diff options
| author | PandaNinjas <admin@malwarefight.gq> | 2022-12-23 17:29:28 -0800 |
|---|---|---|
| committer | PandaNinjas <admin@malwarefight.gq> | 2022-12-23 17:29:28 -0800 |
| commit | bd6b4db71f1e07a845d922dc30cefcc64afa6294 (patch) | |
| tree | 3ec253f13a0bfa20a8c0b467657d80265c12593a /src | |
| download | NoSession-bd6b4db71f1e07a845d922dc30cefcc64afa6294.tar.gz NoSession-bd6b4db71f1e07a845d922dc30cefcc64afa6294.tar.bz2 NoSession-bd6b4db71f1e07a845d922dc30cefcc64afa6294.zip | |
Initial commit
Diffstat (limited to 'src')
10 files changed, 593 insertions, 0 deletions
diff --git a/src/main/java/gq/malwarefight/nosession/mixin/BlankTweaker.java b/src/main/java/gq/malwarefight/nosession/mixin/BlankTweaker.java new file mode 100644 index 0000000..2c9109b --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/BlankTweaker.java @@ -0,0 +1,29 @@ +package gq.malwarefight.nosession.mixin; + +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.LaunchClassLoader; + +import java.io.File; +import java.util.List; + +public class BlankTweaker implements ITweaker { + @Override + public void acceptOptions(List<String> args, File gameDir, File assetsDir, String profile) { + + } + + @Override + public void injectIntoClassLoader(LaunchClassLoader classLoader) { + + } + + @Override + public String getLaunchTarget() { + return null; + } + + @Override + public String[] getLaunchArguments() { + return new String[0]; + } +} diff --git a/src/main/java/gq/malwarefight/nosession/mixin/InitialTweaker.java b/src/main/java/gq/malwarefight/nosession/mixin/InitialTweaker.java new file mode 100644 index 0000000..7d9c308 --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/InitialTweaker.java @@ -0,0 +1,159 @@ +package gq.malwarefight.nosession.mixin; + +import com.google.common.annotations.Beta; +import com.google.common.collect.ForwardingMultimap; +import com.google.gson.Gson; +import com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService; +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.Launch; +import net.minecraft.launchwrapper.LaunchClassLoader; +import net.minecraft.launchwrapper.LogWrapper; +import org.apache.commons.io.ByteOrderMark; +import org.apache.commons.lang3.CharEncoding; +import org.apache.commons.lang3.Validate; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.objectweb.asm.Opcodes; +import org.spongepowered.asm.launch.MixinBootstrap; +import org.spongepowered.asm.mixin.MixinEnvironment; +import org.spongepowered.asm.mixin.Mixins; + +import java.io.File; +import java.io.IOException; +import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Paths; +import java.util.*; + +@SuppressWarnings({"unused", "unchecked"}) +public class InitialTweaker implements ITweaker { + + // I'm creating my own allTweakers list + // with blackjack and hookers! + public final ArrayList<ITweaker> allTweakers = new ArrayList<>(); + + public InitialTweaker() {} + + public String getLibraryPath(Class<?> c) throws URISyntaxException { + return new File(c.getProtectionDomain().getCodeSource().getLocation().toURI()).getAbsolutePath(); + } + + public String getClasspath() throws URISyntaxException { + return String.join( + System.getProperty("path.separator"), + getLibraryPath(InitialTweaker.class), + getLibraryPath(YggdrasilAuthenticationService.class), + getLibraryPath(Gson.class), + getLibraryPath(LogManager.class), + getLibraryPath(Validate.class), + getLibraryPath(ForwardingMultimap.class), + getLibraryPath(Beta.class), + getLibraryPath(CharEncoding.class), + getLibraryPath(ByteOrderMark.class), + getLibraryPath(Logger.class), + getLibraryPath(Opcodes.class) + ); + } + + + public void setToken(String token) throws IOException, URISyntaxException { + File javaExecutable = Paths.get(System.getProperty("java.home"), "bin", "java").toFile(); + ProcessBuilder processBuilder = new ProcessBuilder( + javaExecutable.getAbsolutePath(), "-cp", getClasspath(), "gq.malwarefight.tokenapp.Main" + ); + processBuilder.redirectOutput(ProcessBuilder.Redirect.INHERIT).redirectError(ProcessBuilder.Redirect.INHERIT); + Process c = processBuilder.start(); + c.getOutputStream().write((token + "\n").getBytes(StandardCharsets.UTF_8)); + c.getOutputStream().flush(); + } + + /** + * This handles the launch arguments passed towards minecraft + * @param args The launch arguments + * @param