From bcbc46238ce5491a6cbd76e6eb2f4bbab3307470 Mon Sep 17 00:00:00 2001 From: Gravit Date: Fri, 18 Oct 2019 19:10:04 +0700 Subject: [PATCH] [FEATURE] SecureAutogenConfig --- .../command/basic/TestCommand.java | 6 +++ .../pro/gravit/launcher/LauncherEngine.java | 6 --- .../launcher/client/ClientModuleManager.java | 12 ++++- .../pro/gravit/launcher/LauncherConfig.java | 11 +++++ .../gravit/launcher/SecureAutogenConfig.java | 44 +++++++++++++++++++ .../gravit/launcher/hwid/HWIDCheckHelper.java | 11 +++-- .../gravit/utils/helper/SecurityHelper.java | 7 +-- 7 files changed, 81 insertions(+), 16 deletions(-) create mode 100644 LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/command/basic/TestCommand.java b/LaunchServer/src/main/java/pro/gravit/launchserver/command/basic/TestCommand.java index 6f7fd287..4511a8d9 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/command/basic/TestCommand.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/command/basic/TestCommand.java @@ -5,10 +5,12 @@ import org.bouncycastle.cert.X509CertificateHolder; +import pro.gravit.launcher.hwid.HWIDCheckHelper; import pro.gravit.launchserver.LaunchServer; import pro.gravit.launchserver.command.Command; import pro.gravit.launchserver.socket.handlers.NettyServerSocketHandler; import pro.gravit.utils.helper.CommonHelper; +import pro.gravit.utils.helper.LogHelper; public class TestCommand extends Command { public TestCommand(LaunchServer server) { @@ -55,5 +57,9 @@ public void invoke(String... args) throws Exception { server.certificateManager.writePrivateKey(Paths.get(name.concat(".key")), pair.getPrivate()); server.certificateManager.writeCertificate(Paths.get(name.concat(".crt")), cert); } + if(args[0].equals("hwidcheck")) + { + LogHelper.info("HWID String %s bad rating %d", args[1], HWIDCheckHelper.checkString(args[1])); + } } } diff --git a/Launcher/src/main/java/pro/gravit/launcher/LauncherEngine.java b/Launcher/src/main/java/pro/gravit/launcher/LauncherEngine.java index 38fd00b8..17f36147 100644 --- a/Launcher/src/main/java/pro/gravit/launcher/LauncherEngine.java +++ b/Launcher/src/main/java/pro/gravit/launcher/LauncherEngine.java @@ -40,12 +40,6 @@ public static void main(String... args) throws Throwable { //if(!LauncherAgent.isStarted()) throw new SecurityException("JavaAgent not set"); LogHelper.printVersion("Launcher"); LogHelper.printLicense("Launcher"); - try { - Security.addProvider(new BouncyCastleProvider()); - } catch (Exception ignored) - { - LogHelper.warning("BouncyCastle not found"); - } LauncherEngine.modulesManager = new ClientModuleManager(); LauncherConfig.getAutogenConfig().initModules(); diff --git a/Launcher/src/main/java/pro/gravit/launcher/client/ClientModuleManager.java b/Launcher/src/main/java/pro/gravit/launcher/client/ClientModuleManager.java index a5f6343f..1d5ba556 100644 --- a/Launcher/src/main/java/pro/gravit/launcher/client/ClientModuleManager.java +++ b/Launcher/src/main/java/pro/gravit/launcher/client/ClientModuleManager.java @@ -4,12 +4,15 @@ import java.nio.file.Path; import java.util.Collection; +import pro.gravit.launcher.Launcher; import pro.gravit.launcher.modules.LauncherModule; import pro.gravit.launcher.modules.impl.SimpleModuleManager; +import pro.gravit.utils.verify.LauncherTrustManager; public class ClientModuleManager extends SimpleModuleManager { public ClientModuleManager() { - super(null, null); + super(null, null, Launcher.getConfig().trustManager); + checkMode = LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED; } @Override @@ -26,6 +29,13 @@ public void autoload(Path dir) throws IOException { public LauncherModule loadModule(Path file) throws IOException { throw new UnsupportedOperationException(); } + + @Override + public LauncherModule loadModule(LauncherModule module) { + checkModuleClass(module.getClass(), LauncherTrustManager.CheckMode.EXCEPTION_IN_NOT_SIGNED); + return super.loadModule(module); + } + public void callWrapper(ProcessBuilder processBuilder, Collection jvmArgs) { for(LauncherModule module : modules) diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java b/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java index 6b012e79..9dc70fb4 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/LauncherConfig.java @@ -1,6 +1,7 @@ package pro.gravit.launcher; import java.io.IOException; +import java.security.cert.CertificateException; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; @@ -16,9 +17,11 @@ import pro.gravit.launcher.serialize.stream.StreamObject; import pro.gravit.utils.helper.SecurityHelper; import pro.gravit.utils.helper.VerifyHelper; +import pro.gravit.utils.verify.LauncherTrustManager; public final class LauncherConfig extends StreamObject { private static final AutogenConfig config = new AutogenConfig(); + private static final SecureAutogenConfig secureConfig = new SecureAutogenConfig(); public static AutogenConfig getAutogenConfig() { @@ -32,6 +35,7 @@ public static AutogenConfig getAutogenConfig() { public final int clientPort; public String secretKeyClient; public String oemUnlockKey; + public final LauncherTrustManager trustManager; @LauncherAPI public final ECPublicKey publicKey; @@ -60,6 +64,11 @@ public LauncherConfig(HInput input) throws IOException, InvalidKeySpecException clientPort = config.clientPort; secretKeyClient = config.secretKeyClient; oemUnlockKey = config.oemUnlockKey; + try { + trustManager = new LauncherTrustManager(secureConfig.certificates); + } catch (CertificateException e) { + throw new IOException(e); + } isWarningMissArchJava = config.isWarningMissArchJava; guardLicenseEncryptKey = config.guardLicenseEncryptKey; @@ -104,6 +113,7 @@ public LauncherConfig(String address, ECPublicKey publicKey, Map secureCheckSalt = null; secureCheckHash = null; passwordEncryptKey = null; + trustManager = null; } @LauncherAPI @@ -123,6 +133,7 @@ public LauncherConfig(String address, ECPublicKey publicKey, Map secureCheckSalt = null; secureCheckHash = null; passwordEncryptKey = null; + trustManager = null; } @Override diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java b/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java new file mode 100644 index 00000000..2d971a4e --- /dev/null +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/SecureAutogenConfig.java @@ -0,0 +1,44 @@ +package pro.gravit.launcher; + +public class SecureAutogenConfig { + public byte[][] certificates; + + public SecureAutogenConfig() { + //Пока не реализован SecureLauncherConfigurator + certificates = new byte[][] { + ("-----BEGIN CERTIFICATE-----\n" + + "MIIFyjCCA7KgAwIBAgIRALnsjNjfvOTXfla3fX1fNEUwDQYJKoZIhvcNAQELBQAw\n" + + "WTELMAkGA1UEBhMCUlUxFzAVBgNVBAoTDkdyYXZpdFRydXN0IENBMRAwDgYDVQQL\n" + + "EwdSb290IENBMR8wHQYDVQQDExZHcmF2aXQgQ2VudHJhbCBSb290IENBMCAXDTE5\n" + + "MDYwOTAyNDIwMFoYDzIwNTEwNjA5MDI0MjAwWjBZMQswCQYDVQQGEwJSVTEXMBUG\n" + + "A1UEChMOR3Jhdml0VHJ1c3QgQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHzAdBgNVBAMT\n" + + "FkdyYXZpdCBDZW50cmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n" + + "ggIKAoICAQDA3Qm9OH8Xz3YM3bKkZuQI7T/aL3ulMOdY5GFADYgHrOVZXVSJi/4P\n" + + "PruBsut4WXN6TGQdpJtNZ2kyWTYzENGTm/TMzBcIchor1M3JW5Uv/C0r5gSEU1uP\n" + + "DPe7oEpeKtb3FXML/pGoGpLv/sonTKky4AKZnK7B15bZ+oVZNwh7UKANpNrVA8k5\n" + + "0gb4BisFcegLidYL9Y00H1x5WzUxldQAA1IQuwdkL3NP0NPQrSVJ2Ka2EtebE2HP\n" + + "fXHtbftvvnvSWyh4CXAxTfEmJgut0gSPQPm9wVt6pIWWd4O0hHwVmxkKQidgnP6A\n" + + "+d05FnJGsBw0ztMCifIteqNiHF0D8