Use passwordMd5, more secure

2025-03-25 06:50:09 +08:00 · 2019-12-30 16:21:00 +08:00 · 2019-12-30 16:21:00 +08:00 · 7bdaa9b174
commit 7bdaa9b174
parent 76dd28148b
6 changed files with 19 additions and 15 deletions
--- a/mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/TIMPCBotNetworkHandler.kt
+++ b/mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/TIMPCBotNetworkHandler.kt
@ -339,7 +339,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                    socket.sendPacket(
                        SubmitPasswordPacket(
                            bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                            loginTime = loginTime,
                            loginIP = loginIP,
                            privateKey = privateKey,
@ -369,7 +369,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                    socket.sendPacket(
                        SubmitPasswordPacket(
                            bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                            loginTime = loginTime,
                            loginIP = loginIP,
                            privateKey = privateKey,
@ -434,7 +434,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                    socket.sendPacket(
                        SubmitPasswordPacket(
                            bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                            loginTime = loginTime,
                            loginIP = loginIP,
                            privateKey = privateKey,
--- a/mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/packet/login/PasswordSubmission.kt
+++ b/mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/packet/login/PasswordSubmission.kt
@ -51,7 +51,7 @@ internal inline class SubmitPasswordResponseDecrypter(private val privateKey: Pr
 internal object SubmitPasswordPacket : PacketFactory<SubmitPasswordPacket.LoginResponse, SubmitPasswordResponseDecrypter>(SubmitPasswordResponseDecrypter) {
    operator fun invoke(
        bot: Long,
-        password: String,
+        passwordMd5: ByteArray,
        loginTime: Int,
        loginIP: String,
        privateKey: PrivateKey,
@ -68,7 +68,7 @@ internal object SubmitPasswordPacket : PacketFactory<SubmitPasswordPacket.LoginR

        // shareKey 极大可能为 publicKey, key0836 计算得到
        encryptAndWrite(TIMProtocol.shareKey) {
-            writePart1(bot, password, loginTime, loginIP, privateKey, token0825, randomDeviceName, tlv0006)
+            writePart1(bot, passwordMd5, loginTime, loginIP, privateKey, token0825, randomDeviceName, tlv0006)
            if (token00BA != null) {
                writeHex("01 10")
                writeHex("00 3C")
@ -272,7 +272,7 @@ internal inline class SessionResponseDecryptionKey(private val delegate: IoBuffe

 private fun BytePacketBuilder.writePart1(
    qq: Long,
-    password: String,
+    password: ByteArray,
    loginTime: Int,
    loginIP: String,
    privateKey: PrivateKey,
@ -314,9 +314,8 @@ private fun BytePacketBuilder.writePart1(
    this.writeHex("60 C9 5D A7 45 70 04 7F 21 7D 84 50 5C 66 A5 C6")//key
 }

-private fun BytePacketBuilder.writeTLV0006(qq: Long, password: String, loginTime: Int, loginIP: String, privateKey: PrivateKey) {
-    val firstMD5 = md5(password)
-    val secondMD5 = md5(firstMD5 + byteArrayOf(0, 0, 0, 0) + qq.toUInt().toByteArray())
+private fun BytePacketBuilder.writeTLV0006(qq: Long, passwordMd5: ByteArray, loginTime: Int, loginIP: String, privateKey: PrivateKey) {
+    val secondMD5 = md5(passwordMd5 + byteArrayOf(0, 0, 0, 0) + qq.toUInt().toByteArray())

    this.encryptAndWrite(secondMD5) {
        writeRandom(4)
@ -325,7 +324,7 @@ private fun BytePacketBuilder.writeTLV0006(qq: Long, password: String, loginTime
        writeFully(TIMProtocol.constantData2)
        writeHex("00 00 01")

-        writeFully(firstMD5)
+        writeFully(passwordMd5)
        writeInt(loginTime)
        writeByte(0)
        writeZero(4 * 3)
--- a/mirai-core-timpc/src/jvmTest/kotlin/BadQQFilter.kt
+++ b/mirai-core-timpc/src/jvmTest/kotlin/BadQQFilter.kt
@ -58,5 +58,5 @@ suspend fun main() {
    }

    println("Filtering finished")
-    println(goodBotList.joinToString("\n") { it.account.id.toString() + "    " + it.account.password })
+    println(goodBotList.joinToString("\n") { it.account.id.toString() + "    " + it.account.passwordMd5 })
 }
--- a/mirai-core/src/commonMain/kotlin/net.mamoe.mirai/BotAccount.kt
+++ b/mirai-core/src/commonMain/kotlin/net.mamoe.mirai/BotAccount.kt
@ -2,7 +2,12 @@

 package net.mamoe.mirai

+import kotlinx.io.core.toByteArray
+import net.mamoe.mirai.utils.md5
+
 data class BotAccount(
    val id: Long,
-    val password: String
-)
+    val passwordMd5: ByteArray // md5
+){
+    constructor(id: Long, passwordPlainText: String) : this(id, md5(passwordPlainText.toByteArray()))
+}
--- a/mirai-demos/mirai-demo-1/src/main/java/demo/subscribe/SubscribeSamples.kt
+++ b/mirai-demos/mirai-demo-1/src/main/java/demo/subscribe/SubscribeSamples.kt
@ -41,7 +41,7 @@ suspend fun main() {
    val bot = TIMPC.Bot(
        readTestAccount() ?: BotAccount(//填写你的账号
            id = 1994701121,
-            password = "123456"
+            passwordPlainText = "123456"
        )
    ) {
        // 覆盖默认的配置
--- a/mirai-demos/mirai-demo-gentleman/src/main/kotlin/demo/gentleman/Main.kt
+++ b/mirai-demos/mirai-demo-gentleman/src/main/kotlin/demo/gentleman/Main.kt
@ -47,7 +47,7 @@ suspend fun main() {
    val bot = Bot(
        readTestAccount() ?: BotAccount(
            id = 913366033,
-            password = "a18260132383"
+            passwordPlainText = "a18260132383"
        )
    ) {
        // override config here.