account: Rework LoadIdTokenCache to auto generate a random JWT token (#2991)

This improve correctness of that call while possibly spoofing possible recognizable patterns.
This commit is contained in:
Mary 2022-01-11 09:22:20 +01:00 committed by GitHub
parent e32a19520b
commit 275275f7ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 6 deletions

View File

@ -1,7 +1,11 @@
using Ryujinx.Common.Logging; using Microsoft.IdentityModel.Tokens;
using Ryujinx.Cpu; using Ryujinx.Common.Logging;
using Ryujinx.HLE.HOS.Kernel.Threading; using Ryujinx.HLE.HOS.Kernel.Threading;
using Ryujinx.HLE.HOS.Services.Account.Acc.AsyncContext; using Ryujinx.HLE.HOS.Services.Account.Acc.AsyncContext;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;
using System.Text;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -19,6 +23,51 @@ namespace Ryujinx.HLE.HOS.Services.Account.Acc.AccountService
_userId = userId; _userId = userId;
} }
private static string GenerateIdToken()
{
using RSA provider = RSA.Create(2048);
RSAParameters parameters = provider.ExportParameters(true);
RsaSecurityKey secKey = new RsaSecurityKey(parameters);
SigningCredentials credentials = new SigningCredentials(secKey, "RS256");
credentials.Key.KeyId = parameters.ToString();
var header = new JwtHeader(credentials)
{
{ "jku", "https://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com/1.0.0/certificates" }
};
byte[] rawUserId = new byte[0x10];
RandomNumberGenerator.Fill(rawUserId);
byte[] deviceId = new byte[0x10];
RandomNumberGenerator.Fill(deviceId);
byte[] deviceAccountId = new byte[0x10];
RandomNumberGenerator.Fill(deviceId);
var payload = new JwtPayload
{
{ "sub", BitConverter.ToString(rawUserId).Replace("-", "").ToLower() },
{ "aud", "ed9e2f05d286f7b8" },
{ "di", BitConverter.ToString(deviceId).Replace("-", "").ToLower() },
{ "sn", "XAW10000000000" },
{ "bs:did", BitConverter.ToString(deviceAccountId).Replace("-", "").ToLower() },
{ "iss", "https://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com" },
{ "typ", "id_token" },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
{ "jti", Guid.NewGuid().ToString() },
{ "exp", (DateTimeOffset.UtcNow + TimeSpan.FromHours(3)).ToUnixTimeSeconds() }
};
JwtSecurityToken securityToken = new JwtSecurityToken(header, payload);
return new JwtSecurityTokenHandler().WriteToken(securityToken);
}
public ResultCode CheckAvailability(ServiceCtx context) public ResultCode CheckAvailability(ServiceCtx context)
{ {
// NOTE: This opens the file at "su/baas/USERID_IN_UUID_STRING.dat" where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x". // NOTE: This opens the file at "su/baas/USERID_IN_UUID_STRING.dat" where USERID_IN_UUID_STRING is formatted as "%08x-%04x-%04x-%02x%02x-%08x%04x".
@ -92,11 +141,10 @@ namespace Ryujinx.HLE.HOS.Services.Account.Acc.AccountService
} }
*/ */
int idTokenCacheSize = 0; byte[] tokenData = Encoding.ASCII.GetBytes(GenerateIdToken());
MemoryHelper.FillWithZeros(context.Memory, bufferPosition, (int)bufferSize); context.Memory.Write(bufferPosition, tokenData);
context.ResponseData.Write(tokenData.Length);
context.ResponseData.Write(idTokenCacheSize);
return ResultCode.Success; return ResultCode.Success;
} }

View File

@ -23,6 +23,7 @@
<PackageReference Include="MsgPack.Cli" Version="1.0.1" /> <PackageReference Include="MsgPack.Cli" Version="1.0.1" />
<PackageReference Include="SixLabors.ImageSharp" Version="1.0.4" /> <PackageReference Include="SixLabors.ImageSharp" Version="1.0.4" />
<PackageReference Include="SixLabors.ImageSharp.Drawing" Version="1.0.0-beta11" /> <PackageReference Include="SixLabors.ImageSharp.Drawing" Version="1.0.0-beta11" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.15.0" />
</ItemGroup> </ItemGroup>
<!-- Due to Concentus. --> <!-- Due to Concentus. -->