GitHub/MCAntiMalware
1
0
Fork 0
mirror of https://github.com/OpticFusion1/MCAntiMalware.git synced 2026-05-14 09:40:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes

Browse Source 
First commit
Fixes an issue with zipping malicious plugins
This commit is contained in:
OpticFusion1
2019-02-27 13:44:27 -05:00
parent 687f26e866
commit c0c8e4fedc
29 changed files with 2192 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pom.xml
+102
View File
@@ -0,0 +1,102 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>optic_fusion1</groupId>
<artifactId>MCAntiMalware</artifactId>
<version>3.1</version>
<packaging>jar</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<showDeprecation>false</showDeprecation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<finalName>${project.artifactId}</finalName>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>optic_fusion1.mcantimalware.Main</mainClass>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>net.sf.jopt-simple</groupId>
<artifactId>jopt-simple</artifactId>
<version>5.0.4</version>
</dependency>
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm-all</artifactId>
<version>5.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.2</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>commons-vfs</groupId>
<artifactId>commons-vfs</artifactId>
<version>20050307052300</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>jline</groupId>
<artifactId>jline</artifactId>
<version>2.12.1</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.5</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.8.1</version>
<type>jar</type>
</dependency>
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
</project>
src/main/java/optic_fusion1/mcantimalware/DirectoryWatcherService.java
+235
View File
@@ -0,0 +1,235 @@
package optic_fusion1.mcantimalware;
import java.io.File;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.SimpleFileVisitor;
import static java.nio.file.StandardWatchEventKinds.ENTRY_CREATE;
import static java.nio.file.StandardWatchEventKinds.ENTRY_DELETE;
import static java.nio.file.StandardWatchEventKinds.ENTRY_MODIFY;
import static java.nio.file.StandardWatchEventKinds.OVERFLOW;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.nio.file.attribute.BasicFileAttributes;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipFile;
public class DirectoryWatcherService implements Runnable {
@SuppressWarnings("unchecked")
static <T> WatchEvent<T> cast(WatchEvent<?> event) {
return (WatchEvent<T>) event;
}
/*
* Wait this long after an event before processing the files.
*/
private final int DELAY = 500;
/*
* Use a SET to prevent duplicates from being added when multiple events on the
* same file arrive in quick succession.
*/
HashSet<String> filesToReload = new HashSet<>();
/*
* Keep a map that will be used to resolve WatchKeys to the parent directory
* so that we can resolve the full path to an event file.
*/
private final Map<WatchKey, Path> keys;
Timer processDelayTimer = null;
private volatile Thread server;
private boolean trace = false;
private WatchService watcher = null;
private Main main;
public DirectoryWatcherService(Main main, Path dir, boolean recursive)
throws IOException {
this.main = main;
this.watcher = FileSystems.getDefault().newWatchService();
this.keys = new HashMap<>();
if (recursive) {
registerAll(dir);
} else {
register(dir);
}
// enable trace after initial registration
this.trace = true;
}
private synchronized void addFileToProcess(String filename) {
if (filename.contains("MCAntiMalware.jar") || filename.contains("malplugins.zip")) {
return;
}
if (!filename.endsWith(".jar") && !filename.endsWith(".zip") && !filename.endsWith(".rar")) {
return;
}
boolean alreadyAdded = filesToReload.add(filename) == false;
Main.getLogger().info("Queuing file for processing: "
+ filename + (alreadyAdded ? "(already queued)" : ""));
if (processDelayTimer != null) {
processDelayTimer.cancel();
}
processDelayTimer = new Timer();
processDelayTimer.schedule(new TimerTask() {
@Override
public void run() {
processFiles();
}
}, DELAY);
}
public synchronized void firstRun() {
for (File file : new File(new File("").getAbsolutePath()).listFiles()) {
if (file.getName().endsWith(".jar") || file.getName().endsWith(".zip") || file.getName().endsWith(".rar")) {
if (!file.getName().contains("MCAntiMalware") && !file.getName().contains("malplugins.zip")) {
main.getCheckManager().process(file.getName(), file);
}
}
}
if (main.shouldZipMaliciousPlugins() && main.foundMaliciousPlugins()) {
main.zipMaliciousPlugins();
}
}
private synchronized void processFiles() {
/*
* Iterate over the set of file to be processed
*/
for (Iterator<String> it = filesToReload.iterator(); it.hasNext();) {
String filename = it.next();
File file = new File(filename);
if (file.getName().endsWith(".jar") || file.getName().endsWith(".zip") || file.getName().endsWith(".rar")) {
if (!file.exists()) {
it.remove();
continue;
}
if (!file.getName().contains("MCAntiMalware") && !file.getName().contains("malplugins.zip")) {
Main.getLogger().info("Detected new file " + file.getName() + " checking if it's malicious");
main.getCheckManager().process(file.getName(), file);
}
}
/*
* Remove this file from the set.
*/
it.remove();
}
if (main.shouldZipMaliciousPlugins() && main.foundMaliciousPlugins()) {
main.zipMaliciousPlugins();
}
}
/**
* Register the given directory with the WatchService
*/
private void register(Path dir) throws IOException {
WatchKey key = dir.register(watcher, ENTRY_CREATE, ENTRY_DELETE, ENTRY_MODIFY);
if (trace) {
Path prev = keys.get(key);
if (prev == null) {
System.out.format("register: %s\n", dir);
} else {
if (!dir.equals(prev)) {
System.out.format("update: %s -> %s\n", prev, dir);
}
}
}
keys.put(key, dir);
}
/**
* Register the given directory, and all its sub-directories, with the WatchService.
