online mode, not tested, mojang is resetting my account

This commit is contained in:
creeper123123321 2020-10-31 21:49:12 -03:00
parent 64b8c6a6cb
commit 23c75082a7
3 changed files with 217 additions and 37 deletions

View File

@ -11,6 +11,7 @@ import io.netty.channel.ChannelOption
import io.netty.channel.socket.SocketChannel
import io.netty.channel.socket.nio.NioSocketChannel
import kotlinx.coroutines.runBlocking
import org.slf4j.LoggerFactory
import us.myles.ViaVersion.api.PacketWrapper
import us.myles.ViaVersion.api.Via
import us.myles.ViaVersion.api.data.StoredObject
@ -32,7 +33,6 @@ import java.security.SecureRandom
import java.security.spec.X509EncodedKeySpec
import java.util.*
import java.util.concurrent.TimeUnit
import java.util.logging.Logger
import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
@ -55,7 +55,7 @@ class CloudPipeline(userConnection: UserConnection) : ProtocolPipeline(userConne
}
object CloudHeadProtocol : SimpleProtocol() {
val logger = Logger.getLogger("CloudHandlerProtocol")
val logger = LoggerFactory.getLogger("CloudHandlerProtocol")
override fun registerPackets() {
this.registerIncoming(State.HANDSHAKE, 0, 0, object : PacketRemapper() {
override fun registerMap() {
@ -265,7 +265,7 @@ object CloudTailProtocol : SimpleProtocol() {
var sent = false
viaWebServer.listeners[fromUndashed(profile.get("id")!!.asString)]?.forEach {
it.ws.send("""{"action": "session_hash_request", "session_hash": "$backHash",
it.ws.send("""{"action": "session_hash_request", "username": "${data.frontLoginName!!}", "session_hash": "$backHash",
| "client_address": "${wrapper.user().channel!!.remoteAddress()}", "backend_public_key":
| "${Base64.getEncoder().encodeToString(data.backPublicKey!!.encoded)}"}""".trimMargin())
it.ws.flush()
@ -276,25 +276,25 @@ object CloudTailProtocol : SimpleProtocol() {
throw IllegalStateException("No connection to browser, connect in /auth.html")
} else {
viaWebServer.pendingSessionHashes.get(backHash).get(15, TimeUnit.SECONDS)
wrapper.user().channel!!.eventLoop().submit {
val backCrypto = ByteBufAllocator.DEFAULT.buffer()
val backChan = wrapper.user().channel!!.pipeline()
.get(CloudSideForwarder::class.java).other!!
backChan.eventLoop().submit {
val backCryptoAnswer = ByteBufAllocator.DEFAULT.buffer()
try {
backCrypto.writeByte(1) // Packet id
Type.BYTE_ARRAY_PRIMITIVE.write(backCrypto, Cipher.getInstance("RSA").let {
backCryptoAnswer.writeByte(1) // Packet id
Type.BYTE_ARRAY_PRIMITIVE.write(backCryptoAnswer, Cipher.getInstance("RSA").let {
it.init(Cipher.ENCRYPT_MODE, data.backPublicKey)
it.doFinal(backKey)
})
Type.BYTE_ARRAY_PRIMITIVE.write(backCrypto, Cipher.getInstance("RSA").let {
Type.BYTE_ARRAY_PRIMITIVE.write(backCryptoAnswer, Cipher.getInstance("RSA").let {
it.init(Cipher.ENCRYPT_MODE, data.backPublicKey)
it.doFinal(data.backToken)
})
val backChan = wrapper.user().channel!!.pipeline()
.get(CloudSideForwarder::class.java).other!!
backChan.writeAndFlush(backCrypto.retain())
backChan.writeAndFlush(backCryptoAnswer.retain())
backChan.pipeline().get(CloudEncryptor::class.java).cipher = backAesEn
backChan.pipeline().get(CloudDecryptor::class.java).cipher = backAesDe
} finally {
backCrypto.release()
backCryptoAnswer.release()
}
}
}

