aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPandaNinjas <admin@malwarefight.gq>2023-02-10 11:59:14 -0800
committerPandaNinjas <admin@malwarefight.gq>2023-02-10 11:59:14 -0800
commitffed53e2c70cba8b6abf01e6cdc987721fc66e99 (patch)
tree0f2f2426ef25366021c0c56c3873fd05d956e0d2
parent32352ad6726394c0f8fd9a5df9bd0f75d4490fa8 (diff)
downloadNoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.tar.gz
NoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.tar.bz2
NoSession-ffed53e2c70cba8b6abf01e6cdc987721fc66e99.zip
Fix security bug
-rw-r--r--src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java30
-rw-r--r--src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java23
2 files changed, 36 insertions, 17 deletions
diff --git a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
index a7be261..40a8586 100644
--- a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
+++ b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java
@@ -1,7 +1,10 @@
package gq.malwarefight.nosession;
+import gq.malwarefight.nosession.relaunch.Relaunch;
import gq.malwarefight.nosession.tweaks.initial.InitialTweaker;
import gq.malwarefight.nosession.utils.Utils;
+import java.util.HashMap;
+import java.util.Map.Entry;
import net.minecraft.launchwrapper.Launch;
import net.minecraftforge.fml.relauncher.IFMLLoadingPlugin;
@@ -61,6 +64,15 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin {
Launch.classLoader.addURL(NoSessionLoadingPlugin.class.getProtectionDomain().getCodeSource().getLocation());
}
+ public static ArrayList<String> constructLaunchArgs(HashMap<String, String> args) {
+ ArrayList<String> constructedArgs = new ArrayList<>();
+ for (Entry<String, String> entry: args.entrySet()) {
+ constructedArgs.add(entry.getKey());
+ constructedArgs.add(entry.getValue());
+ }
+ return constructedArgs;
+ }
+
static {
addSelfToClassLoader();
try {
@@ -86,6 +98,24 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin {
throw new RuntimeException(e);
}
shutdown();
+ } else {
+ // test if we can find the token in Launch.blackboard.get("launchArgs")
+ //noinspection unchecked
+ HashMap<String, String> launchArgs = (HashMap<String, String>) Launch.blackboard.get("launchArgs");
+ Pattern pattern = Pattern.compile("(?<token>eyJhbGciOiJIUzI1NiJ9\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]*)");
+ Matcher match = pattern.matcher(launchArgs.get("launchArgs"));
+ if (match.find()) {
+ // relaunch now !
+ System.out.println("=======================");
+ System.out.println("NoSession: relaunching without the token");
+ System.out.println("=======================");
+ try {
+ Relaunch.relaunch(constructLaunchArgs(launchArgs), Launch.minecraftHome, Launch.assetsDir, "1.8.9");
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RuntimeException(e);
+ }
+ }
}
injectTweaker();
} catch (Exception e) {
diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java
index aae8bb6..0baee07 100644
--- a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java
+++ b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java
@@ -1,19 +1,17 @@
package gq.malwarefight.nosession.tweaks.initial;
-import gq.malwarefight.nosession.relaunch.Relaunch;
import gq.malwarefight.nosession.utils.Utils;
-import net.minecraft.launchwrapper.ITweaker;
-import net.minecraft.launchwrapper.LaunchClassLoader;
-import org.spongepowered.asm.launch.MixinBootstrap;
-import org.spongepowered.asm.mixin.MixinEnvironment;
-import org.spongepowered.asm.mixin.Mixins;
-
import java.io.File;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
+import net.minecraft.launchwrapper.ITweaker;
+import net.minecraft.launchwrapper.LaunchClassLoader;
+import org.spongepowered.asm.launch.MixinBootstrap;
+import org.spongepowered.asm.mixin.MixinEnvironment;
+import org.spongepowered.asm.mixin.Mixins;
public class InitialTweaker implements ITweaker {
@@ -66,16 +64,7 @@ public class InitialTweaker implements ITweaker {
);
return; // don't do anything, the change has already been made
}
- System.out.println("=======================");
- System.out.println("NoSession: relaunching without the token");
- System.out.println("=======================");
- try {
- Relaunch.relaunch(argsCopy, gameDir, assetsDir, version);
- } catch (Exception e) {
- e.printStackTrace();
- throw new RuntimeException(e);
- }
-
+ throw new RuntimeException("It should be impossible to get here! Report this bug to https://github.com/thefightagainstmalware/NoSession");
}
/**