+security
This commit is contained in:
parent
1d8c7f33eb
commit
227c76bfff
15 changed files with 71 additions and 52 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -8,3 +8,4 @@
|
|||
.project
|
||||
.settings/
|
||||
/.idea/
|
||||
.vscode/settings.json
|
||||
|
|
|
@ -31,11 +31,11 @@ import java.util.ArrayList;
|
|||
@Mod(modid = "baseband")
|
||||
public class BaseBand {
|
||||
public static int majorVersion = 1;
|
||||
public static int buildNumber = 184;
|
||||
public static String hash = "199da40de1ea1c69";
|
||||
public static int buildNumber = 189;
|
||||
public static String hash = "19a91abc85a04461";
|
||||
|
||||
public static String name = "BaseBand";
|
||||
public long timeOfCompile = 1695208660796L;
|
||||
public long timeOfCompile = 1695669761860L;
|
||||
public CommandManager commandRegistry;
|
||||
public EventBus eventBus;
|
||||
public ArrayList<Module> modules = new ArrayList<>();
|
||||
|
@ -161,34 +161,15 @@ public class BaseBand {
|
|||
}
|
||||
}
|
||||
|
||||
public void addModule(Module m) {
|
||||
if (m.getClass().isAnnotationPresent(Restrict.class)) {
|
||||
Restrict.Edition moduleLevel = m.getClass().getAnnotation(Restrict.class).value();
|
||||
|
||||
if (moduleLevel == null) {
|
||||
|
||||
public void addModule(Module m) {
|
||||
Restrict annotation = m.getClass().getDeclaredAnnotation(Restrict.class)
|
||||
if (annotation != null) {
|
||||
if(level < annotation.value().level)
|
||||
return;
|
||||
}
|
||||
|
||||
switch (moduleLevel) {
|
||||
case BETA:
|
||||
if (level > 2) {
|
||||
modules.add(m);
|
||||
}
|
||||
break;
|
||||
|
||||
case PLUS:
|
||||
if (level > 1) {
|
||||
modules.add(m);
|
||||
}
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
modules.add(m);
|
||||
}
|
||||
modules.add(m);
|
||||
}
|
||||
|
||||
|
||||
public static <T extends Module> T getModule(Class<? extends T> module) {
|
||||
for (int i = 0; i < INSTANCE.modules.size(); i++) {
|
||||
if(INSTANCE.modules.get(i).getClass() == module) {
|
||||
|
|
|
@ -9,7 +9,11 @@ public @interface Restrict {
|
|||
Edition value();
|
||||
|
||||
enum Edition {
|
||||
PLUS,
|
||||
BETA
|
||||
}
|
||||
BETA(2),
|
||||
PLUS(1),
|
||||
|
||||
;
|
||||
public final int level;
|
||||
private Edition(int level) { this.level = level; }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,6 +5,8 @@ import com.baseband.client.command.Command;
|
|||
import com.baseband.client.module.Module;
|
||||
import com.baseband.client.module.modules.ChatCrypt;
|
||||
|
||||
import de.tudbut.tools.Hasher;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
public class GenericSetCommand extends Command {
|
||||
|
@ -19,7 +21,7 @@ public class GenericSetCommand extends Command {
|
|||
if (args.length < 1) {
|
||||
return "Please specify an Operation.";
|
||||
}
|
||||
System.out.println(Arrays.toString(args));
|
||||
|
||||
|
||||
if(args[0].equalsIgnoreCase("toggle") && args.length==2) {
|
||||
Module module = BaseBand.getModule(args[1]);
|
||||
|
@ -31,7 +33,7 @@ public class GenericSetCommand extends Command {
|
|||
}
|
||||
|
||||
if(args[0].equalsIgnoreCase("cryptkey") && args.length==2) {
|
||||
ChatCrypt.key=args[1];
|
||||
ChatCrypt.key = Hasher.sha512hex(Hasher.sha512hex(args[0]));
|
||||
return "OK";
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package com.baseband.client.event;
|
||||
|
||||
public class CancellableEvent {
|
||||
public class CancellableEvent extends Event {
|
||||
boolean cancelled = false;
|
||||
|
||||
public boolean isCancelled() {
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
package com.baseband.client.event;
|
||||
|
||||
public class Event {}
|
|
@ -21,24 +21,15 @@ public class FMLEventProcessor {
|
|||
if (message.startsWith(CommandManager.commandPrefix)) {
|
||||
event.setCanceled(true);
|
||||
Minecraft.getMinecraft().ingameGUI.getChatGUI().addToSentMessages(message);
|
||||
|
||||
|
||||
|
||||
Command cmd = null;
|
||||
|
||||
for (Command command : BaseBand.INSTANCE.commandRegistry.commands) {
|
||||
if (message.substring(CommandManager.commandPrefix.length()).startsWith(command.toString())) {
|
||||
cmd = command;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (cmd != null) {
|
||||
|
||||
|
||||
String substring = message.replace(cmd.toString(),"");
|
||||
|
||||
// args are other part, if exists, and are then split by ,
|
||||
String[] args = substring.replace("AT","").split(",") ;
|
||||
Utils.sendChatMessage(cmd.run(args));
