From e2f772df0d6b7b4297c285617b4b32aab65ddb83 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 18 Feb 2022 22:29:11 +0000 Subject: [PATCH 1/4] fix: G-Earth/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1319666 --- G-Earth/pom.xml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/G-Earth/pom.xml b/G-Earth/pom.xml index ee5d766..62e863e 100644 --- a/G-Earth/pom.xml +++ b/G-Earth/pom.xml @@ -10,7 +10,7 @@ 1.8 - 9.4.41.v20210516 + 9.4.43.v20210629 @@ -75,24 +75,24 @@ - - - + + + - - - + + + - - - + + + - - - + + + @@ -106,8 +106,7 @@ clean - + From c2c0e2b0cbd5dd697363ea3a15ebf2d18bc51e5f Mon Sep 17 00:00:00 2001 From: Dorving Date: Mon, 11 Apr 2022 04:17:45 +0200 Subject: [PATCH 2/4] Wrapped RC4 table checks in try catch block (#106) - also cleaned up code a bit --- .../gearth/protocol/memory/Rc4Obtainer.java | 79 +++++++++---------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java b/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java index 40ff481..c104768 100644 --- a/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java +++ b/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java @@ -3,25 +3,20 @@ package gearth.protocol.memory; import gearth.GEarth; import gearth.protocol.HConnection; import gearth.protocol.HMessage; -import gearth.protocol.HPacket; import gearth.protocol.crypto.RC4; import gearth.protocol.memory.habboclient.HabboClient; import gearth.protocol.memory.habboclient.HabboClientFactory; +import gearth.protocol.packethandler.PayloadBuffer; import gearth.protocol.packethandler.flash.BufferChangeListener; import gearth.protocol.packethandler.flash.FlashPacketHandler; -import gearth.protocol.packethandler.PayloadBuffer; import gearth.ui.titlebar.TitleBarController; import javafx.application.Platform; import javafx.scene.control.Alert; import javafx.scene.control.ButtonType; import javafx.scene.control.Hyperlink; import javafx.scene.control.Label; -import javafx.scene.image.Image; import javafx.scene.layout.FlowPane; import javafx.scene.layout.Region; -import javafx.scene.layout.VBox; -import javafx.scene.web.WebView; -import javafx.stage.Stage; import java.io.IOException; import java.util.Arrays; @@ -31,17 +26,15 @@ public class Rc4Obtainer { public static final boolean DEBUG = false; - private HabboClient client; + private final HabboClient client; private List flashPacketHandlers; public Rc4Obtainer(HConnection hConnection) { client = HabboClientFactory.get(hConnection); } - public void setFlashPacketHandlers(FlashPacketHandler... flashPacketHandlers) { this.flashPacketHandlers = Arrays.asList(flashPacketHandlers); - for (FlashPacketHandler handler : flashPacketHandlers) { BufferChangeListener bufferChangeListener = new BufferChangeListener() { @Override @@ -54,12 +47,8 @@ public class Rc4Obtainer { }; handler.getBufferChangeObservable().addListener(bufferChangeListener); } - - } - - private void onSendFirstEncryptedMessage(FlashPacketHandler flashPacketHandler) { if (!HConnection.DECRYPTPACKETS) return; @@ -82,14 +71,13 @@ public class Rc4Obtainer { if (!worked) { System.err.println("COULD NOT FIND RC4 TABLE"); - Platform.runLater(() -> { Alert alert = new Alert(Alert.AlertType.WARNING, "Something went wrong!", ButtonType.OK); FlowPane fp = new FlowPane(); - Label lbl = new Label("G-Earth has experienced an issue" + System.lineSeparator()+ System.lineSeparator() + "Head over to our Troubleshooting page