space-wizards/RobustToolbox
1
0
Fork 0
mirror of https://github.com/space-wizards/RobustToolbox.git synced 2026-02-14 19:29:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

New HWID system prep (#5446)

Browse Source 
* New HWID system prep

* Allow HWID to be disabled.

Both client and server can now request HWID to be disabled.

On the server via CVar, if disabled the client won't send it.

On the client via env var, if disabled it won't be sent to the client.

This involved moving legacy HWID to be sent in MsgEncryptionResponse instead of MsgLoginStart. This means the legacy HWID won't be available anymore if the connection isn't authenticated.

* Fix tests

* Fix another test

* Review

* Thanks Rider
This commit is contained in:
Pieter-Jan Briers
2024-09-29 00:29:02 +02:00
committed by GitHub
parent f467a7027b
commit f40ccb7558
20 changed files with 269 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Robust.Client/ClientIoC.cs
View File

@@ -8,6 +8,7 @@ using Robust.Client.GameObjects;
using Robust.Client.GameStates;
using Robust.Client.Graphics;
using Robust.Client.Graphics.Clyde;
using Robust.Client.HWId;
using Robust.Client.Input;
using Robust.Client.Map;
using Robust.Client.Placement;
@@ -158,6 +159,7 @@ namespace Robust.Client
deps.Register<IXamlProxyHelper, XamlProxyHelper>();
deps.Register<MarkupTagManager>();
deps.Register<IHWId, BasicHWId>();
}
}
}

5
Robust.Client/Console/Commands/LauncherAuthCommand.cs
View File

@@ -20,8 +20,9 @@ namespace Robust.Client.Console.Commands
{
var wantName = args.Length > 0 ? args[0] : null;
var basePath = Path.GetDirectoryName(UserDataDir.GetUserDataDir(_gameController))!;
var dbPath = Path.Combine(basePath, "launcher", "settings.db");
var basePath = UserDataDir.GetRootUserDataDir(_gameController);
var launcherDirName = Environment.GetEnvironmentVariable("SS14_LAUNCHER_APPDATA_NAME") ?? "launcher";
var dbPath = Path.Combine(basePath, launcherDirName, "settings.db");
#if USE_SYSTEM_SQLITE
SQLitePCL.raw.SetProvider(new SQLitePCL.SQLite3Provider_sqlite3());

86
Robust.Client/HWId/BasicHWId.cs Normal file
View File

@@ -0,0 +1,86 @@
using System;
using System.IO;
using System.Security.Cryptography;
using Microsoft.Win32;
using Robust.Client.Utility;
using Robust.Shared.IoC;
using Robust.Shared.Network;
namespace Robust.Client.HWId;
internal sealed class BasicHWId : IHWId
{
[Dependency] private readonly IGameControllerInternal _gameController = default!;
public const int LengthHwid = 32;
public byte[] GetLegacy()
{
if (OperatingSystem.IsWindows())
return GetWindowsHWid("Hwid");
return [];
}
public byte[] GetModern()
{
byte[] raw;
if (OperatingSystem.IsWindows())
raw = GetWindowsHWid("Hwid2");
else
raw = GetFileHWid();
return [0, ..raw];
}
private static byte[] GetWindowsHWid(string keyName)
{
const string keyPath = @"HKEY_CURRENT_USER\SOFTWARE\Space Wizards\Robust";
var regKey = Registry.GetValue(keyPath, keyName, null);
if (regKey is byte[] { Length: LengthHwid } bytes)
return bytes;
var newId = new byte[LengthHwid];
RandomNumberGenerator.Fill(newId);
Registry.SetValue(
keyPath,
keyName,
newId,
RegistryValueKind.Binary);
return newId;
}
private byte[] GetFileHWid()
{
var path = UserDataDir.GetRootUserDataDir(_gameController);
var hwidPath = Path.Combine(path, ".hwid");
var value = ReadHWidFile(hwidPath);
if (value != null)
return value;
value = RandomNumberGenerator.GetBytes(LengthHwid);
File.WriteAllBytes(hwidPath, value);
return value;
}
private static byte[]? ReadHWidFile(string path)
{
try
{
var value = File.ReadAllBytes(path);
if (value.Length == LengthHwid)
return value;
}
catch (FileNotFoundException)
{
// First time the file won't exist.
}
return null;
}
}

