diff --git a/src/main/protocol/memory/HabboClient.java b/src/main/protocol/memory/HabboClient.java index 5052496..a9c9918 100644 --- a/src/main/protocol/memory/HabboClient.java +++ b/src/main/protocol/memory/HabboClient.java @@ -78,6 +78,9 @@ public class HabboClient { public List createMemorySnippetList () { refreshMemoryMaps(); + return createMemorySnippetList(maps); + } + private static List createMemorySnippetList (List maps) { List result = new ArrayList<>(); for (long[] map : maps) { @@ -89,6 +92,7 @@ public class HabboClient { } return result; } + public void fetchMemory(List snippets) { for (MemorySnippet snippet : snippets) { fetchMemory(snippet); @@ -204,4 +208,95 @@ public class HabboClient { return false; } + + public void printmemmaps() { + refreshMemoryMaps(); + + System.out.println( "---- MEMORY MAPS:"); + for (long[] map : maps) { + long begin = map[0]; + long end = map[1]; + + System.out.println(begin + " - " + end); + } + } + + public List createMemorySnippetListForRC4() { + refreshMemoryMaps(); + String memoryPath = "/proc/" + PID + "/mem"; + + List result = new ArrayList<>(); + for (long[] map : maps) { + long start = map[0]; + long end = map[1]; + + byte[] data = new byte[(int)(end - start)]; + try { + RandomAccessFile raf = new RandomAccessFile(memoryPath, "r"); + raf.seek(start); + raf.read(data); + raf.close(); + } + catch (Exception e) { + e.printStackTrace(); + } + + +// boolean[] mask = new boolean[256]; + int maskCount = 0; +// Map posToRemoveNumber = new HashMap<>(); + int[] nToMap = new int[256]; + int[] removeMap = new int[256]; + for (int i = 0; i < removeMap.length; i++) { + removeMap[i] = -1; + nToMap[i] = -1; + } + + + int matchStart = -1; + int matchEnd = -1; + + for (int i = 0; i < data.length; i+=4) { + int b = (((int)data[i]) + 128) % 256; + int indInMap = (i/4) % 256; + + int deletedNumber = removeMap[indInMap]; + if (deletedNumber != -1) { + nToMap[deletedNumber] = -1; + maskCount --; + removeMap[indInMap] = -1; + } + + if (nToMap[b] == -1) { + maskCount ++; + removeMap[indInMap] = b; + nToMap[b] = indInMap; + } + else { + removeMap[nToMap[b]] = -1; + removeMap[indInMap] = b; + nToMap[b] = indInMap; + } + + if (maskCount == 256) { + if (matchStart == -1) { + matchStart = i - 1020; + matchEnd = i; + } + + if (matchEnd < i - 1020) { + result.add(new MemorySnippet(start + matchStart, new byte[matchEnd - matchStart + 4])); + matchStart = i - 1020; + } + matchEnd = i; + } + + } + + if (matchStart != -1) { + result.add(new MemorySnippet(start + matchStart, new byte[matchEnd - matchStart + 4])); + } + } + return result; + } } diff --git a/src/main/protocol/memory/Rc4Obtainer.java b/src/main/protocol/memory/Rc4Obtainer.java index 696af2c..b63b73f 100644 --- a/src/main/protocol/memory/Rc4Obtainer.java +++ b/src/main/protocol/memory/Rc4Obtainer.java @@ -4,18 +4,16 @@ import main.Cacher; import main.protocol.HConnection; import main.protocol.HMessage; import main.protocol.HPacket; -import main.protocol.TrafficListener; import main.protocol.crypto.RC4; import main.protocol.packethandler.IncomingHandler; import main.protocol.packethandler.OutgoingHandler; -import sun.misc.Cache; import java.util.List; import java.util.Random; public class Rc4Obtainer { - public static final boolean DEBUG = true; + public static final boolean DEBUG = false; HabboClient client = null; OutgoingHandler outgoingHandler = null; @@ -79,7 +77,8 @@ public class Rc4Obtainer { while (foundbuffersize == 0) { client.pauseProcess(); - diff = client.createMemorySnippetList(); +// diff = client.createMemorySnippetList(); + diff = client.createMemorySnippetListForRC4(); client.fetchMemory(diff); client.resumeProcess(); this.addedBytes = 0; @@ -129,6 +128,10 @@ public class Rc4Obtainer { } } + if (DEBUG) System.out.println("OFFSET RC4 TABLE: " + (snippet.getOffset() + result_start_index)); + +// client.printmemmaps(); + byte[] data = new byte[256]; // dis is the friggin key for (int i = 0; i < 256; i++) data[i] = wannabeRC4data[i*4 + result_start_index]; @@ -156,7 +159,7 @@ public class Rc4Obtainer { int counter = 0; RC4 result = null; - while (result == null && counter < 4) { + while (result == null && counter < 4 && result_start_index >= 0) { byte[] data1 = new byte[256]; for (int i = 0; i < 256; i++) data1[i] = snippet1.getData()[i*4 + result_start_index]; @@ -221,7 +224,7 @@ public class Rc4Obtainer { private List searchForPossibleRC4Tables(List snippets) { List result; - result = client.differentiate2(snippets, addedBytes, addedBytes * 2, 1028); + result = client.differentiate2(snippets, addedBytes, addedBytes * 2, 1024); addedBytes = 0; return result;