added more client protection

This commit is contained in:
LAX1DUDE 2022-07-17 23:48:26 -07:00
parent 061afaf582
commit 82df3d0c46
4 changed files with 181 additions and 67 deletions

View File

@ -41,8 +41,6 @@ public class EaglerProfile {
public static int newSkinNotificationIndex = 0; public static int newSkinNotificationIndex = 0;
public static String myChannel;
public static final int[] SKIN_DATA_SIZE = new int[] { 64*32*4, 64*64*4, -9, -9, 1, 64*64*4, -9 }; public static final int[] SKIN_DATA_SIZE = new int[] { 64*32*4, 64*64*4, -9, -9, 1, 64*64*4, -9 };
public static final int[] CAPE_DATA_SIZE = new int[] { 32*32*4, -9, 1 }; public static final int[] CAPE_DATA_SIZE = new int[] { 32*32*4, -9, 1 };
@ -219,7 +217,6 @@ public class EaglerProfile {
}while(username.length() > 16); }while(username.length() > 16);
presetSkinId = rand.nextInt(GuiScreenEditProfile.defaultOptions.length); presetSkinId = rand.nextInt(GuiScreenEditProfile.defaultOptions.length);
myChannel = username + "_" + (100 + rand.nextInt(900));
customSkinId = -1; customSkinId = -1;
} }
@ -234,7 +231,6 @@ public class EaglerProfile {
if(newSkinNotificationIndex == 0) { if(newSkinNotificationIndex == 0) {
newSkinNotificationIndex = GuiScreenEditProfile.newDefaultNotice; newSkinNotificationIndex = GuiScreenEditProfile.newDefaultNotice;
} }
myChannel = username + "_" + (100 + rand.nextInt(900));
NBTTagCompound n = LocalStorageManager.profileSettingsStorage.getCompoundTag("skins"); NBTTagCompound n = LocalStorageManager.profileSettingsStorage.getCompoundTag("skins");
for(Object s : NBTTagCompound.getTagMap(n).keySet()) { for(Object s : NBTTagCompound.getTagMap(n).keySet()) {
String s2 = (String)s; String s2 = (String)s;

