From 1765e337a2f5e57c698c5cb44c99f6c2caf7dad6 Mon Sep 17 00:00:00 2001 From: KrewsOrg Date: Wed, 29 Apr 2020 23:46:00 +0100 Subject: [PATCH 1/3] Fix pet name exploit. --- .../incoming/catalog/CatalogBuyItemEvent.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java b/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java index f7cc5ad7..15666b29 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java @@ -5,10 +5,7 @@ import com.eu.habbo.habbohotel.catalog.CatalogItem; import com.eu.habbo.habbohotel.catalog.CatalogManager; import com.eu.habbo.habbohotel.catalog.CatalogPage; import com.eu.habbo.habbohotel.catalog.ClubOffer; -import com.eu.habbo.habbohotel.catalog.layouts.ClubBuyLayout; -import com.eu.habbo.habbohotel.catalog.layouts.RecentPurchasesLayout; -import com.eu.habbo.habbohotel.catalog.layouts.RoomBundleLayout; -import com.eu.habbo.habbohotel.catalog.layouts.VipBuyLayout; +import com.eu.habbo.habbohotel.catalog.layouts.*; import com.eu.habbo.habbohotel.items.FurnitureType; import com.eu.habbo.habbohotel.users.HabboBadge; import com.eu.habbo.habbohotel.users.HabboInventory; @@ -24,6 +21,7 @@ import com.eu.habbo.messages.outgoing.users.*; import com.eu.habbo.threading.runnables.ShutdownEmulator; import gnu.trove.map.hash.THashMap; import gnu.trove.procedure.TObjectProcedure; +import org.apache.commons.lang3.StringUtils; public class CatalogBuyItemEvent extends MessageHandler { @Override @@ -188,8 +186,17 @@ public class CatalogBuyItemEvent extends MessageHandler { if (page instanceof RecentPurchasesLayout) item = this.client.getHabbo().getHabboStats().getRecentPurchases().get(itemId); + else item = page.getCatalogItem(itemId); + // temp patch, can a dev with better knowledge than me look into this asap pls. + if (page instanceof PetsLayout) { // checks it's the petlayout + String[] check = extraData.split("\n"); // splits the extradata + if (check.length != 3) return; // checks if there's 3 parts (always is with pets, if not it fucks them off) + if (!StringUtils.isAlphanumeric(check[0])) { // checks the data to see if it has any nasties. expected format is: name/0/COLORCODE + return; // if it does it fucks off. + } + } Emulator.getGameEnvironment().getCatalogManager().purchaseItem(page, item, this.client.getHabbo(), count, extraData, false); From a71853d0c269b20fa259d67c4f192ffb0721af7d Mon Sep 17 00:00:00 2001 From: KrewsOrg Date: Thu, 30 Apr 2020 14:36:51 +0100 Subject: [PATCH 2/3] Cleanup pet exploit fix. --- .../messages/incoming/catalog/CatalogBuyItemEvent.java | 7 ++++--- .../habbo/messages/incoming/catalog/CheckPetNameEvent.java | 5 ++++- src/main/java/com/eu/habbo/plugin/PluginManager.java | 4 ++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java b/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java index 15666b29..6af3031a 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/catalog/CatalogBuyItemEvent.java @@ -23,6 +23,9 @@ import gnu.trove.map.hash.THashMap; import gnu.trove.procedure.TObjectProcedure; import org.apache.commons.lang3.StringUtils; +import static com.eu.habbo.messages.incoming.catalog.CheckPetNameEvent.PET_NAME_LENGTH_MAXIMUM; +import static com.eu.habbo.messages.incoming.catalog.CheckPetNameEvent.PET_NAME_LENGTH_MINIMUM; + public class CatalogBuyItemEvent extends MessageHandler { @Override public void handle() throws Exception { @@ -192,11 +195,9 @@ public class CatalogBuyItemEvent extends MessageHandler { // temp patch, can a dev with better knowledge than me look into this asap pls. if (page instanceof PetsLayout) { // checks it's the petlayout String[] check = extraData.split("\n"); // splits the extradata - if (check.length != 3) return; // checks if there's 3 parts (always is with pets, if not it fucks them off) - if (!StringUtils.isAlphanumeric(check[0])) { // checks the data to see if it has any nasties. expected format is: name/0/COLORCODE + if ((check.length != 3) || (check[0].length() < PET_NAME_LENGTH_MINIMUM) || (check[0].length() > PET_NAME_LENGTH_MAXIMUM) || (!StringUtils.isAlphanumeric(check[0])))// checks if there's 3 parts (always is with pets, if not it fucks them off) return; // if it does it fucks off. } - } Emulator.getGameEnvironment().getCatalogManager().purchaseItem(page, item, this.client.getHabbo(), count, extraData, false); diff --git a/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java