10
Robust.Client/Utility/UserDataDir.cs
View File

@@ -1,7 +1,6 @@
using System;
using System.IO;
using JetBrains.Annotations;
using Robust.Shared.IoC;
namespace Robust.Client.Utility
{
@@ -9,6 +8,12 @@ namespace Robust.Client.Utility
{
[Pure]
public static string GetUserDataDir(IGameControllerInternal gameController)
{
return Path.Combine(GetRootUserDataDir(gameController), "data");
}
[Pure]
public static string GetRootUserDataDir(IGameControllerInternal gameController)
{
string appDataDir;
@@ -30,8 +35,7 @@ namespace Robust.Client.Utility
appDataDir = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
#endif
return Path.Combine(appDataDir, gameController.Options.UserDataDirectoryName, "data");
return Path.Combine(appDataDir, gameController.Options.UserDataDirectoryName);
}
}
}

1
Robust.Server/ServerIoC.cs
View File

@@ -97,6 +97,7 @@ namespace Robust.Server
deps.Register<NetworkResourceManager>();
deps.Register<IHttpClientHolder, HttpClientHolder>();
deps.Register<UploadedContentManager>();
deps.Register<IHWId, DummyHWId>();
}
}
}

12
Robust.Shared/CVars.cs
View File

@@ -394,6 +394,18 @@ namespace Robust.Shared
public static readonly CVarDef<int> NetEncryptionThreadChannelSize =
CVarDef.Create("net.encryption_thread_channel_size", 16);
/// <summary>
/// Whether the server should request HWID system for client identification.
/// </summary>
/// <remarks>
/// <para>
/// Note that modern HWIDs are only available if the connection is authenticated.
/// </para>
/// </remarks>
public static readonly CVarDef<bool> NetHWId =
CVarDef.Create("net.hwid", true, CVar.SERVERONLY);
/**
* SUS
*/

11
Robust.Shared/Network/AuthManager.cs
View File

@@ -15,6 +15,11 @@ namespace Robust.Shared.Network
string? Token { get; set; }
string? PubKey { get; set; }
/// <summary>
/// If true, the user allows HWID information to be provided to servers.
/// </summary>
bool AllowHwid { get; set; }
void LoadFromEnv();
}
@@ -26,6 +31,7 @@ namespace Robust.Shared.Network
public string? Server { get; set; } = DefaultAuthServer;
public string? Token { get; set; }
public string? PubKey { get; set; }
public bool AllowHwid { get; set; } = true;
public void LoadFromEnv()
{
@@ -49,6 +55,11 @@ namespace Robust.Shared.Network
Token = token;
}
if (TryGetVar("ROBUST_AUTH_ALLOW_HWID", out var allowHwid))
{
AllowHwid = allowHwid.Trim() == "1";
}
static bool TryGetVar(string var, [NotNullWhen(true)] out string? val)
{
val = Environment.GetEnvironmentVariable(var);

46
Robust.Shared/Network/HWId.cs
View File

@@ -1,46 +0,0 @@
using System;
using System.Security.Cryptography;
using Microsoft.Win32;
using Robust.Shared.Console;
namespace Robust.Shared.Network
{
internal static class HWId
{
public const int LengthHwid = 32;
public static byte[] Calc()
{
if (OperatingSystem.IsWindows())
{
var regKey = Registry.GetValue(@"HKEY_CURRENT_USER\SOFTWARE\Space Wizards\Robust", "Hwid", null);
if (regKey is byte[] { Length: LengthHwid } bytes)
return bytes;
var newId = new byte[LengthHwid];
RandomNumberGenerator.Fill(newId);
Registry.SetValue(
@"HKEY_CURRENT_USER\SOFTWARE\Space Wizards\Robust",
"Hwid",
newId,
RegistryValueKind.Binary);
return newId;
}
return Array.Empty<byte>();
}
}
#if DEBUG
internal sealed class HwidCommand : LocalizedCommands
{
public override string Command => "hwid";
public override void Execute(IConsoleShell shell, string argStr, string[] args)
{
shell.WriteLine(Convert.ToBase64String(HWId.Calc(), Base64FormattingOptions.None));
}
}
#endif
}

