More nightly trolling (it launches)

10 files changed, 70 insertions, 100 deletions

diff --git a/.idea/artifacts/CopyMod.xml b/.idea/artifacts/CopyMod.xml
deleted file mode 100644
index 14c03c2..0000000
--- a/.idea/artifacts/CopyMod.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<component name="ArtifactManager">
-  <artifact name="CopyMod">
-    <output-path>$USER_HOME$/AppData/Roaming/.minecraft/mods</output-path>
-    <root id="root">
-      <element id="dir-copy" path="$PROJECT_DIR$/build/libs" />
-    </root>
-  </artifact>
-</component>
\ No newline at end of file
diff --git a/.idea/artifacts/CopyResources.xml b/.idea/artifacts/CopyResources.xml
deleted file mode 100644
index abf019e..0000000
--- a/.idea/artifacts/CopyResources.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<component name="ArtifactManager">
-  <artifact name="CopyResources">
-    <output-path>$PROJECT_DIR$/build/classes/main</output-path>
-    <root id="root">
-      <element id="dir-copy" path="$PROJECT_DIR$/src/main/resources" />
-    </root>
-  </artifact>
-</component>
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
index c64722e..7d9b630 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,21 +2,21 @@
 
 ## Supported Versions
 
-Currently all versions are supported.
+Currently, all releaswed versions are supported.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 1.0.0   | ✔️                  |
-| Any nightly branch | ❌ |
+| Version            | Supported |
+|--------------------|-----------|
+| 1.0.0              | ✔️        |
+| Any nightly branch | ❌         |
 ## Reporting a Vulnerability
 
 A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.<br>
 Vulnerabilities that are out of scope are defined as those that NoSession itself cannot prevent.
 
-However, if you can produce a patch for an out of scope vulnerability, a bug bounty will be awarded as well.
+However, if you can produce a patch for an out-of-scope vulnerability, a bug bounty will be awarded as well.
 
 The bug bounty is a $5 USD Amazon Gift Card. I might run out, so it's awarded on a first come, first serve basis.
 
-Report the bug bounty by emailing admin@malwarefight.gq or by sending a DM to PandaNinjas#3017 on Discord.<br>
+Report the bug bounty by sending a DM to PandaNinjas#3017 on Discord.<br>
 If you would like, you can encrypt the message with my [public GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key)<br>
 Your bug bounty may be invalidated if you disclose it to the public before.
diff --git a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
index 0ceff30..dd1c3e5 100644
--- a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
+++ b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
@@ -1,6 +1,6 @@
 package gq.malwarefight.nosession;
 
-import gq.malwarefight.nosession.tweaks.InitialTweaker;
+import gq.malwarefight.nosession.tweaks.initial.InitialTweaker;
 import gq.malwarefight.nosession.utils.Utils;
 import net.minecraft.launchwrapper.Launch;
 import net.minecraftforge.fml.relauncher.IFMLLoadingPlugin;
@@ -11,7 +11,6 @@ import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
-import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Map;
@@ -64,6 +63,7 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin {
     }
 
     public static void lock() {
+        System.out.println("Waiting for lock");
         while (true) {
             File f = new File("/home/pandaninjas/lock");
             if (f.exists()) {
@@ -74,7 +74,6 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin {
     }
 
     static {
-        System.out.println("Waiting for lock");
         lock();
         addSelfToClassLoader();
         try {
diff --git a/src/main/java/gq/malwarefight/nosession/relaunch/Relaunch.java b/src/main/java/gq/malwarefight/nosession/relaunch/Relaunch.java
index 55e907c..e712254 100644
--- a/src/main/java/gq/malwarefight/nosession/relaunch/Relaunch.java
+++ b/src/main/java/gq/malwarefight/nosession/relaunch/Relaunch.java
@@ -1,6 +1,6 @@
 package gq.malwarefight.nosession.relaunch;
 