View File

@ -95,39 +95,37 @@ public class Client {
str.append("eaglercraft.minecraft = \"1.5.2\"\n"); str.append("eaglercraft.minecraft = \"1.5.2\"\n");
str.append("eaglercraft.brand = \"eagtek\"\n"); str.append("eaglercraft.brand = \"eagtek\"\n");
str.append("eaglercraft.username = \"").append(EaglerProfile.username).append("\"\n"); str.append("eaglercraft.username = \"").append(EaglerProfile.username).append("\"\n");
str.append("eaglercraft.channel = \"").append(EaglerProfile.myChannel).append("\"\n");
str.append('\n'); str.append('\n');
shortenMinecraftOpts(); shortenMinecraftOpts();
addArray(str, "window.minecraftOpts"); addArray(str, "minecraftOpts");
str.append('\n'); str.append('\n');
addDebug(str, "window.navigator.userAgent"); addDebugNav(str, "userAgent");
addDebug(str, "window.navigator.vendor"); addDebugNav(str, "vendor");
addDebug(str, "window.navigator.language"); addDebugNav(str, "language");
addDebug(str, "window.navigator.hardwareConcurrency"); addDebugNav(str, "hardwareConcurrency");
addDebug(str, "window.navigator.deviceMemory"); addDebugNav(str, "deviceMemory");
addDebug(str, "window.navigator.platform"); addDebugNav(str, "platform");
addDebug(str, "window.navigator.product"); addDebugNav(str, "product");
str.append('\n'); str.append('\n');
str.append("rootElement.clientWidth = ").append(rootElement.getClientWidth()).append('\n'); str.append("rootElement.clientWidth = ").append(rootElement.getClientWidth()).append('\n');
str.append("rootElement.clientHeight = ").append(rootElement.getClientHeight()).append('\n'); str.append("rootElement.clientHeight = ").append(rootElement.getClientHeight()).append('\n');
addDebug(str, "window.innerWidth"); addDebug(str, "innerWidth");
addDebug(str, "window.innerHeight"); addDebug(str, "innerHeight");
addDebug(str, "window.outerWidth"); addDebug(str, "outerWidth");
addDebug(str, "window.outerHeight"); addDebug(str, "outerHeight");
addDebug(str, "window.devicePixelRatio"); addDebug(str, "devicePixelRatio");
addDebug(str, "window.screen.availWidth"); addDebugScreen(str, "availWidth");
addDebug(str, "window.screen.availHeight"); addDebugScreen(str, "availHeight");
addDebug(str, "window.screen.colorDepth"); addDebugScreen(str, "colorDepth");
addDebug(str, "window.screen.pixelDepth"); addDebugScreen(str, "pixelDepth");
str.append('\n'); str.append('\n');
addDebug(str, "window.currentContext"); addDebug(str, "currentContext");
str.append('\n'); str.append('\n');
addDebug(str, "window.location.href"); addDebugLocation(str, "href");
addArray(str, "window.location.ancestorOrigins");
str.append("\n----- Begin Minecraft Config -----\n"); str.append("\n----- Begin Minecraft Config -----\n");
str.append(LocalStorageManager.dumpConfiguration()); str.append(LocalStorageManager.dumpConfiguration());
str.append("\n----- End Minecraft Config -----\n\n"); str.append("\n----- End Minecraft Config -----\n\n");
addDebug(str, "window.minecraftServer"); addDebug(str, "minecraftServer");
String s = rootElement.getAttribute("style"); String s = rootElement.getAttribute("style");
rootElement.setAttribute("style", (s == null ? "" : s) + "position:relative;"); rootElement.setAttribute("style", (s == null ? "" : s) + "position:relative;");
@ -144,21 +142,42 @@ public class Client {
} }
} }
@JSBody(params = { "v" }, script = "try { return \"\"+window.eval(v); } catch(e) { return \"<error>\"; }") @JSBody(params = { "v" }, script = "try { return \"\"+window[v]; } catch(e) { return \"<error>\"; }")
private static native String getString(String var); private static native String getString(String var);
@JSBody(params = { "v" }, script = "try { return \"\"+window.navigator[v]; } catch(e) { return \"<error>\"; }")
private static native String getStringNav(String var);
@JSBody(params = { "v" }, script = "try { return \"\"+window.screen[v]; } catch(e) { return \"<error>\"; }")
private static native String getStringScreen(String var);
@JSBody(params = { "v" }, script = "try { return \"\"+window.location[v]; } catch(e) { return \"<error>\"; }")
private static native String getStringLocation(String var);
@JSBody(params = { }, script = "for(var i = 0; i < window.minecraftOpts.length; ++i) { if(window.minecraftOpts[i].length > 2048) window.minecraftOpts[i] = \"[\" + Math.floor(window.minecraftOpts[i].length * 0.001) + \"k characters]\"; }") @JSBody(params = { }, script = "for(var i = 0; i < window.minecraftOpts.length; ++i) { if(window.minecraftOpts[i].length > 2048) window.minecraftOpts[i] = \"[\" + Math.floor(window.minecraftOpts[i].length * 0.001) + \"k characters]\"; }")
private static native void shortenMinecraftOpts(); private static native void shortenMinecraftOpts();
private static void addDebug(StringBuilder str, String var) { private static void addDebug(StringBuilder str, String var) {
str.append(var).append(" = ").append(getString(var)).append('\n'); str.append("window.").append(var).append(" = ").append(getString(var)).append('\n');
}
private static void addDebugNav(StringBuilder str, String var) {
str.append("window.navigator.").append(var).append(" = ").append(getStringNav(var)).append('\n');
}
private static void addDebugScreen(StringBuilder str, String var) {
str.append("window.screen.").append(var).append(" = ").append(getStringScreen(var)).append('\n');
}
private static void addDebugLocation(StringBuilder str, String var) {
str.append("window.location.").append(var).append(" = ").append(getStringLocation(var)).append('\n');
} }
private static void addArray(StringBuilder str, String var) { private static void addArray(StringBuilder str, String var) {
str.append(var).append(" = ").append(getArray(var)).append('\n'); str.append("window.").append(var).append(" = ").append(getArray(var)).append('\n');
} }
@JSBody(params = { "v" }, script = "try { return JSON.stringify(window.eval(v)); } catch(e) { return \"[\\\"<error>\\\"]\"; }") @JSBody(params = { "v" }, script = "try { return (typeof window[v] !== \"undefined\") ? JSON.stringify(window[v]) : \"[\\\"<error>\\\"]\"; } catch(e) { return \"[\\\"<error>\\\"]\"; }")
private static native String getArray(String var); private static native String getArray(String var);
} }

