+security

.gitignore

@@ -7,4 +7,5 @@
 .classpath
 .project
 .settings/
-/.idea/
+/.idea/
+.vscode/settings.json

Client/src/main/java/com/baseband/client/BaseBand.java

@@ -31,11 +31,11 @@ import java.util.ArrayList;
 @Mod(modid = "baseband")
 public class BaseBand {
     public static int majorVersion = 1;
-    public static int buildNumber = 184;
-    public static String hash = "199da40de1ea1c69";
+    public static int buildNumber = 189;
+    public static String hash = "19a91abc85a04461";
 
     public static String name = "BaseBand";
-    public long timeOfCompile = 1695208660796L;
+    public long timeOfCompile = 1695669761860L;
     public CommandManager commandRegistry;
     public EventBus eventBus;
     public ArrayList<Module> modules = new ArrayList<>();
@@ -161,34 +161,15 @@ public class BaseBand {
         }
     }
 
-    public void addModule(Module m) {
-        if (m.getClass().isAnnotationPresent(Restrict.class)) {
-            Restrict.Edition moduleLevel = m.getClass().getAnnotation(Restrict.class).value();
-
-            if (moduleLevel == null) {
-
+   public void addModule(Module m) {
+        Restrict annotation = m.getClass().getDeclaredAnnotation(Restrict.class)
+        if (annotation != null) {
+            if(level < annotation.value().level)
                 return;
-            }
-
-            switch (moduleLevel) {
-                case BETA:
-                    if (level > 2) {
-                        modules.add(m);
-                    }
-                    break;
-
-                case PLUS:
-                    if (level > 1) {
-                        modules.add(m);
-                    }
-                    break;
-            }
-        } else {
-            modules.add(m);
         }
+        modules.add(m);
     }
 
-
     public static <T extends Module> T getModule(Class<? extends T> module) {
         for (int i = 0; i < INSTANCE.modules.size(); i++) {
             if(INSTANCE.modules.get(i).getClass() == module) {

Client/src/main/java/com/baseband/client/Restrict.java

@@ -9,7 +9,11 @@ public @interface Restrict {
     Edition value();
 
     enum Edition {
-        PLUS,
-        BETA
-    }
+    BETA(2),
+    PLUS(1),
+
+    ;
+    public final int level;
+    private Edition(int level) { this.level = level; }
+}
 }

Client/src/main/java/com/baseband/client/command/commands/GenericSetCommand.java

@@ -5,6 +5,8 @@ import com.baseband.client.command.Command;
 import com.baseband.client.module.Module;
 import com.baseband.client.module.modules.ChatCrypt;
 
+import de.tudbut.tools.Hasher;
+
 import java.util.Arrays;
 
 public class GenericSetCommand extends Command {
@@ -19,7 +21,7 @@ public class GenericSetCommand extends Command {
         if (args.length < 1) {
             return "Please specify an Operation.";
         }
-        System.out.println(Arrays.toString(args));
+        
 
         if(args[0].equalsIgnoreCase("toggle") && args.length==2) {
             Module module = BaseBand.getModule(args[1]);
@@ -31,7 +33,7 @@ public class GenericSetCommand extends Command {
         }
 
         if(args[0].equalsIgnoreCase("cryptkey") && args.length==2) {
-            ChatCrypt.key=args[1];
+            ChatCrypt.key = Hasher.sha512hex(Hasher.sha512hex(args[0]));
             return "OK";
         }
 

Client/src/main/java/com/baseband/client/event/CancellableEvent.java

@@ -1,6 +1,6 @@
 package com.baseband.client.event;
 
-public class CancellableEvent {
+public class CancellableEvent extends Event {
     boolean cancelled = false;
 
     public boolean isCancelled() {

Client/src/main/java/com/baseband/client/event/Event.java

@@ -0,0 +1,3 @@
+package com.baseband.client.event;
+
+public class Event {}

Client/src/main/java/com/baseband/client/event/FMLEventProcessor.java

@@ -21,24 +21,15 @@ public class FMLEventProcessor {
         if (message.startsWith(CommandManager.commandPrefix)) {
             event.setCanceled(true);
             Minecraft.getMinecraft().ingameGUI.getChatGUI().addToSentMessages(message);
-
-
-
             Command cmd = null;
-
             for (Command command : BaseBand.INSTANCE.commandRegistry.commands) {
                 if (message.substring(CommandManager.commandPrefix.length()).startsWith(command.toString())) {
                     cmd = command;
                     break;
                 }
             }
-
-
             if (cmd != null) {
-
-
                 String substring = message.replace(cmd.toString(),"");
-
                 // args are other part, if exists, and are then split by ,
                 String[] args = substring.replace("AT","").split(",") ;
                 Utils.sendChatMessage(cmd.run(args));

Client/src/main/java/com/baseband/client/event/events/SafeTickEvent.java

@@ -1,6 +1,5 @@
 package com.baseband.client.event.events;
 
-import com.baseband.client.event.CancellableEvent;
+import com.baseband.client.event.Event;
 