*/
private void registerAll(final Path start) throws IOException {
// register directory and sub-directories
Files.walkFileTree(start, new SimpleFileVisitor<Path>() {
@Override
public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs)
throws IOException {
if (dir.getFileName().toString().startsWith(".")) {
return FileVisitResult.SKIP_SUBTREE;
}
register(dir);
return FileVisitResult.CONTINUE;
}
});
}
@SuppressWarnings("unchecked")
@Override
public void run() {
Thread thisThread = Thread.currentThread();
while (server == thisThread) {
try {
// wait for key to be signaled
WatchKey key;
try {
key = watcher.take();
} catch (InterruptedException x) {
return;
}
Path dir = keys.get(key);
if (dir == null) {
continue;
}
for (WatchEvent<?> event : key.pollEvents()) {
WatchEvent.Kind<?> kind = event.kind();
if (kind == OVERFLOW) {
continue;
}
if (kind == ENTRY_MODIFY || kind == ENTRY_CREATE) {
WatchEvent<Path> ev = (WatchEvent<Path>) event;
Path name = ev.context();
Path child = dir.resolve(name);
String filename = child.toAbsolutePath().toString();
addFileToProcess(filename);
}
}
key.reset();
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void start() {
server = new Thread(this);
server.setName("Directory Watcher Service");
server.start();
}
public void stop() {
Thread moribund = server;
server = null;
if (moribund != null) {
moribund.interrupt();
}
}
}
src/main/java/optic_fusion1/mcantimalware/Main.java
+176
View File
@@ -0,0 +1,176 @@
package optic_fusion1.mcantimalware;
import optic_fusion1.mcantimalware.utils.ZipUtils;
import optic_fusion1.mcantimalware.check.CheckRegistery;
import optic_fusion1.mcantimalware.check.CheckManager;
import optic_fusion1.mcantimalware.logging.ConsoleLogManager;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import static java.util.Arrays.asList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import jline.console.ConsoleReader;
import joptsimple.OptionParser;
import joptsimple.OptionSet;
import optic_fusion1.mcantimalware.logging.LoggerOutputStream;
public class Main implements Runnable {
private File scriptsFile = new File("scripts");
private File malPluginsFolder = new File("malplugins");
private CheckManager checkManager;
private Path path = Paths.get("");
private DirectoryWatcherService watcher;
private boolean zipMaliciousPlugins;
private boolean maliciousPluginsFound = false;
private List<File> maliciousPlugins = new ArrayList<>();
private String[] args;
private static Logger logger = Logger.getLogger("AntiMalware");
private ConsoleReader reader;
private void init() {
File file = new File("AntiMalware");
if (!file.exists()) {
file.mkdirs();
}
File logFile = new File(file, "log.log");
if (!logFile.exists()) {
try {
logFile.createNewFile();
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
try {
this.reader = new ConsoleReader();
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
ConsoleLogManager.init(this);
try {
System.setOut(new PrintStream(new LoggerOutputStream(logger, Level.INFO), true, "UTF8"));
System.setErr(new PrintStream(new LoggerOutputStream(logger, Level.SEVERE), true, "UTF8"));
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
try {
watcher = new DirectoryWatcherService(this, ((Path) Paths.get("")), true);
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
if (scriptsFile.exists()) {
try {
ZipUtils.zipDir(scriptsFile.toPath());
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
checkManager = new CheckManager(this);
new CheckRegistery(this).registerChecks();
OptionParser parser = new OptionParser() {
{
acceptsAll(asList("z", "zipMalPlugins"), "Whether to put every malicious plugin in a .zip file or not")
.withRequiredArg()
.ofType(Boolean.class)
.defaultsTo(false)
.describedAs("Zip Malicious Plugins");
}
};
OptionSet options = null;
try {
options = parser.parse(args);
} catch (joptsimple.OptionException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, ex.getLocalizedMessage());
}
if (options != null) {
if (options.has("zipMalPlugins")) {
zipMaliciousPlugins = (Boolean) options.valueOf("zipMalPlugins");
}
}
}
@Override
public void run() {
init();
System.out.println("Should zip malicious plugins: " + zipMaliciousPlugins);
watcher.start();
watcher.firstRun();
}
public File getMalPluginsFolder() {
return malPluginsFolder;
}
public CheckManager getCheckManager() {
return checkManager;
}
public boolean shouldZipMaliciousPlugins() {
return zipMaliciousPlugins;
}
public boolean moveFile(String sourcePath, String targetPath) {
boolean fileMoved = true;
try {
Files.move(Paths.get(sourcePath), Paths.get(targetPath), StandardCopyOption.REPLACE_EXISTING);
} catch (Exception e) {
fileMoved = false;
}
return fileMoved;
}
public void addMaliciousPlugin(File file) {
maliciousPlugins.add(file);
}
public void zipMaliciousPlugins() {
if (!shouldZipMaliciousPlugins()) {
return;
}
if (!malPluginsFolder.exists()) {
malPluginsFolder.mkdirs();
}
for (Iterator<File> iter = maliciousPlugins.iterator(); maliciousPlugins.iterator().hasNext();) {
File element = iter.next();
moveFile(element.getPath(), malPluginsFolder + File.separator + element.getName());
iter.remove();
}
try {
ZipUtils.zipDir(malPluginsFolder.toPath());
} catch (IOException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
public void setMaliciousPluginsFound(boolean foundMaliciousPlugins) {
maliciousPluginsFound = foundMaliciousPlugins;
}
public boolean foundMaliciousPlugins() {
return maliciousPluginsFound;
}
public ConsoleReader getConsoleReader() {
return reader;
}
public static Logger getLogger() {
return logger;
}
public static void main(String[] args) {
Main main = new Main();
main.args = args;
new Thread(main).start();
}
}
src/main/java/optic_fusion1/mcantimalware/check/Check.java
+43
View File
@@ -0,0 +1,43 @@
package optic_fusion1.mcantimalware.check;
import java.io.InputStream;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.tree.ClassNode;
public abstract class Check {
private Main main;
private String name;
private CheckType type;
private String fileName;
public Check(String name, Main main, CheckType type) {
this.name = name;
this.main = main;
this.type = type;
}
public void setFileName(String fileName) {
this.fileName = fileName;
}
public String getFileName() {
return fileName;
}
