From d2d734ce0983fbed72e69f555f57f29de04f30b3 Mon Sep 17 00:00:00 2001 From: shennetsind Date: Sat, 9 Mar 2013 00:04:28 -0300 Subject: Hercules Renewal'd Pin Code Feature is not, I repeat, NOT complete. the decryption is not fully functional which leads to dial values different from the ones the player used. Credits: lemongrass3110 for the base yommy for the packets LightFighter for the decrypt function (altho its not stable :P) Signed-off-by: shennetsind --- src/char/CMakeLists.txt | 2 + src/char/Makefile.in | 4 +- src/char/char.c | 106 ++++++++++++++++++--------- src/char/char.h | 23 +++++- src/char/pincode.c | 191 ++++++++++++++++++++++++++++++++++++++++++++++++ src/char/pincode.h | 41 +++++++++++ 6 files changed, 327 insertions(+), 40 deletions(-) create mode 100644 src/char/pincode.c create mode 100644 src/char/pincode.h (limited to 'src/char') diff --git a/src/char/CMakeLists.txt b/src/char/CMakeLists.txt index 8c71a3b4c..9413ff303 100644 --- a/src/char/CMakeLists.txt +++ b/src/char/CMakeLists.txt @@ -23,6 +23,7 @@ set( SQL_CHAR_HEADERS "${CMAKE_CURRENT_SOURCE_DIR}/int_quest.h" "${CMAKE_CURRENT_SOURCE_DIR}/int_storage.h" "${CMAKE_CURRENT_SOURCE_DIR}/inter.h" + "${CMAKE_CURRENT_SOURCE_DIR}/pincode.h" ) set( SQL_CHAR_SOURCES "${CMAKE_CURRENT_SOURCE_DIR}/char.c" @@ -37,6 +38,7 @@ set( SQL_CHAR_SOURCES "${CMAKE_CURRENT_SOURCE_DIR}/int_quest.c" "${CMAKE_CURRENT_SOURCE_DIR}/int_storage.c" "${CMAKE_CURRENT_SOURCE_DIR}/inter.c" + "${CMAKE_CURRENT_SOURCE_DIR}/pincode.c" ) set( DEPENDENCIES common_sql ) set( LIBRARIES ${GLOBAL_LIBRARIES} ) diff --git a/src/char/Makefile.in b/src/char/Makefile.in index a64145dea..a320579b5 100644 --- a/src/char/Makefile.in +++ b/src/char/Makefile.in @@ -16,8 +16,8 @@ COMMON_SQL_OBJ = ../common/obj_sql/sql.o COMMON_H = ../common/sql.h CHAR_OBJ = obj_sql/char.o obj_sql/inter.o obj_sql/int_party.o obj_sql/int_guild.o \ - obj_sql/int_storage.o obj_sql/int_pet.o obj_sql/int_homun.o obj_sql/int_mail.o obj_sql/int_auction.o obj_sql/int_quest.o obj_sql/int_mercenary.o obj_sql/int_elemental.o -CHAR_H = char.h inter.h int_party.h int_guild.h int_storage.h int_pet.h int_homun.h int_mail.h int_auction.h int_quest.h int_mercenary.h int_elemental.h + obj_sql/int_storage.o obj_sql/int_pet.o obj_sql/int_homun.o obj_sql/int_mail.o obj_sql/int_auction.o obj_sql/int_quest.o obj_sql/int_mercenary.o obj_sql/int_elemental.o obj_sql/pincode.o +CHAR_H = char.h inter.h int_party.h int_guild.h int_storage.h int_pet.h int_homun.h int_mail.h int_auction.h int_quest.h int_mercenary.h int_elemental.h pincode.h HAVE_MYSQL=@HAVE_MYSQL@ ifeq ($(HAVE_MYSQL),yes) diff --git a/src/char/char.c b/src/char/char.c index aed678684..4223fdded 100644 --- a/src/char/char.c +++ b/src/char/char.c @@ -21,6 +21,7 @@ #include "int_storage.h" #include "char.h" #include "inter.h" +#include "pincode.h" #include #include @@ -83,7 +84,7 @@ struct mmo_map_server { unsigned short map[MAX_MAP_PER_SERVER]; } server[MAX_MAP_SERVERS]; -int login_fd=-1, char_fd=-1; +int char_fd=-1; char userid[24]; char passwd[24]; char server_name[20]; @@ -121,20 +122,6 @@ struct s_subnet { } subnet[16]; int subnet_count = 0; -struct char_session_data { - bool auth; // whether the session is authed or not - int