-import gq.malwarefight.nosession.tweaks.CleanupTweaker;
+import gq.malwarefight.nosession.tweaks.cleanup.CleanupTweaker;
 import gq.malwarefight.nosession.utils.Utils;
 import net.minecraft.launchwrapper.Launch;
 import net.minecraftforge.fml.client.FMLClientHandler;
@@ -17,6 +17,8 @@ import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLClassLoader;
 import java.util.ArrayList;
@@ -32,17 +34,14 @@ public class Relaunch {
         setToNull(FMLClientHandler.class, "INSTANCE");
         setToNull(Loader.class, "injectedContainers");
         Utils.setStaticValue(FMLInjectionData.class, "containers", new ArrayList<String>());
-        resetClass(ASMTransformerWrapper.class);
-        URLClassLoader originalClassLoader = (URLClassLoader) Launch.class.getClassLoader();
-        URL[] newURLS = new URL[originalClassLoader.getURLs().length + 1];
-        URLClassLoader lcl = new URLClassLoader(newURLS, originalClassLoader);
-        //noinspection unchecked
-        Class<Launch> innerLaunch = (Class<Launch>) Class.forName("net.minecraft.launchwrapper.Launch", false, lcl);
+        resetTransformerWrapper();
+        addSelfToClassloader();
+        Class<Launch> innerLaunch = Launch.class;
         Method launch = innerLaunch.getDeclaredMethod("main", String[].class);
         launch.invoke(null, (Object) constructArgs(args, gameDir, assetsDir, version));
     }
 
-    public static String[] constructArgs(ArrayList<String> initial, File gameDir, File assetDir, String version) {
+    private static String[] constructArgs(ArrayList<String> initial, File gameDir, File assetDir, String version) {
         initial.add("--version");
         initial.add(version);
         initial.add("--gameDir");
@@ -50,11 +49,11 @@ public class Relaunch {
         initial.add("--assetsDir");
         initial.add(assetDir.getAbsolutePath());
         initial.add("--tweakClass");
-        initial.add("gq.malwarefight.nosession.tweaks.CleanupTweaker");
+        initial.add(CleanupTweaker.class.getName());
         return initial.toArray(new String[0]);
     }
 
-    public static void resetSecurityManager() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException {
+    private static void resetSecurityManager() throws IllegalAccessException, NoSuchMethodException, InvocationTargetException {
         Method m = Class.class.getDeclaredMethod("getDeclaredFields0", boolean.class);
         m.setAccessible(true);
         Field[] fields = (Field[]) m.invoke(System.class, false);
@@ -67,8 +66,8 @@ public class Relaunch {
     }
 
 
-    public static void resetClass(Class<?> cls) throws IllegalAccessException, NoSuchFieldException {
-        Field[] fields = cls.getDeclaredFields();
+    private static void resetTransformerWrapper() throws IllegalAccessException, NoSuchFieldException {
+        Field[] fields = ASMTransformerWrapper.class.getDeclaredFields();
         for (Field field: fields) {
             if ((field.getModifiers() & Modifier.STATIC) != 0) {
                 setToNull(field);
@@ -76,12 +75,12 @@ public class Relaunch {
         }
     }
 
-    public static void setToNull(Class<?> cls, String fieldname) throws NoSuchFieldException, IllegalAccessException {
+    private static void setToNull(Class<?> cls, String fieldname) throws NoSuchFieldException, IllegalAccessException {
         Field f = cls.getDeclaredField(fieldname);
         setToNull(f);
     }
 
-    public static void setToNull(Field f) throws IllegalAccessException, NoSuchFieldException {
+    private static void setToNull(Field f) throws IllegalAccessException, NoSuchFieldException {
         f.setAccessible(true);
         if ((f.getModifiers() & Modifier.FINAL) != 0) { // if it is final
             Field modifiers = Field.class.getDeclaredField("modifiers");
@@ -97,4 +96,10 @@ public class Relaunch {
         }
     }
 