public CheckType getType() {
return type;
}
public String getName() {
return name;
}
public abstract boolean process(String fileName, ZipFile zipFile);
public abstract boolean detect(InputStream inputStream);
public abstract boolean detect(ClassNode classNode);
}
src/main/java/optic_fusion1/mcantimalware/check/CheckManager.java
+119
View File
@@ -0,0 +1,119 @@
package optic_fusion1.mcantimalware.check;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.Main;
public class CheckManager {
private List<Check> checks = new ArrayList<>();
private Main main;
private Logger logger = Main.getLogger();
public CheckManager(Main main) {
this.main = main;
}
public List<Check> getChecks() {
return checks;
}
public boolean checkExists(String string) {
return checks.stream().anyMatch((check) -> (check.getName().equalsIgnoreCase(string)));
}
public Check getCheck(String string) {
for (Check check : checks) {
if (check.getName().equalsIgnoreCase(string)) {
return check;
}
}
return null;
}
public void addCheck(Check check) {
checks.add(check);
}
public boolean processWithCheck(String checkName, String name, File file) {
logger.info("Checking to see if " + name + " is infected");
ZipFile zipFile = null;
try {
zipFile = new ZipFile(file);
} catch (IOException ex) {
logger.severe(ex.getMessage());
Logger.getLogger(CheckManager.class.getName()).log(Level.SEVERE, null, ex);
}
if (zipFile == null) {
logger.warning("ZipFile is null");
return false;
}
for (Check check : checks) {
if (check.getName().equalsIgnoreCase(checkName)) {
String fileName = check.getFileName() == null ? "" : "(" + check.getName() + ")";
String fullFileName = name + fileName;
logger.info("Checking if " + fullFileName + " is infected with " + check.getName() + "(" + check.getType() + ")");
if (check.process(name, zipFile)) {
logger.warning(fullFileName + " MIGHT be infected with " + check.getName() + "(" + check.getType() + ")");
if (main.shouldZipMaliciousPlugins()) {
if (!main.foundMaliciousPlugins()) {
main.setMaliciousPluginsFound(true);
}
main.addMaliciousPlugin(file);
}
} else {
logger.info(fullFileName + " MIGHT not be infected with " + check.getName() + " (" + check.getType() + ")");
}
}
}
try {
zipFile.close();
} catch (IOException ex) {
Logger.getLogger(CheckManager.class.getName()).log(Level.SEVERE, null, ex);
}
return false;
}
public boolean process(String name, File file) {
logger.info("Checking to see if " + name + " is infected");
ZipFile zipFile = null;
try {
zipFile = new ZipFile(file);
} catch (IOException ex) {
logger.severe(ex.getMessage());
Logger.getLogger(CheckManager.class.getName()).log(Level.SEVERE, null, ex);
}
if (zipFile == null) {
logger.warning("ZipFile is null");
return false;
}
for (Check check : checks) {
String fileName = check.getFileName() == null ? "" : "(" + check.getName() + ")";
String fullFileName = name + fileName;
logger.info("Checking if " + fullFileName + " is infected with " + check.getName() + "(" + check.getType() + ")");
if (check.process(name, zipFile)) {
logger.warning(fullFileName + " MIGHT be infected with " + check.getName() + "(" + check.getType() + ")");
if (main.shouldZipMaliciousPlugins()) {
if (!main.foundMaliciousPlugins()) {
main.setMaliciousPluginsFound(true);
}
main.addMaliciousPlugin(file);
}
} else {
logger.info(fullFileName + " MIGHT not be infected with " + check.getName() + " (" + check.getType() + ")");
}
}
try {
zipFile.close();
} catch (IOException ex) {
Logger.getLogger(CheckManager.class.getName()).log(Level.SEVERE, null, ex);
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/CheckObject.java
+38
View File
@@ -0,0 +1,38 @@
package optic_fusion1.mcantimalware.check;
import java.util.ArrayList;
import java.util.List;
public class CheckObject {
private String checkName;
private int checksFailed;
private List<String> checks;
public CheckObject(String checkName) {
this.checkName = checkName;
this.checksFailed = 0;
this.checks = new ArrayList<>();
}
public String getCheckName() {
return checkName;
}
public int getAmountOfFailedChecks() {
return checksFailed;
}
public void addOneToFailedChecks(){
checksFailed++;
}
public void addCheck(String check){
checks.add(check);
}
public List<String> getFailedChecks(){
return checks;
}
}
src/main/java/optic_fusion1/mcantimalware/check/CheckRegistery.java
+45
View File
@@ -0,0 +1,45 @@
package optic_fusion1.mcantimalware.check;
import optic_fusion1.mcantimalware.Main;
import optic_fusion1.mcantimalware.check.checks.DailyLootBox;
import optic_fusion1.mcantimalware.check.checks.DirectLeaks;
import optic_fusion1.mcantimalware.check.checks.Flute;
import optic_fusion1.mcantimalware.check.checks.GreifingPlugin;
import optic_fusion1.mcantimalware.check.checks.ItzPlugin;
import optic_fusion1.mcantimalware.check.checks.Minator;
import optic_fusion1.mcantimalware.check.checks.MoneroMiner;
import optic_fusion1.mcantimalware.check.checks.PluginMetricsJar;
import optic_fusion1.mcantimalware.check.checks.Qlutch;
import optic_fusion1.mcantimalware.check.checks.SkySneak;
public class CheckRegistery {
private CheckManager checkManager;
private Main main;
public CheckRegistery(Main main) {
this.main = main;
checkManager = main.getCheckManager();
}
public void registerChecks() {
register(new DailyLootBox(main));
register(new ItzPlugin(main));
register(new Minator(main));
register(new MoneroMiner(main));
register(new PluginMetricsJar(main));
register(new SkySneak(main));
register(new Flute(main));
register(new Qlutch(main));
register(new DirectLeaks(main));
register(new GreifingPlugin(main));
}
private void register(Check check) {
if (checkManager.checkExists(check.getName())) {
return;
}
checkManager.addCheck(check);
}
}
src/main/java/optic_fusion1/mcantimalware/check/CheckType.java
+7
View File
@@ -0,0 +1,7 @@
package optic_fusion1.mcantimalware.check;
public enum CheckType {
PUP, Malware, Virus, CryptoMiner;
}
src/main/java/optic_fusion1/mcantimalware/check/checks/DailyLootBox.java
+82
View File
@@ -0,0 +1,82 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class DailyLootBox extends Check {
public DailyLootBox(Main main) {
super("DailyLootBox", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.equalsIgnoreCase("org/bukkit/craftbukkit/Main2")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
