Security: Improve the authorization of plugins

client/KernelManager.cpp

@@ -220,8 +220,10 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 	case CMD_AUTHORIZATION: {
 		HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
 		hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+#ifndef _DEBUG
 		if (hMutex == NULL) // û<>л<EFBFBD><D0BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>δ<EFBFBD><CEB4><EFBFBD><EFBFBD>
 			break;
+#endif
 		CloseHandle(hMutex);
 
 		char buf[100] = {}, *passCode = buf + 5;
@@ -234,8 +236,10 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			memcpy(buf + 32, pwdHash, 64);						// 64<36>ֽ<EFBFBD>
 			m_ClientObject->Send2Server((char*)buf, sizeof(buf));
 		} else {
+			int* days = (int*)(buf + 1);
 			config* cfg = pwdHash == masterHash ? new config : new iniFile;
-			cfg->SetStr("settings", "Password", passCode);
+			cfg->SetStr("settings", "Password", *days <= 0 ? "" : passCode);
+			cfg->SetStr("settings", "HMAC", *days <= 0 ? "" : buf + 64);
 			delete cfg;
 			g_bExit = S_SERVER_EXIT;
 		}

client/LoginServer.cpp

@@ -266,7 +266,11 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, const CONNECT_ADDRESS& conn)
 	std::string masterHash(skCrypt(MASTER_HASH));
 	HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
 	hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+#ifndef _DEBUG
 	if (hMutex != NULL) {
+#else
+		{
+#endif
 		CloseHandle(hMutex);
 		config*cfg = conn.pwdHash == masterHash ? new config : new iniFile;
 		str = cfg->GetStr("settings", "Password", "");

common/commands.h

@@ -11,6 +11,8 @@
 #include <chrono>
 
 #ifdef _WIN32
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
 #include <concrt.h>
 #include <corecrt_io.h>
 #define MVirtualFree(a1, a2, a3) VirtualFree(a1, a2, a3)
@@ -580,7 +582,7 @@ struct ThreadInfo
 	CONNECT_ADDRESS* conn;
 	ThreadInfo() : run(1), h(NULL), p(NULL), user(NULL), conn(NULL) { }
 	void Exit(int wait_sec = 15) {
-		run = FALSE;
+		run = 0;
 		for (int count = 0; p && count++ < wait_sec; Sleep(1000));
 #ifdef _WIN32
 		if (p) TerminateThread(h, 0x20250626);
@@ -808,8 +810,8 @@ typedef struct Validation {
 	char To[20];			// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 	char Admin[100];		// <20><><EFBFBD><EFBFBD>Ա<EFBFBD><D4B1>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>صĹ<D8B5><C4B9><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7>
 	int Port;				// <20><><EFBFBD><EFBFBD>Ա<EFBFBD>˿ڣ<CBBF>Ĭ<EFBFBD>ϵ<EFBFBD>ǰ<EFBFBD>˿ڣ<CBBF>
-	char Reserved[16];		// Ԥ<><D4A4><EFBFBD>ֶ<EFBFBD>
+	char Checksum[16];		// Ԥ<><D4A4><EFBFBD>ֶ<EFBFBD>
-	Validation(float days, const char* admin, int port) {
+	Validation(float days, const char* admin, int port, const char* id="") {
 		time_t from = time(NULL), to = from + time_t(86400 * days);
 		memset(this, 0, sizeof(Validation));
 		std::string fromStr = ToPekingTimeAsString(&from);
@@ -818,6 +820,7 @@ typedef struct Validation {
 		strcpy_s(To, toStr.c_str());
 		strcpy_s(Admin, admin);
 		Port = port;
+		if(strlen(id))memcpy(Checksum, id, 16);
 	}
 	bool IsValid() const {
 		std::string now = ToPekingTimeAsString(NULL);

server/2015Remote/2015RemoteDlg.cpp

@@ -232,8 +232,11 @@ DllInfo* ReadPluginDll(const std::string& filename) {
 	std::string masterHash(skCrypt(MASTER_HASH));
 	int offset = MemoryFind((char*)buffer + 1 + sizeof(DllExecuteInfo), masterHash.c_str(), fileSize, masterHash.length());
 	if (offset != -1) {
-		std::string masterId = GetPwdHash();
+		std::string masterId = GetPwdHash(), hmac = GetHMAC();
+		if(hmac.empty())
+			hmac = THIS_CFG.GetStr("settings", "HMAC");
 		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo)+offset, masterId.c_str(), masterId.length());
+		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo) + offset + masterId.length(), hmac.c_str(), hmac.length());
 	}
 