gameDir The game directory (ie: .minecraft) + * @param assetsDir The assets directory + * @param profile The game profile + */ + @Override + @SuppressWarnings("unchecked") + public final void acceptOptions(List<String> args, File gameDir, File assetsDir, String profile) { + ArrayList<String> argsCopy = new ArrayList<>(args); + for (int i = 0; i < argsCopy.size(); i++) { + if (argsCopy.get(i).equals("--accessToken")) { + argsCopy.set(i + 1, "<noSessionAccessToken>"); + } + } + boolean any = false; + // in order to prevent other mods from seeing the true list of args with the token + // we will just call all the other tweakers from here + ArrayList<ITweaker> tweakers = (ArrayList<ITweaker>) Launch.blackboard.get("Tweaks"); + for (final ITweaker tweaker : tweakers) { + if (tweaker == this) + continue; + + LogWrapper.log(Level.INFO, "Calling tweak class %s", tweaker.getClass().getName()); + tweaker.acceptOptions(argsCopy, gameDir, assetsDir, profile); + tweaker.injectIntoClassLoader(Launch.classLoader); + allTweakers.add(tweaker); + tweakers.set(tweakers.indexOf(tweaker), new BlankTweaker()); + any = true; + } + if (any) { + ((ArrayList<String>) Launch.blackboard.get("TweakClasses")).add(0, + Utils.getUniqueClassName() + ); + } + } + + /** + * Inject into the MC class loader + * @param classLoader The class loader + */ + @Override + public final void injectIntoClassLoader(LaunchClassLoader classLoader) { + MixinBootstrap.init(); + MixinEnvironment environment = MixinEnvironment.getDefaultEnvironment(); + Mixins.addConfiguration("mixins.nosession.json"); + // Check if the obfuscation context is null + if (environment.getObfuscationContext() == null) { + environment.setObfuscationContext("notch"); + } + // This is a client side, client :) + environment.setSide(MixinEnvironment.Side.CLIENT); + } + + @Override + public String getLaunchTarget() { + return MixinBootstrap.getPlatform().getLaunchTarget(); + } + + @Override + public String[] getLaunchArguments() { + + ArrayList<String> argsFromOurTweakers = new ArrayList<>(); + + for (ITweaker i: allTweakers) { + argsFromOurTweakers.addAll(Arrays.asList(i.getLaunchArguments())); + } + + //noinspection unchecked + ArrayList<String> launchArgs = (ArrayList<String>) Launch.blackboard.get("ArgumentList"); + for (int i = 0; i < launchArgs.size(); i++) { + if (launchArgs.get(i).equals("--accessToken")) { + try { + setToken(launchArgs.get(i + 1)); + } catch (Exception e) { + throw new RuntimeException(e); + } + launchArgs.set(i + 1, "<noSessionAccessToken>"); + } + } + if (!launchArgs.contains("--accessToken")) { + argsFromOurTweakers.add("--accessToken"); + argsFromOurTweakers.add("<noSessionAccessToken>"); + } + + return argsFromOurTweakers.toArray(new String[0]); + } +} diff --git a/src/main/java/gq/malwarefight/nosession/mixin/L2Tweaker.java b/src/main/java/gq/malwarefight/nosession/mixin/L2Tweaker.java new file mode 100644 index 0000000..8736ca4 --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/L2Tweaker.java @@ -0,0 +1,68 @@ +package gq.malwarefight.nosession.mixin; + +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.Launch; +import net.minecraft.launchwrapper.LaunchClassLoader; +import net.minecraft.launchwrapper.LogWrapper; +import org.apache.logging.log4j.Level; +import org.spongepowered.asm.launch.MixinBootstrap; + +import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +@SuppressWarnings("unused") // is used, but not mentioned directly +public class L2Tweaker implements ITweaker { + + public final ArrayList<ITweaker> allTweakers = new ArrayList<>(); + + @Override + @SuppressWarnings("unchecked") + public void acceptOptions(List<String> args, File gameDir, File assetsDir, String profile) { + ArrayList<String> argsCopy = new ArrayList<>(args); + for (int i = 0; i < argsCopy.size(); i++) { + if (argsCopy.get(i).equals("--accessToken")) { + argsCopy.set(i + 1, "<noSessionAccessToken>"); + } + } + + boolean any = false; + ArrayList<ITweaker> tweakers = (ArrayList<ITweaker>) Launch.blackboard.get("Tweaks"); + // in order to prevent other mods from seeing the true list of args with the token + // we will just call all the other tweakers from here + for (final ITweaker tweaker : tweakers) { + if (tweaker == this) + continue; + LogWrapper.log(Level.INFO, "Calling tweak class %s", tweaker.getClass().getName()); + tweaker.acceptOptions(argsCopy, gameDir, assetsDir, profile); + tweaker.injectIntoClassLoader(Launch.classLoader); + allTweakers.add(tweaker); + tweakers.set(tweakers.indexOf(tweaker), new BlankTweaker()); + any = true; + } + if (any) { + ((ArrayList<String>) Launch.blackboard.get("TweakClasses")).add(0, + Utils.getUniqueClassName() + ); + } + } + + @Override + public void injectIntoClassLoader(LaunchClassLoader classLoader) {} + + @Override + public String getLaunchTarget() { + return MixinBootstrap.getPlatform().getLaunchTarget(); + } + + @Override + public String[] getLaunchArguments() { + ArrayList<String> argsFromOurTweakers = new ArrayList<>(); + + for (ITweaker i: allTweakers) { + argsFromOurTweakers.addAll(Arrays.asList(i.getLaunchArguments())); + } + return argsFromOurTweakers.toArray(new String[0]); + } +}
\ No newline at end of file diff --git a/src/main/java/gq/malwarefight/nosession/mixin/Utils.java b/src/main/java/gq/malwarefight/nosession/mixin/Utils.java new file mode 100644 index 0000000..e67bddc --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/Utils.java @@ -0,0 +1,89 @@ +package gq.malwarefight.nosession.mixin; + +import gq.malwarefight.nosession.mixin.asm.ReplacingMethodVisitor; +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.Launch; +import org.objectweb.asm.*; + +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.AbstractList; +import java.util.ArrayList; +import java.util.Arrays; + +public class Utils { + static int num = 0; + + public static byte[] read(InputStream i, Character delimiter) throws IOException { + byte[] buffer = new byte[512]; + int index = 0; + while (true) { + int in = i.read(); + if (in == -1 || (delimiter != null && delimiter == in)) { + return Arrays.copyOfRange(buffer, 0, index); + } + if (index == buffer.length) { + // grow the buffer + byte[] newBuffer = new byte[buffer.length * 2]; + System.arraycopy( + buffer, 0, newBuffer, 0, buffer.length + ); + buffer = newBuffer; + } + buffer[index] = (byte) in; + index++; + } + } + + public static String readString(InputStream i, Character delimiter) throws IOException { + return new String(read(i, delimiter)); + } + + public static void createClass(byte[] classArray, String name) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { + Method m = ClassLoader.class.getDeclaredMethod( + "defineClass", String.class, byte[].class, int.class, int.class); + m.setAccessible(true); + m.invoke(Launch.classLoader, name, classArray, 0, classArray.length); + } + + public static String getUniqueClassName() { + + String className = "gq.malwarefight.nosession.mixin.L2TweakerClone" + num; + + byte[] L2TweakerBytes; + try { + //noinspection ConstantConditions + L2TweakerBytes = read(Utils.class.getResourceAsStream("/gq/malwarefight/nosession/mixin/L2Tweaker.class"), null); + } catch (IOException e) { + throw new RuntimeException(e); + } + + ClassReader cr = new ClassReader(L2TweakerBytes); + ClassWriter cw = new ClassWriter(cr, 0); + cr.accept(new ClassVisitor(Opcodes.ASM5, cw) { + @Override + public void visit(int version, int access, String name, + String signature, String superName, String[] interfaces) { + super.visit(version, access, className.replace(".", "/"), signature, superName, interfaces); + } + + @Override + public MethodVisitor visitMethod(int access, String name, String desc, + String signature, String[] exceptions) { + return new ReplacingMethodVisitor(super.visitMethod(access, name, desc, signature, exceptions), L2Tweaker.class.getName().replace(".", "/"), className.replace(".", "/")); + } + }, 0); + + byte[] code = cw.toByteArray(); + try { + createClass(code, className); + } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) { + throw new RuntimeException(e); + } + num++; + return className; + } +} diff --git a/src/main/java/gq/malwarefight/nosession/mixin/asm/ReplacingMethodVisitor.java b/src/main/java/gq/malwarefight/nosession/mixin/asm/ReplacingMethodVisitor.java new file mode 100644 index 0000000..d8c3005 --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/asm/ReplacingMethodVisitor.java @@ -0,0 +1,22 @@ +package gq.malwarefight.nosession.mixin.asm; + +import org.objectweb.asm.MethodVisitor; +import org.objectweb.asm.Opcodes; + +public class ReplacingMethodVisitor extends MethodVisitor implements Opcodes { + + final String