Sweetgum/sweetgum-server
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Consistently use Hwid domain object, fix login bypass

Browse Source 
Login bypass (skip pin/pic) was broken due to an
inconsistency in hwid format.
This commit is contained in:
P0nk
2021-07-15 23:51:01 +02:00
parent 12a415e3d5
commit 6e6fbf3be7
14 changed files with 183 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/net/server/handlers/login/CharSelectedHandler.java
View File

@@ -28,6 +28,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -35,6 +37,7 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public final class CharSelectedHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(CharSelectedHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
return switch (res) {
@@ -51,9 +54,13 @@ public final class CharSelectedHandler extends AbstractMaplePacketHandler {
int charId = slea.readInt();
String macs = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}

36
src/main/java/net/server/handlers/login/CharSelectedWithPicHandler.java
View File

@@ -7,6 +7,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -14,24 +16,16 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public class CharSelectedWithPicHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(CharSelectedWithPicHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
switch (res) {
case REMOTE_PROCESSING:
return 10;
case REMOTE_LOGGEDIN:
return 7;
case REMOTE_NO_MATCH:
return 17;
case COORDINATOR_ERROR:
return 8;
default:
return 9;
}
return switch (res) {
case REMOTE_PROCESSING -> 10;
case REMOTE_LOGGEDIN -> 7;
case REMOTE_NO_MATCH -> 17;
case COORDINATOR_ERROR -> 8;
default -> 9;
};
}
@Override
@@ -40,9 +34,13 @@ public class CharSelectedWithPicHandler extends AbstractMaplePacketHandler {
int charId = slea.readInt();
String macs = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}

7
src/main/java/net/server/handlers/login/LoginPasswordHandler.java
View File

@@ -26,6 +26,7 @@ import client.MapleClient;
import config.YamlConfig;
import net.MaplePacketHandler;
import net.server.Server;
import net.server.coordinator.session.Hwid;
import tools.BCrypt;
import tools.DatabaseConnection;
import tools.HexTool;
@@ -66,8 +67,8 @@ public final class LoginPasswordHandler implements MaplePacketHandler {
slea.skip(6); // localhost masked the initial part with zeroes...
byte[] hwidNibbles = slea.read(4);
String nibbleHwid = HexTool.toCompressedString(hwidNibbles);
int loginok = c.login(login, pwd, nibbleHwid);
Hwid hwid = new Hwid(HexTool.bytesToHex(hwidNibbles));
int loginok = c.login(login, pwd, hwid);
if (YamlConfig.config.server.AUTOMATIC_REGISTER && loginok == 5) {
@@ -87,7 +88,7 @@ public final class LoginPasswordHandler implements MaplePacketHandler {
c.setAccID(-1);
e.printStackTrace();
} finally {
loginok = c.login(login, pwd, nibbleHwid);
loginok = c.login(login, pwd, hwid);
}
}

36
src/main/java/net/server/handlers/login/RegisterPicHandler.java
View File

@@ -7,6 +7,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -14,24 +16,16 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public final class RegisterPicHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(RegisterPicHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
switch (res) {
case REMOTE_PROCESSING:
return 10;
case REMOTE_LOGGEDIN:
return 7;
case REMOTE_NO_MATCH:
return 17;
case COORDINATOR_ERROR:
return 8;
default:
return 9;
}
return switch (res) {
case REMOTE_PROCESSING -> 10;
case REMOTE_LOGGEDIN -> 7;
case REMOTE_NO_MATCH -> 17;
case COORDINATOR_ERROR -> 8;
default -> 9;
};
}
@Override
@@ -40,9 +34,13 @@ public final class RegisterPicHandler extends AbstractMaplePacketHandler {
int charId = slea.readInt();
String macs = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}

36
src/main/java/net/server/handlers/login/ViewAllCharRegisterPicHandler.java
View File

@@ -7,6 +7,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.Randomizer;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -15,24 +17,16 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public final class ViewAllCharRegisterPicHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(ViewAllCharRegisterPicHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
switch (res) {
case REMOTE_PROCESSING:
return 10;
case REMOTE_LOGGEDIN:
return 7;
case REMOTE_NO_MATCH:
return 17;
case COORDINATOR_ERROR:
return 8;
default:
return 9;
}
return switch (res) {
case REMOTE_PROCESSING -> 10;
case REMOTE_LOGGEDIN -> 7;
case REMOTE_NO_MATCH -> 17;
case COORDINATOR_ERROR -> 8;
default -> 9;
};
}
@Override
@@ -42,9 +36,13 @@ public final class ViewAllCharRegisterPicHandler extends AbstractMaplePacketHand
slea.readInt(); // please don't let the client choose which world they should login
String mac = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}

36
src/main/java/net/server/handlers/login/ViewAllCharSelectedHandler.java
View File

@@ -28,6 +28,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.Randomizer;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -36,24 +38,16 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public final class ViewAllCharSelectedHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(ViewAllCharSelectedHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
switch (res) {
case REMOTE_PROCESSING:
return 10;
case REMOTE_LOGGEDIN:
return 7;
case REMOTE_NO_MATCH:
return 17;
case COORDINATOR_ERROR:
return 8;
default:
return 9;
}
return switch (res) {
case REMOTE_PROCESSING -> 10;
case REMOTE_LOGGEDIN -> 7;
case REMOTE_NO_MATCH -> 17;
case COORDINATOR_ERROR -> 8;
default -> 9;
};
}
@Override
@@ -62,9 +56,13 @@ public final class ViewAllCharSelectedHandler extends AbstractMaplePacketHandler
slea.readInt(); // please don't let the client choose which world they should login
String macs = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}

36
src/main/java/net/server/handlers/login/ViewAllCharSelectedWithPicHandler.java
View File

@@ -7,6 +7,8 @@ import net.server.coordinator.session.Hwid;
import net.server.coordinator.session.MapleSessionCoordinator;
import net.server.coordinator.session.MapleSessionCoordinator.AntiMulticlientResult;
import net.server.world.World;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tools.MaplePacketCreator;
import tools.Randomizer;
import tools.data.input.SeekableLittleEndianAccessor;
@@ -15,24 +17,16 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
public class ViewAllCharSelectedWithPicHandler extends AbstractMaplePacketHandler {
private static final Logger log = LoggerFactory.getLogger(ViewAllCharSelectedWithPicHandler.class);
private static int parseAntiMulticlientError(AntiMulticlientResult res) {
switch (res) {
case REMOTE_PROCESSING:
return 10;
case REMOTE_LOGGEDIN:
return 7;
case REMOTE_NO_MATCH:
return 17;
case COORDINATOR_ERROR:
return 8;
default:
return 9;
}
return switch (res) {
case REMOTE_PROCESSING -> 10;
case REMOTE_LOGGEDIN -> 7;
case REMOTE_NO_MATCH -> 17;
case COORDINATOR_ERROR -> 8;
default -> 9;
};
}
@Override
@@ -43,9 +37,13 @@ public class ViewAllCharSelectedWithPicHandler extends AbstractMaplePacketHandle
slea.readInt(); // please don't let the client choose which world they should login
String macs = slea.readMapleAsciiString();
String hwid = slea.readMapleAsciiString();
if (!Hwid.isValidRawHwid(hwid)) {
String hostString = slea.readMapleAsciiString();
final Hwid hwid;
try {
hwid = Hwid.fromHostString(hostString);
} catch (IllegalArgumentException e) {
log.warn("Invalid host string: {}", hostString, e);
c.announce(MaplePacketCreator.getAfterLoginError(17));
return;
}