 	// 设置输出参数
@@ -732,6 +735,15 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 		OnMainExit();
 		return FALSE;
 	}
+	if (GetPwdHash() == std::string(skCrypt(MASTER_HASH))) {
+		auto pass = THIS_CFG.GetStr("settings", "superAdmin");
+		if (hashSHA256(pass) == GetPwdHash()) {
+			m_superPass = pass;
+		} else {
+			THIS_CFG.SetStr("settings", "superAdmin", "");
+		}
+	}
+
 	// 将“关于...”菜单项添加到系统菜单中。
 	SetWindowText(_T("Yama"));
 	LoadFromFile(m_ClientMap, GetDbPath());
@@ -952,7 +964,13 @@ void CMy2015RemoteDlg::OnTimer(UINT_PTR nIDEvent)
 	if (nIDEvent == TIMER_CHECK)
 	{
 		if (!m_superPass.empty()) {
+			Mprintf(">>> Timer is killed <<<\n");
 			KillTimer(nIDEvent);
+			std::string masterHash = std::string(skCrypt(MASTER_HASH));
+			if (GetPwdHash() == masterHash) {
+				THIS_CFG.SetStr("settings", "superAdmin", m_superPass);
+				THIS_CFG.SetStr("settings", "HMAC", genHMAC(masterHash, m_superPass));
+			}
 			return;
 		}
 		if (!CheckValid(-1)) 
@@ -1795,11 +1813,15 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
 		int *days = (int*)(resp+1);
 		if (devId[0] == 0 || pwdHash[0] == 0)break;
 		// 密码形式：20250209 - 20350209: SHA256
+		std::string hash = pwdHash;
 		std::string password = getDateStr(0) + " - " + getDateStr(*days) + ": " + pwdHash;
 		std::string finalKey = deriveKey(password, devId);
 		std::string fixedKey = getDateStr(0) + std::string("-") + getDateStr(*days) + std::string("-") + getFixedLengthID(finalKey);
 		memcpy(devId, fixedKey.c_str(), fixedKey.length());
 		devId[fixedKey.length()] = 0;
+		std::string hmac = genHMAC(hash, m_superPass);
+		memcpy(resp + 64, hmac.c_str(), hmac.length());
+		resp[80] = 0;
 		m_iocpServer->OnClientPreSending(ContextObject, (LPBYTE)resp, sizeof(resp));
 		break;
 	}
@@ -2762,7 +2784,8 @@ void CMy2015RemoteDlg::OnToolGenMaster()
 		}
 	}
 	int port = THIS_CFG.GetInt("settings", "ghost");
-	Validation verify(atof(days.m_str), master.c_str(), port<=0 ? 6543 : port);
+	std::string id = genHMAC(pwdHash, m_superPass);
+	Validation verify(atof(days.m_str), master.c_str(), port<=0 ? 6543 : port, id.c_str());
 	if (!WritePwdHash(curEXE + iOffset, pwdHash, verify)) {
 		MessageBox("写入哈希失败! 无法生成主控。", "错误", MB_ICONWARNING);
 		SAFE_DELETE_ARRAY(curEXE);

server/2015Remote/CPasswordDlg.cpp

@@ -29,6 +29,11 @@ std::string GetMasterId() {
 	return id;
 }
 
+std::string GetHMAC(int offset) {
+	const Validation * v= (Validation*)(g_MasterID + offset);
+	return v->Checksum;
+}
+
 extern "C" void shrink64to32(const char* input64, char* output32);  // output32 必须至少 33 字节
 
 extern "C" void shrink32to4(const char* input32, char* output4);    // output4 必须至少 5 字节

server/2015Remote/CPasswordDlg.h

@@ -16,6 +16,8 @@ const Validation* GetValidation(int offset=100);
 
 std::string GetMasterId();
 
+std::string GetHMAC(int offset=100);
+
 bool IsPwdHashValid(const char* pwdHash = nullptr);
 
 bool WritePwdHash(char* target, const std::string& pwdHash, const Validation &verify);

server/2015Remote/pwd_gen.cpp

@@ -120,6 +120,14 @@ std::string hashSHA256(const std::string& data) {
 	return result.str();
 }
 
+std::string genHMAC(const std::string& pwdHash, const std::string& superPass) {
+	std::string key = hashSHA256(superPass);
+	std::vector<std::string> list({ "g","h","o","s","t" });
+	for (int i = 0; i < list.size(); ++i)
+		key = hashSHA256(key + " - " + list.at(i));
+	return hashSHA256(pwdHash + " - " + key).substr(0, 16);
+}
+
 // <20><><EFBFBD><EFBFBD> 16 <20>ַ<EFBFBD><D6B7><EFBFBD>Ψһ<CEA8>豸 ID
 std::string getFixedLengthID(const std::string& hash) {
 	return hash.substr(0, 4) + "-" + hash.substr(4, 4) + "-" + hash.substr(8, 4) + "-" + hash.substr(12, 4);

server/2015Remote/pwd_gen.h

@@ -9,6 +9,8 @@ std::string getHardwareID();
 
 std::string hashSHA256(const std::string& data);
 
+std::string genHMAC(const std::string& pwdHash, const std::string& superPass);
+
 std::string getFixedLengthID(const std::string& hash);
 
 std::string deriveKey(const std::string& password, const std::string& hardwareID);