Sweetgum/sweetgum-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0d47edf1a7fa97d16f8638586f9d2a6ba621904c
sweetgum-server/src/tools/AutoJCE.java
ronancpl b7a259e2c4 Login bypass + MapleQuestlineFetcher 
Solved an exploit where anyone (via packet editing) could be able to login as any registered character after authenticating and selecting a character.
New tool: MapleQuestlineFetcher. It reports ids from quests which quest script files were not found on the scripts folder.
2018-04-22 20:58:56 -03:00

61 lines
2.5 KiB
Java
Raw Blame History

package tools;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Map;
public class AutoJCE{ // AutoJCE into server source thanks to Acernis dev team
/**
* Credits: ntoskrnl of StackOverflow
* http://stackoverflow.com/questions/1179672/
*/
public static byte removeCryptographyRestrictions(){
if(!isRestrictedCryptography()){
//System.out.println("Cryptography restrictions removal not needed");
return 0;
}
try{
/*
* Do the following, but with reflection to bypass access checks:
*
* JceSecurity.isRestricted = false;
* JceSecurity.defaultPolicy.perms.clear();
* JceSecurity.defaultPolicy.add(CryptoAllPermission.INSTANCE);
*/
final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");
final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");// was set to final in Java 8 Update 112. Requires you to remove the final modifier.
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() & ~Modifier.FINAL);
isRestrictedField.setAccessible(true);
isRestrictedField.set(null, false);
final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
defaultPolicyField.setAccessible(true);
final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null);
final Field perms = cryptoPermissions.getDeclaredField("perms");
perms.setAccessible(true);
((Map<?, ?>) perms.get(defaultPolicy)).clear();
final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
instance.setAccessible(true);
defaultPolicy.add((Permission) instance.get(null));
//System.out.println("Successfully removed cryptography restrictions");
return 1;
}catch(final Exception e){
e.printStackTrace();
System.err.println("Failed to remove cryptography restrictions");
return -1;
}
}
private static boolean isRestrictedCryptography(){
// This simply matches the Oracle JRE, but not OpenJDK.
return "Java(TM) SE Runtime Environment".equals(System.getProperty("java.runtime.name"));
}
}
Reference in New Issue View Git Blame Copy Permalink