From 02cee4198dc1b72d3440fabf30611d4bd20b4501 Mon Sep 17 00:00:00 2001 From: Hay1tsme Date: Thu, 18 Jul 2024 13:26:57 -0400 Subject: [PATCH] aimedb: block all-zero access codes and idms --- core/adb_handlers/__init__.py | 2 +- core/adb_handlers/felica.py | 6 +++--- core/aimedb.py | 37 +++++++++++++++++++++++++++++++++-- 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/core/adb_handlers/__init__.py b/core/adb_handlers/__init__.py index 0c96baf..9a8121f 100644 --- a/core/adb_handlers/__init__.py +++ b/core/adb_handlers/__init__.py @@ -2,5 +2,5 @@ from .base import ADBBaseRequest, ADBBaseResponse, ADBHeader, ADBHeaderException from .base import CompanyCodes, ReaderFwVer, CMD_CODE_GOODBYE, HEADER_SIZE from .lookup import ADBLookupRequest, ADBLookupResponse, ADBLookupExResponse from .campaign import ADBCampaignClearRequest, ADBCampaignClearResponse, ADBCampaignResponse, ADBOldCampaignRequest, ADBOldCampaignResponse -from .felica import ADBFelicaLookupRequest, ADBFelicaLookupResponse, ADBFelicaLookup2Request, ADBFelicaLookup2Response +from .felica import ADBFelicaLookupRequest, ADBFelicaLookupResponse, ADBFelicaLookupExRequest, ADBFelicaLookupExResponse from .log import ADBLogExRequest, ADBLogRequest, ADBStatusLogRequest, ADBLogExResponse diff --git a/core/adb_handlers/felica.py b/core/adb_handlers/felica.py index 22c9f05..b7fdc2e 100644 --- a/core/adb_handlers/felica.py +++ b/core/adb_handlers/felica.py @@ -35,7 +35,7 @@ class ADBFelicaLookupResponse(ADBBaseResponse): return self.head.make() + resp_struct -class ADBFelicaLookup2Request(ADBBaseRequest): +class ADBFelicaLookupExRequest(ADBBaseRequest): def __init__(self, data: bytes) -> None: super().__init__(data) self.random = struct.unpack_from("<16s", data, 0x20)[0] @@ -46,7 +46,7 @@ class ADBFelicaLookup2Request(ADBBaseRequest): self.company = CompanyCodes(int.from_bytes(company, 'little')) self.fw_ver = ReaderFwVer.from_byte(fw_ver) -class ADBFelicaLookup2Response(ADBBaseResponse): +class ADBFelicaLookupExResponse(ADBBaseResponse): def __init__(self, user_id: Union[int, None] = None, access_code: Union[str, None] = None, game_id: str = "SXXX", store_id: int = 1, keychip_id: str = "A69E01A8888", code: int = 0x12, length: int = 0x130, status: int = 1) -> None: super().__init__(code, length, status, game_id, store_id, keychip_id) self.user_id = user_id if user_id is not None else -1 @@ -56,7 +56,7 @@ class ADBFelicaLookup2Response(ADBBaseResponse): self.auth_key = [0] * 256 @classmethod - def from_req(cls, req: ADBHeader, user_id: Union[int, None] = None, access_code: Union[str, None] = None) -> "ADBFelicaLookup2Response": + def from_req(cls, req: ADBHeader, user_id: Union[int, None] = None, access_code: Union[str, None] = None) -> "ADBFelicaLookupExResponse": c = cls(user_id, access_code, req.game_id, req.store_id, req.keychip_id) c.head.protocol_ver = req.protocol_ver return c diff --git a/core/aimedb.py b/core/aimedb.py index 88796c7..944153b 100644 --- a/core/aimedb.py +++ b/core/aimedb.py @@ -176,6 +176,11 @@ class AimedbServlette(): async def handle_lookup(self, data: bytes, resp_code: int) -> ADBBaseResponse: req = ADBLookupRequest(data) + if req.access_code == "00000000000000000000": + ret = ADBLookupResponse.from_req(req.head, -1) + ret.head.status = ADBStatus.BAN_SYS + return ret + user_id = await self.data.card.get_user_id_from_card(req.access_code) is_banned = await self.data.card.get_card_banned(req.access_code) is_locked = await self.data.card.get_card_locked(req.access_code) @@ -201,6 +206,11 @@ class AimedbServlette(): async def handle_lookup_ex(self, data: bytes, resp_code: int) -> ADBBaseResponse: req = ADBLookupRequest(data) + if req.access_code == "00000000000000000000": + ret = ADBLookupExResponse.from_req(req.head, -1) + ret.head.status = ADBStatus.BAN_SYS + return ret + user_id = await self.data.card.get_user_id_from_card(req.access_code) is_banned = await self.data.card.get_card_banned(req.access_code) @@ -241,6 +251,11 @@ class AimedbServlette(): """ req = ADBFelicaLookupRequest(data) idm = req.idm.zfill(16) + if idm == "0000000000000000": + ret = ADBFelicaLookupResponse.from_req(req.head, "00000000000000000000") + ret.head.status = ADBStatus.BAN_SYS + return ret + card = await self.data.card.get_card_by_idm(idm) if not card: ac = self.data.card.to_access_code(idm) @@ -262,6 +277,13 @@ class AimedbServlette(): because we don't implement felica_lookup properly. """ req = ADBFelicaLookupRequest(data) + idm = req.idm.zfill(16) + + if idm == "0000000000000000": + ret = ADBFelicaLookupResponse.from_req(req.head, "00000000000000000000") + ret.head.status = ADBStatus.BAN_SYS + return ret + ac = self.data.card.to_access_code(req.idm) if self.config.server.allow_user_registration: @@ -292,9 +314,15 @@ class AimedbServlette(): return ADBFelicaLookupResponse.from_req(req.head, ac) async def handle_felica_lookup_ex(self, data: bytes, resp_code: int) -> bytes: - req = ADBFelicaLookup2Request(data) + req = ADBFelicaLookupExRequest(data) user_id = None idm = req.idm.zfill(16) + + if idm == "0000000000000000": + ret = ADBFelicaLookupExResponse.from_req(req.head, -1, "00000000000000000000") + ret.head.status = ADBStatus.BAN_SYS + return ret + card = await self.data.card.get_card_by_idm(idm) if not card: access_code = self.data.card.to_access_code(idm) @@ -314,7 +342,7 @@ class AimedbServlette(): f"idm {idm} ipm {req.pmm} -> access_code {access_code} user_id {user_id}" ) - resp = ADBFelicaLookup2Response.from_req(req.head, user_id, access_code) + resp = ADBFelicaLookupExResponse.from_req(req.head, user_id, access_code) if user_id > 0: if card['is_banned'] and card['is_locked']: @@ -347,6 +375,11 @@ class AimedbServlette(): async def handle_register(self, data: bytes, resp_code: int) -> bytes: req = ADBLookupRequest(data) user_id = -1 + + if req.access_code == "00000000000000000000": + ret = ADBLookupResponse.from_req(req.head, -1) + ret.head.status = ADBStatus.BAN_SYS + return ret if self.config.server.allow_user_registration: user_id = await self.data.user.create_user()