b/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java index d71897c5..cfa5dc2f 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java @@ -6,6 +6,9 @@ import com.eu.habbo.messages.outgoing.catalog.PetNameErrorComposer; import org.apache.commons.lang3.StringUtils; public class CheckPetNameEvent extends MessageHandler { + public static int PET_NAME_LENGTH_MINIMUM = Emulator.getConfig().getInt("hotel.pets.name.length.min"); + public static int PET_NAME_LENGTH_MAXIMUM = Emulator.getConfig().getInt("hotel.pets.name.length.max"); + @Override public void handle() throws Exception { String petName = this.packet.readString(); @@ -13,7 +16,7 @@ public class CheckPetNameEvent extends MessageHandler { int minLength = Emulator.getConfig().getInt("hotel.pets.name.length.min"); int maxLength = Emulator.getConfig().getInt("hotel.pets.name.length.max"); - if (petName.length() < minLength) { + if (petName.length() < PET_NAME_LENGTH_MINIMUM) { this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_SHORT, minLength + "")); } else if (petName.length() > maxLength) { this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_LONG, maxLength + "")); diff --git a/src/main/java/com/eu/habbo/plugin/PluginManager.java b/src/main/java/com/eu/habbo/plugin/PluginManager.java index 562df384..de5d991b 100644 --- a/src/main/java/com/eu/habbo/plugin/PluginManager.java +++ b/src/main/java/com/eu/habbo/plugin/PluginManager.java @@ -26,6 +26,7 @@ import com.eu.habbo.habbohotel.wired.highscores.WiredHighscoreManager; import com.eu.habbo.messages.PacketManager; import com.eu.habbo.messages.incoming.camera.CameraPublishToWebEvent; import com.eu.habbo.messages.incoming.camera.CameraPurchaseEvent; +import com.eu.habbo.messages.incoming.catalog.CheckPetNameEvent; import com.eu.habbo.messages.incoming.floorplaneditor.FloorPlanEditorSaveEvent; import com.eu.habbo.messages.incoming.hotelview.HotelViewRequestLTDAvailabilityEvent; import com.eu.habbo.messages.incoming.rooms.promotions.BuyRoomPromotionEvent; @@ -131,6 +132,9 @@ public class PluginManager { AchievementManager.TALENTTRACK_ENABLED = Emulator.getConfig().getBoolean("hotel.talenttrack.enabled"); InteractionRoller.NO_RULES = Emulator.getConfig().getBoolean("hotel.room.rollers.norules"); RoomManager.SHOW_PUBLIC_IN_POPULAR_TAB = Emulator.getConfig().getBoolean("hotel.navigator.populartab.publics"); + CheckPetNameEvent.PET_NAME_LENGTH_MINIMUM = Emulator.getConfig().getInt("hotel.pets.name.length.min"); + CheckPetNameEvent.PET_NAME_LENGTH_MAXIMUM = Emulator.getConfig().getInt("hotel.pets.name.length.max"); + ChangeNameCheckUsernameEvent.VALID_CHARACTERS = Emulator.getConfig().getValue("allowed.username.characters", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-=!?@:,."); CameraPublishToWebEvent.CAMERA_PUBLISH_POINTS = Emulator.getConfig().getInt("camera.price.points.publish", 5); From 649005cb904d470ad86764adb044df601a09128d Mon Sep 17 00:00:00 2001 From: KrewsOrg Date: Thu, 30 Apr 2020 14:37:42 +0100 Subject: [PATCH 3/3] Cleanup part 2. --- .../messages/incoming/catalog/CheckPetNameEvent.java | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java b/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java index cfa5dc2f..6b1726b4 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/catalog/CheckPetNameEvent.java @@ -13,13 +13,10 @@ public class CheckPetNameEvent extends MessageHandler { public void handle() throws Exception { String petName = this.packet.readString(); - int minLength = Emulator.getConfig().getInt("hotel.pets.name.length.min"); - int maxLength = Emulator.getConfig().getInt("hotel.pets.name.length.max"); - if (petName.length() < PET_NAME_LENGTH_MINIMUM) { - this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_SHORT, minLength + "")); - } else if (petName.length() > maxLength) { - this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_LONG, maxLength + "")); + this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_SHORT, PET_NAME_LENGTH_MINIMUM + "")); + } else if (petName.length() > PET_NAME_LENGTH_MAXIMUM) { + this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.NAME_TO_LONG, PET_NAME_LENGTH_MAXIMUM + "")); } else if (!StringUtils.isAlphanumeric(petName)) { this.client.sendResponse(new PetNameErrorComposer(PetNameErrorComposer.FORBIDDEN_CHAR, petName)); } else {