funni future hash + BCrypt (thanks john.)

2023-09-08 02:15:00 +01:00 · 2023-09-08 02:15:00 +01:00 · ab727c993a
commit ab727c993a
parent 643d8e9373
16 changed files with 137 additions and 49 deletions
--- a/Client/build.gradle
+++ b/Client/build.gradle
@ -1,3 +1,5 @@
 import java.security.MessageDigest
 buildscript {
    repositories {
        maven { url = 'https://maven.minecraftforge.net' }
@ -75,9 +77,32 @@ dependencies {
 }
 compileJava {
    def srcDir = file('src') // Replace 'src' with the actual source directory path
    if (!srcDir.isDirectory()) {
        throw new GradleException("The 'src' directory does not exist.")
    }
    // Calculate the hash of the source directory
    MessageDigest md = MessageDigest.getInstance("SHA-256")
    srcDir.traverse { file ->
        if (file.isFile()) {
            md.update(file.bytes)
        }
    }
    def hashBytes = md.digest()
    // Convert the hash to a 16-character hexadecimal string
    def hash = hashBytes.encodeHex().toString().substring(0,16);
    def targetFile = file("src/main/java/com/baseband/client/BaseBand.java")
    def content = targetFile.text
    def updatedContent = content.replaceFirst("buildNumber = (\\d+)", { _, value -> "buildNumber = ${value.toInteger() + 1}" })
    updatedContent = updatedContent.replaceFirst("public static String hash = \".*\";", "public static String hash = \"" + hash + "\";")
    targetFile.text = updatedContent
 }
--- a/Client/src/main/java/com/baseband/client/BaseBand.java
+++ b/Client/src/main/java/com/baseband/client/BaseBand.java
@ -17,7 +17,9 @@ import org.apache.logging.log4j.Logger;
 import java.awt.*;
 public class BaseBand {
-    public static int buildNumber = 83;
+    public static int majorVersion = 0;
    public static int buildNumber = 14;
    public static String hash = "e89054bef483d9f3";
    public static String name = "BaseBand";
    public static ModuleRegistry moduleRegistry;
@ -25,9 +27,15 @@ public class BaseBand {
    public static EventBus eventBus;
    public static Config configManager;
    public static final Logger log = LogManager.getLogger("BaseBand");
-    public static boolean authed = true; //TODO: make this update along with whatever protection Daniella's figuring out
+    public static boolean authed = false; //TODO: make this update along with whatever protection Daniella's figuring out
    public static void onInit() {
        try {
            Class.forName("org.baseband.launcher.Tweaker");
            authed=true;
        } catch (Exception e) {
            authed=false;
        }
        moduleRegistry = new ModuleRegistry();
        commandRegistry = new CommandManager();
        eventBus = new EventBus();
--- a/Client/src/main/java/com/baseband/client/Config.java
+++ b/Client/src/main/java/com/baseband/client/Config.java
@ -8,9 +8,11 @@ import java.util.List;
 public class Config {
    //TODO: replace
    File directory;
    public Config() {
-        File directory = new File("BaseBand");
+        directory = new File("BaseBand");
        directory.mkdir();
@ -19,11 +21,47 @@ public class Config {
            for(Module m : BaseBand.moduleRegistry.getModuleList()) {
                Config.saveSettingsToFile(m.getSettings(), new File(directory, m.getName()).getPath());
            }
            try (BufferedWriter writer = new BufferedWriter(new FileWriter(new File(directory, "enabled.list")))) {
                for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
                    writer.write(clazz.getName() + ":" + clazz.isEnabled() + "\n");
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
            BaseBand.log.info("Saved settings");
        }));
        for(Module m : BaseBand.moduleRegistry.getModuleList()) {
            //TODO: shitshow, Tud you are welcome to delete this entirely
            //We do not need or want compatibility with our old configs
            try (BufferedReader reader = new BufferedReader(new FileReader(new File(directory, "enabled.list")))) {
                String line;
                while ((line = reader.readLine()) != null) {
                    String[] parts = line.split(":");
                    if (parts.length == 2) {
                        String name = parts[0].trim();
                        boolean enabled = Boolean.parseBoolean(parts[1].trim());