67
Robust.Shared/Network/IHWId.cs Normal file
View File

@@ -0,0 +1,67 @@
using System;
using Robust.Shared.Console;
using Robust.Shared.IoC;
using Robust.Shared.Utility;
namespace Robust.Shared.Network;
/// <summary>
/// Fetches HWID (hardware ID) unique identifiers for the local system.
/// </summary>
internal interface IHWId
{
/// <summary>
/// Gets the "legacy" HWID.
/// </summary>
/// <remarks>
/// These are directly sent to servers and therefore susceptible to malicious spoofing.
/// They should not be relied on for the future.
/// </remarks>
/// <returns>
/// An opaque value that gets sent to the server to identify this computer,
/// or an empty array if legacy HWID is not supported on this platform.
/// </returns>
byte[] GetLegacy();
/// <summary>
/// Gets the "modern" HWID.
/// </summary>
/// <returns>
/// An opaque value that gets sent to the auth server to identify this computer,
/// or null if modern HWID is not supported on this platform.
/// </returns>
byte[]? GetModern();
}
/// <summary>
/// Implementation of <see cref="IHWId"/> that does nothing, always returning an empty result.
/// </summary>
internal sealed class DummyHWId : IHWId
{
public byte[] GetLegacy()
{
return [];
}
public byte[] GetModern()
{
return [];
}
}
#if DEBUG
internal sealed class HwidCommand : LocalizedCommands
{
[Dependency] private readonly IHWId _hwId = default!;
public override string Command => "hwid";
public override void Execute(IConsoleShell shell, string argStr, string[] args)
{
shell.WriteLine($"""
legacy: {Convert.ToBase64String(_hwId.GetLegacy(), Base64FormattingOptions.None)}
modern: {Base64Helpers.ToBase64Nullable(_hwId.GetModern())}
""");
}
}
#endif

3
Robust.Shared/Network/Messages/Handshake/MsgEncryptionRequest.cs
View File

@@ -13,6 +13,7 @@ namespace Robust.Shared.Network.Messages.Handshake
public byte[] VerifyToken;
public byte[] PublicKey;
public bool WantHwid;
public override void ReadFromBuffer(NetIncomingMessage buffer, IRobustSerializer serializer)
{
@@ -20,6 +21,7 @@ namespace Robust.Shared.Network.Messages.Handshake
VerifyToken = buffer.ReadBytes(tokenLength);
var keyLength = buffer.ReadVariableInt32();
PublicKey = buffer.ReadBytes(keyLength);
WantHwid = buffer.ReadBoolean();
}
public override void WriteToBuffer(NetOutgoingMessage buffer, IRobustSerializer serializer)
@@ -28,6 +30,7 @@ namespace Robust.Shared.Network.Messages.Handshake
buffer.Write(VerifyToken);
buffer.WriteVariableInt32(PublicKey.Length);
buffer.Write(PublicKey);
buffer.Write(WantHwid);
}
}
}

5
Robust.Shared/Network/Messages/Handshake/MsgEncryptionResponse.cs
View File

@@ -14,12 +14,15 @@ namespace Robust.Shared.Network.Messages.Handshake
public Guid UserId;
public byte[] SealedData;
public byte[] LegacyHwid;
public override void ReadFromBuffer(NetIncomingMessage buffer, IRobustSerializer serializer)
{
UserId = buffer.ReadGuid();
var keyLength = buffer.ReadVariableInt32();
SealedData = buffer.ReadBytes(keyLength);
var legacyHwidLength = buffer.ReadVariableInt32();
LegacyHwid = buffer.ReadBytes(legacyHwidLength);
}
public override void WriteToBuffer(NetOutgoingMessage buffer, IRobustSerializer serializer)
@@ -27,6 +30,8 @@ namespace Robust.Shared.Network.Messages.Handshake
buffer.Write(UserId);
buffer.WriteVariableInt32(SealedData.Length);
buffer.Write(SealedData);
buffer.WriteVariableInt32(LegacyHwid.Length);
buffer.Write(LegacyHwid);
}
}
}

5
Robust.Shared/Network/Messages/Handshake/MsgLoginStart.cs
View File

@@ -16,7 +16,6 @@ namespace Robust.Shared.Network.Messages.Handshake
public override MsgGroups MsgGroup => MsgGroups.Core;
public string UserName;
public ImmutableArray<byte> HWId;
public bool CanAuth;
public bool NeedPubKey;
public bool Encrypt;
@@ -24,8 +23,6 @@ namespace Robust.Shared.Network.Messages.Handshake
public override void ReadFromBuffer(NetIncomingMessage buffer, IRobustSerializer serializer)
{
UserName = buffer.ReadString();
var length = buffer.ReadByte();
HWId = ImmutableArray.Create(buffer.ReadBytes(length));
CanAuth = buffer.ReadBoolean();
NeedPubKey = buffer.ReadBoolean();
Encrypt = buffer.ReadBoolean();
@@ -34,8 +31,6 @@ namespace Robust.Shared.Network.Messages.Handshake
public override void WriteToBuffer(NetOutgoingMessage buffer, IRobustSerializer serializer)
{
buffer.Write(UserName);
buffer.Write((byte) HWId.Length);
buffer.Write(HWId.AsSpan());
buffer.Write(CanAuth);
buffer.Write(NeedPubKey);
buffer.Write(Encrypt);

