,7 @@ from base64 import b64decode from collections import defaultdict from concurrent.futures import ThreadPoolExecutor from datetime import timezone +from hashlib import sha1 from locale import getdefaultlocale from multiprocessing import Queue from platform import system @@ -1173,6 +1174,7 @@ class LegendaryCore: if len(m_api_r['elements']) > 1: raise ValueError('Manifest response has more than one element!') + manifest_hash = m_api_r['elements'][0]['hash'] base_urls = [] manifest_urls = [] for manifest in m_api_r['elements'][0]['manifests']: @@ -1186,13 +1188,18 @@ class LegendaryCore: else: manifest_urls.append(manifest['uri']) - return manifest_urls, base_urls + return manifest_urls, base_urls, manifest_hash def get_cdn_manifest(self, game, platform='Windows'): - manifest_urls, base_urls = self.get_cdn_urls(game, platform) + manifest_urls, base_urls, manifest_hash = self.get_cdn_urls(game, platform) self.log.debug(f'Downloading manifest from {manifest_urls[0]} ...') r = self.egs.unauth_session.get(manifest_urls[0]) r.raise_for_status() + manifest_bytes = r.content + + if sha1(manifest_bytes).hexdigest() != manifest_hash: + raise ValueError('Manifest sha hash mismatch!') + return r.content, base_urls def get_uri_manifest(self, uri):