to solve the problem:"); + Label lbl = new Label("G-Earth has experienced an issue" + System.lineSeparator() + System.lineSeparator() + "Head over to our Troubleshooting page to solve the problem:"); Hyperlink link = new Hyperlink("https://github.com/sirjonasxx/G-Earth/wiki/Troubleshooting"); - fp.getChildren().addAll( lbl, link); + fp.getChildren().addAll(lbl, link); link.setOnAction(event -> { GEarth.main.getHostServices().showDocument(link.getText()); event.consume(); @@ -97,64 +85,75 @@ public class Rc4Obtainer { alert.getDialogPane().setMinHeight(Region.USE_PREF_SIZE); alert.getDialogPane().setContent(fp); - alert.setOnCloseRequest(event -> { - GEarth.main.getHostServices().showDocument(link.getText()); - }); + alert.setOnCloseRequest(event -> GEarth.main.getHostServices().showDocument(link.getText())); try { TitleBarController.create(alert).showAlert(); } catch (IOException e) { e.printStackTrace(); } - }); - } - long endTime = System.currentTimeMillis(); - if (DEBUG) { + final long endTime = System.currentTimeMillis(); + if (DEBUG) System.out.println("Cracked RC4 in " + (endTime - startTime) + "ms"); - } flashPacketHandlers.forEach(FlashPacketHandler::unblock); }).start(); } private boolean onSendFirstEncryptedMessage(FlashPacketHandler flashPacketHandler, List potentialRC4tables) { - for (byte[] possible : potentialRC4tables) { - byte[] encBuffer = new byte[flashPacketHandler.getEncryptedBuffer().size()]; - for (int i = 0; i < encBuffer.length; i++) { + for (byte[] possible : potentialRC4tables) + if (isCorrectRC4Table(flashPacketHandler, possible)) + return true; + + return false; + } + + private boolean isCorrectRC4Table(FlashPacketHandler flashPacketHandler, byte[] possible) { + + try { + + final byte[] encBuffer = new byte[flashPacketHandler.getEncryptedBuffer().size()]; + + for (int i = 0; i < encBuffer.length; i++) encBuffer[i] = flashPacketHandler.getEncryptedBuffer().get(i); - } for (int i = 0; i < 256; i++) { for (int j = 0; j < 256; j++) { - byte[] keycpy = Arrays.copyOf(possible, possible.length); - RC4 rc4Tryout = new RC4(keycpy, i, j); - if (flashPacketHandler.getMessageSide() == HMessage.Direction.TOSERVER) rc4Tryout.undoRc4(encBuffer); + final byte[] keycpy = Arrays.copyOf(possible, possible.length); + final RC4 rc4Tryout = new RC4(keycpy, i, j); + + if (flashPacketHandler.getMessageSide() == HMessage.Direction.TOSERVER) + rc4Tryout.undoRc4(encBuffer); + if (rc4Tryout.couldBeFresh()) { - byte[] encDataCopy = Arrays.copyOf(encBuffer, encBuffer.length); - RC4 rc4TryCopy = rc4Tryout.deepCopy(); + + final byte[] encDataCopy = Arrays.copyOf(encBuffer, encBuffer.length); + final RC4 rc4TryCopy = rc4Tryout.deepCopy(); try { - PayloadBuffer payloadBuffer = new PayloadBuffer(); - byte[] decoded = rc4TryCopy.rc4(encDataCopy); - HPacket[] checker = payloadBuffer.pushAndReceive(decoded); + final PayloadBuffer payloadBuffer = new PayloadBuffer(); + final byte[] decoded = rc4TryCopy.rc4(encDataCopy); + + payloadBuffer.pushAndReceive(decoded); if (payloadBuffer.peak().length == 0) { flashPacketHandler.setRc4(rc4Tryout); return true; } - } catch (Exception e) { -// e.printStackTrace(); + if (DEBUG) + e.printStackTrace(); } - } - } } + } catch (Exception e) { + if (DEBUG) + e.printStackTrace(); } return false; } From 4bfa5d6b8437773199a2acd9fd138adfc006eea8 Mon Sep 17 00:00:00 2001 From: Dorving Date: Mon, 11 Apr 2022 05:06:00 +0200 Subject: [PATCH 3/4] Removed Rc4Obtainer.DEBUG condition from printing stack traces --- .../src/main/java/gearth/protocol/memory/Rc4Obtainer.