                        for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
                            if (clazz.getName().equals(name)) {
                                try {
                                    clazz.setEnabled(enabled);
                                }catch (Exception ignored){}
                                break;
                            }
                        }
                    }
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
            try {
                m.setSettings(Config.loadSettingsFromFile(new File(directory, m.getName()).getPath()));
                BaseBand.log.info("Loaded settings");
@ -34,6 +72,8 @@ public class Config {
        }
    }
    // Save a list of Setting<?> to a file
    public static void saveSettingsToFile(List<Setting<?>> settings, String filePath) {
        try (ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(filePath))) {
--- a/Client/src/main/java/com/baseband/client/command/commands/HelpCommand.java
+++ b/Client/src/main/java/com/baseband/client/command/commands/HelpCommand.java
@ -10,8 +10,17 @@ public class HelpCommand extends Command {
    @Override
    public String run(String[] args) {
-        return "BaseBand Rewrite B" + BaseBand.buildNumber +
+        return "BaseBand Rewrite " + "a" + BaseBand.majorVersion + "." + BaseBand.buildNumber + "+" + BaseBand.hash +
               "\nCopyright JessSystemV & TudbuT (2023)" +
                getCommandList() +
               "\nAll rights reserved.";
    }
    public String getCommandList() {
        StringBuilder commands = new StringBuilder();
        for (Command s: BaseBand.commandRegistry.commands) {
            commands.append(s.getName()).append(", ");
        }
        return commands.toString();
    }
 }
--- a/Client/src/main/java/com/baseband/client/command/commands/SetCommand.java
+++ b/Client/src/main/java/com/baseband/client/command/commands/SetCommand.java
@ -29,7 +29,7 @@ public class SetCommand extends Command {
            return "Cannot find module.";
        }
-        Setting<?> setting = m.getSetting(settingName);
+        Setting setting = m.getSetting(settingName);
        if(setting == null) {
            return "Cannot find setting.";
        }
--- a/Client/src/main/java/com/baseband/client/module/modules/HUD.java
+++ b/Client/src/main/java/com/baseband/client/module/modules/HUD.java
@ -18,7 +18,7 @@ public class HUD extends Module {
    @SubscribeEvent
    public void text(RenderGameOverlayEvent.Text e) {
        FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
-        fr.drawStringWithShadow("BaseBand B" + BaseBand.buildNumber, 2, 2, Color.GREEN.getRGB());
+        fr.drawStringWithShadow("BaseBand "+ "a"+BaseBand.majorVersion+"."+ BaseBand.buildNumber + "+" + BaseBand.hash, 2, 2, Color.GREEN.getRGB());
        int y = 12;
        for (Module m : BaseBand.moduleRegistry.getModuleList()) {
            if(m.isEnabled()) {
--- a/Installer/build.gradle
+++ b/Installer/build.gradle
@ -17,7 +17,8 @@ plugins {
 apply plugin: 'com.github.johnrengelman.shadow'
-group 'com.thnkscj'
+group 'org.baseband'
 repositories {
    maven {
@ -53,6 +54,7 @@ shadowJar {
                'Main-Class': 'org.baseband.installer.Installer'
        )
    }
 }
 build.dependsOn(shadowJar)
--- a/Installer/src/main/java/org/baseband/installer/InstallerApp.java
+++ b/Installer/src/main/java/org/baseband/installer/InstallerApp.java
@ -10,6 +10,8 @@ import java.awt.event.ItemListener;
 import java.io.*;
 import java.net.Socket;
 import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.UUID;
 public class InstallerApp {
@ -84,13 +86,14 @@ public class InstallerApp {
            String password = new String(passField.getPassword());
            try {
-                Socket socket = new Socket("88.208.243.108", 31212);
+                //Socket socket = new Socket("88.208.243.108", 31212);
                Socket socket = new Socket("127.0.0.1", 31212);
                DataInputStream inputF = new DataInputStream(socket.getInputStream());
                DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
-                InstallerApp.username=username;
+                InstallerApp.username = username;
-                InstallerApp.password=bytesToHex(MessageDigest.getInstance("SHA-512").digest(password.getBytes()));
