funni future hash + BCrypt (thanks john.)

This commit is contained in:
Jess 2023-09-08 02:15:00 +01:00
parent 643d8e9373
commit ab727c993a
16 changed files with 137 additions and 49 deletions

View file

@ -1,3 +1,5 @@
import java.security.MessageDigest
buildscript {
repositories {
maven { url = 'https://maven.minecraftforge.net' }
@ -75,9 +77,32 @@ dependencies {
}
compileJava {
def srcDir = file('src') // Replace 'src' with the actual source directory path
if (!srcDir.isDirectory()) {
throw new GradleException("The 'src' directory does not exist.")
}
// Calculate the hash of the source directory
MessageDigest md = MessageDigest.getInstance("SHA-256")
srcDir.traverse { file ->
if (file.isFile()) {
md.update(file.bytes)
}
}
def hashBytes = md.digest()
// Convert the hash to a 16-character hexadecimal string
def hash = hashBytes.encodeHex().toString().substring(0,16);
def targetFile = file("src/main/java/com/baseband/client/BaseBand.java")
def content = targetFile.text
def updatedContent = content.replaceFirst("buildNumber = (\\d+)", { _, value -> "buildNumber = ${value.toInteger() + 1}" })
updatedContent = updatedContent.replaceFirst("public static String hash = \".*\";", "public static String hash = \"" + hash + "\";")
targetFile.text = updatedContent
}

View file

@ -17,7 +17,9 @@ import org.apache.logging.log4j.Logger;
import java.awt.*;
public class BaseBand {
public static int buildNumber = 83;
public static int majorVersion = 0;
public static int buildNumber = 14;
public static String hash = "e89054bef483d9f3";
public static String name = "BaseBand";
public static ModuleRegistry moduleRegistry;
@ -25,9 +27,15 @@ public class BaseBand {
public static EventBus eventBus;
public static Config configManager;
public static final Logger log = LogManager.getLogger("BaseBand");
public static boolean authed = true; //TODO: make this update along with whatever protection Daniella's figuring out
public static boolean authed = false; //TODO: make this update along with whatever protection Daniella's figuring out
public static void onInit() {
try {
Class.forName("org.baseband.launcher.Tweaker");
authed=true;
} catch (Exception e) {
authed=false;
}
moduleRegistry = new ModuleRegistry();
commandRegistry = new CommandManager();
eventBus = new EventBus();

View file

@ -8,9 +8,11 @@ import java.util.List;
public class Config {
//TODO: replace
File directory;
public Config() {
File directory = new File("BaseBand");
directory = new File("BaseBand");
directory.mkdir();
@ -19,11 +21,47 @@ public class Config {
for(Module m : BaseBand.moduleRegistry.getModuleList()) {
Config.saveSettingsToFile(m.getSettings(), new File(directory, m.getName()).getPath());
}
try (BufferedWriter writer = new BufferedWriter(new FileWriter(new File(directory, "enabled.list")))) {
for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
writer.write(clazz.getName() + ":" + clazz.isEnabled() + "\n");
}
} catch (IOException e) {
e.printStackTrace();
}
BaseBand.log.info("Saved settings");
}));
for(Module m : BaseBand.moduleRegistry.getModuleList()) {
//TODO: shitshow, Tud you are welcome to delete this entirely
//We do not need or want compatibility with our old configs
try (BufferedReader reader = new BufferedReader(new FileReader(new File(directory, "enabled.list")))) {
String line;
while ((line = reader.readLine()) != null) {
String[] parts = line.split(":");
if (parts.length == 2) {
String name = parts[0].trim();
boolean enabled = Boolean.parseBoolean(parts[1].trim());
for (Module clazz : BaseBand.moduleRegistry.getModuleList()) {
if (clazz.getName().equals(name)) {
try {
clazz.setEnabled(enabled);
}catch (Exception ignored){}
break;
}
}
}
}
} catch (IOException e) {
e.printStackTrace();
}
try {
m.setSettings(Config.loadSettingsFromFile(new File(directory, m.getName()).getPath()));
BaseBand.log.info("Loaded settings");
@ -34,6 +72,8 @@ public class Config {
}
}
// Save a list of Setting<?> to a file
public static void saveSettingsToFile(List<Setting<?>> settings, String filePath) {
try (ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(filePath))) {