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
package com.baseband.client.event.events;
|
||||
|
||||
import com.baseband.client.event.CancellableEvent;
|
||||
import com.baseband.client.event.Event;
|
||||
|
||||
public class SafeTickEvent extends CancellableEvent {
|
||||
}
|
||||
public class SafeTickEvent extends Event {}
|
||||
|
|
|
@ -17,7 +17,8 @@ public abstract class Module {
|
|||
protected int defaultKey() { return 0; }
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
isEnabled=enabled;
|
||||
isEnabled = enabled;
|
||||
|
||||
if(isEnabled) {
|
||||
enable();
|
||||
BaseBand.INSTANCE.eventBus.register(this);
|
||||
|
|
|
@ -23,11 +23,11 @@ public class HUD extends Module {
|
|||
public void text(RenderGameOverlayEvent.Text e) {
|
||||
FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
|
||||
fr.drawStringWithShadow(BaseBand.INSTANCE.getWatermark(), 2, 2, Color.WHITE.getRGB());
|
||||
int y = 2+fr.FONT_HEIGHT;
|
||||
int y = 2 + fr.FONT_HEIGHT;
|
||||
for (Module m : BaseBand.INSTANCE.modules) {
|
||||
if(m.isEnabled()) {
|
||||
fr.drawStringWithShadow(m.toString(), 2, y, Color.WHITE.getRGB());
|
||||
y=y+fr.FONT_HEIGHT;
|
||||
y = y + fr.FONT_HEIGHT;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -116,7 +116,7 @@ public class InstallerApp {
|
|||
|
||||
int responseInt = inputF.readInt();
|
||||
|
||||
if (responseInt == 0 || responseInt == -2) {
|
||||
if (responseInt >= 0 || responseInt == -2) {
|
||||
loginFrame.dispose();
|
||||
createInstallerWindow();
|
||||
} else if (responseInt == -4) {
|
||||
|
@ -237,7 +237,7 @@ public class InstallerApp {
|
|||
|
||||
int responseInt = inputF.readInt();
|
||||
|
||||
if (responseInt == 0 || responseInt == -2) {
|
||||
if (responseInt >= 0 || responseInt == -2) {
|
||||
PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
|
||||
byte[] random = SecureRandom.getSeed(64);
|
||||
printStream.println(new String(Base64.getEncoder().encode(random)));
|
||||
|
@ -271,6 +271,7 @@ public class InstallerApp {
|
|||
bos.close();
|
||||
fos.close();
|
||||
JOptionPane.showMessageDialog(loginFrame, "Installed!", "BaseBand Installer", JOptionPane.INFORMATION_MESSAGE);
|
||||
System.exit(0);
|
||||
} else {
|
||||
System.exit(0);
|
||||
}
|
||||
|
|
|
@ -89,7 +89,7 @@ public class Loader {
|
|||
}
|
||||
}
|
||||
|
||||
outputF.writeUTF("loader");
|
||||
outputF.writeUTF("loader")
|
||||
outputF.writeUTF(communicationKey.encryptString(username));
|
||||
outputF.writeUTF(communicationKey.encryptString(password));
|
||||
outputF.writeUTF(communicationKey.encryptString(generate()));
|
||||
|
|
|
@ -57,6 +57,8 @@ public class CustomClassloader extends ClassLoader {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
protected Class<?> findClass(String name) throws ClassNotFoundException {
|
||||
final byte[][] data = {null};
|
||||
|
|
|
@ -3,8 +3,10 @@ package org.baseband.launcher.util;
|
|||
import tudbut.obj.DoubleTypedObject;
|
||||
import tudbut.tools.Lock;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.LinkedList;
|
||||
import java.util.Queue;
|
||||
import java.util.Vector;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Supplier;
|
||||
|
|
|
@ -1,11 +1,43 @@
|
|||
package org.baseband.launcher.util;
|
||||
|
||||
import java.io.File;
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.Vector;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class PermissionManager {
|
||||
public static boolean checkMayAccessClasses(boolean checkCallerIsCL) {
|
||||
StackTraceElement[] st = Thread.currentThread().getStackTrace();
|
||||
|
||||
Set<ClassLoader> uniqueClassLoaders = Thread.getAllStackTraces().keySet().stream()
|
||||
.map(thread -> thread.getContextClassLoader())
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
for (ClassLoader classLoader : uniqueClassLoaders) {
|
||||
try {
|
||||
Field LIBRARIES = classLoader.getClass().getDeclaredField("loadedLibraryNames");
|
||||
LIBRARIES.setAccessible(true);
|
||||
final Vector<String> libraries = (Vector<String>) LIBRARIES.get(classLoader);
|
||||
List<String> list = Collections.list(libraries.elements());
|
||||
|
||||
for(String s : list) {
|
||||
//TODO: add more protection
|
||||
}
|
||||
|
||||
} catch (Exception e ) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
for (StackTraceElement element : st) {
|
||||
if(!checkIsProbablyOkay(element)) {
|
||||
//return false;
|
||||
|
|
Loading…
Add table
Reference in a new issue