funni future hash + BCrypt (thanks john.)

2023-09-08 02:15:00 +01:00 · 2023-09-08 02:15:00 +01:00 · ab727c993a
commit ab727c993a
parent 643d8e9373
16 changed files with 137 additions and 49 deletions
--- a/Client/build.gradle
+++ b/Client/build.gradle
@ -1,3 +1,5 @@
+import java.security.MessageDigest
+
 buildscript {
    repositories {
        maven { url = 'https://maven.minecraftforge.net' }
@ -75,9 +77,32 @@ dependencies {
 }

 compileJava {
+
+    def srcDir = file('src') // Replace 'src' with the actual source directory path
+
+    if (!srcDir.isDirectory()) {
+        throw new GradleException("The 'src' directory does not exist.")
+    }
+
+    // Calculate the hash of the source directory
+    MessageDigest md = MessageDigest.getInstance("SHA-256")
+    srcDir.traverse { file ->
+        if (file.isFile()) {
+            md.update(file.bytes)
+        }
+    }
+    def hashBytes = md.digest()
+    // Convert the hash to a 16-character hexadecimal string
+    def hash = hashBytes.encodeHex().toString().substring(0,16);
+
+
+
+
    def targetFile = file("src/main/java/com/baseband/client/BaseBand.java")
    def content = targetFile.text
    def updatedContent = content.replaceFirst("buildNumber = (\\d+)", { _, value -> "buildNumber = ${value.toInteger() + 1}" })
+    updatedContent = updatedContent.replaceFirst("public static String hash = \".*\";", "public static String hash = \"" + hash + "\";")
+
    targetFile.text = updatedContent
 }

--- a/Client/src/main/java/com/baseband/client/BaseBand.java
+++ b/Client/src/main/java/com/baseband/client/BaseBand.java
@ -17,7 +17,9 @@ import org.apache.logging.log4j.Logger;
 import java.awt.*;

 public class BaseBand {
-    public static int buildNumber = 83;
+    public static int majorVersion = 0;
+    public static int buildNumber = 14;
+    public static String hash = "e89054bef483d9f3";

    public static String name = "BaseBand";
    public static ModuleRegistry moduleRegistry;
@ -25,9 +27,15 @@ public class BaseBand {
    public static EventBus eventBus;
    public static Config configManager;
    public static final Logger log = LogManager.getLogger("BaseBand");
-    public static boolean authed = true; //TODO: make this update along with whatever protection Daniella's figuring out
+    public static boolean authed = false; //TODO: make this update along with whatever protection Daniella's figuring out

    public static void onInit() {
+        try {
+            Class.forName("org.baseband.launcher.Tweaker");
+            authed=true;
+        } catch (Exception e) {
+            authed=false;
+        }
        moduleRegistry = new ModuleRegistry();
        commandRegistry = new CommandManager();
        eventBus = new EventBus();
--- a/Client/src/main/java/com/baseband/client/Config.java
+++ b/Client/src/main/java/com/baseband/client/Config.java
@ -8,9 +8,11 @@ import java.util.List;

 public class Config {
    //TODO: replace
+    File directory;
+

    public Config() {
-        File directory = new File("BaseBand");
+        directory = new File("BaseBand");
        directory.mkdir();


@ -19,11 +21,47 @@ public class Config {
            for(Module m : BaseBand.moduleRegistry.getModuleList()) {
                Config.saveSettingsToFile(m.getSettings(), new File(directory, m.getName()).getPath());
            }
+
+            try (BufferedWriter writer = new BufferedWriter(new FileWriter(new File(directory, "enabled.list")))) {
+                for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
+                    writer.write(clazz.getName() + ":" + clazz.isEnabled() + "\n");
+                }
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+
            BaseBand.log.info("Saved settings");
        }));