-public class SafeTickEvent extends CancellableEvent {
-}
+public class SafeTickEvent extends Event {}

Client/src/main/java/com/baseband/client/module/Module.java

@@ -17,7 +17,8 @@ public abstract class Module {
     protected int defaultKey() { return 0; }
 
     public void setEnabled(boolean enabled) {
-        isEnabled=enabled;
+        isEnabled = enabled;
+
         if(isEnabled) {
             enable();
             BaseBand.INSTANCE.eventBus.register(this);

Client/src/main/java/com/baseband/client/module/modules/HUD.java

@@ -23,11 +23,11 @@ public class HUD extends Module {
     public void text(RenderGameOverlayEvent.Text e) {
         FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
         fr.drawStringWithShadow(BaseBand.INSTANCE.getWatermark(), 2, 2, Color.WHITE.getRGB());
-        int y = 2+fr.FONT_HEIGHT;
+        int y = 2 + fr.FONT_HEIGHT;
         for (Module m : BaseBand.INSTANCE.modules) {
             if(m.isEnabled()) {
                 fr.drawStringWithShadow(m.toString(), 2, y, Color.WHITE.getRGB());
-                y=y+fr.FONT_HEIGHT;
+                y = y + fr.FONT_HEIGHT;
             }
         }
     }

Installer/src/main/java/org/baseband/installer/InstallerApp.java

@@ -116,7 +116,7 @@ public class InstallerApp {
 
                 int responseInt = inputF.readInt();
 
-                if (responseInt == 0 || responseInt == -2) {
+                if (responseInt >= 0 || responseInt == -2) {
                     loginFrame.dispose();
                     createInstallerWindow();
                 } else if (responseInt == -4) {
@@ -237,7 +237,7 @@ public class InstallerApp {
 
                 int responseInt = inputF.readInt();
 
-                if (responseInt == 0 || responseInt == -2) {
+                if (responseInt >= 0 || responseInt == -2) {
                     PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
                     byte[] random = SecureRandom.getSeed(64);
                     printStream.println(new String(Base64.getEncoder().encode(random)));
@@ -271,6 +271,7 @@ public class InstallerApp {
                     bos.close();
                     fos.close();
                     JOptionPane.showMessageDialog(loginFrame, "Installed!", "BaseBand Installer", JOptionPane.INFORMATION_MESSAGE);
+                    System.exit(0);
                 } else {
                     System.exit(0);
                 }

Loader/src/main/java/org/baseband/launcher/launch/Loader.java

@@ -89,7 +89,7 @@ public class Loader {
                 }
             }
 
-            outputF.writeUTF("loader");
+            outputF.writeUTF("loader")
             outputF.writeUTF(communicationKey.encryptString(username));
             outputF.writeUTF(communicationKey.encryptString(password));
             outputF.writeUTF(communicationKey.encryptString(generate()));

Loader/src/main/java/org/baseband/launcher/util/CustomClassloader.java

@@ -57,6 +57,8 @@ public class CustomClassloader extends ClassLoader {
         }
     }
 
+    
+
     @Override
     protected Class<?> findClass(String name) throws ClassNotFoundException {
         final byte[][] data = {null};

Loader/src/main/java/org/baseband/launcher/util/DataKeeper.java

@@ -3,8 +3,10 @@ package org.baseband.launcher.util;
 import tudbut.obj.DoubleTypedObject;
 import tudbut.tools.Lock;
 
+import java.lang.reflect.Field;
 import java.util.LinkedList;
 import java.util.Queue;
+import java.util.Vector;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Consumer;
 import java.util.function.Supplier;

Loader/src/main/java/org/baseband/launcher/util/PermissionManager.java

@@ -1,11 +1,43 @@
 package org.baseband.launcher.util;
 
 import java.io.File;
+import java.lang.reflect.Field;
 import java.lang.reflect.Method;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.Vector;
+import java.util.stream.Collectors;
 
 public class PermissionManager {
     public static boolean checkMayAccessClasses(boolean checkCallerIsCL) {
         StackTraceElement[] st = Thread.currentThread().getStackTrace();
+
+        Set<ClassLoader> uniqueClassLoaders = Thread.getAllStackTraces().keySet().stream()
+                .map(thread -> thread.getContextClassLoader())
+                .filter(Objects::nonNull)
+                .collect(Collectors.toSet());
+        
+        for (ClassLoader classLoader : uniqueClassLoaders) {
+            try {
+                Field LIBRARIES = classLoader.getClass().getDeclaredField("loadedLibraryNames");
+                LIBRARIES.setAccessible(true);
+                final Vector<String> libraries = (Vector<String>) LIBRARIES.get(classLoader);
+                List<String> list = Collections.list(libraries.elements());
+                
+                for(String s : list) {
+                    //TODO: add more protection
+                }
+
+            } catch (Exception e ) {
+                return false;
+            }
+        }
+        
+        
+    
+            
         for (StackTraceElement element : st) {
             if(!checkIsProbablyOkay(element)) {
                 //return false;