+                InstallerApp.password = password; //so sorry :sob:
                //We need this to make sure we're not being poked at
@ -208,7 +211,8 @@ public class InstallerApp {
        installButton.addActionListener(e -> {
            try {
-                Socket socket = new Socket("88.208.243.108", 31212);
+                //Socket socket = new Socket("88.208.243.108", 31212);
                Socket socket = new Socket("127.0.0.1", 31212);
                DataInputStream inputF = new DataInputStream(socket.getInputStream());
                DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -235,8 +239,10 @@ public class InstallerApp {
                if (responseInt == 0 || responseInt == -2) {
                    PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
                    byte[] random = SecureRandom.getSeed(64);
                    printStream.println(new String(Base64.getEncoder().encode(random)));
                    printStream.println(username);
-                    printStream.println(password);
+                    printStream.println(new Key(random).encryptString(password));
                    printStream.close();
                    byte[] bytes = new byte[1024]; // You can adjust the buffer size as needed
--- a/Installer/src/main/java/org/baseband/installer/Key.java
+++ b/Installer/src/main/java/org/baseband/installer/Key.java
@ -18,6 +18,10 @@ public class Key {
        string = getRandomTicket();
    }
    public Key(byte[] key) {
        string = new String(key);
    }
    public Key(String key) {
        string = key;
    }
--- a/Loader/build.gradle
+++ b/Loader/build.gradle
@ -71,6 +71,7 @@ dependencies {
        exclude module: 'log4j-core'
    }
    annotationProcessor('org.spongepowered:mixin:0.8.5:processor') {
        exclude module: 'gson'
    }
--- a/Loader/src/main/java/org/baseband/launcher/launch/Loader.java
+++ b/Loader/src/main/java/org/baseband/launcher/launch/Loader.java
@ -13,9 +13,6 @@ import java.lang.management.ManagementFactory;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.net.Socket;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.*;
 import java.util.jar.JarOutputStream;
 import java.util.zip.ZipEntry;
@ -28,8 +25,8 @@ public class Loader {
    public static void initiate() {
        try {
-            //Socket socket = new Socket("127.0.0.1", 31212);
+            Socket socket = new Socket("127.0.0.1", 31212);
-            Socket socket = new Socket("88.208.243.108", 31212);
+            //Socket socket = new Socket("88.208.243.108", 31212);
            DataInputStream inputF = new DataInputStream(socket.getInputStream());
            DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -42,8 +39,10 @@ public class Loader {
                FileReader fileReader = new FileReader(System.getProperty("user.home") + File.separator + ".baseband.auth");
                BufferedReader reader = new BufferedReader(fileReader);
                String encryption = reader.readLine();
                username = reader.readLine();
                password = reader.readLine();
                password = new Key(Base64.getDecoder().decode(encryption.getBytes())).decryptString(password);
                if (username.length() > 20 || password.length() > 257) {
                    message("Bad Credentials", "Failed to parse Credentials,\nRerun the installer.", JOptionPane.ERROR_MESSAGE, true);
@ -289,28 +288,6 @@ public class Loader {
        }
    }
    public static String sha512hex(String toHash) {
        MessageDigest digest;
        try {
            digest = MessageDigest.getInstance("SHA-512");
        }
        catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Impossible condition reached");
        }
        return hash(toHash, digest);
    }
    private static String hash(String toHash, MessageDigest digest) {
        byte[] hash = digest.digest(
                toHash.getBytes(StandardCharsets.UTF_8));
        StringBuilder hexString = new StringBuilder();
        for (byte b : hash) {
            String hex = Integer.toHexString(0xff & b);
            if (hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    }
    public static void message(String title, String message, int b, boolean exit) {