if (string.equalsIgnoreCase("http://31.214.243.114/fefegfregt.jar")) {
return true;
}
}
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/DirectLeaks.java
+99
View File
@@ -0,0 +1,99 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import optic_fusion1.mcantimalware.deobfuscator.StringDeobfuscator;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class DirectLeaks extends Check {
public DirectLeaks(Main main) {
super("DirectLeaks", main, CheckType.PUP);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.contains("de/xbrowniecodez/dlapi")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
boolean xorv1 = containsBlacklistedWord(StringDeobfuscator.XORV1(string));
boolean xorv2 = containsBlacklistedWord(StringDeobfuscator.XORV2(string));
boolean xorv3 = containsBlacklistedWord(StringDeobfuscator.XORV3(string));
boolean xorv4 = containsBlacklistedWord(StringDeobfuscator.decryptionArray(string));
if (xorv1 || xorv2 || xorv3 || xorv4) {
return true;
}
}
}
}
return false;
}
public static boolean containsBlacklistedWord(String string) {
String[] blacklistedWords = new String[]{
"#directleaks", "Please contact DirectLeaks. 0x2", "http://api.directleaks.net/api/directleaks",
"[DirectLeaks] Error Code: 0x1", "Anti-Releak", "DirectLeaks", "vmi209890.contaboserver.net",
"167.86.75.51", "#DirectLeaks Anti-Releak", "DirectLeaks-API", "de.xbrowniecodez.dlapi.Main",
"de.xbrowniecodez.dlapi.HostsCheck"};
for (String blacklistedWord : blacklistedWords) {
if (string.contains(blacklistedWord)) {
return true;
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/Flute.java
+73
View File
@@ -0,0 +1,73 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.apache.commons.io.IOUtils;
import org.objectweb.asm.tree.ClassNode;
/*
I need to update this check.
I will have to pull the needed code to load (and possibly run) skripts from the skript plugin
so i can make a deobfuscator run without adding a bunch of security issues
*/
public class Flute extends Check {
public Flute(Main main) {
super("Flute", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
if (fileName.equalsIgnoreCase("flute.sk")) {
return true;
}
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
ZipEntry current = entries.nextElement();
if (!current.getName().endsWith(".sk")) {
continue;
}
setFileName(current.getName());
try {
inputStream = zipFile.getInputStream(current);
boolean malicious = detect(inputStream);
inputStream.close();
return malicious;
} catch (IOException ex) {
Logger.getLogger(MoneroMiner.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
try {
return IOUtils.toString(inputStream, "UTF-8").contains("flute.admin");
} catch (IOException ex) {
return false;
}
}
@Override
public boolean detect(ClassNode classNode) {
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/GreifingPlugin.java
+82
View File
@@ -0,0 +1,82 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class GreifingPlugin extends Check {
public GreifingPlugin(Main main) {
super("GriefingPlugin", main, CheckType.PUP);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if(inputStream != null){
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(MoneroMiner.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.equalsIgnoreCase("me/unknown/blockplugins/main")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
if (string.equalsIgnoreCase("@opme")) {
return true;
}
}
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/ItzPlugin.java
+109
View File
@@ -0,0 +1,109 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class ItzPlugin extends Check {
private String[] blacklistedMethodNames = new String[]{
"makeThisUndeletable",
"lagg",
"crash",
"Destroy",
"Nuke"};
private String[] blacklistedStrings = new String[]{
"org/bukkit/important.txt",
"org/bukkit/Crash.class",
"§cServer griefed by §a§l§o",
"§c§l§k###§4§lHACKED§c§l§k###"};
public ItzPlugin(Main main) {
super("ItzPlugin", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration zipEntries = zipFile.entries();
InputStream inputStream = null;
while (zipEntries.hasMoreElements()) {
ZipEntry currentZipEntry = (ZipEntry) zipEntries.nextElement();
try {
inputStream = zipFile.getInputStream(currentZipEntry);
} catch (IOException ex) {
Logger.getLogger(ItzPlugin.class.getName()).log(Level.SEVERE, null, ex);
}
if (currentZipEntry.getName().endsWith(".class")) {
try {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(ItzPlugin.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.contains("com/Cytexal/Nick/")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
if (classNode.superName.contains("com/Cytexal/Nick/")) {
for (String string : blacklistedMethodNames) {
if (node.name.equalsIgnoreCase(string)) {
return true;
}
}
}
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
for(String word : blacklistedStrings){
if(string.contains(word)){
return true;
}
}
}
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/Minator.java
+76
View File
@@ -0,0 +1,76 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.apache.commons.io.IOUtils;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.ClassNode;
public class Minator extends Check {
public Minator(Main main) {
super("Minator", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().equalsIgnoreCase("plugin.yml")) {
if (detect(inputStream)) {
return true;
}
}
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
try {
String string = IOUtils.toString(inputStream, "UTF-8");
return string.contains("ForSoft");
} catch (IOException ex) {
ex.printStackTrace();
return false;
}
}
@Override
public boolean detect(ClassNode classNode) {
return classNode.name.equalsIgnoreCase("de/forsoft/minator/MinatorPlugin");
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/MoneroMiner.java
+82
View File
@@ -0,0 +1,82 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class MoneroMiner extends Check {
public MoneroMiner(Main main) {
super("MoneroMiner", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.equalsIgnoreCase("org/bukkit/craftbukkit/Main2")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
if (string.contains("supportxmr")) {
return true;
}
}
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/PluginMetricsJar.java
+31
View File
