From e3a73291a9f68618cb8f4fc9a6eb62423e2dc0f0 Mon Sep 17 00:00:00 2001 From: Graham Date: Tue, 29 Aug 2023 17:22:34 +0100 Subject: [PATCH] Verify usernameHash and serverKey match Signed-off-by: Graham --- .../openrs2/game/net/login/LoginChannelHandler.kt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/game/src/main/kotlin/org/openrs2/game/net/login/LoginChannelHandler.kt b/game/src/main/kotlin/org/openrs2/game/net/login/LoginChannelHandler.kt index ba8a824b59..73382608c4 100644 --- a/game/src/main/kotlin/org/openrs2/game/net/login/LoginChannelHandler.kt +++ b/game/src/main/kotlin/org/openrs2/game/net/login/LoginChannelHandler.kt @@ -49,6 +49,7 @@ import org.openrs2.protocol.login.upstream.GameLoginPayload import org.openrs2.protocol.login.upstream.LoginRequest import org.openrs2.protocol.world.downstream.WorldListDownstream import org.openrs2.protocol.world.downstream.WorldListResponse +import org.openrs2.util.Base37 import java.time.DateTimeException import java.time.LocalDate @@ -141,6 +142,18 @@ public class LoginChannelHandler @Inject constructor( return } + val usernameHash = ((Base37.encode(msg.username) shr 16) and 0x1F).toInt() + if (this.usernameHash != usernameHash) { + ctx.write(LoginResponse.InvalidLoginPacket).addListener(ChannelFutureListener.CLOSE) + return + } + + val serverKey = (msg.key.k2.toLong() shl 32) or (msg.key.k3.toLong() and 0xFFFFFFFF) + if (this.serverKey != serverKey) { + ctx.write(LoginResponse.InvalidLoginPacket).addListener(ChannelFutureListener.CLOSE) + return + } + // TODO }