+    private static void addSelfToClassloader() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, URISyntaxException, MalformedURLException {
+        URLClassLoader ucl = (URLClassLoader) Launch.class.getClassLoader();
+        Method addUrl = URLClassLoader.class.getDeclaredMethod("addURL", URL.class);
+        addUrl.setAccessible(true);
+        addUrl.invoke(ucl, Utils.getLibraryPathAsFile(CleanupTweaker.class).toURI().toURL());
+    }
 }
diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/CleanupTweaker.java b/src/main/java/gq/malwarefight/nosession/tweaks/cleanup/CleanupTweaker.java
index 6deeeb0..c0e2df4 100644
--- a/src/main/java/gq/malwarefight/nosession/tweaks/CleanupTweaker.java
+++ b/src/main/java/gq/malwarefight/nosession/tweaks/cleanup/CleanupTweaker.java
@@ -1,4 +1,4 @@
-package gq.malwarefight.nosession.tweaks;
+package gq.malwarefight.nosession.tweaks.cleanup;
 
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/cleanup/package-info.java b/src/main/java/gq/malwarefight/nosession/tweaks/cleanup/package-info.java
new file mode 100644
index 0000000..c2a48ea
--- /dev/null
+++ b/src/main/java/gq/malwarefight/nosession/tweaks/cleanup/package-info.java
@@ -0,0 +1,5 @@
+/**
+ * Due to the launchwrapper using a launchclassloader exclusion on every tweaker's package, we separate the two tweakers
+ * so that the loader exclusion doesn't affect anything else
+ */
+package gq.malwarefight.nosession.tweaks.cleanup;
\ No newline at end of file
diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/InitialTweaker.java b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java
index 74d05f5..e2ca1ae 100644
--- a/src/main/java/gq/malwarefight/nosession/tweaks/InitialTweaker.java
+++ b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java
@@ -1,9 +1,8 @@
-package gq.malwarefight.nosession.tweaks;
+package gq.malwarefight.nosession.tweaks.initial;
 
 import gq.malwarefight.nosession.relaunch.Relaunch;
 import gq.malwarefight.nosession.utils.Utils;
 import net.minecraft.launchwrapper.ITweaker;
-import net.minecraft.launchwrapper.Launch;
 import net.minecraft.launchwrapper.LaunchClassLoader;
 import org.spongepowered.asm.launch.MixinBootstrap;
 import org.spongepowered.asm.mixin.MixinEnvironment;
@@ -11,16 +10,10 @@ import org.spongepowered.asm.mixin.Mixins;
 
 import java.io.File;
 import java.io.IOException;
-import java.lang.management.ManagementFactory;
-import java.lang.management.RuntimeMXBean;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.net.Socket;
-import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.util.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
+import java.util.ArrayList;
+import java.util.List;
 
 public class InitialTweaker implements ITweaker {
 
diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/initial/package-info.java b/src/main/java/gq/malwarefight/nosession/tweaks/initial/package-info.java
new file mode 100644
index 0000000..443e379
--- /dev/null
+++ b/src/main/java/gq/malwarefight/nosession/tweaks/initial/package-info.java
@@ -0,0 +1,5 @@
+/**
+ * Due to the launchwrapper using a launchclassloader exclusion on every tweaker's package, we separate the two tweakers
+ * so that the loader exclusion doesn't affect anything else
+ */
+package gq.malwarefight.nosession.tweaks.initial;
\ No newline at end of file
diff --git a/src/main/java/gq/malwarefight/nosession/utils/Utils.java b/src/main/java/gq/malwarefight/nosession/utils/Utils.java
index ae0e273..139f1e8 100644
--- a/src/main/java/gq/malwarefight/nosession/utils/Utils.java
+++ b/src/main/java/gq/malwarefight/nosession/utils/Utils.java
@@ -4,7 +4,6 @@ import com.google.common.annotations.Beta;
 import com.google.common.collect.ForwardingMultimap;
 import com.google.gson.Gson;
 import com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService;
-import gq.malwarefight.nosession.tweaks.InitialTweaker;
 import gq.malwarefight.tokenapp.Main;
 import org.apache.commons.io.ByteOrderMark;
 import org.apache.commons.lang3.CharEncoding;
@@ -17,16 +16,11 @@ import org.objectweb.asm.Opcodes;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.lang.management.ManagementFactory;
-import java.lang.management.RuntimeMXBean;
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.net.URISyntaxException;
+import java.net.*;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileAlreadyExistsException;
 import java.nio.file.Files;
@@ -118,50 +112,33 @@ public class Utils {
         }
     }
 