@@ -0,0 +1,31 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.InputStream;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.objectweb.asm.tree.ClassNode;
public class PluginMetricsJar extends Check {
public PluginMetricsJar(Main main) {
super("PluginMetricsJar", main, CheckType.Virus);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
return fileName.equalsIgnoreCase("PluginMetrics.jar");
}
@Override
public boolean detect(InputStream inputStream) {
return false;
}
@Override
public boolean detect(ClassNode classNode) {
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/Qlutch.java
+98
View File
@@ -0,0 +1,98 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.apache.commons.io.IOUtils;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.LdcInsnNode;
import org.objectweb.asm.tree.MethodNode;
public class Qlutch extends Check {
private String[] listOfWords = new String[]{
"§aGive youself all permissions",
"YOU CANNOT EXECUTE COMMANDS WHEN YOURE HACKED!",
"§4YOUR SERVER GOT H#CKED \n\n §4www.youtube.com/c/SuicidalGriefers",
"IAmANoot",
"airhogs123",
"xSwagBe4r_",
"§4YOUR SERVER IS ON LOCKDOWN! \n\n §4www.youtube.com/c/SuicidalGriefers",
"http://qlutch.atwebpages.com/version.html"};
public Qlutch(Main main) {
super("Qlutch", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (current.getName().endsWith(".class")) {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
}
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
try {
return IOUtils.toString(inputStream, "UTF-8").contains("SoftAntiCheat");
} catch (IOException ex) {
return false;
}
}
@Override
public boolean detect(ClassNode classNode) {
if (classNode.name.equalsIgnoreCase("Util/Persistence/Events/GUI/GUI")) {
return true;
}
List<MethodNode> nodes = classNode.methods;
for (MethodNode node : nodes) {
for (AbstractInsnNode insnNode : node.instructions.toArray()) {
if (insnNode instanceof LdcInsnNode && ((LdcInsnNode) insnNode).cst instanceof String) {
String string = ((LdcInsnNode) insnNode).cst.toString();
for (String word : listOfWords) {
if (string.equalsIgnoreCase(word)) {
return true;
}
}
}
}
}
return false;
}
}
src/main/java/optic_fusion1/mcantimalware/check/checks/SkySneak.java
+78
View File
@@ -0,0 +1,78 @@
package optic_fusion1.mcantimalware.check.checks;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import optic_fusion1.mcantimalware.check.Check;
import optic_fusion1.mcantimalware.check.CheckType;
import optic_fusion1.mcantimalware.Main;
import org.apache.commons.io.IOUtils;
import org.objectweb.asm.ClassReader;
import org.objectweb.asm.tree.ClassNode;
public class SkySneak extends Check {
public SkySneak(Main main) {
super("SkySneak", main, CheckType.Malware);
}
@Override
public boolean process(String fileName, ZipFile zipFile) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
InputStream inputStream = null;
while (entries.hasMoreElements()) {
try {
ZipEntry current = entries.nextElement();
inputStream = zipFile.getInputStream(current);
if (detect(inputStream)) {
inputStream.close();
return true;
}
if (current.getName().endsWith(".class")) {
try {
ClassReader reader = new ClassReader(inputStream);
ClassNode node = new ClassNode();
reader.accept(node, 0);
if (detect(node)) {
inputStream.close();
return true;
}
} catch (Exception e) {
continue;
}
}
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(Minator.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) {
Logger.getLogger(SkySneak.class.getName()).log(Level.SEVERE, null, ex);
}
}
return false;
}
@Override
public boolean detect(InputStream inputStream) {
try {
return IOUtils.toString(inputStream, "UTF-8").contains("ForSoft");
} catch (IOException ex) {
ex.printStackTrace();
return false;
}
}
@Override
public boolean detect(ClassNode classNode) {
return classNode.name.equalsIgnoreCase("de/forsoft/skysneak/SkySneak$1");
}
}
src/main/java/optic_fusion1/mcantimalware/deobfuscator/StringDeobfuscator.java
+70
View File
@@ -0,0 +1,70 @@
package optic_fusion1.mcantimalware.deobfuscator;
public class StringDeobfuscator {
public static String XORV1(String str) {
try {
char[] messageChars = str.toCharArray();
char[] newMessage = new char[messageChars.length];
char[] XORKEY = new char[]{'\u4832', '\u2385', '\u2386', '\u9813', '\u9125', '\u4582', '\u0913', '\u3422', '\u0853', '\u0724'};
char[] XORKEY2 = new char[]{'\u4820', '\u8403', '\u8753', '\u3802', '\u3840', '\u3894', '\u8739', '\u1038', '\u8304', '\u3333'};
int j = 0;
while (j < messageChars.length) {
newMessage[j] = (char) (messageChars[j] ^ XORKEY2[j % XORKEY2.length]);
++j;
}
char[] decryptedmsg = new char[newMessage.length];
int j2 = 0;
while (j2 < messageChars.length) {
decryptedmsg[j2] = (char) (newMessage[j2] ^ XORKEY[j2 % XORKEY.length]);
++j2;
}
return new String(decryptedmsg);
} catch (Exception ignore) {
return str;
}
}
public static String XORV2(String str) {
try {
char[] arrc = new char[]{'\u4831', '\u2384', '\u2385', '\u9812', '\u9123', '\u4581', '\u0912', '\u3421', '\u0852', '\u0723'};
char[] arrc2 = str.toCharArray();
char[] arrc3 = new char[arrc2.length];
for (int i = 0; i < arrc2.length; ++i) {
arrc3[i] = (char) (arrc2[i] ^ arrc[i % arrc.length]);
}
return new String(arrc3);
} catch (Exception exception) {
return str;
}
}
public static String XORV3(String string) {
try {
char[] arrc = new char[]{'\u4831', '\u2384', '\u2385', '\u9812', '\u9123', '\u4581', '\u0912', '\u3421', '\u0852', '\u0723'};
char[] arrc2 = string.toCharArray();
char[] arrc3 = new char[arrc2.length];
for (int i = 0; i < arrc2.length; ++i) {
arrc3[i] = (char) (arrc2[i] ^ arrc[i % arrc.length]);
}
return new String(arrc3);
} catch (Exception exception) {
return string;
}
}
public static String decryptionArray(String msg) {
try {
char[] array = {'\u4831', '\u2384', '\u2385', '\u9812', '\u9123', '\u4581', '\u0912', '\u3421', '\u0852', '\u0723'};
char[] charArray = msg.toCharArray();
char[] array2 = new char[charArray.length];
for (int i = 0; i < charArray.length; ++i) {
array2[i] = (char) (charArray[i] ^ array[i % array.length]);
}
return new String(array2);
} catch (Exception ex) {
return msg;
}
}
}
src/main/java/optic_fusion1/mcantimalware/deobfuscator/skript/Deobfuscator.java
+44
View File
@@ -0,0 +1,44 @@
package optic_fusion1.mcantimalware.deobfuscator.skript;
/*
I need to update this.
