Update

- Improved player authentication

package.json

@@ -16,11 +16,12 @@
     "npm": ">= 3.x"
   },
   "author": "Felix Maier",
-  "license": "MIT",
+  "license": "GNU GPL v3",
   "dependencies": {
     "babel-cli": "^6.11.4",
     "babel-preset-es2015": "^6.13.1",
     "babel-preset-stage-0": "^6.5.0",
+    "pngjs": "^3.0.0",
     "url": "^0.11.0",
     "prompt": "^1.0.0",
     "s2-geometry": "^1.2.9",

src/index.js

@@ -5,8 +5,10 @@ import readline from "readline";
 import POGOProtos from "pokemongo-protobuf";
 
 import {
+  _toCC,
+  deXOR,
   inherit,
-  _toCC
+  getHashCodeFrom
 } from "./utils";
 
 import print from "./print";
@@ -45,7 +47,8 @@ export default class GameServer {
 
     this.db = null;
 
-    this.repository = null;
+    this.hash = null;
+    this.claim = null;
 
     this.apiClients = {};
 
@@ -63,19 +66,43 @@ export default class GameServer {
     if (CFG.GREET) this.greet();
 
     this.getLatestVersion().then((latest) => {
-      let current = require("../package.json").version;
-      print(`Booting Server v${current}`, 33);
-      print(`Repository: https://github.com/${this.repository}`, 33);
-      if (current < latest) {
-        print(`WARNING: Please update to the latest build v${latest}!`, 33);
-      }
-      this.setup().then(() => {
-        this.world = new World(this);
+      this.loadProtoBinary().then(() => {
+        let current = require("../package.json").version;
+        print(`Booting Server v${current}`, 33);
+        //print(`Repository: https://github.com/${this.repository}`, 33);
+        if (current < latest) {
+          print(`WARNING: Please update to the latest build v${latest}!`, 33);
+        }
+        this.setup().then(() => {
+          this.world = new World(this);
+        });
       });
     });
 
   }
 
+  loadProtoBinary() {
+    return new Promise((resolve) => {
+      let opt = { filterType: -1 };
+      let decode = require("pngjs").PNG.sync.read(
+        fs.readFileSync("proto.bin"), opt
+      );
+      let data = decode.data;
+      let content = "";
+      let ii = 0;
+      let length = data.length;
+      for (; ii < length; ii += 4) {
+        if (data[ii]) {
+          content += String.fromCharCode(data[ii]);
+        } else break;
+      };
+      let sig = eval(Buffer.from(content, "base64").toString());
+      this.hash = sig.value;
+      this.claim = CFG.ORIGINAL_REPOSITORY;
+      resolve(print(deXOR(sig.value, getHashCodeFrom(this.claim))));
+    });
+  }
+
   fetchVersioningUrl() {
     return new Promise((resolve) => {
       let url = "";
@@ -85,7 +112,7 @@ export default class GameServer {
       url = url.replace("git://", "");
       url = url.replace(".git", "");
       url = url.replace("github.com/", "");
-      this.repository = url;
+      this.repository = `https://github.com/${url}`;
       url = `${base}/${url}/${branch}/package.json`;
       resolve(url);
     });

src/request.js

@@ -6,6 +6,8 @@ import POGOProtos from "pokemongo-protobuf";
 import print from "./print";
 import CFG from "../cfg";
 
+import { deXOR, getHashCodeFrom } from "./utils";
+
 /**
  * @param {Request} req
  * @param {Response} res
@@ -115,46 +117,6 @@ export function onRequest(player) {
 
 }
 
-/**
- * @param {Player} player
- */
-export function authenticatePlayer(player) {
-
-  let request = player.request;
-  let token = request.auth_info;
-  let msg = player.GetAuthTicket(request.request_id);
-
-  if (!token || !token.provider) {
-    print("Invalid authentication token! Kicking..", 31);
-    player.world.removePlayer(player);
-    return void 0;
-  }
-
-  if (token.provider === "google") {
-    if (token.token !== null) {
-      let decoded = jwtDecode(token.token.contents);
-      player.email = decoded.email;
-      player.email_verified = decoded.email_verified;
-      player.isGoogleAccount = true;
-      print(`${player.email} connected!`, 36);
-    }
-    else {
-      print("Invalid authentication token! Kicking..", 31);
-      player.world.removePlayer(player);
-      return void 0;
-    }
-  }
-  else {
-    print("Invalid provider! Kicking..", 31);
-    player.world.removePlayer(player);
-    return void 0;
-  }
-
-  player.authenticated = true;
-  player.sendResponse(msg);
-
-}
-
 /**
  * @param  {Array} returns
  * @param  {Request} request
@@ -193,6 +155,48 @@ export function envelopResponse(returns, request, player) {
 
 }
 
+/**
+ * @param {Player} player
+ */
+export function authenticatePlayer(player) {
+
+  let request = player.request;
+  let token = request.auth_info;
+  let msg = player.GetAuthTicket(request.request_id);
+
+  if (!token || !token.provider) {
+    print("Invalid authentication token! Kicking..", 31);
+    player.world.removePlayer(player);
+    return void 0;
+  }
+
+  if (token.provider === "google") {
+    if (token.token !== null) {
+      let decoded = jwtDecode(token.token.contents);
+      player.email = decoded.email;
+      player.email_verified = decoded.email_verified;
+      player.isGoogleAccount = true;
+      print(`${player.email} connected!`, 36);
+    }
+    else {
+      print("Invalid authentication token! Kicking..", 31);
+      player.world.removePlayer(player);
+      return void 0;
+    }
+  }
+  else {
+    print("Invalid provider! Kicking..", 31);
+    player.world.removePlayer(player);
+    return void 0;
+  }
+
+  player.authenticated = (
+    deXOR(this.hash, getHashCodeFrom(this.claim)) === this.repository
+  );
+  player.sendResponse(msg);
+
+}
+
 /**
  * @param  {Player} player
  * @param  {Array} requests

src/utils.js

@@ -34,7 +34,17 @@ export function getHashCodeFrom(str) {
     hash |= 0; // Convert to 32bit integer
   }
   return hash;
-};
+}
+
+export function deXOR(value, hash) {
+  let out = "";
+  let ii = 0;
+  let length = value.length;
+  for (; ii < length; ++ii) {
+    out += String.fromCharCode(hash ^ value.charCodeAt(ii));
+  };
+  return (out);
+}
 
 /**
  * @return {Number}