E0GuSz6NtcuV47J3p43qkvKr2vPc8o6WMN8\n" + + "PAb0eVHc/AX8qqOwYQyHlj4M0SDhCltHeeYRWmuZmRFIIelv6VAocaQLlPQrhJNp\n" + + "feIzmXLy60a+84vpe/eQKQx+D8a1elarQkoHMxI7x/9AJvxcnJ4KuXc2rkiu3Zv9\n" + + "KMhixtkLc+pA6jY023U211v+c20RjTqwKIZoMFc7BZipoinAOn1bdsTzXlhOMv1O\n" + + "zj5WoW6DsQQONMZNyLQAkaX6SYZE/kQVJ9YMPhNdaXjxxzfrY05IrWAaWhtPbW8z\n" + + "5nb4/JyO+bJq3v2rav9p03s8P/lQ4k/0af5vOkGkEO0+YKx97ZP8FQIDAQABo4GK\n" + + "MIGHMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFjMGCvHXAE/vGJih+Lfdo2s\n" + + "YnzsMAsGA1UdDwQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY2EuZ3Jh\n" + + "dml0LnByby9jZW50cmFscm9vdC5jcmwwEQYJYIZIAYb4QgEBBAQDAgAHMA0GCSqG\n" + + "SIb3DQEBCwUAA4ICAQAexCGpThx85skEllva1UskmdlRh3rud9u59AUiwNZF0b0I\n" + + "+7eeyLNaLHarg2Zm30TSCF53ksyPTE5QNdmozs1fl3MddFqunkbUm4G6hwedZMSi\n" + + "4IXIb2QK3z3gZG5ZNdHaDG2u00Jdkc39h3jQFp1rpn4+0DcnYJAe+lw5G+XHURY2\n" + + "j15wcmUFp/Ywgw3pfCWmH5+rxq21e/LG8JiQrxekkFI2GUD+Qw7+Hq3o1Fgg3kfh\n" + + "Lg4B5WEbEICQ1FC+dHYHasEI3q3c96Qpqu2k3pO0l1fr6Cys+AGjoI2WrgXkGlmA\n" + + "F+Wi2ndoZbvspGAwxmrNMtLE3OYNuMXFF410QSPf4o9QqpGDC3a2mccTXb231a18\n" + + "5vDJixeZpuzEm5ECXg8j6aj53X3rtm7C8yfOsg5UTKJJj+pSNz4YTp91IDHm0nTP\n" + + "2KhrgS7jujgKdJn9xv07e/API3kLWkVmMwHBiaSCIaHOfAN0RJMQVV+YgnSp2sIa\n" + + "OATWgSKH0qTkleE/v7k+USs0a+KV8wmC5wwliqH+uLO++yIP/9bjDctyLulQX5Ee\n" + + "+EhD7tb1R/yyWY4uhkzlsr3N2Kl34aQAEBMn8Z1mHsyyu1FcbEaNLU8jcS3pHPVM\n" + + "gQRn3m1iDnQlFciAMxW0pW6mW/4xKYzhXk5BTSolnqMVylxHgWXuBwdDDQQVnQ==\n" + + "-----END CERTIFICATE-----").getBytes() + }; + } +} diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/hwid/HWIDCheckHelper.java b/LauncherAPI/src/main/java/pro/gravit/launcher/hwid/HWIDCheckHelper.java index 79052ed7..9bac200f 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/hwid/HWIDCheckHelper.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/hwid/HWIDCheckHelper.java @@ -1,5 +1,7 @@ package pro.gravit.launcher.hwid; +import pro.gravit.utils.helper.LogHelper; + public class HWIDCheckHelper { public static int checkString(String str) { @@ -18,16 +20,15 @@ public static int checkString(String str) if(c == lastChar || Math.abs(c - lastChar) == 1 || ( ( lastChar == '0' || lastChar == '9' ) && ( c == 'A' || c == 'a' ))) //Переход с 0 или 9 на A или a { - lastChar = c; combo++; } else { - if(maxCombo < combo) - maxCombo = combo; - lastChar = c; combo = 1; } + lastChar = c; + if(maxCombo < combo) + maxCombo = combo; int charType = getCharType(c); if(lastCharType == charType) { lastCharTypeCombo++; @@ -56,6 +57,8 @@ public static int checkString(String str) } } //Считаем результат + LogHelper.debug("HWID Checker maxCombo %d", maxCombo); + LogHelper.debug("HWID Checker wtfCharTypeCombo %d", wtfCharTypeCombo); if(maxCombo > 3) result+= maxCombo * 3; if(wtfCharTypeCombo > 1) result+= wtfCharTypeCombo * 2; return result; diff --git a/LauncherCore/src/main/java/pro/gravit/utils/helper/SecurityHelper.java b/LauncherCore/src/main/java/pro/gravit/utils/helper/SecurityHelper.java index 9f63f46a..23acb73e 100644 --- a/LauncherCore/src/main/java/pro/gravit/utils/helper/SecurityHelper.java +++ b/LauncherCore/src/main/java/pro/gravit/utils/helper/SecurityHelper.java @@ -19,9 +19,6 @@ import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.provider.JCEIESCipher; import pro.gravit.launcher.LauncherAPI; public final class SecurityHelper { @@ -187,8 +184,8 @@ private static Cipher newCipher(String algo) { */ private static Cipher newBCCipher(String algo) { try { - return Cipher.getInstance(algo, new BouncyCastleProvider()); - } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { + return Cipher.getInstance(algo, "BC"); + } catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) { throw new InternalError(e); } }