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java b/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java index c104768..50d37ad 100644 --- a/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java +++ b/G-Earth/src/main/java/gearth/protocol/memory/Rc4Obtainer.java @@ -145,15 +145,13 @@ public class Rc4Obtainer { return true; } } catch (Exception e) { - if (DEBUG) - e.printStackTrace(); + e.printStackTrace(); } } } } } catch (Exception e) { - if (DEBUG) - e.printStackTrace(); + e.printStackTrace(); } return false; } From bd3115314953ea96f239a4de91032fe7c12da682 Mon Sep 17 00:00:00 2001 From: sirjonasxx <36828922+sirjonasxx@users.noreply.github.com> Date: Tue, 3 May 2022 06:12:33 +0200 Subject: [PATCH 4/4] remove option to not use new structures --- .../internal_extensions/uilogger/UiLoggerController.java | 5 ++--- .../services/internal_extensions/uilogger/UiLogger.fxml | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/G-Earth/src/main/java/gearth/services/internal_extensions/uilogger/UiLoggerController.java b/G-Earth/src/main/java/gearth/services/internal_extensions/uilogger/UiLoggerController.java index ee1e54b..26b6af0 100644 --- a/G-Earth/src/main/java/gearth/services/internal_extensions/uilogger/UiLoggerController.java +++ b/G-Earth/src/main/java/gearth/services/internal_extensions/uilogger/UiLoggerController.java @@ -46,7 +46,6 @@ public class UiLoggerController implements Initializable { public CheckMenuItem chkMessageHash; public CheckMenuItem chkMessageId; public Label lblPacketInfo; - public CheckMenuItem chkUseNewStructures; public CheckMenuItem chkAlwaysOnTop; public CheckMenuItem chkOpenOnConnect; @@ -130,7 +129,7 @@ public class UiLoggerController implements Initializable { public void initialize(URL arg0, ResourceBundle arg1) { allMenuItems.addAll(Arrays.asList( chkViewIncoming, chkViewOutgoing, chkDisplayStructure, chkAutoscroll, - chkSkipBigPackets, chkMessageName, chkMessageHash, chkMessageId, chkUseNewStructures, + chkSkipBigPackets, chkMessageName, chkMessageHash, chkMessageId, chkOpenOnConnect, chkResetOnConnect, chkHideOnDisconnect, chkResetOnDisconnect, chkAntiSpam_none, chkAntiSpam_low, chkAntiSpam_medium, chkAntiSpam_high, chkAntiSpam_ultra, chkTimestamp, chkReprHex, chkReprLegacy, chkReprRawHex, chkReprNone @@ -286,7 +285,7 @@ public class UiLoggerController implements Initializable { if (packet.length() <= 2000) { try { - String expr = packet.toExpression(isIncoming ? HMessage.Direction.TOCLIENT : HMessage.Direction.TOSERVER, uiLogger.getPacketInfoManager(), chkUseNewStructures.isSelected()); + String expr = packet.toExpression(isIncoming ? HMessage.Direction.TOCLIENT : HMessage.Direction.TOSERVER, uiLogger.getPacketInfoManager(), true); String cleaned = cleanTextContent(expr); if (cleaned.equals(expr)) { if (!expr.equals("") && chkDisplayStructure.isSelected()) { diff --git a/G-Earth/src/main/resources/gearth/services/internal_extensions/uilogger/UiLogger.fxml b/G-Earth/src/main/resources/gearth/services/internal_extensions/uilogger/UiLogger.fxml index 405c104..c257d5e 100644 --- a/G-Earth/src/main/resources/gearth/services/internal_extensions/uilogger/UiLogger.fxml +++ b/G-Earth/src/main/resources/gearth/services/internal_extensions/uilogger/UiLogger.fxml @@ -67,7 +67,6 @@ -