View File

@ -60,6 +60,7 @@ import net.lax1dude.eaglercraft.adapter.teavm.WebGLQuery;
import net.lax1dude.eaglercraft.adapter.teavm.WebGLVertexArray; import net.lax1dude.eaglercraft.adapter.teavm.WebGLVertexArray;
import net.minecraft.src.MathHelper; import net.minecraft.src.MathHelper;
import net.lax1dude.eaglercraft.adapter.teavm.EaglercraftVoiceClient; import net.lax1dude.eaglercraft.adapter.teavm.EaglercraftVoiceClient;
import net.lax1dude.eaglercraft.adapter.teavm.SelfDefence;
import net.lax1dude.eaglercraft.adapter.teavm.WebGL2RenderingContext; import net.lax1dude.eaglercraft.adapter.teavm.WebGL2RenderingContext;
import static net.lax1dude.eaglercraft.adapter.teavm.WebGL2RenderingContext.*; import static net.lax1dude.eaglercraft.adapter.teavm.WebGL2RenderingContext.*;
@ -137,9 +138,6 @@ public class EaglerAdapterImpl2 {
request.send(); request.send();
} }
@JSBody(params = { "obj" }, script = "window.currentContext = obj;")
private static native int setContextVar(JSObject obj);
@JSBody(params = { "v", "s" }, script = "window[v] = s;") @JSBody(params = { "v", "s" }, script = "window[v] = s;")
public static native void setDebugVar(String v, String s); public static native void setDebugVar(String v, String s);
@ -168,8 +166,8 @@ public class EaglerAdapterImpl2 {
return identifier; return identifier;
} }
@JSBody(params = { "v" }, script = "try { return \"\"+window.eval(v); } catch(e) { return \"<error>\"; }") @JSBody(params = { "v" }, script = "try { return \"\"+window.navigator[v]; } catch(e) { return \"<error>\"; }")
private static native String getString(String var); private static native String getNavString(String var);
public static void onWindowUnload() { public static void onWindowUnload() {
LocalStorageManager.saveStorageA(); LocalStorageManager.saveStorageA();
@ -193,9 +191,9 @@ public class EaglerAdapterImpl2 {
win = Window.current(); win = Window.current();
doc = win.getDocument(); doc = win.getDocument();
canvas = (HTMLCanvasElement)doc.createElement("canvas"); canvas = (HTMLCanvasElement)doc.createElement("canvas");
canvas.setAttribute("id", "deevis589723589");
canvas.setWidth(parent.getClientWidth()); canvas.setWidth(parent.getClientWidth());
canvas.setHeight(parent.getClientHeight()); canvas.setHeight(parent.getClientHeight());
SelfDefence.init(canvas);
rootElement.appendChild(canvas); rootElement.appendChild(canvas);
renderingCanvas = (HTMLCanvasElement)doc.createElement("canvas"); renderingCanvas = (HTMLCanvasElement)doc.createElement("canvas");
renderingCanvas.setWidth(canvas.getWidth()); renderingCanvas.setWidth(canvas.getWidth());
@ -203,9 +201,8 @@ public class EaglerAdapterImpl2 {
frameBuffer = (CanvasRenderingContext2D) canvas.getContext("2d"); frameBuffer = (CanvasRenderingContext2D) canvas.getContext("2d");
webgl = (WebGL2RenderingContext) renderingCanvas.getContext("webgl2", youEagler()); webgl = (WebGL2RenderingContext) renderingCanvas.getContext("webgl2", youEagler());
if(webgl == null) { if(webgl == null) {
throw new RuntimeException("WebGL 2.0 is not supported in your browser ("+getString("window.navigator.userAgent")+")"); throw new RuntimeException("WebGL 2.0 is not supported in your browser ("+getNavString("userAgent")+")");
} }
setContextVar(webgl);
//String agent = getString("window.navigator.userAgent").toLowerCase(); //String agent = getString("window.navigator.userAgent").toLowerCase();
//if(agent.contains("windows")) isAnisotropicPatched = false; //if(agent.contains("windows")) isAnisotropicPatched = false;
@ -302,31 +299,7 @@ public class EaglerAdapterImpl2 {
} }
}); });
onBeforeCloseRegister(); onBeforeCloseRegister();
execute("window.eagsFileChooser = {\r\n" + initFileChooser();
"inputElement: null,\r\n" +
"openFileChooser: function(ext, mime){\r\n" +
"el = window.eagsFileChooser.inputElement = document.createElement(\"input\");\r\n" +
"el.type = \"file\";\r\n" +
"el.multiple = false;\r\n" +
"el.addEventListener(\"change\", function(evt){\r\n" +
"var f = window.eagsFileChooser.inputElement.files;\r\n" +