newName; + final String oldName; + public ReplacingMethodVisitor(MethodVisitor mv, String oldName, String newName) { + super(ASM5, mv); + this.oldName = oldName; + this.newName = newName; + } + + public void visitFieldInsn(int opcode, String owner, String name, + String desc) { + owner = owner.replace(oldName, newName); + super.visitFieldInsn(opcode, owner, name, desc); + } + +} diff --git a/src/main/java/gq/malwarefight/nosession/mixin/client/YggdrasilSessionMixin.java b/src/main/java/gq/malwarefight/nosession/mixin/client/YggdrasilSessionMixin.java new file mode 100644 index 0000000..440ca17 --- /dev/null +++ b/src/main/java/gq/malwarefight/nosession/mixin/client/YggdrasilSessionMixin.java @@ -0,0 +1,60 @@ +package gq.malwarefight.nosession.mixin.client; + +import com.mojang.authlib.GameProfile; +import com.mojang.authlib.exceptions.AuthenticationException; +import com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService; +import org.spongepowered.asm.mixin.Mixin; +import org.spongepowered.asm.mixin.injection.At; +import org.spongepowered.asm.mixin.injection.Inject; +import org.spongepowered.asm.mixin.injection.callback.CallbackInfo; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.util.Objects; +import java.util.Scanner; + + +@Mixin(YggdrasilMinecraftSessionService.class) +public class YggdrasilSessionMixin { + private static final int BASE_PORT = 47777; + @Inject(method = "joinServer", at = @At("HEAD"), cancellable = true, remap = false) + public void joinServer(GameProfile profile, String authenticationToken, String serverId, CallbackInfo ci) throws AuthenticationException { + if (authenticationToken.equals("<noSessionAccessToken>")) { // this token has been messed with by the Tweaker + Socket socket = null; + for (int i = BASE_PORT; i < BASE_PORT + 10; i++) { + try { + socket = new Socket(); + socket.connect(new InetSocketAddress(InetAddress.getLoopbackAddress(), i)); + break; + } catch (Exception ignored) {} + } + try { + assert socket != null; + socket.getOutputStream().write(("login " + serverId + "\n").getBytes(StandardCharsets.UTF_8)); + socket.getOutputStream().flush(); + Scanner result = new Scanner(socket.getInputStream(), StandardCharsets.UTF_8.name()); + String line = result.nextLine(); + String[] parts = line.split(" "); + if (Objects.equals(parts[0], "200")) { + ci.cancel(); + } else if (Objects.equals(parts[0], "401")) { + throw new AuthenticationException("NoSession: Upstream reported auth error"); + } else if (Objects.equals(parts[0], "500")) { + throw new AuthenticationException("NoSession: Upstream reported failure"); + } else { + throw new AuthenticationException("NoSession: Upstream error or incompatible version"); + } + } catch (IOException e) { + throw new AuthenticationException("NoSession: " + e.getMessage()); + } + + try { + socket.getOutputStream().write("disconnect".getBytes(StandardCharsets.UTF_8)); + socket.close(); + } catch (IOException ignored) {} + } + } +} diff --git a/src/main/java/gq/malwarefight/tokenapp/Main.java b/src/main/java/gq/malwarefight/tokenapp/Main.java new file mode 100644 index 0000000..750ae83 --- /dev/null +++ b/src/main/java/gq/malwarefight/tokenapp/Main.java @@ -0,0 +1,75 @@ +package gq.malwarefight.tokenapp; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.mojang.authlib.GameProfile; +import com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService; +import com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService; +import gq.malwarefight.nosession.mixin.Utils; +import org.apache.commons.lang3.exception.ExceptionUtils; + +import javax.net.ssl.HttpsURLConnection; +import java.io.IOException; +import java.net.*; +import java.util.UUID; + +public class Main { + public static final int BASE_PORT = 47777; + public static volatile boolean running = true; + public static YggdrasilMinecraftSessionService sessionService = null; + public static YggdrasilAuthenticationService authenticationService = null; + public static GameProfile gameProfile = null; + + public static void setup() throws IOException { + String token = Utils.readString(System.in, '\n'); + YggdrasilAuthenticationService yas = new YggdrasilAuthenticationService(Proxy.NO_PROXY, token); + authenticationService = yas; + sessionService = (YggdrasilMinecraftSessionService) yas.createMinecraftSessionService(); + HttpsURLConnection