View File

@ -165,10 +165,10 @@ class WebLogin : WebState {
webClient.ws.send("""{"action": "minecraft_id_result", "success": true,
| "username": "$mcIdUser", "uuid": "$uuid", "token": "$token"}""".trimMargin())
webLogger.info("${webClient.ws.call.request.origin} generated a token for account $mcIdUser $uuid")
webLogger.info("Generated a token for account $mcIdUser $uuid")
} else {
webClient.ws.send("""{"action": "minecraft_id_result", "success": false}""")
webLogger.info("${webClient.ws.call.request.origin} failed to generated a token for account $username")
webLogger.info("Failed to generated a token for account $username")
}
}
"listen_login_requests" -> {
@ -180,10 +180,10 @@ class WebLogin : WebState {
webClient.server.listeners.computeIfAbsent(user) { Collections.newSetFromMap(ConcurrentHashMap()) }
.add(webClient)
webLogger.info("${webClient.ws.call.request.origin} is listening for logins for $user")
webLogger.info("Listening for logins for $user")
} else {
webClient.ws.send("""{"action": "listen_login_requests_result", "token": "$token", "success": false}""")
webLogger.info("${webClient.ws.call.request.origin} failed token for $user")
webLogger.info("Failed token for $user")
}
}
"session_hash_response" -> {