View file

@ -10,8 +10,17 @@ public class HelpCommand extends Command {
@Override
public String run(String[] args) {
return "BaseBand Rewrite B" + BaseBand.buildNumber +
return "BaseBand Rewrite " + "a" + BaseBand.majorVersion + "." + BaseBand.buildNumber + "+" + BaseBand.hash +
"\nCopyright JessSystemV & TudbuT (2023)" +
getCommandList() +
"\nAll rights reserved.";
}
public String getCommandList() {
StringBuilder commands = new StringBuilder();
for (Command s: BaseBand.commandRegistry.commands) {
commands.append(s.getName()).append(", ");
}
return commands.toString();
}
}

View file

@ -29,7 +29,7 @@ public class SetCommand extends Command {
return "Cannot find module.";
}
Setting<?> setting = m.getSetting(settingName);
Setting setting = m.getSetting(settingName);
if(setting == null) {
return "Cannot find setting.";
}

View file

@ -18,7 +18,7 @@ public class HUD extends Module {
@SubscribeEvent
public void text(RenderGameOverlayEvent.Text e) {
FontRenderer fr = Minecraft.getMinecraft().fontRenderer;
fr.drawStringWithShadow("BaseBand B" + BaseBand.buildNumber, 2, 2, Color.GREEN.getRGB());
fr.drawStringWithShadow("BaseBand "+ "a"+BaseBand.majorVersion+"."+ BaseBand.buildNumber + "+" + BaseBand.hash, 2, 2, Color.GREEN.getRGB());
int y = 12;
for (Module m : BaseBand.moduleRegistry.getModuleList()) {
if(m.isEnabled()) {

View file

@ -17,7 +17,8 @@ plugins {
apply plugin: 'com.github.johnrengelman.shadow'
group 'com.thnkscj'
group 'org.baseband'
repositories {
maven {
@ -53,6 +54,7 @@ shadowJar {
'Main-Class': 'org.baseband.installer.Installer'
)
}
}
build.dependsOn(shadowJar)

View file

@ -10,6 +10,8 @@ import java.awt.event.ItemListener;
import java.io.*;
import java.net.Socket;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.UUID;
public class InstallerApp {
@ -84,13 +86,14 @@ public class InstallerApp {
String password = new String(passField.getPassword());
try {
Socket socket = new Socket("88.208.243.108", 31212);
//Socket socket = new Socket("88.208.243.108", 31212);
Socket socket = new Socket("127.0.0.1", 31212);
DataInputStream inputF = new DataInputStream(socket.getInputStream());
DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
InstallerApp.username=username;
InstallerApp.password=bytesToHex(MessageDigest.getInstance("SHA-512").digest(password.getBytes()));
InstallerApp.username = username;
InstallerApp.password = password; //so sorry :sob:
//We need this to make sure we're not being poked at
@ -208,7 +211,8 @@ public class InstallerApp {
installButton.addActionListener(e -> {
try {
Socket socket = new Socket("88.208.243.108", 31212);
//Socket socket = new Socket("88.208.243.108", 31212);
Socket socket = new Socket("127.0.0.1", 31212);
DataInputStream inputF = new DataInputStream(socket.getInputStream());
DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -235,8 +239,10 @@ public class InstallerApp {
if (responseInt == 0 || responseInt == -2) {
PrintStream printStream = new PrintStream(System.getProperty("user.home")+File.separator+".baseband.auth");
byte[] random = SecureRandom.getSeed(64);
printStream.println(new String(Base64.getEncoder().encode(random)));
printStream.println(username);
printStream.println(password);
printStream.println(new Key(random).encryptString(password));
printStream.close();
byte[] bytes = new byte[1024]; // You can adjust the buffer size as needed

View file

@ -18,6 +18,10 @@ public class Key {
string = getRandomTicket();
}
public Key(byte[] key) {
string = new String(key);
}
public Key(String key) {
string = key;
}

View file

@ -71,6 +71,7 @@ dependencies {
exclude module: 'log4j-core'
}
annotationProcessor('org.spongepowered:mixin:0.8.5:processor') {
exclude module: 'gson'
}