account_id, login_id1, login_id2, sex; - int found_char[MAX_CHARS]; // ids of chars on this account - char email[40]; // e-mail (default: a@a.com) by [Yor] - time_t expiration_time; // # of seconds 1/1/1970 (timestamp): Validity limit of the account (0 = unlimited) - int group_id; // permission - uint8 char_slots; - uint32 version; - uint8 clienttype; - char new_name[NAME_LENGTH]; - char birthdate[10+1]; // YYYY-MM-DD -}; - int max_connect_user = -1; int gm_allow_group = -1; int autosave_interval = DEFAULT_AUTOSAVE_INTERVAL; @@ -2149,13 +2136,12 @@ int parse_fromlogin(int fd) { break; case 0x2717: // account data - if (RFIFOREST(fd) < 63) + if (RFIFOREST(fd) < 72) return 0; // find the authenticated session with this account id ARR_FIND( 0, fd_max, i, session[i] && (sd = (struct char_session_data*)session[i]->session_data) && sd->auth && sd->account_id == RFIFOL(fd,2) ); - if( i < fd_max ) - { + if( i < fd_max ) { int server_id; memcpy(sd->email, RFIFOP(fd,6), 40); sd->expiration_time = (time_t)RFIFOL(fd,46); @@ -2167,6 +2153,8 @@ int parse_fromlogin(int fd) { } else if ( !sd->char_slots )/* no value aka 0 in sql */ sd->char_slots = MAX_CHARS;/* cap to maximum */ safestrncpy(sd->birthdate, (const char*)RFIFOP(fd,52), sizeof(sd->birthdate)); + safestrncpy(sd->pincode, (const char*)RFIFOP(fd,63), sizeof(sd->pincode)); + sd->pincode_change = RFIFOL(fd,68); ARR_FIND( 0, ARRAYLENGTH(server), server_id, server[server_id].fd > 0 && server[server_id].map[0] ); // continued from char_auth_ok... if( server_id == ARRAYLENGTH(server) || //server not online, bugreport:2359 @@ -2180,19 +2168,12 @@ int parse_fromlogin(int fd) { } else { // send characters to player mmo_char_send006b(i, sd); -#if PACKETVER >= 20110309 - // PIN code system, disabled - WFIFOHEAD(i, 12); - WFIFOW(i, 0) = 0x08B9; - WFIFOW(i, 2) = 0; - WFIFOW(i, 4) = 0; - WFIFOL(i, 6) = sd->account_id; - WFIFOW(i, 10) = 0; - WFIFOSET(i, 12); +#if PACKETVER >= 20110309 + pincode->handle(i, sd); #endif } } - RFIFOSKIP(fd,63); + RFIFOSKIP(fd,72); break; // login-server alive packet @@ -4190,6 +4171,50 @@ int parse_char(int fd) } return 0; // avoid processing of followup packets here + // checks the entered pin + case 0x8b8: + if( RFIFOREST(fd) < 10 ) + return 0; + + if( RFIFOL(fd,2) == sd->account_id ) + pincode->check( fd, sd ); + + RFIFOSKIP(fd,10); + break; + + // request for PIN window + case 0x8c5: + if( RFIFOREST(fd) < 6 ) + return 0; + + if( RFIFOL(fd,2) == sd->account_id ) + pincode->state( fd, sd, PINCODE_NOTSET ); + + RFIFOSKIP(fd,6); + break; + + // pincode change request + case 0x8be: + if( RFIFOREST(fd) < 14 ) + return 0; + + if( RFIFOL(fd,2) == sd->account_id ) + pincode->change( fd, sd ); + + RFIFOSKIP(fd,14); + break; + + // activate PIN system and set first PIN + case 0x8ba: + if( RFIFOREST(fd) < 10 ) + return 0; + + if( RFIFOL(fd,2) == sd->account_id ) + pincode->new( fd, sd ); + + RFIFOSKIP(fd,10); + break; + // unknown packet received default: ShowError("parse_char: Received unknown packet "CL_WHITE"0x%x"CL_RESET" from ip '"CL_WHITE"%s"CL_RESET"'! Disconnecting!\n", RFIFOW(fd,0), ip2str(ipl, NULL)); @@ -4544,7 +4569,17 @@ void sql_config_read(const char* cfgName) fclose(fp); ShowInfo("Done reading %s.