Index: java/com/l2jserver/loginserver/clientpackets/RequestServerList.java
===================================================================
--- java/com/l2jserver/loginserver/clientpackets/RequestServerList.java (revision 4115)
+++ java/com/l2jserver/loginserver/clientpackets/RequestServerList.java (working copy)
@@ -14,6 +14,7 @@
*/
package com.l2jserver.loginserver.clientpackets;
+import com.l2jserver.Config;
import com.l2jserver.loginserver.serverpackets.ServerList;
import com.l2jserver.loginserver.serverpackets.LoginFail.LoginFailReason;
@@ -74,6 +75,12 @@
@Override
public void run()
{
+ if (Config.SECURITY_CARD_LOGIN && !getClient().isCardAuthed())
+ {
+ getClient().close(LoginFailReason.REASON_IGNORE);
+ return;
+ }
+
if (getClient().getSessionKey().checkLoginPair(_skey1, _skey2))
{
getClient().sendPacket(new ServerList(getClient()));
Index: java/com/l2jserver/loginserver/clientpackets/RequestServerLogin.java
===================================================================
--- java/com/l2jserver/loginserver/clientpackets/RequestServerLogin.java (revision 4115)
+++ java/com/l2jserver/loginserver/clientpackets/RequestServerLogin.java (working copy)
@@ -81,6 +81,12 @@
{
SessionKey sk = getClient().getSessionKey();
+ if (Config.SECURITY_CARD_LOGIN && !getClient().isCardAuthed())
+ {
+ getClient().close(LoginFailReason.REASON_IGNORE);
+ return;
+ }
+
// if we didnt showed the license we cant check these values
if (!Config.SHOW_LICENCE || sk.checkLoginPair(_skey1, _skey2))
{
Index: java/com/l2jserver/Config.java
===================================================================
--- java/com/l2jserver/Config.java (revision 4115)
+++ java/com/l2jserver/Config.java (working copy)
@@ -941,6 +941,9 @@
public static int FAST_CONNECTION_TIME;
public static int MAX_CONNECTION_PER_IP;
+ public static boolean SECURITY_CARD_LOGIN;
+ public static String SECURITY_CARD_ID;
+
// GrandBoss Settings
public static int Antharas_Wait_Time;
@@ -2534,6 +2537,9 @@
NORMAL_CONNECTION_TIME = Integer.parseInt(serverSettings.getProperty("NormalConnectionTime","700"));
FAST_CONNECTION_TIME = Integer.parseInt(serverSettings.getProperty("FastConnectionTime","350"));
MAX_CONNECTION_PER_IP = Integer.parseInt(serverSettings.getProperty("MaxConnectionPerIP","50"));
+
+ SECURITY_CARD_LOGIN = Boolean.parseBoolean(serverSettings.getProperty("UseSecurityCardToLogin", "False"));
+ SECURITY_CARD_ID = serverSettings.getProperty("SecurityCardID", "l2jserver");
}
catch (Exception e)
{
Index: java/com/l2jserver/loginserver/L2LoginPacketHandler.java
===================================================================
--- java/com/l2jserver/loginserver/L2LoginPacketHandler.java (revision 4115)
+++ java/com/l2jserver/loginserver/L2LoginPacketHandler.java (working copy)
@@ -17,15 +17,16 @@
import java.nio.ByteBuffer;
import java.util.logging.Logger;
-
import org.mmocore.network.IPacketHandler;
import org.mmocore.network.ReceivablePacket;
+import com.l2jserver.Config;
import com.l2jserver.loginserver.L2LoginClient.LoginClientState;
import com.l2jserver.loginserver.clientpackets.AuthGameGuard;
import com.l2jserver.loginserver.clientpackets.RequestAuthLogin;
import com.l2jserver.loginserver.clientpackets.RequestServerList;
import com.l2jserver.loginserver.clientpackets.RequestServerLogin;
+import com.l2jserver.loginserver.clientpackets.RequestSubmitCardNo;
/**
* Handler for packets received by Login Server
@@ -77,6 +78,11 @@
{
packet = new RequestServerLogin();
}
+ else if (opcode == 0x06)
+ {
+ if (Config.SECURITY_CARD_LOGIN)
+ packet = new RequestSubmitCardNo();
+ }
else
{
debugOpcode(opcode, state);
Index: java/com/l2jserver/loginserver/L2LoginClient.java
===================================================================
--- java/com/l2jserver/loginserver/L2LoginClient.java (revision 4115)
+++ java/com/l2jserver/loginserver/L2LoginClient.java (working copy)
@@ -63,6 +63,8 @@
private long _connectionStartTime;
+ private boolean _card;
+
/**
* @param con
*/
@@ -225,6 +227,16 @@
return _connectionStartTime;
}
+ public boolean isCardAuthed()
+ {
+ return _card;
+ }
+
+ public void setCardAuthed(boolean card)
+ {
+ _card = card;
+ }
+
public void sendPacket(L2LoginServerPacket lsp)
{
getConnection().sendPacket(lsp);
Index: java/config/loginserver.properties
===================================================================
--- java/config/loginserver.properties (revision 4115)
+++ java/config/loginserver.properties (working copy)
@@ -75,6 +75,13 @@
# Default: False
ForceGGAuth = False
+# Basic protection against OOG Client Emulators
+# If True, users must input a text inside a dialog to continue.
+# Default: False
+UseSecurityCardToLogin = False
+# Input verification (not done yet).