View File

@ -4,14 +4,34 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>VIAaaS Authenticator</title>
<style>
body {font-family: sans-serif}
</style>
<style>body {font-family: sans-serif}</style>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/uuid/8.3.1/uuid.min.js"></script>
</head>
<body>
WIP TODO - authenticate to backend server via browser, proxy the Mojang Login API, does this work on 1.7 and other versions?
TODO - what to do with invalid session error because it uses the same account?
<p>DO NOT TYPE YOUR CREDENTIALS IF YOU DON'T TRUST THIS VIAAAS INSTANCE OR THE CORS PROXY!</p>
<p>Mojang API calls in browser are called through a CORS Proxy. See https://github.com/Zibri/cloudflare-cors-anywhere
for setting up one.</p>
<label for="cors-proxy">CORS Proxy URL:</label>
<br>
<input type="url" id="cors-proxy" name="cors-proxy" value="" onchange="localStorage.setItem('cors-proxy', this.value);">
<script></script>
<hr>
<p>Browser Minecraft accounts:</p>
<p><span id="add-account">
<label for="email">Email/Username (legacy):</label>
<br>
<input type="text" id="email" name="email" value="">
<br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password" value="">
<br><br>
<input type="button" value="Login into Minecraft" onclick="loginMc()">
</span></p>
<span id="accounts"></span>
<hr>
<p>WebSocket connection status: <span id="connection_status">?</span></p>
<p>DO NOT TYPE YOUR CREDENTIALS IF YOU DON'T TRUST THIS VIAAAS INSTANCE!</p>
<p><span id="content"></span></p>
<script>
let urlParams = new URLSearchParams();
@ -22,17 +42,155 @@ WIP TODO - authenticate to backend server via browser, proxy the Mojang Login AP
alert("Couldn't authenticate with Minecraft.ID: " + urlParams.get("mcauth_msg"));
}
var wsUrl = "wss://" + window.location.host + "/ws";
var socket = null;
var connectionStatus = document.getElementById("connection_status");
var content = document.getElementById("content");
var acounts = document.getElementById("accounts");
$("#cors-proxy").val(localStorage.getItem("cors-proxy"));
function loginMc() {
var clientToken = uuid.v4();
$.ajax({type: "post",
url: localStorage.getItem("cors-proxy") + "https://authserver.mojang.com/authenticate",
data: JSON.stringify({
agent: {name: "Minecraft", version: 1},
username: $("#email").val(),
password: $("#password").val(),
clientToken: clientToken,
}),
contentType: "application/json",
dataType: "json"
}).done((data) => {
storeMcAccount(data.accessToken, data.clientToken, data.selectedProfile.name, data.selectedProfile.id);
}).fail(() => alert("Failed to login"));
$("#email").val("");
$("#password").val("");
}
function storeMcAccount(accessToken, clientToken, name, id) {
let accounts = JSON.parse(localStorage.getItem("mc_accounts")) || [];
accounts.push({accessToken: accessToken, clientToken: clientToken, name: name, id: id});
localStorage.setItem("mc_accounts", JSON.stringify(accounts));
refreshAccountList();
}
function removeMcAccount(id) {
let accounts = JSON.parse(localStorage.getItem("mc_accounts")) || [];
accounts = accounts.filter(it => it.id != id);
localStorage.setItem("mc_accounts", JSON.stringify(accounts));
refreshAccountList();
}
function getMcAccounts() {
return JSON.parse(localStorage.getItem("mc_accounts")) || [];
}
function logout(id) {
getMcAccounts().filter(it => it.id == id).forEach(it => {
$.ajax({type: "post",
url: localStorage.getItem("cors-proxy") + "https://authserver.mojang.com/invalidate",
data: JSON.stringify({
accessToken: it.accessToken,
clientToken: it.clientToken
}),
contentType: "application/json",
dataType: "json"
}).done((data) => {
removeMcAccount(id);
}).fail(() => {
if (confirm("failed to invalidate token! remove account?")) {
removeMcAccount(id);
}
});
});
}
function addMcAccountToList(id, name) {
let p = document.createElement("p");
let n = document.createElement("span");
n.innerText = id + " (" + name + ") ";
let remove = document.createElement("a");
remove.innerText = "Remove";
remove.href = "javascript:";
remove.onclick = () => {
logout(id);
};
p.appendChild(n);
p.append(remove);
accounts.appendChild(p);
}
function refreshAccountList() {
accounts.innerHTML = "";
getMcAccounts().forEach(it => addMcAccountToList(it.id, it.name));
}
function refreshAccountsIfNeeded() {
getMcAccounts().forEach(it => {
$.ajax({type: "post",
url: localStorage.getItem("cors-proxy") + "https://authserver.mojang.com/validate",
data: JSON.stringify({
accessToken: it.accessToken,
clientToken: it.clientToken
}),
contentType: "application/json",
dataType: "json"
}).fail(() => {
// Needs refresh
$.ajax({type: "post",
url: localStorage.getItem("cors-proxy") + "https://authserver.mojang.com/refresh",
data: JSON.stringify({
accessToken: it.accessToken,
clientToken: it.clientToken
}),
contentType: "application/json",
