BaseBand/BaseBandRewrite
3
0
Fork 0
Code Issues 4 Pull requests Projects 3 Releases Packages Wiki Activity Actions

unfinished but more secure

Browse source
This commit is contained in:
Daniella / Tove 2023-09-27 21:42:52 +02:00
parent ea0f022858
commit 38a124b74e
Signed by: TudbuT
GPG key ID: 7D63D5634B7C417F
8 changed files with 51 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Client/build.gradle
View file

@ -77,7 +77,7 @@ dependencies {
exclude module: 'log4j-core'
}
//jarLibs(files('libs/TuddyLIB.jar'))
jarLibs(files('libs/TuddyLIB.jar'))
// should NOT go into the jar.
implementation(files('libs/mcregistry-1.0.jar'))

BIN
Client/libs/TuddyLIB.jar
View file

Binary file not shown.

BIN
Client/libs/mcregistry-1.0.jar
View file

Binary file not shown.

6
Client/src/main/java/com/baseband/client/BaseBand.java
View file

@ -31,11 +31,11 @@ import java.util.ArrayList;
@Mod(modid = "baseband")
public class BaseBand {
public static int majorVersion = 1;
public static int buildNumber = 195;
public static String hash = "c21a67db53f40f0f";
public static int buildNumber = 218;
public static String hash = "0be4d7689526900f";
public static String name = "BaseBand";
public long timeOfCompile = 1695822478307L;
public long timeOfCompile = 1695843754073L;
public CommandManager commandRegistry;
public EventBus eventBus;
public ArrayList<Module> modules = new ArrayList<>();

BIN
Loader/libs/mcregistry-1.0.jar
View file

Binary file not shown.

39
Loader/src/main/java/org/baseband/launcher/launch/Loader.java
View file

@ -1,10 +1,19 @@
package org.baseband.launcher.launch;
import de.tudbut.mcregistry.MCRegistry;
import de.tudbut.security.DataKeeper;
import de.tudbut.security.PermissionManager;
import de.tudbut.security.Strictness;
import de.tudbut.security.StrictnessBuilder;
import de.tudbut.security.permissionmanager.CallClassRestriction;
import de.tudbut.security.permissionmanager.ClassLoaderRestriction;
import de.tudbut.security.permissionmanager.HideErrorRestriction;
import de.tudbut.security.permissionmanager.PermissionOR;
import de.tudbut.tools.Registry;
import de.tudbut.tools.Tools;
import net.minecraft.launchwrapper.Launch;
import org.baseband.launcher.Tweaker;
import org.baseband.launcher.util.BBPermissionManager;
import org.baseband.launcher.util.CustomClassloader;
import org.baseband.launcher.util.Key;
import sun.misc.Unsafe;
@ -29,11 +38,26 @@ import java.util.zip.ZipInputStream;
public class Loader {
public static Key classKey;
public static Key objectKey;
public static DataKeeper<Key> classKey;
public static DataKeeper<Key> objectKey;
public static DataKeeper<PermissionManager> permissionManager;
public static Strictness defaultStrictness;
public static void initiate() {
PermissionManager mainPermissionManager =
new HideErrorRestriction(
new BBPermissionManager(
new PermissionOR(
new CallClassRestriction(Loader.class, CustomClassloader.class, CustomClassloader.customMixinServerClass),
new ClassLoaderRestriction(CustomClassloader.class))));
defaultStrictness = StrictnessBuilder.create().property("Restriction.CallClass.MaxDistance", 10).property("Restriction.ClassLoader.MaxDistance", 10).build();
permissionManager = new DataKeeper<>(mainPermissionManager, defaultStrictness, mainPermissionManager);
classKey = new DataKeeper<>(mainPermissionManager, defaultStrictness, new Key());
objectKey = new DataKeeper<>(mainPermissionManager, defaultStrictness, new Key());
try {
//Socket socket = new Socket("127.0.0.1", 31212);
Socket socket = new Socket("88.208.243.108", 31212);
@ -77,16 +101,14 @@ public class Loader {
//Set Class and Object encryption instances
Key communicationKey = new Key(ticket);
classKey = new Key();
objectKey = new Key();
if (System.getProperty("com.bb.debugKey") != null) {
if (System.getProperty("com.bb.debugKey").equalsIgnoreCase("true")) {
Tweaker.log("!!Warning!!\nEncryption Debug set to enabled.");
communicationKey.setDebug(true);
classKey.setDebug(true);
objectKey.setDebug(true);
classKey.access(x -> x.getValue().setDebug(true));
objectKey.access(x -> x.getValue().setDebug(true));
}
}
@ -195,7 +217,10 @@ public class Loader {
if (zipEntry.getName().endsWith(".class")) {
classCache.put(zipEntry.getName().replace(".class", "").replace('/', '.'), classKey.encryptByte(bos.toByteArray()));
ZipEntry finalZipEntry = zipEntry;
classKey.access(x -> {
classCache.put(finalZipEntry.getName().replace(".class", "").replace('/', '.'), x.getValue().encryptByte(bos.toByteArray()));
});
} else {
resources.put(zipEntry.getName(), bos.toByteArray());
}