+# SecurityCardID = l2jserver
+
# Flood Protection. All values are in MILISECONDS.
# Default: True
EnableFloodProtection = True
Index: java/com/l2jserver/loginserver/clientpackets/RequestAuthLogin.java
===================================================================
--- java/com/l2jserver/loginserver/clientpackets/RequestAuthLogin.java (revision 4115)
+++ java/com/l2jserver/loginserver/clientpackets/RequestAuthLogin.java (working copy)
@@ -28,6 +28,7 @@
import com.l2jserver.loginserver.L2LoginClient.LoginClientState;
import com.l2jserver.loginserver.LoginController.AuthLoginResult;
import com.l2jserver.loginserver.serverpackets.AccountKicked;
+import com.l2jserver.loginserver.serverpackets.LoginFail;
import com.l2jserver.loginserver.serverpackets.LoginOk;
import com.l2jserver.loginserver.serverpackets.ServerList;
import com.l2jserver.loginserver.serverpackets.AccountKicked.AccountKickedReason;
@@ -112,7 +113,7 @@
L2LoginClient client = getClient();
try
{
- AuthLoginResult result = lc.tryAuthLogin(_user, _password, getClient());
+ AuthLoginResult result = lc.tryAuthLogin(_user, _password, client);
switch (result)
{
@@ -120,13 +121,15 @@
client.setAccount(_user);
client.setState(LoginClientState.AUTHED_LOGIN);
client.setSessionKey(lc.assignSessionKeyToClient(_user, client));
- if (Config.SHOW_LICENCE)
+ if (Config.SECURITY_CARD_LOGIN)
+ client.sendPacket(new LoginFail(LoginFailReason.REASON_INVALID_SECURITY_CARD_NO));
+ else if (Config.SHOW_LICENCE)
{
- client.sendPacket(new LoginOk(getClient().getSessionKey()));
+ client.sendPacket(new LoginOk(client.getSessionKey()));
}
else
{
- getClient().sendPacket(new ServerList(getClient()));
+ client.sendPacket(new ServerList(client));
}
break;
case INVALID_PASSWORD:
@@ -163,7 +166,7 @@
}
catch (HackingException e)
{
- InetAddress address = getClient().getConnection().getInetAddress();
+ InetAddress address = client.getConnection().getInetAddress();
lc.addBanForAddress(address, Config.LOGIN_BLOCK_AFTER_BAN*1000);
_log.info("Banned ("+address+") for "+Config.LOGIN_BLOCK_AFTER_BAN+" seconds, due to "+e.getConnects()+" incorrect login attempts.");
}
Index: java/com/l2jserver/loginserver/serverpackets/LoginFail.java
===================================================================
--- java/com/l2jserver/loginserver/serverpackets/LoginFail.java (revision 4115)
+++ java/com/l2jserver/loginserver/serverpackets/LoginFail.java (working copy)
@@ -30,7 +30,9 @@
REASON_SERVER_OVERLOADED (0x0f),
REASON_SERVER_MAINTENANCE (0x10),
REASON_TEMP_PASS_EXPIRED (0x11),
- REASON_DUAL_BOX (0x23);
+ REASON_DUAL_BOX (0x23),
+ REASON_INVALID_SECURITY_CARD_NO (0x1f),
+ REASON_IGNORE (0x17);
private final int _code;
Index: java/com/l2jserver/loginserver/clientpackets/RequestSubmitCardNo.java
===================================================================
--- java/com/l2jserver/loginserver/clientpackets/RequestSubmitCardNo.java (revision 0)
+++ java/com/l2jserver/loginserver/clientpackets/RequestSubmitCardNo.java (revision 0)
@@ -0,0 +1,69 @@
+/*
+ * This program is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.l2jserver.loginserver.clientpackets;
+
+import com.l2jserver.Config;
+import com.l2jserver.loginserver.L2LoginClient;
+import com.l2jserver.loginserver.serverpackets.LoginOk;
+import com.l2jserver.loginserver.serverpackets.ServerList;
+
+/**
+ * Analysis left for better times, since anyway it's too easy to counter as
+ * a anti-emulator measure.
+ * @author savormix
+ */
+public class RequestSubmitCardNo extends L2LoginClientPacket
+{
+ //private final byte[] _raw = new byte[128];
+
+ @Override
+ public boolean readImpl()
+ {
+ // always 151 bytes, despite what the input is
+ if (super._buf.remaining() == 151)
+ {
+ //readB(_raw);
+ return true;
+ }
+ else
+ return false;
+ }
+
+ @Override
+ public void run()
+ {
+ /* This definetly shouldn't be used, since it isn't a RSA crypted block
+ byte[] decrypted = null;
+ try
+ {
+ Cipher rsaCipher = Cipher.getInstance("RSA/ECB/nopadding");
+ rsaCipher.init(Cipher.DECRYPT_MODE, getClient().getRSAPrivateKey());
+ decrypted = rsaCipher.doFinal(_raw, 0x00, 0x80);
+ }
+ catch (GeneralSecurityException e)
+ {
+ e.printStackTrace();
+ return;
+ }
+ System.err.println(HexUtil.printData(decrypted));
+ */
+ L2LoginClient client = getClient();
+ client.setCardAuthed(true);
+ if (Config.SHOW_LICENCE)
+ client.sendPacket(new LoginOk(client.getSessionKey()));
+ else
+ client.sendPacket(new ServerList(client));
+ }
+}
---> http://www.l2jserver.com/forum/viewtopic.php?f=73&t=14800&start=90#p130611