\n", cfgName); } - +void char_config_dispatch(char *w1, char *w2) { + bool (*dispatch_to[]) (char *w1, char *w2) = { + /* as many as it needs */ + pincode->config_read + }; + int i, len = ARRAYLENGTH(dispatch_to); + for(i = 0; i < len; i++) { + if( (*dispatch_to[i])(w1,w2) ) + break;/* we found who this belongs to, can stop */ + } +} int char_config_read(const char* cfgName) { char line[1024], w1[1024], w2[1024]; @@ -4695,7 +4730,8 @@ int char_config_read(const char* cfgName) guild_exp_rate = atoi(w2); } else if (strcmpi(w1, "import") == 0) { char_config_read(w2); - } + } else + char_config_dispatch(w1,w2); } fclose(fp); @@ -4774,6 +4810,8 @@ int do_init(int argc, char **argv) mapindex_init(); start_point.map = mapindex_name2id("new_zone01"); + pincode_defaults(); + char_config_read((argc < 2) ? CHAR_CONF_NAME : argv[1]); char_lan_config_read((argc > 3) ? argv[3] : LAN_CONF_NAME); sql_config_read(SQL_CONF_NAME); @@ -4783,7 +4821,7 @@ int do_init(int argc, char **argv) ShowNotice("Please edit your 'login' table to create a proper inter-server user/password (gender 'S')\n"); ShowNotice("And then change the user/password to use in conf/char_athena.conf (or conf/import/char_conf.txt)\n"); } - + inter_init_sql((argc > 2) ? argv[2] : inter_cfgName); // inter server configuration auth_db = idb_alloc(DB_OPT_RELEASE_DATA); @@ -4791,8 +4829,7 @@ int do_init(int argc, char **argv) mmo_char_sql_init(); char_read_fame_list(); //Read fame lists. - if ((naddr_ != 0) && (!login_ip || !char_ip)) - { + if ((naddr_ != 0) && (!login_ip || !char_ip)) { char ip_str[16]; ip2str(addr_[0], ip_str); @@ -4824,8 +4861,7 @@ int do_init(int argc, char **argv) add_timer_func_list(online_data_cleanup, "online_data_cleanup"); add_timer_interval(gettick() + 1000, online_data_cleanup, 0, 0, 600 * 1000); - if( console ) - { + if( console ) { //##TODO invoke a CONSOLE_START plugin event } diff --git a/src/char/char.h b/src/char/char.h index e16350cb3..d75dc21f9 100644 --- a/src/char/char.h +++ b/src/char/char.h @@ -7,8 +7,7 @@ #include "../config/core.h" #include "../common/core.h" // CORE_ST_LAST -enum E_CHARSERVER_ST -{ +enum E_CHARSERVER_ST { CHARSERVER_ST_RUNNING = CORE_ST_LAST, CHARSERVER_ST_SHUTDOWN, CHARSERVER_ST_LAST @@ -16,6 +15,24 @@ enum E_CHARSERVER_ST struct mmo_charstatus; +struct char_session_data { + bool auth; // whether the session is authed or not + int account_id, login_id1, login_id2, sex; + int found_char[MAX_CHARS]; // ids of chars on this account + char email[40]; // e-mail (default: a@a.com) by [Yor] + time_t expiration_time; // # of seconds 1/1/1970 (timestamp): Validity limit of the account (0 = unlimited) + int group_id; // permission + uint8 char_slots; + uint32 version; + uint8 clienttype; + char pincode[4+1]; + uint16 pincode_seed; + uint16 pincode_try; + uint32 pincode_change; + char new_name[NAME_LENGTH]; + char birthdate[10+1]; // YYYY-MM-DD +}; + #define MAX_MAP_SERVERS 30 #define DEFAULT_AUTOSAVE_INTERVAL 300*1000 @@ -39,7 +56,7 @@ int char_family(int pl1,int pl2,int pl3); int request_accreg2(int account_id, int char_id); int save_accreg2(unsigned char* buf, int len); - +int login_fd; extern int char_name_option; extern char char_name_letters[]; extern bool char_gm_read; diff --git a/src/char/pincode.c b/src/char/pincode.c new file