-    public static String getLibraryPath(Class<?> c, boolean processString) throws URISyntaxException {
-        String uri = c.getProtectionDomain().getCodeSource().getLocation().toURI().toString();
-        if (processString) {
-            uri = processString(uri);
+    public static File getLibraryPathAsFile(Class<?> c) throws URISyntaxException {
+        String uri = c.getProtectionDomain().getCodeSource().getLocation().toURI().toString().replace("%20", " "); // code breakage in 3, 2, 1...
+        if (uri.endsWith(".class")) {
+            uri = processString(uri); // stupid reference to a class within a jar
         }
-        return Paths.get(uri).toString();
+        return new File(uri);
     }
 
-    private static String getClasspath(Properties p, boolean processString) throws URISyntaxException {
-        if (processString) {
-            return String.join(
-                    p.getProperty("path.separator"),
-                    getLibraryPath(Utils.class, true),
-                    getLibraryPath(YggdrasilAuthenticationService.class, true),
-                    getLibraryPath(Gson.class, true),
-                    getLibraryPath(LogManager.class, true),
-                    getLibraryPath(Validate.class, true),
-                    getLibraryPath(ForwardingMultimap.class, true),
-                    getLibraryPath(Beta.class, true),
-                    getLibraryPath(CharEncoding.class, true),
-                    getLibraryPath(ByteOrderMark.class, true),
-                    getLibraryPath(Logger.class, true),
-                    getLibraryPath(Opcodes.class, true)
-            );
-        }
-        try {
-            // try to be smart
-            return String.join(
-                    p.getProperty("path.separator"),
-                    getLibraryPath(Utils.class, false),
-                    getLibraryPath(YggdrasilAuthenticationService.class, false),
-                    getLibraryPath(Gson.class, false),
-                    getLibraryPath(LogManager.class, false),
-                    getLibraryPath(Validate.class, false),
-                    getLibraryPath(ForwardingMultimap.class, false),
-                    getLibraryPath(Beta.class, false),
-                    getLibraryPath(CharEncoding.class, false),
-                    getLibraryPath(ByteOrderMark.class, false),
-                    getLibraryPath(Logger.class, false),
-                    getLibraryPath(Opcodes.class, false)
-            );
-        } catch (URISyntaxException | IllegalArgumentException e) {
-            return getClasspath(p, true);
-        }
+    public static String getLibraryPath(Class<?> c) throws URISyntaxException {
+        return getLibraryPathAsFile(c).getAbsolutePath();
+    }
+
+    private static String getClasspath(Properties p) throws URISyntaxException {
+        return String.join(
+                p.getProperty("path.separator"),
+                getLibraryPath(Main.class),
+                getLibraryPath(YggdrasilAuthenticationService.class),
+                getLibraryPath(Gson.class),
+                getLibraryPath(LogManager.class),
+                getLibraryPath(Validate.class),
+                getLibraryPath(ForwardingMultimap.class),
+                getLibraryPath(Beta.class),
+                getLibraryPath(CharEncoding.class),
+                getLibraryPath(ByteOrderMark.class),
+                getLibraryPath(Logger.class),
+                getLibraryPath(Opcodes.class)
+        );
     }
 
     public static boolean createLockFile(long value) {
@@ -224,8 +201,10 @@ public class Utils {
         long value = getID();
         ID = value;
         Properties p = getJavaProperties();
+        String cp = getClasspath(p);
+        System.out.println(cp);
         ProcessBuilder processBuilder = new ProcessBuilder(
-                getJavaExe(p), "-cp", getClasspath(p, false), Main.class.getName(), Long.toString(value)
+                getJavaExe(p), "-cp", getClasspath(p), Main.class.getName(), Long.toString(value)
         );
         processBuilder.redirectOutput(ProcessBuilder.Redirect.INHERIT).redirectError(ProcessBuilder.Redirect.INHERIT);
         Process c = processBuilder.start();