+security

This commit is contained in:
Jess 2023-09-25 22:10:36 +01:00
parent 1d8c7f33eb
commit 227c76bfff
15 changed files with 71 additions and 52 deletions

1
.gitignore vendored
View file

@ -8,3 +8,4 @@
.project
.settings/
/.idea/
.vscode/settings.json

View file

@ -31,11 +31,11 @@ import java.util.ArrayList;
@Mod(modid = "baseband")
public class BaseBand {
public static int majorVersion = 1;
public static int buildNumber = 184;
public static String hash = "199da40de1ea1c69";
public static int buildNumber = 189;
public static String hash = "19a91abc85a04461";
public static String name = "BaseBand";
public long timeOfCompile = 1695208660796L;
public long timeOfCompile = 1695669761860L;
public CommandManager commandRegistry;
public EventBus eventBus;
public ArrayList<Module> modules = new ArrayList<>();
@ -161,34 +161,15 @@ public class BaseBand {
}
}
public void addModule(Module m) {
if (m.getClass().isAnnotationPresent(Restrict.class)) {
Restrict.Edition moduleLevel = m.getClass().getAnnotation(Restrict.class).value();
if (moduleLevel == null) {
public void addModule(Module m) {
Restrict annotation = m.getClass().getDeclaredAnnotation(Restrict.class)
if (annotation != null) {
if(level < annotation.value().level)
return;
}
switch (moduleLevel) {
case BETA:
if (level > 2) {
modules.add(m);
}
break;
case PLUS:
if (level > 1) {
modules.add(m);
}
break;
}
} else {
modules.add(m);
}
modules.add(m);
}
public static <T extends Module> T getModule(Class<? extends T> module) {
for (int i = 0; i < INSTANCE.modules.size(); i++) {
if(INSTANCE.modules.get(i).getClass() == module) {

View file

@ -9,7 +9,11 @@ public @interface Restrict {
Edition value();
enum Edition {
PLUS,
BETA
}
BETA(2),
PLUS(1),
;
public final int level;
private Edition(int level) { this.level = level; }
}
}

View file

@ -5,6 +5,8 @@ import com.baseband.client.command.Command;
import com.baseband.client.module.Module;
import com.baseband.client.module.modules.ChatCrypt;
import de.tudbut.tools.Hasher;
import java.util.Arrays;
public class GenericSetCommand extends Command {
@ -19,7 +21,7 @@ public class GenericSetCommand extends Command {
if (args.length < 1) {
return "Please specify an Operation.";
}
System.out.println(Arrays.toString(args));
if(args[0].equalsIgnoreCase("toggle") && args.length==2) {
Module module = BaseBand.getModule(args[1]);
@ -31,7 +33,7 @@ public class GenericSetCommand extends Command {
}
if(args[0].equalsIgnoreCase("cryptkey") && args.length==2) {
ChatCrypt.key=args[1];
ChatCrypt.key = Hasher.sha512hex(Hasher.sha512hex(args[0]));
return "OK";
}

View file

@ -1,6 +1,6 @@
package com.baseband.client.event;
public class CancellableEvent {
public class CancellableEvent extends Event {
boolean cancelled = false;
public boolean isCancelled() {

View file

@ -0,0 +1,3 @@
package com.baseband.client.event;
public class Event {}

View file

@ -21,24 +21,15 @@ public class FMLEventProcessor {
if (message.startsWith(CommandManager.commandPrefix)) {
event.setCanceled(true);
Minecraft.getMinecraft().ingameGUI.getChatGUI().addToSentMessages(message);
Command cmd = null;
for (Command command : BaseBand.INSTANCE.commandRegistry.commands) {
if (message.substring(CommandManager.commandPrefix.length()).startsWith(command.toString())) {
cmd = command;
break;
}
}
if (cmd != null) {
String substring = message.replace(cmd.toString(),"");
// args are other part, if exists, and are then split by ,
String[] args = substring.replace("AT","").split(",") ;
Utils.sendChatMessage(cmd.run(args));