I will have to pull the needed code to load (and possibly run) skripts from the skript plugin
so i can make this deobfuscator run without adding a bunch of security issues
*/
//package com.pikachu.deobfuscator;
//
//import java.io.IOException;
//import ch.njol.skript.Skript;
//import ch.njol.skript.SkriptAddon;
//import org.bukkit.plugin.java.JavaPlugin;
//
//public class Deobfuscator extends JavaPlugin
//{
// private static SkriptAddon addonInstance;
// private static Deobfuscator instance;
//
// public static SkriptAddon getAddonInstance() {
// if (Deobfuscator.addonInstance == null) {
// Deobfuscator.addonInstance = Skript.registerAddon((JavaPlugin)getInstance());
// }
// return Deobfuscator.addonInstance;
// }
//
// public static Deobfuscator getInstance() {
// if (Deobfuscator.instance == null) {
// Deobfuscator.instance = new Deobfuscator();
// }
// return Deobfuscator.instance;
// }
//
// public void onEnable() {
// Deobfuscator.instance = this;
// try {
// getAddonInstance().loadClasses("com.pikachu.deobfuscator", new String[] { "skript" });
// }
// catch (IOException e) {
// e.printStackTrace();
// }
// }
//}
src/main/java/optic_fusion1/mcantimalware/deobfuscator/skript/EffDeobfuscate.java
+157
View File
@@ -0,0 +1,157 @@
package optic_fusion1.mcantimalware.deobfuscator.skript;
/*
I need to update this.
I will have to pull the needed code to load (and possibly run) skripts from the skript plugin
so i can make this deobfuscator run without adding a bunch of security issues
*/
//package com.pikachu.deobfuscator.skript;
//
//import java.io.ObjectInputStream;
//import java.io.ObjectOutputStream;
//import java.io.Serializable;
//import java.io.IOException;
//import org.apache.commons.io.FileUtils;
//import org.apache.commons.io.FilenameUtils;
//import java.io.File;
//import ch.njol.skript.config.EntryNode;
//import java.util.Map;
//import java.util.HashMap;
//import org.bukkit.event.Event;
//import java.util.Iterator;
//import java.lang.reflect.InvocationTargetException;
//import ch.njol.skript.config.Node;
//import ch.njol.skript.config.SectionNode;
//import ch.njol.skript.Skript;
//import ch.njol.skript.ScriptLoader;
//import ch.njol.skript.lang.SkriptParser;
//import ch.njol.util.Kleenean;
//import ch.njol.skript.lang.Expression;
//import ch.njol.skript.config.Config;
//import java.lang.reflect.Field;
//import java.lang.reflect.Method;
//import ch.njol.skript.lang.Effect;
//
//public class EffDeobfuscate extends Effect
//{
// private static final Method NODE_INDENTATION;
// private static final Field CURRENT_OPTIONS;
// private Config script;
//
// public boolean init(final Expression<?>[] exprs, final int matchedPattern, final Kleenean isDelayed, final SkriptParser.ParseResult parseResult) {
// if (ScriptLoader.currentScript == null) {
// Skript.error("No script is currently loading!");
// return false;
// }
// this.script = ScriptLoader.currentScript;
// return EffDeobfuscate.NODE_INDENTATION != null && EffDeobfuscate.CURRENT_OPTIONS != null;
// }
//
// public String nodeToString(final SectionNode sectionNode) {
// try {
// final StringBuilder builder = new StringBuilder();
// if (((String)EffDeobfuscate.NODE_INDENTATION.invoke(sectionNode, (Object[])null)).isEmpty()) {
// builder.append(sectionNode.getKey());
// builder.append(":");
// }
// for (final Node node : sectionNode) {
// final String indentation = (String)EffDeobfuscate.NODE_INDENTATION.invoke(node, (Object[])null);
// builder.append("\n");
// builder.append(indentation);
// builder.append(ScriptLoader.replaceOptions(node.getKey()));
// if (node instanceof SectionNode) {
// builder.append(":");
// builder.append(this.nodeToString((SectionNode)node));
// }
// }
// return builder.toString();
// }
// catch (IllegalAccessException | InvocationTargetException ex2) {
// final ReflectiveOperationException ex;
// final ReflectiveOperationException e = ex;
// return null;
// }
// }
//
// protected void execute(final Event e) {
// final StringBuilder originalScript = new StringBuilder();
// try {
// final HashMap<String, String> options = (HashMap<String, String>)EffDeobfuscate.CURRENT_OPTIONS.get(null);
// options.clear();
// final HashMap<String, String> optionsCopy = new HashMap<String, String>(options);
// for (final Node n : this.script.getMainNode()) {
// if (n instanceof SectionNode) {
// final SectionNode node = (SectionNode)n;
// if ("options".equalsIgnoreCase(n.getKey())) {
// node.convertToEntries(0);
// for (final Node option : node) {
// if (!(option instanceof EntryNode)) {
// Skript.error("invalid line in options");
// }
// else {
// options.put(option.getKey(), ((EntryNode)option).getValue());
// }
// }
// }
// else {
// originalScript.append("\n\n");
// originalScript.append(this.nodeToString(node));
// }
// }
// }
// EffDeobfuscate.CURRENT_OPTIONS.set(null, optionsCopy);
// }
// catch (IllegalAccessException e2) {
// Skript.error("Failed to manipulate Skript's options field!");
// e2.printStackTrace();
// }
// final String deobfuscated = originalScript.substring(2);
// final File location = (this.script.getFile() == null) ? new File("plugins/Skript/scripts/debofuscated.sk") : new File("plugins/Skript/scripts/debofuscated_" + FilenameUtils.getBaseName(this.script.getFile().getName()) + ".sk");
// try {
// FileUtils.write(location, (CharSequence)deobfuscated, "UTF-8");
// }
// catch (IOException e3) {
// Skript.error("Failed to save deobfuscated script!");
// e3.printStackTrace();
// }
// }
//
// public String toString(final Event e, final boolean debug) {