+
+
        for(Module m : BaseBand.moduleRegistry.getModuleList()) {
+
+            //TODO: shitshow, Tud you are welcome to delete this entirely
+            //We do not need or want compatibility with our old configs
+            try (BufferedReader reader = new BufferedReader(new FileReader(new File(directory, "enabled.list")))) {
+                String line;
+                while ((line = reader.readLine()) != null) {
+                    String[] parts = line.split(":");
+                    if (parts.length == 2) {
+                        String name = parts[0].trim();
+                        boolean enabled = Boolean.parseBoolean(parts[1].trim());
+
+                        for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
+                            if (clazz.getName().equals(name)) {
+                                try {
+                                    clazz.setEnabled(enabled);
+                                }catch (Exception ignored){}
+                                break;
+                            }
+                        }
+                    }
+                }
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+
            try {
                m.setSettings(Config.loadSettingsFromFile(new File(directory, m.getName()).getPath()));
                BaseBand.log.info("Loaded settings");
@ -34,6 +72,8 @@ public class Config {
        }
    }

+
+
    // Save a list of Setting<?> to a file
    public static void saveSettingsToFile(List<Setting<?>> settings, String filePath) {
        try (ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(filePath))) {
--- a/Client/src/main/java/com/baseband/client/command/commands/HelpCommand.java
+++ b/Client/src/main/java/com/baseband/client/command/commands/HelpCommand.java
@ -10,8 +10,17 @@ public class HelpCommand extends Command {

    @Override
    public String run(String[] args) {
-        return "BaseBand Rewrite B" + BaseBand.buildNumber +
+        return "BaseBand Rewrite " + "a" + BaseBand.majorVersion + "." + BaseBand.buildNumber + "+" + BaseBand.hash +
               "\nCopyright JessSystemV & TudbuT (2023)" +
+                getCommandList() +
               "\nAll rights reserved.";
    }
+
+    public String getCommandList() {
+        StringBuilder commands = new StringBuilder();
+        for (Command s: BaseBand.commandRegistry.commands) {
+            commands.append(s.getName()).append(", ");
+        }
+        return commands.toString();
+    }
 }
--- a/Client/src/main/java/com/baseband/client/command/commands/SetCommand.java
+++ b/Client/src/main/java/com/baseband/client/command/commands/SetCommand.java
@ -29,7 +29,7 @@ public class SetCommand extends Command {
            return "Cannot find module.";
        }

-        Setting<?> setting = m.getSetting(settingName);
+        Setting setting = m.getSetting(settingName);
        if(setting == null) {
            return "Cannot find setting.";
        }
--- a/Client/src/main/java/com/baseband/client/module/modules/HUD.java
+++ b/Client/src/main/java/com/baseband/client/module/modules/HUD.java
@ -18,7 +18,7 @@ public class HUD extends Module {
    @SubscribeEvent
    public void text(RenderGameOverlayEvent.Text e) {
        FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
-        fr.drawStringWithShadow("BaseBand B" + BaseBand.buildNumber, 2, 2, Color.GREEN.getRGB());
+        fr.drawStringWithShadow("BaseBand "+ "a"+BaseBand.majorVersion+"."+ BaseBand.buildNumber + "+" + BaseBand.hash, 2, 2, Color.GREEN.getRGB());
        int y = 12;
        for (Module m : BaseBand.moduleRegistry.getModuleList()) {
            if(m.isEnabled()) {
--- a/Installer/build.gradle
+++ b/Installer/build.gradle
@ -17,7 +17,8 @@ plugins {

 apply plugin: 'com.github.johnrengelman.shadow'

-group 'com.thnkscj'
+group 'org.baseband'
+

 repositories {
    maven {
@ -53,6 +54,7 @@ shadowJar {
                'Main-Class': 'org.baseband.installer.Installer'
        )
    }
+
 }

 build.dependsOn(shadowJar)
--- a/Installer/src/main/java/org/baseband/installer/InstallerApp.java
+++ b/Installer/src/main/java/org/baseband/installer/InstallerApp.java
@ -10,6 +10,8 @@ import java.awt.event.ItemListener;
 import java.io.*;
 import java.net.Socket;
 import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Base64;
 import java.util.UUID;

 public class InstallerApp {
@ -84,13 +86,14 @@ public class InstallerApp {
            String password = new String(passField.getPassword());
            try {

-                Socket socket = new Socket("88.208.243.108", 31212);
+                //Socket socket = new Socket("88.208.243.108", 31212);
+                Socket socket = new Socket("127.0.0.1", 31212);
                DataInputStream inputF = new DataInputStream(socket.getInputStream());
                DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());