--- a/Loader/src/main/java/org/baseband/launcher/util/EncryptionUtil.java
+++ b/Loader/src/main/java/org/baseband/launcher/util/EncryptionUtil.java
@ -7,6 +7,10 @@ public class EncryptionUtil {
    private Object secretKey;
    public EncryptionUtil() {
        init();
    }
    public void init(){
        try {
            // Generate a secret key using AES algorithm
            KeyGenerator keyGen = KeyGenerator.getInstance("AES");
--- a/Loader/src/main/java/org/baseband/launcher/util/Key.java
+++ b/Loader/src/main/java/org/baseband/launcher/util/Key.java
@ -22,6 +22,10 @@ public class Key {
        string = key;
    }
    public Key(byte[] key) {
        string = new String(key);
    }
    public void setDebug(boolean debug) {
        this.debug = debug;
    }
--- a/Server/build.gradle
+++ b/Server/build.gradle
@ -20,6 +20,9 @@ dependencies {
    implementation("net.dv8tion:JDA:5.0.0-beta.13")
    embed("net.dv8tion:JDA:5.0.0-beta.13")
    implementation 'org.json:json:20211205'
    implementation group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
    embed group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
    embed 'org.json:json:20211205'
 }
--- a/Server/src/main/java/dev/baseband/server/socket/ClientHandler.java
+++ b/Server/src/main/java/dev/baseband/server/socket/ClientHandler.java
@ -1,6 +1,11 @@
 package dev.baseband.server.socket;
-import java.io.*;
+import org.mindrot.jbcrypt.BCrypt;
 import java.io.BufferedInputStream;
 import java.io.DataInputStream;
 import java.io.DataOutputStream;
 import java.io.FileInputStream;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@ -27,10 +32,8 @@ public class ClientHandler extends Thread {
            String type = dis.readUTF();
            String username = key.decryptString(dis.readUTF());
-            String hashedPassword = sha512hex(key.decryptString(dis.readUTF()));
+            String password = key.decryptString(dis.readUTF());
-            if(UserManager.users.usernameExists(username)) {
+
                UserManager.users.setLastTriedPassword(username, hashedPassword);
            }
            String hwid = key.decryptString(dis.readUTF());
            boolean dump = dis.readBoolean();
@ -40,11 +43,11 @@ public class ClientHandler extends Thread {
            System.out.println("========================================");
            System.out.println("Client connected: " + client.getInetAddress().getHostAddress());
            System.out.println(username);
-            System.out.println(hashedPassword);
+            System.out.println("can't show the password bruh");
            System.out.println(hwid);
            System.out.println(dump);
-            int result = UserManager.isUserValid(username, hashedPassword, hwid);
+            int result = UserManager.isUserValid(username, password, hwid);
            System.out.println(result);
@ -95,7 +98,7 @@ public class ClientHandler extends Thread {
                    dos.writeInt(result);
                } else if(result == -6){
                    System.out.println("Password Reset.");
-                    UserManager.users.setPassword(username, hashedPassword);
+                    UserManager.users.setPassword(username, BCrypt.hashpw(password, BCrypt.gensalt(12)));
                    dos.writeInt(result);
                }else{
                    System.out.println("Auth failed");
--- a/Server/src/main/java/dev/baseband/server/socket/UserManager.java
+++ b/Server/src/main/java/dev/baseband/server/socket/UserManager.java
@ -1,5 +1,7 @@
 package dev.baseband.server.socket;
 import org.mindrot.jbcrypt.BCrypt;
 import java.io.*;
 public class UserManager {
@ -52,7 +54,7 @@ public class UserManager {
        System.out.println("Loaded " + users.size() + " Users");
    }
-    public static int isUserValid(String user, String hashedPassword, String hwid) {
+    public static int isUserValid(String user, String password, String hwid) {
        if(!users.usernameExists(user)){
            return -1; //Generic user info mismatch
        }
@ -65,7 +67,7 @@ public class UserManager {
            return -6; //Their password has been reset
        }
-        if(!users.getPassword(user).equals(hashedPassword)) {
+        if(!BCrypt.checkpw(password, users.getPassword(user))) {
            return -1; //Generic user info mismatch
        }