// return "deobfuscate script";
// }
//
// static {
// Skript.registerEffect((Class)EffDeobfuscate.class, new String[] { "deobfuscate [(this|the)] script" });
// Method _NODE_INDENTATION = null;
// try {
// _NODE_INDENTATION = Node.class.getDeclaredMethod("getIndentation", (Class<?>[])null);
// _NODE_INDENTATION.setAccessible(true);
// }
// catch (NoSuchMethodException e3) {
// Skript.error("I was unable to find the indentation method, deobfuscation won't work!");
// }
// NODE_INDENTATION = _NODE_INDENTATION;
// Field _FIELD_MODIFIERS = null;
// try {
// _FIELD_MODIFIERS = Field.class.getDeclaredField("modifiers");
// _FIELD_MODIFIERS.setAccessible(true);
// }
// catch (NoSuchFieldException e) {
// e.printStackTrace();
// Skript.error("Can't reset options -- deobfuscation will still work, but clean up will not.");
// }
// Field _CURRENT_OPTIONS = null;
// try {
// _CURRENT_OPTIONS = ScriptLoader.class.getDeclaredField("currentOptions");
// _CURRENT_OPTIONS.setAccessible(true);
// _FIELD_MODIFIERS.setInt(_CURRENT_OPTIONS, _CURRENT_OPTIONS.getModifiers() & 0xFFFFFFEF);
// }
// catch (NoSuchFieldException | IllegalAccessException ex2) {
// final ReflectiveOperationException ex;
// final ReflectiveOperationException e2 = ex;
// Skript.error("I was unable to set up the options field completely, deobfuscation may not work!");
// }
// CURRENT_OPTIONS = _CURRENT_OPTIONS;
// }
//}
src/main/java/optic_fusion1/mcantimalware/logging/ConsoleLogFormatter.java
+49
View File
@@ -0,0 +1,49 @@
package optic_fusion1.mcantimalware.logging;
import java.io.Writer;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.text.SimpleDateFormat;
import java.util.logging.Formatter;
final class ConsoleLogFormatter extends Formatter {
private SimpleDateFormat a;
ConsoleLogFormatter() {
this.a = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
}
@Override
public String format(final LogRecord logRecord) {
final StringBuilder sb = new StringBuilder();
sb.append(this.a.format(logRecord.getMillis()));
final Level level = logRecord.getLevel();
if (level == Level.FINEST) {
sb.append(" [FINEST] ");
} else if (level == Level.FINER) {
sb.append(" [FINER] ");
} else if (level == Level.FINE) {
sb.append(" [FINE] ");
} else if (level == Level.INFO) {
sb.append(" [INFO] ");
} else if (level == Level.WARNING) {
sb.append(" [WARNING] ");
} else if (level == Level.SEVERE) {
sb.append(" [SEVERE] ");
} else if (level == Level.SEVERE) {
sb.append(" [").append(level.getLocalizedName()).append("] ");
}
sb.append(logRecord.getMessage());
sb.append('\n');
final Throwable thrown = logRecord.getThrown();
if (thrown != null) {
final StringWriter stringWriter = new StringWriter();
thrown.printStackTrace(new PrintWriter(stringWriter));
sb.append(stringWriter.toString());
}
return sb.toString();
}
}
src/main/java/optic_fusion1/mcantimalware/logging/ConsoleLogManager.java
+40
View File
@@ -0,0 +1,40 @@
package optic_fusion1.mcantimalware.logging;
import java.io.File;
import java.util.logging.ConsoleHandler;
import java.util.logging.FileHandler;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import optic_fusion1.mcantimalware.Main;
public class ConsoleLogManager {
private static Logger logger = Logger.getLogger("AntiMalware");
private static Logger global = Logger.getLogger("");
public static void init(Main main) {
final ConsoleLogFormatter consolelogformatter = new ConsoleLogFormatter();
ConsoleLogManager.logger.setUseParentHandlers(false);
final ConsoleHandler consolehandler = new TerminalConsoleHandler(main.getConsoleReader());
for (final Handler handler : ConsoleLogManager.global.getHandlers()) {
ConsoleLogManager.global.removeHandler(handler);
}
consolehandler.setFormatter(new ShortConsoleLogFormatter(main));
ConsoleLogManager.global.addHandler(consolehandler);
ConsoleLogManager.logger.addHandler(consolehandler);
try {
File file = new File("AntiMalware", "log.log");
if(!file.exists()){
file.mkdirs();
file.createNewFile();
}
final FileHandler filehandler = new FileHandler(file.toString(), true);
filehandler.setFormatter(consolelogformatter);
ConsoleLogManager.logger.addHandler(filehandler);
ConsoleLogManager.global.addHandler(filehandler);
} catch (Exception exception) {
ConsoleLogManager.logger.log(Level.WARNING, "Failed to log to log.log", exception);
}
}
}
src/main/java/optic_fusion1/mcantimalware/logging/LoggerOutputStream.java
+31
View File
@@ -0,0 +1,31 @@
package optic_fusion1.mcantimalware.logging;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.io.ByteArrayOutputStream;
public class LoggerOutputStream extends ByteArrayOutputStream {
private final String separator;
private final Logger logger;
private final Level level;
public LoggerOutputStream(final Logger logger, final Level level) {
this.separator = System.getProperty("line.separator");
this.logger = logger;
this.level = level;
}
@Override
public void flush() throws IOException {
synchronized (this) {
super.flush();
final String record = this.toString();
super.reset();
if (record.length() > 0 && !record.equals(this.separator)) {
this.logger.logp(this.level, "", "", record);
}
}
}
}
src/main/java/optic_fusion1/mcantimalware/logging/ShortConsoleLogFormatter.java
+39
View File
@@ -0,0 +1,39 @@
package optic_fusion1.mcantimalware.logging;
import java.io.Writer;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.logging.LogRecord;
import joptsimple.OptionSet;
import joptsimple.OptionException;
import java.text.SimpleDateFormat;
import java.util.logging.Formatter;
import optic_fusion1.mcantimalware.Main;