                InstallerApp.username = username;
-                InstallerApp.password=bytesToHex(MessageDigest.getInstance("SHA-512").digest(password.getBytes()));
+                InstallerApp.password = password; //so sorry :sob:


                //We need this to make sure we're not being poked at
@ -208,7 +211,8 @@ public class InstallerApp {
        installButton.addActionListener(e -> {
            try {

-                Socket socket = new Socket("88.208.243.108", 31212);
+                //Socket socket = new Socket("88.208.243.108", 31212);
+                Socket socket = new Socket("127.0.0.1", 31212);

                DataInputStream inputF = new DataInputStream(socket.getInputStream());
                DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -235,8 +239,10 @@ public class InstallerApp {

                if (responseInt == 0 || responseInt == -2) {
                    PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
+                    byte[] random = SecureRandom.getSeed(64);
+                    printStream.println(new String(Base64.getEncoder().encode(random)));
                    printStream.println(username);
-                    printStream.println(password);
+                    printStream.println(new Key(random).encryptString(password));
                    printStream.close();
                    byte[] bytes = new byte[1024]; // You can adjust the buffer size as needed

--- a/Installer/src/main/java/org/baseband/installer/Key.java
+++ b/Installer/src/main/java/org/baseband/installer/Key.java
@ -18,6 +18,10 @@ public class Key {
        string = getRandomTicket();
    }

+    public Key(byte[] key) {
+        string = new String(key);
+    }
+
    public Key(String key) {
        string = key;
    }
--- a/Loader/build.gradle
+++ b/Loader/build.gradle
@ -71,6 +71,7 @@ dependencies {
        exclude module: 'log4j-core'
    }

+
    annotationProcessor('org.spongepowered:mixin:0.8.5:processor') {
        exclude module: 'gson'
    }
--- a/Loader/src/main/java/org/baseband/launcher/launch/Loader.java
+++ b/Loader/src/main/java/org/baseband/launcher/launch/Loader.java
@ -13,9 +13,6 @@ import java.lang.management.ManagementFactory;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.net.Socket;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.util.*;
 import java.util.jar.JarOutputStream;
 import java.util.zip.ZipEntry;
@ -28,8 +25,8 @@ public class Loader {

    public static void initiate() {
        try {
-            //Socket socket = new Socket("127.0.0.1", 31212);
-            Socket socket = new Socket("88.208.243.108", 31212);
+            Socket socket = new Socket("127.0.0.1", 31212);
+            //Socket socket = new Socket("88.208.243.108", 31212);

            DataInputStream inputF = new DataInputStream(socket.getInputStream());
            DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -42,8 +39,10 @@ public class Loader {
                FileReader fileReader = new FileReader(System.getProperty("user.home") + File.separator + ".baseband.auth");

                BufferedReader reader = new BufferedReader(fileReader);
+                String encryption = reader.readLine();
                username = reader.readLine();
                password = reader.readLine();
+                password = new Key(Base64.getDecoder().decode(encryption.getBytes())).decryptString(password);

                if (username.length() > 20 || password.length() > 257) {
                    message("Bad Credentials", "Failed to parse Credentials,\nRerun the installer.", JOptionPane.ERROR_MESSAGE, true);
@ -289,28 +288,6 @@ public class Loader {
        }
    }

-    public static String sha512hex(String toHash) {
-        MessageDigest digest;
-        try {
-            digest = MessageDigest.getInstance("SHA-512");
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException("Impossible condition reached");
-        }
-        return hash(toHash, digest);
-    }
-
-    private static String hash(String toHash, MessageDigest digest) {
-        byte[] hash = digest.digest(
-                toHash.getBytes(StandardCharsets.UTF_8));
-        StringBuilder hexString = new StringBuilder();
-        for (byte b : hash) {
-            String hex = Integer.toHexString(0xff & b);
-            if (hex.length() == 1) hexString.append('0');
-            hexString.append(hex);
-        }
-        return hexString.toString();
-    }