mode 100644 index 000000000..610f9b12f --- /dev/null +++ b/src/char/pincode.c @@ -0,0 +1,191 @@ +// Copyright (c) Hercules Dev Team, licensed under GNU GPL. +// See the LICENSE file + +#include "../common/cbasetypes.h" +#include "../common/mmo.h" +#include "../common/random.h" +#include "../common/showmsg.h" +#include "../common/socket.h" +#include "../common/strlib.h" +#include "char.h" +#include "pincode.h" + +#include + +int enabled = PINCODE_OK; +int changetime = 0; +int maxtry = 3; +unsigned long multiplier = 0x3498, baseSeed = 0x881234; + +void pincode_handle ( int fd, struct char_session_data* sd ) { + if( pincode->enabled ){ + // PIN code system enabled + if( sd->pincode[0] == '\0' ){ + // No PIN code has been set yet + pincode->state( fd, sd, PINCODE_NOTSET ); + } else { + if( !pincode->changetime || !( time(NULL) > (sd->pincode_change+*pincode->changetime) ) ){ + // Ask user for his PIN code + pincode->state( fd, sd, PINCODE_ASK ); + } else { + // User hasnt changed his PIN code too long + pincode->state( fd, sd, PINCODE_EXPIRED ); + } + } + } else { + // PIN code system, disabled + pincode->state( fd, sd, PINCODE_OK ); + } +} + +void pincode_check(int fd, struct char_session_data* sd) { + char pin[5]; + + safestrncpy((char*)pin, (char*)RFIFOP(fd, 6), 4+1); + + pincode->decrypt(sd->pincode_seed, pin); + + if( pincode->compare( fd, sd, pin ) ){ + pincode->state( fd, sd, PINCODE_OK ); + } +} + +int pincode_compare(int fd, struct char_session_data* sd, char* pin) { + if( strcmp( sd->pincode, pin ) == 0 ){ + sd->pincode_try = 0; + return 1; + } else { + pincode->state( fd, sd, PINCODE_WRONG ); + + if( pincode->maxtry && ++sd->pincode_try >= *pincode->maxtry ){ + pincode->error( sd->account_id ); + } + + return 0; + } +} + +void pincode_change(int fd, struct char_session_data* sd) { + char oldpin[5], newpin[5]; + + safestrncpy(oldpin, (char*)RFIFOP(fd,6), 4+1); + pincode->decrypt(sd->pincode_seed,oldpin); + if( !pincode->compare( fd, sd, oldpin ) ) + return; + + safestrncpy(newpin, (char*)RFIFOP(fd,10), 4+1); + pincode->decrypt(sd->pincode_seed,newpin); + pincode->update( sd->account_id, newpin ); + + pincode->state( fd, sd, PINCODE_OK ); +} + +void pincode_setnew(int fd, struct char_session_data* sd) { + char newpin[5]; + + safestrncpy(newpin, (char*)RFIFOP(fd,6), 4+1); + pincode->decrypt(sd->pincode_seed,newpin); + + pincode->update( sd->account_id, newpin ); + + pincode->state( fd, sd, PINCODE_OK ); +} + +// 0 = disabled / pin is correct +// 1 = ask for pin - client sends 0x8b8 +// 2 = create new pin - client sends 0x8ba +// 3 = pin must be changed - client 0x8be +// 4 = create new pin ?? - client sends 0x8ba +// 5 = client shows msgstr(1896) +// 6 = client shows msgstr(1897) Unable to use your KSSN number +// 7 = char select window shows a button - client sends 0x8c5 +// 8 = pincode was incorrect +void pincode_sendstate(int fd, struct char_session_data* sd, uint16 state) { + WFIFOHEAD(fd, 12); + WFIFOW(fd, 0) = 0x8b9; + WFIFOL(fd, 2) = sd->pincode_seed = rnd() % 0xFFFF; + WFIFOL(fd, 6) = sd->account_id; + WFIFOW(fd,10) = state; + WFIFOSET(fd,12); +} + +void pincode_notifyLoginPinUpdate(int account_id, char* pin) { + WFIFOHEAD(login_fd,11); + WFIFOW(login_fd,0) = 