"if(f.length == 0){\r\n" +
"window.eagsFileChooser.getFileChooserResult = null;\r\n" +
"}else{\r\n" +
"(async function(){\r\n" +
"window.eagsFileChooser.getFileChooserResult = await f[0].arrayBuffer();\r\n" +
"window.eagsFileChooser.getFileChooserResultName = f[0].name;\r\n" +
"})();\r\n" +
"}\r\n" +
"});\r\n" +
"window.eagsFileChooser.getFileChooserResult = null;\r\n" +
"window.eagsFileChooser.getFileChooserResultName = null;\r\n" +
"el.accept = mime;\r\n" +
"el.click();\r\n" +
"},\r\n" +
"getFileChooserResult: null,\r\n" +
"getFileChooserResultName: null\r\n" +
"};");
EarlyLoadScreen.paintScreen(); EarlyLoadScreen.paintScreen();
@ -375,6 +348,34 @@ public class EaglerAdapterImpl2 {
@JSBody(params = { }, script = "return window.startVoiceClient();") @JSBody(params = { }, script = "return window.startVoiceClient();")
private static native EaglercraftVoiceClient startVoiceClient(); private static native EaglercraftVoiceClient startVoiceClient();
@JSBody(params = { }, script =
"window.eagsFileChooser = {\r\n" +
"inputElement: null,\r\n" +
"openFileChooser: function(ext, mime){\r\n" +
"var el = window.eagsFileChooser.inputElement = document.createElement(\"input\");\r\n" +
"el.type = \"file\";\r\n" +
"el.multiple = false;\r\n" +
"el.addEventListener(\"change\", function(evt){\r\n" +
"var f = window.eagsFileChooser.inputElement.files;\r\n" +
"if(f.length == 0){\r\n" +
"window.eagsFileChooser.getFileChooserResult = null;\r\n" +
"}else{\r\n" +
"(async function(){\r\n" +
"window.eagsFileChooser.getFileChooserResult = await f[0].arrayBuffer();\r\n" +
"window.eagsFileChooser.getFileChooserResultName = f[0].name;\r\n" +
"})();\r\n" +
"}\r\n" +
"});\r\n" +
"window.eagsFileChooser.getFileChooserResult = null;\r\n" +
"window.eagsFileChooser.getFileChooserResultName = null;\r\n" +
"el.accept = mime;\r\n" +
"el.click();\r\n" +
"},\r\n" +
"getFileChooserResult: null,\r\n" +
"getFileChooserResultName: null\r\n" +
"};")
private static native void initFileChooser();
public static final void destroyContext() { public static final void destroyContext() {
} }
@ -388,6 +389,13 @@ public class EaglerAdapterImpl2 {
win.removeEventListener("keyup", keyup); win.removeEventListener("keyup", keyup);
win.removeEventListener("keypress", keypress); win.removeEventListener("keypress", keypress);
win.removeEventListener("wheel", wheel); win.removeEventListener("wheel", wheel);
String screenImg = canvas.toDataURL("image/png");
canvas.delete();
HTMLImageElement newImage = (HTMLImageElement) doc.createElement("img");
newImage.setSrc(screenImg);
newImage.setWidth(parent.getClientWidth());
newImage.setHeight(parent.getClientHeight());
parent.appendChild(newImage);
} }
private static LinkedList<MouseEvent> mouseEvents = new LinkedList(); private static LinkedList<MouseEvent> mouseEvents = new LinkedList();
@ -891,7 +899,7 @@ public class EaglerAdapterImpl2 {
return __wglGetTexParameterf(webgl, p1); return __wglGetTexParameterf(webgl, p1);
} }
public static final boolean isWindows() { public static final boolean isWindows() {
return getString("window.navigator.platform").toLowerCase().contains("win"); return getNavString("platform").toLowerCase().contains("win");
} }
private static HTMLCanvasElement imageLoadCanvas = null; private static HTMLCanvasElement imageLoadCanvas = null;
@ -1804,9 +1812,6 @@ public class EaglerAdapterImpl2 {
Window.current().getLocation().setFullURL(url); Window.current().getLocation().setFullURL(url);
} }
@JSBody(params = { "str" }, script = "window.eval(str);")
private static native void execute(String str);
@JSBody(params = { }, script = "window.onbeforeunload = function(){javaMethods.get('net.lax1dude.eaglercraft.adapter.EaglerAdapterImpl2.onWindowUnload()V').invoke();return false;};") @JSBody(params = { }, script = "window.onbeforeunload = function(){javaMethods.get('net.lax1dude.eaglercraft.adapter.EaglerAdapterImpl2.onWindowUnload()V').invoke();return false;};")
private static native void onBeforeCloseRegister(); private static native void onBeforeCloseRegister();