20
Robust.Shared/Network/NetManager.ClientConnect.cs
View File

@@ -132,13 +132,13 @@ namespace Robust.Shared.Network
var hasPubKey = !string.IsNullOrEmpty(pubKey);
var authenticate = !string.IsNullOrEmpty(authToken);
var hwId = ImmutableArray.Create(HWId.Calc());
byte[] legacyHwid = [];
var msgLogin = new MsgLoginStart
{
UserName = userNameRequest,
CanAuth = authenticate,
NeedPubKey = !hasPubKey,
HWId = hwId,
Encrypt = encrypt
};
@@ -191,7 +191,14 @@ namespace Robust.Shared.Network
var authHashBytes = MakeAuthHash(sharedSecret, keyBytes);
var authHash = Convert.ToBase64String(authHashBytes);
var joinReq = new JoinRequest(authHash);
byte[]? modernHwid = null;
if (_authManager.AllowHwid && encRequest.WantHwid)
{
legacyHwid = _hwId.GetLegacy();
modernHwid = _hwId.GetModern();
}
var joinReq = new JoinRequest(authHash, Base64Helpers.ToBase64Nullable(modernHwid));
var request = new HttpRequestMessage(HttpMethod.Post, authServer + "api/session/join");
request.Content = JsonContent.Create(joinReq);
request.Headers.Authorization = new AuthenticationHeaderValue("SS14Auth", authToken);
@@ -202,7 +209,8 @@ namespace Robust.Shared.Network
var encryptionResponse = new MsgEncryptionResponse
{
SealedData = sealedData,
UserId = userId!.Value.UserId
UserId = userId!.Value.UserId,
LegacyHwid = legacyHwid
};
var outEncRespMsg = peer.Peer.CreateMessage();
@@ -217,7 +225,7 @@ namespace Robust.Shared.Network
var msgSuc = new MsgLoginSuccess();
msgSuc.ReadFromBuffer(response, _serializer);
var channel = new NetChannel(this, connection, msgSuc.UserData with { HWId = hwId }, msgSuc.Type);
var channel = new NetChannel(this, connection, msgSuc.UserData with { HWId = [..legacyHwid] }, msgSuc.Type);
_channels.Add(connection, channel);
peer.AddChannel(channel);
@@ -520,6 +528,6 @@ namespace Robust.Shared.Network
}
}
private sealed record JoinRequest(string Hash);
private sealed record JoinRequest(string Hash, string? Hwid);
}
}

27
Robust.Shared/Network/NetManager.ServerAuth.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Collections.Immutable;
using System.Linq;
using System.Net;
using System.Net.Http;
@@ -79,10 +80,12 @@ namespace Robust.Shared.Network
var verifyToken = new byte[4];
RandomNumberGenerator.Fill(verifyToken);
var wantHwid = _config.GetCVar(CVars.NetHWId);
var msgEncReq = new MsgEncryptionRequest
{
PublicKey = needPk ? CryptoPublicKey : Array.Empty<byte>(),
VerifyToken = verifyToken
VerifyToken = verifyToken,
WantHwid = wantHwid
};
var outMsgEncReq = peer.Peer.CreateMessage();
@@ -153,10 +156,24 @@ namespace Robust.Shared.Network
$"Patron: {joinedRespJson.UserData.PatronTier}");
var userId = new NetUserId(joinedRespJson.UserData!.UserId);
ImmutableArray<ImmutableArray<byte>> modernHWIds = [
..joinedRespJson.ConnectionData!.Hwids
.Select(h => ImmutableArray.Create(Convert.FromBase64String(h)))
];
ImmutableArray<byte> legacyHwid = [..msgEncResponse.LegacyHwid];
if (!wantHwid)
{
// If the client somehow sends a HWID even if we didn't ask for one, ignore it.
modernHWIds = [];
legacyHwid = [];
}
userData = new NetUserData(userId, joinedRespJson.UserData.UserName)
{
PatronTier = joinedRespJson.UserData.PatronTier,
HWId = msgLogin.HWId
HWId = legacyHwid,
ModernHWIds = modernHWIds,
Trust = joinedRespJson.ConnectionData!.Trust
};
padSuccessMessage = false;
type = LoginType.LoggedIn;
@@ -199,7 +216,8 @@ namespace Robust.Shared.Network
userData = new NetUserData(userId, name)
{
HWId = msgLogin.HWId
HWId = [],
ModernHWIds = []
};
}
@@ -359,8 +377,9 @@ namespace Robust.Shared.Network
}
// ReSharper disable ClassNeverInstantiated.Local
private sealed record HasJoinedResponse(bool IsValid, HasJoinedUserData? UserData);
private sealed record HasJoinedResponse(bool IsValid, HasJoinedUserData? UserData, HasJoinedConnectionData? ConnectionData);
private sealed record HasJoinedUserData(string UserName, Guid UserId, string? PatronTier);
private sealed record HasJoinedConnectionData(string[] Hwids, float Trust);
// ReSharper restore ClassNeverInstantiated.Local
}
}