0x2738; + WFIFOL(login_fd,2) = account_id; + strncpy( (char*)WFIFOP(login_fd,6), pin, 5 ); + WFIFOSET(login_fd,11); +} + +void pincode_notifyLoginPinError(int account_id) { + WFIFOHEAD(login_fd,6); + WFIFOW(login_fd,0) = 0x2739; + WFIFOL(login_fd,2) = account_id; + WFIFOSET(login_fd,6); +} + +void pincode_decrypt(unsigned long userSeed, char* pin) { + int i, pos; + char tab[10] = {0,1,2,3,4,5,6,7,8,9}; + + for( i = 1; i < 10; i++ ){ + userSeed = *pincode->baseSeed + userSeed * *pincode->multiplier; + pos = userSeed % (i + 1); + if( i != pos ){ + tab[i] ^= tab[pos]; + tab[pos] ^= tab[i]; + tab[i] ^= tab[pos]; + } + } + + for( i = 0; i < 4; i++ ){ + pin[i] = tab[pin[i]- '0']; + } + + sprintf(pin, "%d%d%d%d", pin[0], pin[1], pin[2], pin[3]); +} + +bool pincode_config_read(char *w1, char *w2) { + + while ( true ) { + + if ( strcmpi(w1, "pincode_enabled") == 0 ) { + enabled = atoi(w2); + } else if ( strcmpi(w1, "pincode_changetime") == 0 ) { + changetime = atoi(w2)*60; + } else if ( strcmpi(w1, "pincode_maxtry") == 0 ) { + maxtry = atoi(w2); + if( maxtry > 3 ) { + ShowWarning("pincode_maxtry is too high (%d); maximum allowed: 3! capping to 3...\n",maxtry); + maxtry = 3; + } + } else + return false; + + break; + } + + return true; +} + +void pincode_defaults(void) { + pincode = &pincode_s; + + pincode->enabled = &enabled; + pincode->changetime = &changetime; + pincode->maxtry = &maxtry; + pincode->multiplier = &multiplier; + pincode->baseSeed = &baseSeed; + + pincode->handle = pincode_handle; + pincode->decrypt = pincode_decrypt; + pincode->error = pincode_notifyLoginPinError; + pincode->update = pincode_notifyLoginPinUpdate; + pincode->state = pincode_sendstate; + pincode->new = pincode_setnew; + pincode->change = pincode_change; + pincode->compare = pincode_compare; + pincode->check = pincode_check; + pincode->config_read = pincode_config_read; + +} \ No newline at end of file diff --git a/src/char/pincode.h b/src/char/pincode.h new file mode 100644 index 000000000..209817c78 --- /dev/null +++ b/src/char/pincode.h @@ -0,0 +1,41 @@ +// Copyright (c) Hercules Dev Team, licensed under GNU GPL. +// See the LICENSE file + +#ifndef _PINCODE_H_ +#define _PINCODE_H_ + +#include "char.h" + +#define PINCODE_OK 0 +#define PINCODE_ASK 1 +#define PINCODE_NOTSET 2 +#define PINCODE_EXPIRED 3 +#define PINCODE_UNUSED 7 +#define PINCODE_WRONG 8 + +/* Pincode Interface */ +struct pincode_interface { + /* vars */ + int *enabled; + int *changetime; + int *maxtry; + unsigned long *multiplier; + unsigned long *baseSeed; + /* handler */ + void (*handle) (int fd, struct char_session_data* sd); + void (*decrypt) (unsigned long userSeed, char* pin); + void (*error) (int account_id); + void (*update) (int account_id, char* pin); + void (*state) (int fd, struct char_session_data* sd, uint16 state); + void (*new) (int fd, struct char_session_data* sd); + void (*change) (int fd, struct char_session_data* sd); + int (*compare) (int fd, struct char_session_data* sd, char* pin); + void (*check) (int fd, struct char_session_data* sd); + bool (*config_read) (char *w1, char *w2); +} pincode_s; + +struct pincode_interface *pincode; + +void pincode_defaults(void); + +#endif /* _PINCODE_H_ */ \ No newline at end of file -- cgit v1.2.3-70-g09d2