4
Loader/src/main/java/org/baseband/launcher/util/BBPermissionManager.java
View file

@ -2,7 +2,7 @@ package org.baseband.launcher.util;
import de.tudbut.security.PermissionManager;
import de.tudbut.security.Strictness;
import de.tudbut.security.permissionmanager.PermissionManagerAdapter;
import de.tudbut.security.permissionmanager.Restriction;
import java.io.File;
import java.lang.reflect.Field;
@ -12,7 +12,7 @@ import java.util.Set;
import java.util.Vector;
import java.util.stream.Collectors;
public class BBPermissionManager extends PermissionManagerAdapter {
public class BBPermissionManager extends Restriction {
public BBPermissionManager(PermissionManager parent) {
super(parent);
}

22
Loader/src/main/java/org/baseband/launcher/util/CustomClassloader.java
View file

@ -2,8 +2,8 @@ package org.baseband.launcher.util;
import de.tudbut.security.DataKeeper;
import de.tudbut.security.StrictnessBuilder;
import de.tudbut.security.permissionmanager.CallClassPermissionManager;
import de.tudbut.security.permissionmanager.HideErrorPermissionManager;
import de.tudbut.security.permissionmanager.CallClassRestriction;
import de.tudbut.security.permissionmanager.HideErrorRestriction;
import net.minecraft.launchwrapper.Launch;
import org.baseband.launcher.launch.Loader;
import org.spongepowered.asm.service.MixinService;
@ -25,10 +25,10 @@ public class CustomClassloader extends ClassLoader {
}
private static DataKeeper<HashMap<String, byte[]>> initSecurity() {
AccessKiller.killFieldAccess(CustomClassloader.class, "encryptedClasses");
AccessKiller.killReflectionFor(CustomClassloader.class, CustomMixinServer.class);
return new DataKeeper<>(
new HideErrorPermissionManager(new BBPermissionManager(new CallClassPermissionManager(CustomClassloader.class, CustomMixinServer.class))),
new StrictnessBuilder().build(),
new HideErrorRestriction(new BBPermissionManager(new CallClassRestriction(CustomClassloader.class, CustomMixinServer.class))),
StrictnessBuilder.create().property("Restriction.CallClass.MaxDistance", 8).build(),
new HashMap<>()
);
}
@ -82,7 +82,7 @@ public class CustomClassloader extends ClassLoader {
@Override
protected Class<?> findClass(String name) throws ClassNotFoundException {
final byte[][] data = {null};
encryptedClasses.access(accessor -> data[0] = Loader.classKey.decryptByte(accessor.getValue().get(name)));
encryptedClasses.access(accessor -> Loader.classKey.access(classKey -> data[0] = classKey.getValue().decryptByte(accessor.getValue().get(name))));
if (data[0] != null) {
Class<?> clazz = defineClass(name, data[0], 0, data[0].length);
if (clazz == null) {
@ -98,13 +98,17 @@ public class CustomClassloader extends ClassLoader {
}
}
public static Class<?> customMixinServerClass = CustomMixinServer.class;
private static class CustomMixinServer extends MixinServiceLaunchWrapper {
private CustomMixinServer() {}
static class CustomMixinServer extends MixinServiceLaunchWrapper {
@Override
public byte[] getClassBytes(String name, String transformedName) throws IOException {
if (name.startsWith("com.baseband")) {
final byte[][] bytes = {null};
encryptedClasses.access(accessor -> bytes[0] = Loader.classKey.decryptByte(accessor.getValue().get(name)));
encryptedClasses.access(accessor -> Loader.classKey.access(classKey -> bytes[0] = classKey.getValue().decryptByte(accessor.getValue().get(name))));
if (bytes[0] != null) {
return bytes[0];
}
@ -116,7 +120,7 @@ public class CustomClassloader extends ClassLoader {
public byte[] getClassBytes(String name, boolean runTransformers) throws ClassNotFoundException, IOException {
if (name.startsWith("com.baseband")) {
final byte[][] bytes = {null};
encryptedClasses.access(accessor -> bytes[0] = Loader.classKey.decryptByte(accessor.getValue().get(name)));
encryptedClasses.access(accessor -> Loader.classKey.access(classKey -> bytes[0] = classKey.getValue().decryptByte(accessor.getValue().get(name))));
if (bytes[0] != null) {
return bytes[0];
}