1
Robust.Shared/Network/NetManager.cs
View File

@@ -111,6 +111,7 @@ namespace Robust.Shared.Network
[Dependency] private readonly ILogManager _logMan = default!;
[Dependency] private readonly ProfManager _prof = default!;
[Dependency] private readonly HttpClientHolder _http = default!;
[Dependency] private readonly IHWId _hwId = default!;
/// <summary>
/// Holds lookup table for NetMessage.Id -> NetMessage.Type

17
Robust.Shared/Network/NetUserData.cs
View File

@@ -20,6 +20,23 @@ namespace Robust.Shared.Network
public ImmutableArray<byte> HWId { get; init; }
/// <summary>
/// Unique identifiers for a client's computer, account and connection.
/// </summary>
/// <remarks>
/// If any of these values match between two connections,
/// it means the auth server believes them to be the same user.
/// </remarks>
public ImmutableArray<ImmutableArray<byte>> ModernHWIds { get; init; }
/// <summary>
/// A trust value that reports the auth server's estimate of how likely this user is to be a malicious/suspicious account.
/// </summary>
/// <remarks>
/// A value of 0.5 can be considered "neutral", 1 being "fully trusted".
/// </remarks>
public float Trust { get; init; }
public NetUserData(NetUserId userId, string userName)
{
UserId = userId;

12
Robust.Shared/Utility/Base64Helpers.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Diagnostics.CodeAnalysis;
using System.Text;
namespace Robust.Shared.Utility
@@ -50,5 +51,16 @@ namespace Robust.Shared.Utility
return Convert.FromBase64String(s);
}
/// <summary>
/// Convert a byte array to base64. Returns null if the input byte array is null.
/// </summary>
[return: NotNullIfNotNull(nameof(data))]
public static string? ToBase64Nullable(byte[]? data)
{
if (data == null)
return null;
return Convert.ToBase64String(data, Base64FormattingOptions.None);
}
}
}

3
Robust.UnitTesting/RobustIntegrationTest.NetManager.cs
View File

@@ -132,7 +132,8 @@ namespace Robust.UnitTesting
var sessionId = new NetUserId(userId);
var userData = new NetUserData(sessionId, userName)
{
HWId = ImmutableArray<byte>.Empty
HWId = ImmutableArray<byte>.Empty,
ModernHWIds = []
};
var args = await OnConnecting(

2
Robust.UnitTesting/Server/RobustServerSimulation.cs
View File

@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.Reflection;
using JetBrains.Annotations;
using Moq;
using Robust.Client.HWId;
using Robust.Server;
using Robust.Server.Configuration;
using Robust.Server.Console;
@@ -198,6 +199,7 @@ namespace Robust.UnitTesting.Server
container.RegisterInstance<ITaskManager>(new Mock<ITaskManager>().Object);
container.Register<HttpClientHolder>();
container.Register<IHttpClientHolder, HttpClientHolder>();
container.Register<IHWId, DummyHWId>();
var realReflection = new ServerReflectionManager();
realReflection.LoadAssemblies(new List<Assembly>(2)

1
Robust.UnitTesting/Shared/GameObjects/EntityState_Tests.cs
View File

@@ -36,6 +36,7 @@ namespace Robust.UnitTesting.Shared.GameObjects
container.Register<IConfigurationManager, ServerNetConfigurationManager>();
container.Register<IConfigurationManagerInternal, ServerNetConfigurationManager>();
container.Register<INetManager, NetManager>();
container.Register<IHWId, DummyHWId>();
container.Register<IReflectionManager, ServerReflectionManager>();
container.Register<IRobustSerializer, ServerRobustSerializer>();
container.Register<IRobustMappedStringSerializer, RobustMappedStringSerializer>();