dataType: "json"
}).done((data) => {
removeMcAccount(data.selectedProfile.id);
storeMcAccount(data.accessToken, data.clientToken, data.selectedProfile.name, data.selectedProfile.id);
}).fail(() => {
if (confirm("failed to refresh token! remove account?")) {
removeMcAccount(it.id);
}
});
});
});
}
refreshAccountList();
refreshAccountsIfNeeded();
function listen(token) {
socket.send('{"action": "listen_login_requests", "token": "' + token + '"}');
socket.send(JSON.stringify({"action": "listen_login_requests", "token": token}));
}
function saveToken(token) {
let hTokens = JSON.parse(localStorage.getItem("tokens")) || {};
let tokens = hTokens[wsUrl] || [];
tokens.push(token);
hTokens[wsUrl] = tokens;
localStorage.setItem("tokens", JSON.stringify(hTokens));
}
function removeToken(token) {
let hTokens = JSON.parse(localStorage.getItem("tokens")) || {};
let tokens = hTokens[wsUrl] || [];
tokens = tokens.filter(it => it != token);
hTokens[wsUrl] = tokens;
localStorage.setItem("tokens", JSON.stringify(hTokens));
}
function getTokens() {
return (JSON.parse(localStorage.getItem("tokens")) || {})[wsUrl] || [];
}
function connect() {
connectionStatus.innerText = "connecting...";
socket = new WebSocket("wss://" + window.location.host + "/ws");
socket = new WebSocket(wsUrl);
socket.onerror = e => {
console.log(e);
@ -44,7 +202,7 @@ WIP TODO - authenticate to backend server via browser, proxy the Mojang Login AP
connectionStatus.innerText = "connected";
content.innerHTML = "";
(localStorage.getItem("tokens") || "").split(",").filter(it => it != "").forEach(listen);
getTokens().forEach(listen);
};
socket.onclose = evt => {
@ -58,31 +216,36 @@ WIP TODO - authenticate to backend server via browser, proxy the Mojang Login AP
let parsed = JSON.parse(event.data);
if (parsed.action == "ad_minecraft_id_login") {
if (username != null && mcauth_code != null) {
let p = document.createElement("p");
let add = document.createElement("a");
add.innerText = "Add account " + username;
p.appendChild(add);
add.innerText = "Listen to " + username;
add.href = "javascript:";
add.onclick = () => {
socket.send('{"action": "minecraft_id_login", "username": "' + username + '", "code": "' + mcauth_code + '"}');
socket.send(JSON.stringify({
"action": "minecraft_id_login",
"username": username,
"code": mcauth_code}));
};
content.appendChild(add);
content.appendChild(p);
}
let p = document.createElement("p");
let link = document.createElement("a");
link.innerText = "Add account with Minecraft.ID";
p.appendChild(link);
link.innerText = "Listen to username in VIAaaS instance";
link.href = "javascript:";
link.onclick = () => {
let user = prompt("Username: ", "");
let callbackUrl = new URL(location.origin + location.pathname + "?username=" + encodeURIComponent(user));
location = "https://api.minecraft.id/gateway/start/" + encodeURIComponent(user) + "?callback=" + encodeURIComponent(callbackUrl);
};
content.appendChild(link);
content.appendChild(p);
} else if (parsed.action == "minecraft_id_result") {
if (!parsed.success) {
alert("Server couldn't verify account via Minecraft.ID");
} else {
listen(parsed.token);
let tokens = (localStorage.getItem("tokens") || "").split(",");
tokens.push(parsed.token);
localStorage.setItem("tokens", tokens.join(","));
saveToken(parsed.token);
}
} else if (parsed.action == "listen_login_requests_result") {
if (parsed.success) {
@ -90,13 +253,30 @@ WIP TODO - authenticate to backend server via browser, proxy the Mojang Login AP
msg.innerText = "Listening to logins with username: " + parsed.username;
content.appendChild(msg);
} else {
let tokens = (localStorage.getItem("tokens") || "").split(",");
tokens = tokens.filter(it => it != parsed.token);
localStorage.setItem("tokens", tokens.join(","));
removeToken(parsed.token);
}
} else if (parsed.action == "session_hash_request") {
alert("TODO!"); // todo
socket.send('{"action": "session_hash_response", "session_hash": "' + parsed.session_hash + '"}');
if (confirm("auth request sent from server, info: " + event.data + ". Should we authenticate?")) {
let accounts = getMcAccounts().filter(it => it.user.toLowerCase() == parsed.username.toLowerCase());
accounts.forEach(it => {
$.ajax({type: "post",
url: localStorage.getItem("cors-proxy") + "https://sessionserver.mojang.com/session/minecraft/join",
data: JSON.stringify({
accessToken: it.accessToken,
selectedProfile: it.id,
serverId: parsed.session_hash
}),
contentType: "application/json",
dataType: "json"
}).done((data) => {
socket.send(JSON.stringify({"action": "session_hash_response", "session_hash": parsed.session_hash}));
}).fail((e) => {
console.log(e);
alert("Failed to authenticate to Minecraft backend server!");
});
});
if (accounts.length == 0) alert("Couldn't find " + parsed.username + " account in browser");
}
}
};
}