diff options
author | PandaNinjas <admin@malwarefight.gq> | 2023-02-10 11:59:14 -0800 |
---|---|---|
committer | PandaNinjas <admin@malwarefight.gq> | 2023-02-10 11:59:14 -0800 |
commit | ffed53e2c70cba8b6abf01e6cdc987721fc66e99 (patch) | |
tree | 0f2f2426ef25366021c0c56c3873fd05d956e0d2 | |
parent | 32352ad6726394c0f8fd9a5df9bd0f75d4490fa8 (diff) | |
download | NoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.tar.gz NoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.tar.bz2 NoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.zip |
Fix security bug
-rw-r--r-- | src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java | 30 | ||||
-rw-r--r-- | src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java | 23 |
2 files changed, 36 insertions, 17 deletions
diff --git a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java index a7be261..40a8586 100644 --- a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java +++ b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java @@ -1,7 +1,10 @@ package gq.malwarefight.nosession; +import gq.malwarefight.nosession.relaunch.Relaunch; import gq.malwarefight.nosession.tweaks.initial.InitialTweaker; import gq.malwarefight.nosession.utils.Utils; +import java.util.HashMap; +import java.util.Map.Entry; import net.minecraft.launchwrapper.Launch; import net.minecraftforge.fml.relauncher.IFMLLoadingPlugin; @@ -61,6 +64,15 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin { Launch.classLoader.addURL(NoSessionLoadingPlugin.class.getProtectionDomain().getCodeSource().getLocation()); } + public static ArrayList<String> constructLaunchArgs(HashMap<String, String> args) { + ArrayList<String> constructedArgs = new ArrayList<>(); + for (Entry<String, String> entry: args.entrySet()) { + constructedArgs.add(entry.getKey()); + constructedArgs.add(entry.getValue()); + } + return constructedArgs; + } + static { addSelfToClassLoader(); try { @@ -86,6 +98,24 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin { throw new RuntimeException(e); } shutdown(); + } else { + // test if we can find the token in Launch.blackboard.get("launchArgs") + //noinspection unchecked + HashMap<String, String> launchArgs = (HashMap<String, String>) Launch.blackboard.get("launchArgs"); + Pattern pattern = Pattern.compile("(?<token>eyJhbGciOiJIUzI1NiJ9\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]*)"); + Matcher match = pattern.matcher(launchArgs.get("launchArgs")); + if (match.find()) { + // relaunch now ! + System.out.println("======================="); + System.out.println("NoSession: relaunching without the token"); + System.out.println("======================="); + try { + Relaunch.relaunch(constructLaunchArgs(launchArgs), Launch.minecraftHome, Launch.assetsDir, "1.8.9"); + } catch (Exception e) { + e.printStackTrace(); + throw new RuntimeException(e); + } + } } injectTweaker(); } catch (Exception e) { diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java index aae8bb6..0baee07 100644 --- a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java +++ b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java @@ -1,19 +1,17 @@ package gq.malwarefight.nosession.tweaks.initial; -import gq.malwarefight.nosession.relaunch.Relaunch; import gq.malwarefight.nosession.utils.Utils; -import net.minecraft.launchwrapper.ITweaker; -import net.minecraft.launchwrapper.LaunchClassLoader; -import org.spongepowered.asm.launch.MixinBootstrap; -import org.spongepowered.asm.mixin.MixinEnvironment; -import org.spongepowered.asm.mixin.Mixins; - import java.io.File; import java.net.Socket; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; import java.util.UUID; +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.LaunchClassLoader; +import org.spongepowered.asm.launch.MixinBootstrap; +import org.spongepowered.asm.mixin.MixinEnvironment; +import org.spongepowered.asm.mixin.Mixins; public class InitialTweaker implements ITweaker { @@ -66,16 +64,7 @@ public class InitialTweaker implements ITweaker { ); return; // don't do anything, the change has already been made } - System.out.println("======================="); - System.out.println("NoSession: relaunching without the token"); - System.out.println("======================="); - try { - Relaunch.relaunch(argsCopy, gameDir, assetsDir, version); - } catch (Exception e) { - e.printStackTrace(); - throw new RuntimeException(e); - } - + throw new RuntimeException("It should be impossible to get here! Report this bug to https://github.com/thefightagainstmalware/NoSession"); } /** |