View File

@ -0,0 +1,94 @@
package net.lax1dude.eaglercraft.adapter.teavm;
import java.util.ArrayList;
import java.util.List;
import org.teavm.jso.JSBody;
import org.teavm.jso.JSFunctor;
import org.teavm.jso.JSObject;
import org.teavm.jso.browser.TimerHandler;
import org.teavm.jso.browser.Window;
import org.teavm.jso.core.JSArrayReader;
import org.teavm.jso.dom.html.HTMLCanvasElement;
import org.teavm.jso.dom.html.HTMLDocument;
import org.teavm.jso.dom.html.HTMLIFrameElement;
import org.teavm.jso.dom.xml.Element;
import org.teavm.jso.dom.xml.NodeList;
public class SelfDefence {
private static HTMLCanvasElement canvas = null;
@JSFunctor
private static interface NewWindowCallback extends JSObject {
void call(Window newWindow);
}
@JSBody(params = { "cb" }, script = "const ccb = cb; const _open = window.open; window.open = (url,name,params) => { var rw = _open(url,name,params); ccb(rw); return rw; }")
private static native void injectWindowCapture(NewWindowCallback callback);
private static final List<Window> capturedChildWindows = new ArrayList();
public static void init(HTMLCanvasElement legitCanvas) {
canvas = legitCanvas;
for(int i = 0; i < 15; ++i) {
Window.setTimeout(new TimerHandler() {
@Override
public void onTimer() {
Window.setTimeout(this, (long)(Math.random() * 25000l));
run(Window.current());
for(int i = 0, l = capturedChildWindows.size(); i < l; ++i) {
run(capturedChildWindows.get(i));
}
}
}, (long)(Math.random() * 25000l));
}
injectWindowCapture(new NewWindowCallback() {
@Override
public void call(Window newWindow) {
capturedChildWindows.add(newWindow);
}
});
}
private static void run(Window win) {
try {
run0(win);
}catch(Throwable t) {
}
}
private static void run0(Window win) {
run(win.getDocument());
JSArrayReader<HTMLIFrameElement> frms = win.getFrames();
for(int i = 0, l = frms.getLength(); i < l; ++i) {
HTMLIFrameElement frm = frms.get(i);
if(checkFrame(frm)) {
run(frm.getContentWindow());
}
}
}
@JSBody(params = { "frm" }, script = "try { var g = frm.contentWindow; g[\"fuck_off\"] = \"dick\"; return g[\"fuck_off\"] === \"dick\"; } catch (e) { return false; }")
private static native boolean checkFrame(HTMLIFrameElement frame);
private static void run(HTMLDocument doc) {
try {
run0(doc);
}catch(Throwable t) {
}
}
private static void run0(HTMLDocument doc) {
NodeList<Element> els = doc.getElementsByTagName("canvas");
for(int i = 0, l = els.getLength(); i < l; ++i) {
HTMLCanvasElement canv = (HTMLCanvasElement) els.get(i);
if(canvas != canv) {
canv.delete();
}
}
}
}