View file

@ -1,6 +1,5 @@
package com.baseband.client.event.events;
import com.baseband.client.event.CancellableEvent;
import com.baseband.client.event.Event;
public class SafeTickEvent extends CancellableEvent {
}
public class SafeTickEvent extends Event {}

View file

@ -17,7 +17,8 @@ public abstract class Module {
protected int defaultKey() { return 0; }
public void setEnabled(boolean enabled) {
isEnabled=enabled;
isEnabled = enabled;
if(isEnabled) {
enable();
BaseBand.INSTANCE.eventBus.register(this);

View file

@ -23,11 +23,11 @@ public class HUD extends Module {
public void text(RenderGameOverlayEvent.Text e) {
FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
fr.drawStringWithShadow(BaseBand.INSTANCE.getWatermark(), 2, 2, Color.WHITE.getRGB());
int y = 2+fr.FONT_HEIGHT;
int y = 2 + fr.FONT_HEIGHT;
for (Module m : BaseBand.INSTANCE.modules) {
if(m.isEnabled()) {
fr.drawStringWithShadow(m.toString(), 2, y, Color.WHITE.getRGB());
y=y+fr.FONT_HEIGHT;
y = y + fr.FONT_HEIGHT;
}
}
}

View file

@ -116,7 +116,7 @@ public class InstallerApp {
int responseInt = inputF.readInt();
if (responseInt == 0 || responseInt == -2) {
if (responseInt >= 0 || responseInt == -2) {
loginFrame.dispose();
createInstallerWindow();
} else if (responseInt == -4) {
@ -237,7 +237,7 @@ public class InstallerApp {
int responseInt = inputF.readInt();
if (responseInt == 0 || responseInt == -2) {
if (responseInt >= 0 || responseInt == -2) {
PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
byte[] random = SecureRandom.getSeed(64);
printStream.println(new String(Base64.getEncoder().encode(random)));
@ -271,6 +271,7 @@ public class InstallerApp {
bos.close();
fos.close();
JOptionPane.showMessageDialog(loginFrame, "Installed!", "BaseBand Installer", JOptionPane.INFORMATION_MESSAGE);
System.exit(0);
} else {
System.exit(0);
}

View file

@ -89,7 +89,7 @@ public class Loader {
}
}
outputF.writeUTF("loader");
outputF.writeUTF("loader")
outputF.writeUTF(communicationKey.encryptString(username));
outputF.writeUTF(communicationKey.encryptString(password));
outputF.writeUTF(communicationKey.encryptString(generate()));

View file

@ -57,6 +57,8 @@ public class CustomClassloader extends ClassLoader {
}
}
@Override
protected Class<?> findClass(String name) throws ClassNotFoundException {
final byte[][] data = {null};

View file

@ -3,8 +3,10 @@ package org.baseband.launcher.util;
import tudbut.obj.DoubleTypedObject;
import tudbut.tools.Lock;
import java.lang.reflect.Field;
import java.util.LinkedList;
import java.util.Queue;
import java.util.Vector;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.function.Supplier;

View file

@ -1,11 +1,43 @@
package org.baseband.launcher.util;
import java.io.File;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.Vector;
import java.util.stream.Collectors;
public class PermissionManager {
public static boolean checkMayAccessClasses(boolean checkCallerIsCL) {
StackTraceElement[] st = Thread.currentThread().getStackTrace();
Set<ClassLoader> uniqueClassLoaders = Thread.getAllStackTraces().keySet().stream()
.map(thread -> thread.getContextClassLoader())
.filter(Objects::nonNull)
.collect(Collectors.toSet());
for (ClassLoader classLoader : uniqueClassLoaders) {
try {
Field LIBRARIES = classLoader.getClass().getDeclaredField("loadedLibraryNames");
LIBRARIES.setAccessible(true);
final Vector<String> libraries = (Vector<String>) LIBRARIES.get(classLoader);
List<String> list = Collections.list(libraries.elements());
for(String s : list) {
//TODO: add more protection
}
} catch (Exception e ) {
return false;
}
}
for (StackTraceElement element : st) {
if(!checkIsProbablyOkay(element)) {
//return false;