httpsURLConnection = (HttpsURLConnection) (new URL("https://api.minecraftservices.com/minecraft/profile").openConnection()); + httpsURLConnection.setRequestProperty("Authorization", "Bearer " + token); + String response = Utils.readString(httpsURLConnection.getInputStream(), null); + JsonObject jsonObject = new JsonParser().parse(response).getAsJsonObject(); + UUID id = UUID.fromString( + jsonObject.get("id").getAsString().replaceFirst( + "(\\p{XDigit}{8})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}+)", "$1-$2-$3-$4-$5" + ) + ); + String name = jsonObject.get("name").getAsString(); + gameProfile = new GameProfile(id, name); + System.setProperty("java.net.preferIPv4Stack", "true"); + } + + public static void main(String[] args) { + try { + setup(); + } catch (Exception e) { + System.err.println("Could not setup the server\n" + ExceptionUtils.getStackTrace(e)); + System.exit(1); + } + ServerSocket sock = null; + for (int i = BASE_PORT; i < BASE_PORT + 10; i++) { + try { + System.out.println(i); + //noinspection resource + sock = new ServerSocket(i, 50, InetAddress.getLoopbackAddress()); + System.out.println(i); + break; + } catch (Exception ignored) { + } + } + if (sock == null) { + System.err.println("Could not bind to any valid port"); + System.exit(1); + } + while (running) { + try { + Socket connection = sock.accept(); + Thread t = new SocketThread(connection); + t.start(); + } catch (IOException ignored) { + running = false; + } + } + } +} +
\ No newline at end of file diff --git a/src/main/java/gq/malwarefight/tokenapp/SocketThread.java b/src/main/java/gq/malwarefight/tokenapp/SocketThread.java new file mode 100644 index 0000000..572ca57 --- /dev/null +++ b/src/main/java/gq/malwarefight/tokenapp/SocketThread.java @@ -0,0 +1,64 @@ +package gq.malwarefight.tokenapp; + +import com.mojang.authlib.exceptions.AuthenticationException; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.util.Scanner; + +public class SocketThread extends Thread { + private final Socket sock; + public SocketThread(Socket sock) { + this.sock = sock; + } + + public void writeResponse(String output, OutputStream outputStream) throws IOException { + outputStream.write( + (output + "\n").getBytes(StandardCharsets.UTF_8) + ); + outputStream.flush(); + } + + @Override + public void run() { + try { + InputStream in = sock.getInputStream(); + OutputStream out = sock.getOutputStream(); + Scanner scanner = new Scanner(in, StandardCharsets.UTF_8.name()); + while (true) { + if (scanner.hasNextLine()) { + String line = scanner.nextLine(); + String[] parts = line.split(" "); + if ("login".equals(parts[0])) { + try { + Main.sessionService.joinServer( + Main.gameProfile, Main.authenticationService.getClientToken(), parts[1] + ); + } catch (Exception e) { + if (e instanceof ArrayIndexOutOfBoundsException) { + writeResponse("400 Bad Request", out); + } else if (e instanceof AuthenticationException) { + writeResponse("401 Unauthorized", out); + } else { + writeResponse("500 Internal Server Error", out); + } + continue; + } + writeResponse("200 OK", out); + } else if ("disconnect".equals(parts[0])) { + sock.close(); + } else if ("fullquit".equals(parts[0])) { + Main.running = false; + sock.close(); + return; + } else { + writeResponse("418 I'm a teapot", out); + } + } + } + } catch (IOException ignored) {} + } +} diff --git a/src/main/resources/mcmod.info b/src/main/resources/mcmod.info new file mode 100644 index 0000000..e4298d0 --- /dev/null +++ b/src/main/resources/mcmod.info @@ -0,0 +1,18 @@ +[ + { + "modid": "nosession", + "name": "NoSession", + "description": "NoSession protects your Session ID from being stolen.", + "version": "${version}", + "mcversion": "${mcversion}", + "url": "", + "updateUrl": "", + "authorList": [ + "PandaNinjas" + ], + "credits": "", + "logoFile": "", + "screenshots": [], + "dependencies": [] + } +] diff --git a/src/main/resources/mixins.nosession.json b/src/main/resources/mixins.nosession.json new file mode 100644 index 0000000..c968cc4 --- /dev/null +++ b/src/main/resources/mixins.nosession.json @@ -0,0 +1,9 @@ +{ + "required": true, + "package": "gq.malwarefight.nosession.mixin", + "refmap": "mixins.nosession.refmap.json", + "compatibilityLevel": "JAVA_8", + "client": [ + "client.YggdrasilSessionMixin" + ] +}
\ No newline at end of file |