From 5654fa0b9fe8bc4086a78d695bfcd357e3894c19 Mon Sep 17 00:00:00 2001 From: Downforce Agent Date: Fri, 4 Oct 2024 13:12:34 -0500 Subject: [PATCH] Checksum downloaded executables, don't quote download filenames --- firestar/src/main/java/Fozzie.java | 2 +- firestar/src/main/java/Main.java | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/firestar/src/main/java/Fozzie.java b/firestar/src/main/java/Fozzie.java index 95e52c0..51dfba1 100644 --- a/firestar/src/main/java/Fozzie.java +++ b/firestar/src/main/java/Fozzie.java @@ -51,7 +51,7 @@ public class Fozzie { frame.setIconImage(Main.windowIcon); frame.setVisible(true); - label.setText("Downloading \"" + dname + "\""); + label.setText("Downloading " + dname); try { URL fileURL = new URL(url); diff --git a/firestar/src/main/java/Main.java b/firestar/src/main/java/Main.java index 1a5454c..3f2ece4 100644 --- a/firestar/src/main/java/Main.java +++ b/firestar/src/main/java/Main.java @@ -24,8 +24,11 @@ import org.json.*; import java.awt.*; import java.awt.image.BufferedImage; import java.io.*; +import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.nio.file.*; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.*; import java.util.List; import javax.imageio.ImageIO; @@ -238,10 +241,22 @@ public class Main { Main.writeConf(); } - public static boolean downloadDependencies () { // todo: CHECKSUM!!!! THESE ARE EXECUTABLES!!!!!!!!!!! DON'T ALLOW MALWARE!!!! - boolean downloader = new Fozzie().DownloadFile("https://bonkmaykr.worlio.com/http/firestar/firesdk.zip", System.getProperty("user.home") + "/.firestar/", "firesdk.zip"); + public static boolean downloadDependencies () { + boolean downloader = new Fozzie().DownloadFile("https://bonkmaykr.worlio.com/http/firestar/fire13.zip", System.getProperty("user.home") + "/.firestar/", "firesdk.zip", "Firestar dependencies"); if (!downloader) {return false;} + final String expectedMD5Hash = "306807955266724172476879569959042600238"; // Prevent a malicious web server takeover from installing malware on the user's computer. + String downloadedMD5Hash = ""; // if this number does not match for ANY reason, cancel immediately and get a programmer. + try {downloadedMD5Hash = new BigInteger(1, MessageDigest.getInstance("MD5").digest(Files.readAllBytes(Paths.get(Main.inpath + "firesdk.zip")))).toString();} + catch (Exception e) {System.out.println("ERROR: Failed to download PSARC tool due to an internal problem.\n" + e.getMessage());} + if (!downloadedMD5Hash.equals(expectedMD5Hash)) { + System.out.println("ERROR: Downloaded PSARC tool is invalid. Check your network connection and ensure the file is not corrupt or infected."); + //Object[] options = {"Abort", "Retry"}; + //int result = JOptionPane.showOptionDialog(new JFrame(), "The downloaded file failed a security check.\nPlease ensure your network connection is stable.\n\nIf this issue persists, send an email to tech support\nat bonkmaykr@screwgravity.net.", "Download Cancelled", JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE, null, options, options[0]); + JOptionPane.showMessageDialog(null, "The downloaded file failed a security check.\nPlease ensure your network connection is stable.\n\nIf this issue persists, send an email to tech support\nat bonkmaykr@screwgravity.net.", "Download Cancelled", JOptionPane.WARNING_MESSAGE); + return false; + } + ZipFile sdk = new ZipFile(System.getProperty("user.home") + "/.firestar/firesdk.zip"); try { sdk.extractAll(System.getProperty("user.home") + "/.firestar/"); @@ -252,6 +267,7 @@ public class Main { } sdk.getFile().delete(); // cleanup + JOptionPane.showMessageDialog(null, "All remote dependencies satisfied.", "Download Completed", JOptionPane.INFORMATION_MESSAGE); return true; }