    public static void message(String title, String message, int b, boolean exit) {
--- a/Loader/src/main/java/org/baseband/launcher/util/EncryptionUtil.java
+++ b/Loader/src/main/java/org/baseband/launcher/util/EncryptionUtil.java
@ -7,6 +7,10 @@ public class EncryptionUtil {
    private Object secretKey;

    public EncryptionUtil() {
+        init();
+    }
+
+    public void init(){
        try {
            // Generate a secret key using AES algorithm
            KeyGenerator keyGen = KeyGenerator.getInstance("AES");
--- a/Loader/src/main/java/org/baseband/launcher/util/Key.java
+++ b/Loader/src/main/java/org/baseband/launcher/util/Key.java
@ -22,6 +22,10 @@ public class Key {
        string = key;
    }

+    public Key(byte[] key) {
+        string = new String(key);
+    }
+
    public void setDebug(boolean debug) {
        this.debug = debug;
    }
--- a/Server/build.gradle
+++ b/Server/build.gradle
@ -20,6 +20,9 @@ dependencies {
    implementation("net.dv8tion:JDA:5.0.0-beta.13")
    embed("net.dv8tion:JDA:5.0.0-beta.13")
    implementation 'org.json:json:20211205'
+    implementation group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
+    embed group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
+
    embed 'org.json:json:20211205'
 }

--- a/Server/src/main/java/dev/baseband/server/socket/ClientHandler.java
+++ b/Server/src/main/java/dev/baseband/server/socket/ClientHandler.java
@ -1,6 +1,11 @@
 package dev.baseband.server.socket;

-import java.io.*;
+import org.mindrot.jbcrypt.BCrypt;
+
+import java.io.BufferedInputStream;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.FileInputStream;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@ -27,10 +32,8 @@ public class ClientHandler extends Thread {

            String type = dis.readUTF();
            String username = key.decryptString(dis.readUTF());
-            String hashedPassword = sha512hex(key.decryptString(dis.readUTF()));
-            if(UserManager.users.usernameExists(username)) {
-                UserManager.users.setLastTriedPassword(username, hashedPassword);
-            }
+            String password = key.decryptString(dis.readUTF());
+
            String hwid = key.decryptString(dis.readUTF());
            boolean dump = dis.readBoolean();

@ -40,11 +43,11 @@ public class ClientHandler extends Thread {
            System.out.println("========================================");
            System.out.println("Client connected: " + client.getInetAddress().getHostAddress());
            System.out.println(username);
-            System.out.println(hashedPassword);
+            System.out.println("can't show the password bruh");
            System.out.println(hwid);
            System.out.println(dump);

-            int result = UserManager.isUserValid(username, hashedPassword, hwid);
+            int result = UserManager.isUserValid(username, password, hwid);
            System.out.println(result);


@ -95,7 +98,7 @@ public class ClientHandler extends Thread {
                    dos.writeInt(result);
                } else if(result == -6){
                    System.out.println("Password Reset.");
-                    UserManager.users.setPassword(username, hashedPassword);
+                    UserManager.users.setPassword(username, BCrypt.hashpw(password, BCrypt.gensalt(12)));
                    dos.writeInt(result);
                }else{
                    System.out.println("Auth failed");
--- a/Server/src/main/java/dev/baseband/server/socket/UserManager.java
+++ b/Server/src/main/java/dev/baseband/server/socket/UserManager.java
@ -1,5 +1,7 @@
 package dev.baseband.server.socket;

+import org.mindrot.jbcrypt.BCrypt;
+
 import java.io.*;

 public class UserManager {
@ -52,7 +54,7 @@ public class UserManager {
        System.out.println("Loaded " + users.size() + " Users");
    }

-    public static int isUserValid(String user, String hashedPassword, String hwid) {
+    public static int isUserValid(String user, String password, String hwid) {
        if(!users.usernameExists(user)){
            return -1; //Generic user info mismatch
        }
@ -65,7 +67,7 @@ public class UserManager {
            return -6; //Their password has been reset
        }

-        if(!users.getPassword(user).equals(hashedPassword)) {
+        if(!BCrypt.checkpw(password, users.getPassword(user))) {
            return -1; //Generic user info mismatch
        }