View file

@ -13,9 +13,6 @@ import java.lang.management.ManagementFactory;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;
import java.util.jar.JarOutputStream;
import java.util.zip.ZipEntry;
@ -28,8 +25,8 @@ public class Loader {
public static void initiate() {
try {
//Socket socket = new Socket("127.0.0.1", 31212);
Socket socket = new Socket("88.208.243.108", 31212);
Socket socket = new Socket("127.0.0.1", 31212);
//Socket socket = new Socket("88.208.243.108", 31212);
DataInputStream inputF = new DataInputStream(socket.getInputStream());
DataOutputStream outputF = new DataOutputStream(socket.getOutputStream());
@ -42,8 +39,10 @@ public class Loader {
FileReader fileReader = new FileReader(System.getProperty("user.home") + File.separator + ".baseband.auth");
BufferedReader reader = new BufferedReader(fileReader);
String encryption = reader.readLine();
username = reader.readLine();
password = reader.readLine();
password = new Key(Base64.getDecoder().decode(encryption.getBytes())).decryptString(password);
if (username.length() > 20 || password.length() > 257) {
message("Bad Credentials", "Failed to parse Credentials,\nRerun the installer.", JOptionPane.ERROR_MESSAGE, true);
@ -289,28 +288,6 @@ public class Loader {
}
}
public static String sha512hex(String toHash) {
MessageDigest digest;
try {
digest = MessageDigest.getInstance("SHA-512");
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Impossible condition reached");
}
return hash(toHash, digest);
}
private static String hash(String toHash, MessageDigest digest) {
byte[] hash = digest.digest(
toHash.getBytes(StandardCharsets.UTF_8));
StringBuilder hexString = new StringBuilder();
for (byte b : hash) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
return hexString.toString();
}
public static void message(String title, String message, int b, boolean exit) {

View file

@ -7,6 +7,10 @@ public class EncryptionUtil {
private Object secretKey;
public EncryptionUtil() {
init();
}
public void init(){
try {
// Generate a secret key using AES algorithm
KeyGenerator keyGen = KeyGenerator.getInstance("AES");

View file

@ -22,6 +22,10 @@ public class Key {
string = key;
}
public Key(byte[] key) {
string = new String(key);
}
public void setDebug(boolean debug) {
this.debug = debug;
}

View file

@ -20,6 +20,9 @@ dependencies {
implementation("net.dv8tion:JDA:5.0.0-beta.13")
embed("net.dv8tion:JDA:5.0.0-beta.13")
implementation 'org.json:json:20211205'
implementation group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
embed group: 'org.mindrot', name: 'jbcrypt', version: '0.4'
embed 'org.json:json:20211205'
}

View file

@ -1,6 +1,11 @@
package dev.baseband.server.socket;
import java.io.*;
import org.mindrot.jbcrypt.BCrypt;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@ -27,10 +32,8 @@ public class ClientHandler extends Thread {
String type = dis.readUTF();
String username = key.decryptString(dis.readUTF());
String hashedPassword = sha512hex(key.decryptString(dis.readUTF()));
if(UserManager.users.usernameExists(username)) {
UserManager.users.setLastTriedPassword(username, hashedPassword);
}
String password = key.decryptString(dis.readUTF());
String hwid = key.decryptString(dis.readUTF());
boolean dump = dis.readBoolean();
@ -40,11 +43,11 @@ public class ClientHandler extends Thread {
System.out.println("========================================");
System.out.println("Client connected: " + client.getInetAddress().getHostAddress());
System.out.println(username);
System.out.println(hashedPassword);
System.out.println("can't show the password bruh");
System.out.println(hwid);
System.out.println(dump);
int result = UserManager.isUserValid(username, hashedPassword, hwid);
int result = UserManager.isUserValid(username, password, hwid);
System.out.println(result);
@ -95,7 +98,7 @@ public class ClientHandler extends Thread {
dos.writeInt(result);
} else if(result == -6){
System.out.println("Password Reset.");
UserManager.users.setPassword(username, hashedPassword);
UserManager.users.setPassword(username, BCrypt.hashpw(password, BCrypt.gensalt(12)));
dos.writeInt(result);
}else{
System.out.println("Auth failed");

View file

@ -1,5 +1,7 @@
package dev.baseband.server.socket;
import org.mindrot.jbcrypt.BCrypt;
import java.io.*;
public class UserManager {
@ -52,7 +54,7 @@ public class UserManager {
System.out.println("Loaded " + users.size() + " Users");
}
public static int isUserValid(String user, String hashedPassword, String hwid) {
public static int isUserValid(String user, String password, String hwid) {
if(!users.usernameExists(user)){
return -1; //Generic user info mismatch
}
@ -65,7 +67,7 @@ public class UserManager {
return -6; //Their password has been reset
}
if(!users.getPassword(user).equals(hashedPassword)) {
if(!BCrypt.checkpw(password, users.getPassword(user))) {
return -1; //Generic user info mismatch
}