From ffed53e2c70cba8b6abf01e6cdc987721fc66e99 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Fri, 10 Feb 2023 11:59:14 -0800 Subject: Fix security bug --- .../nosession/NoSessionLoadingPlugin.java | 30 ++++++++++++++++++++++ .../nosession/tweaks/initial/InitialTweaker.java | 23 +++++------------ 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java index a7be261..40a8586 100644 --- a/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java +++ b/src/main/java/gq/malwarefight/nosession/NoSessionLoadingPlugin.java @@ -1,7 +1,10 @@ package gq.malwarefight.nosession; +import gq.malwarefight.nosession.relaunch.Relaunch; import gq.malwarefight.nosession.tweaks.initial.InitialTweaker; import gq.malwarefight.nosession.utils.Utils; +import java.util.HashMap; +import java.util.Map.Entry; import net.minecraft.launchwrapper.Launch; import net.minecraftforge.fml.relauncher.IFMLLoadingPlugin; @@ -61,6 +64,15 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin { Launch.classLoader.addURL(NoSessionLoadingPlugin.class.getProtectionDomain().getCodeSource().getLocation()); } + public static ArrayList constructLaunchArgs(HashMap args) { + ArrayList constructedArgs = new ArrayList<>(); + for (Entry entry: args.entrySet()) { + constructedArgs.add(entry.getKey()); + constructedArgs.add(entry.getValue()); + } + return constructedArgs; + } + static { addSelfToClassLoader(); try { @@ -86,6 +98,24 @@ public class NoSessionLoadingPlugin implements IFMLLoadingPlugin { throw new RuntimeException(e); } shutdown(); + } else { + // test if we can find the token in Launch.blackboard.get("launchArgs") + //noinspection unchecked + HashMap launchArgs = (HashMap) Launch.blackboard.get("launchArgs"); + Pattern pattern = Pattern.compile("(?eyJhbGciOiJIUzI1NiJ9\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]*)"); + Matcher match = pattern.matcher(launchArgs.get("launchArgs")); + if (match.find()) { + // relaunch now ! + System.out.println("======================="); + System.out.println("NoSession: relaunching without the token"); + System.out.println("======================="); + try { + Relaunch.relaunch(constructLaunchArgs(launchArgs), Launch.minecraftHome, Launch.assetsDir, "1.8.9"); + } catch (Exception e) { + e.printStackTrace(); + throw new RuntimeException(e); + } + } } injectTweaker(); } catch (Exception e) { diff --git a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java index aae8bb6..0baee07 100644 --- a/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java +++ b/src/main/java/gq/malwarefight/nosession/tweaks/initial/InitialTweaker.java @@ -1,19 +1,17 @@ package gq.malwarefight.nosession.tweaks.initial; -import gq.malwarefight.nosession.relaunch.Relaunch; import gq.malwarefight.nosession.utils.Utils; -import net.minecraft.launchwrapper.ITweaker; -import net.minecraft.launchwrapper.LaunchClassLoader; -import org.spongepowered.asm.launch.MixinBootstrap; -import org.spongepowered.asm.mixin.MixinEnvironment; -import org.spongepowered.asm.mixin.Mixins; - import java.io.File; import java.net.Socket; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; import java.util.UUID; +import net.minecraft.launchwrapper.ITweaker; +import net.minecraft.launchwrapper.LaunchClassLoader; +import org.spongepowered.asm.launch.MixinBootstrap; +import org.spongepowered.asm.mixin.MixinEnvironment; +import org.spongepowered.asm.mixin.Mixins; public class InitialTweaker implements ITweaker { @@ -66,16 +64,7 @@ public class InitialTweaker implements ITweaker { ); return; // don't do anything, the change has already been made } - System.out.println("======================="); - System.out.println("NoSession: relaunching without the token"); - System.out.println("======================="); - try { - Relaunch.relaunch(argsCopy, gameDir, assetsDir, version); - } catch (Exception e) { - e.printStackTrace(); - throw new RuntimeException(e); - } - + throw new RuntimeException("It should be impossible to get here! Report this bug to https://github.com/thefightagainstmalware/NoSession"); } /** -- cgit