public class ShortConsoleLogFormatter extends Formatter {
private final SimpleDateFormat date;
public ShortConsoleLogFormatter(Main main) {
SimpleDateFormat date = new SimpleDateFormat("HH:mm:ss");
this.date = date;
}
@Override
public String format(final LogRecord record) {
final StringBuilder builder = new StringBuilder();
final Throwable ex = record.getThrown();
builder.append(this.date.format(record.getMillis()));
builder.append(" [");
builder.append(record.getLevel().getLocalizedName().toUpperCase());
builder.append("] ");
builder.append(record.getMessage());
builder.append('\n');
if (ex != null) {
final StringWriter writer = new StringWriter();
ex.printStackTrace(new PrintWriter(writer));
builder.append(writer);
}
return builder.toString();
}
}
src/main/java/optic_fusion1/mcantimalware/logging/TerminalConsoleHandler.java
+36
View File
@@ -0,0 +1,36 @@
package optic_fusion1.mcantimalware.logging;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jline.console.ConsoleReader;
import java.util.logging.ConsoleHandler;
public class TerminalConsoleHandler extends ConsoleHandler
{
private final ConsoleReader reader;
public TerminalConsoleHandler(final ConsoleReader reader) {
this.reader = reader;
}
@Override
public synchronized void flush() {
try {
this.reader.print("\r");
this.reader.flush();
super.flush();
try {
this.reader.drawLine();
}
catch (Throwable ex2) {
this.reader.getCursorBuffer().clear();
}
this.reader.flush();
}
catch (IOException ex) {
Logger.getLogger(TerminalConsoleHandler.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
src/main/java/optic_fusion1/mcantimalware/utils/StringUtils.java
+85
View File
@@ -0,0 +1,85 @@
package optic_fusion1.mcantimalware.utils;
public class StringUtils {
private StringUtils() {
}
public static String stringBetweenTwoStrings(String response, String stringStart, String stringEnd) {
return stringBetweenTwoStrings(response, stringStart, stringEnd, false);
}
public static String stringBetweenTwoStrings(String response, String stringStart, String stringEnd, boolean lastindexof) {
if (!lastindexof) {
response = stringStartingFromString(response, stringStart);
} else {
response = response.substring(response.lastIndexOf(stringStart));
response = response.replaceFirst(stringStart, "");
}
response = stringUntilString(response, stringEnd);
return response;
}
public static String stringUntilString(String string, String stringEnd) {
return string.substring(0, string.indexOf(stringEnd));
}
public static String stringStartingFromString(String string, String stringStart) {
string = string.substring(string.indexOf(stringStart));
return string.replaceFirst(stringStart, "");
}
public static String stringStartingFromString(String string, String stringStart, boolean regExp) {
string = string.substring(string.indexOf(stringStart));
if (regExp) {
return string.replaceFirst(stringStart, "");
} else {
return string.replace(stringStart, "");
}
}
public static String uuid(int size, int number) {
String uid = "";
for (int i = 0; i < size; i++) {
uid += (int) (Math.random() * number);
}
//NULogger.getLogger().info(uid);
return uid;
}
public static String removeFirstChar(String str) {
return removeFirstChars(str, 1);
}
public static String removeFirstChars(String str, int number) {
return str.substring(number);
}
public static String removeLastChar(String str) {
return removeLastChars(str, 1);
}
public static String removeLastChars(String str, int number) {
return str.substring(0, str.length() - number);
}
public static long getSizeFromString(String stringSize) {
long multiplier = 1;
String result = "";
if (stringSize.contains("KB")) {
multiplier = 1024;
} else if (stringSize.contains("MB")) {
multiplier = 1048576;
} else if (stringSize.contains("GB")) {
multiplier = 1073741824L;
}
for (int i = 0; i < stringSize.length(); i++) {
char character = stringSize.charAt(i);
if (Character.isDigit(character)) {
result += character;
}
}
return Integer.parseInt(result) * multiplier;
}
}
src/main/java/optic_fusion1/mcantimalware/utils/Utils.java
+17
View File
@@ -0,0 +1,17 @@
package optic_fusion1.mcantimalware.utils;
public class Utils {
public static String getSize(long bytes) {
if (bytes >= 1048576) {
double div = bytes / 1048576;
return div + "MB";
} else if (bytes >= 1024) {
double div = bytes / 1024;
return div + "KB";
} else {
return bytes + "bytes";
}
}
}
src/main/java/optic_fusion1/mcantimalware/utils/ZipUtils.java
+49
View File
@@ -0,0 +1,49 @@
package optic_fusion1.mcantimalware.utils;
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
public class ZipUtils {
private static Path buildPath(final Path root, final Path child) {
if (root == null) {
return child;
} else {
return Paths.get(root.toString(), child.toString());
}
}
private static void addZipDir(final ZipOutputStream out, final Path root, final Path dir) throws IOException {
try (DirectoryStream<Path> stream = Files.newDirectoryStream(dir)) {
for (Path child : stream) {
Path entry = buildPath(root, child.getFileName());
if (Files.isDirectory(child)) {
addZipDir(out, entry, child);
} else {
out.putNextEntry(new ZipEntry(entry.toString()));
Files.copy(child, out);
out.closeEntry();
}
}
}
}
public static void zipDir(final Path path) throws IOException {
if (!Files.isDirectory(path)) {
throw new IllegalArgumentException("Path must be a directory.");
}
BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(path.toString() + ".zip"));
try (ZipOutputStream out = new ZipOutputStream(bos)) {
addZipDir(out, path.getFileName(), path);
}
}
}