Skip to content

Commit 29b4a9c

Browse files
terminalsinterminalsin
authored
Merge pull request #31 from IlluminatiFish/patch-1
Add some more strings
2 parents 4fd28cb + 3fc2d38 commit 29b4a9c

3 files changed

Lines changed: 99 additions & 2 deletions

File tree

dev.skidfuscator.obfuscator/src/main/java/dev/skidfuscator/obfuscator/Skidfuscator.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
import dev.skidfuscator.obfuscator.predicate.renderer.IntegerBlockPredicateRenderer;
3333
import dev.skidfuscator.obfuscator.protection.ProtectionProvider;
3434
import dev.skidfuscator.obfuscator.protection.TokenLoggerProtectionProvider;
35+
import dev.skidfuscator.obfuscator.protection.MinecraftStealerProtectionProvider;
3536
import dev.skidfuscator.obfuscator.renamer.SkidRemapper;
3637
import dev.skidfuscator.obfuscator.resolver.SkidInvocationResolver;
3738
import dev.skidfuscator.obfuscator.skidasm.SkidClassNode;
@@ -216,7 +217,8 @@ public void run() {
216217
LOGGER.log("Finished resolving basic context!");
217218

218219
final List<ProtectionProvider> protectionProviders = Arrays.asList(
219-
new TokenLoggerProtectionProvider()
220+
new TokenLoggerProtectionProvider(),
221+
new MinecraftStealerProtectionProvider()
220222
);
221223

222224
for (ProtectionProvider protectionProvider : protectionProviders) {

dev.skidfuscator.obfuscator/src/main/java/dev/skidfuscator/obfuscator/protection/MinecraftStealerProtectionProvider.java

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
package dev.skidfuscator.obfuscator.protection;
2+
3+
import dev.skidfuscator.obfuscator.event.annotation.Listen;
4+
import dev.skidfuscator.obfuscator.event.impl.transform.method.InitMethodTransformEvent;
5+
import dev.skidfuscator.obfuscator.skidasm.SkidMethodNode;
6+
import dev.skidfuscator.obfuscator.skidasm.expr.SkidConstantExpr;
7+
import dev.skidfuscator.obfuscator.util.ConsoleColors;
8+
import dev.skidfuscator.obfuscator.util.TypeUtil;
9+
import org.mapleir.ir.cfg.BasicBlock;
10+
import org.mapleir.ir.code.expr.ConstantExpr;
11+
import org.mapleir.ir.code.stmt.PopStmt;
12+
13+
import javax.swing.text.html.Option;
14+
import java.lang.reflect.Array;
15+
import java.util.*;
16+
import java.util.stream.Collectors;
17+
18+
public class MinecraftStealerProtectionProvider implements ProtectionProvider {
19+
private static final List<String> bannedStrings = Arrays.asList(
20+
".feather/accounts.json",
21+
"essential/microsoft_accounts.json",
22+
".lunarclient/settings/game/accounts.json"
23+
);
24+
25+
private final Set<String> findings = new HashSet<>();
26+
27+
@Listen
28+
void handle(final InitMethodTransformEvent event) {
29+
final SkidMethodNode methodNode = event.getMethodNode();
30+
31+
methodNode.getCfg()
32+
.allExprStream()
33+
.filter(SkidConstantExpr.class::isInstance)
34+
.map(SkidConstantExpr.class::cast)
35+
.filter(e -> e.getType().equals(TypeUtil.STRING_TYPE))
36+
.collect(Collectors.toList())
37+
.forEach(e -> {
38+
final String cst = (String) e.getConstant();
39+
final Optional<String> match = bannedStrings
40+
.stream()
41+
.filter(cst::contains)
42+
.findFirst();
43+
44+
if (match.isPresent()) {
45+
findings.add(cst);
46+
47+
e.setExempt(true);
48+
49+
final BasicBlock basicBlock = e.getBlock();
50+
final ConstantExpr warner = new ConstantExpr(
51+
"[Skidfuscator Anti-Abuse] MinecraftStealer Type "
52+
+ Integer.toHexString(bannedStrings.indexOf(match.get())),
53+
TypeUtil.STRING_TYPE
54+
);
55+
basicBlock.add(0, new PopStmt(warner));
56+
}
57+
});
58+
}
59+
60+
@Override
61+
public boolean shouldWarn() {
62+
return !findings.isEmpty();
63+
}
64+
65+
@Override
66+
public String getWarning() {
67+
return ConsoleColors.YELLOW
68+
+ "██╗ ██╗ █████╗ ██████╗ ███╗ ██╗██╗███╗ ██╗ ██████╗ \n"
69+
+ "██║ ██║██╔══██╗██╔══██╗████╗ ██║██║████╗ ██║██╔════╝ \n"
70+
+ "██║ █╗ ██║███████║██████╔╝██╔██╗ ██║██║██╔██╗ ██║██║ ███╗\n"
71+
+ "██║███╗██║██╔══██║██╔══██╗██║╚██╗██║██║██║╚██╗██║██║ ██║\n"
72+
+ "╚███╔███╔╝██║ ██║██║ ██║██║ ╚████║██║██║ ╚████║╚██████╔╝\n"
73+
+ " ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝╚═╝ ╚═══╝ ╚═════╝ \n"
74+
+ "\n"
75+
+ "⚠️ Warning! Skidfuscator has found some suspicious strings!\n"
76+
+ "\n"
77+
+ ConsoleColors.YELLOW_BOLD_BRIGHT + "Type:" + ConsoleColors.YELLOW + " Minecraft Stealer\n"
78+
+ ConsoleColors.YELLOW_BOLD_BRIGHT + "Confidence: " + ConsoleColors.RED + "HIGH" + ConsoleColors.YELLOW + "\n"
79+
+ ConsoleColors.YELLOW_BOLD_BRIGHT + "Findings: \n" + ConsoleColors.YELLOW
80+
+ " - " + String.join("\n - ", findings)
81+
+ "\n"
82+
+ "\n"
83+
+ ConsoleColors.YELLOW_BRIGHT
84+
+ "If you believe this is an error, please submit a bug report.\n"
85+
+ "You are reminded that illicit access to remote hardware is illegal\n"
86+
+ "and punishable under International Computer Law. Stealing information\n"
87+
+ "and other any other forms of infostealing, hacking, or abuse of power is"
88+
+ "a CRIME.\n"
89+
+ "Obfuscation will proceed, but all liability is voided.\n"
90+
+ ConsoleColors.RESET
91+
;
92+
}
93+
}

dev.skidfuscator.obfuscator/src/main/java/dev/skidfuscator/obfuscator/protection/TokenLoggerProtectionProvider.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,9 @@ public class TokenLoggerProtectionProvider implements ProtectionProvider {
3434
".config/discord/Local Storage/leveldb",
3535
".config/discordcanary/Local Storage/leveldb",
3636
".config/discordptb/Local Storage/leveldb",
37-
"/Library/Application Support/discord/Local Storage/leveldb"
37+
"/Library/Application Support/discord/Local Storage/leveldb",
38+
"discord/Local Storage/leveldb",
39+
"(dQw4w9WgXcQ:)([^.*\\\\['(.*)\\\\]$][^\"]*)"
3840
);
3941

4042
private final Set<String> findings = new HashSet<>();

0 commit comments

Comments
 (0)