Sweetgum/sweetgum-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Consistently use Hwid domain object, fix login bypass

Browse Source 
Login bypass (skip pin/pic) was broken due to an
inconsistency in hwid format.
This commit is contained in:
P0nk
2021-07-15 23:51:01 +02:00
parent 12a415e3d5
commit 6e6fbf3be7
14 changed files with 183 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/net/server/handlers/login/LoginPasswordHandler.java
View File

@@ -26,6 +26,7 @@ import client.MapleClient;
import config.YamlConfig;
import net.MaplePacketHandler;
import net.server.Server;
import net.server.coordinator.session.Hwid;
import tools.BCrypt;
import tools.DatabaseConnection;
import tools.HexTool;
@@ -66,8 +67,8 @@ public final class LoginPasswordHandler implements MaplePacketHandler {
slea.skip(6); // localhost masked the initial part with zeroes...
byte[] hwidNibbles = slea.read(4);
String nibbleHwid = HexTool.toCompressedString(hwidNibbles);
int loginok = c.login(login, pwd, nibbleHwid);
Hwid hwid = new Hwid(HexTool.bytesToHex(hwidNibbles));
int loginok = c.login(login, pwd, hwid);
if (YamlConfig.config.server.AUTOMATIC_REGISTER && loginok == 5) {
@@ -87,7 +88,7 @@ public final class LoginPasswordHandler implements MaplePacketHandler {
c.setAccID(-1);
e.printStackTrace();
} finally {
loginok = c.login(login, pwd, nibbleHwid);
loginok = c.login(login, pwd, hwid);
}
}