def asyncGet(self): if glob.conf.config["discord"]["enable"] == True: webhook = Webhook( glob.conf.config["discord"]["ahook"], color=0xadd8e6, footer="Man... this is worst player. [ LastFM AC ]") ip = self.getRequestIP() if not requestsManager.checkArguments(self.request.arguments, ["b", "ha", "us"]): return self.write("error: gimme more arguments") username = self.get_argument("us") password = self.get_argument("ha") beatmap_ban = self.get_argument("b", None) userID = userUtils.getID(username) if userID == 0: return self.write("error: user is unknown") if not userUtils.checkLogin(userID, password, ip): return self.write("error: this dude is not authorized. BAN!") if not beatmap_ban or beatmap_ban and not beatmap_ban.startswith("a"): return self.write("-3") arguments_cheat = beatmap_ban[1:] if not arguments_cheat.isdigit(): return self.write("error: srsly?") arguments_cheat = int(arguments_cheat) # Let's try found something cheat_id = generalHelper.getHackByFlag(arguments_cheat) if glob.conf.config["discord"]["enable"] == True: webhook.set_title( title=f"Catched some cheater {username} ({userID})") if type(cheat_id) == str: webhook.set_desc( f'This body catched with flag {arguments_cheat}\nIn enuming: {cheat_id}' ) else: webhook.set_desc( f'This body catched with undefined flag {arguments_cheat}') if glob.conf.extra["mode"]["anticheat"] == True: webhook.post() return self.write("-3")
def asyncGet(self): ip = self.getRequestIP() if not requestsManager.checkArguments(self.request.arguments, ["u", "cs", "action"]): return self.write("error: args") username = self.get_argument("u") password = self.get_argument("cs") userID = userUtils.getID(username) if userID == 0: self.write("error: auth") return if not userUtils.checkLogin(userID, password, ip): self.write("error: auth") return action = self.get_argument("action") coinAmountunparsed = glob.db.fetch(f"SELECT coins FROM users WHERE id = %s", [userID]) coinAmount = int(coinAmountunparsed["coins"]) if action == "use": glob.db.execute(f"UPDATE users SET coins = coins - 1 WHERE id = %s;", [userID]) if action == "earn": glob.db.execute(f"UPDATE users SET coins = coins + 1 WHERE id = %s;", [userID]) if action == "recharge": glob.db.execute(f"UPDATE users SET coins = 99 WHERE id = %s;", [userID]) self.write(f"{coinAmount}") clientmodallowed = glob.db.fetch("SELECT clientmodallowed FROM users WHERE id = %s LIMIT 1", [userID]) clientmodallowed = int(clientmodallowed["clientmodallowed"]) gaming = aobaHelper.getOsuVer(userID).split(".") gamer = gaming[0].strip() gamed = gamer.lstrip("b") brazil = int(gamed) #come to brazil you m**********r if brazil >= 20150403 and clientmodallowed != 1: if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["ahook"], color=0xadd836, footer="[ Client AC ]") webhook.set_title(title=f"Caught cheater {username} ({userID})") webhook.set_desc(f"They tried to use osu!coins on a client which shouldn't have them!") webhook.set_footer(text="ghostbusters") webhook.post() return
def handle(tornadoRequest): # Data to return responseToken = None responseTokenString = "ayy" responseData = bytes() # Get IP from tornado request requestIP = tornadoRequest.getRequestIP() # Avoid exceptions clientData = ["unknown", "unknown", "unknown", "unknown", "unknown"] osuVersion = "unknown" # Split POST body so we can get username/password/hardware data # 2:-3 thing is because requestData has some escape stuff that we don't need loginData = str(tornadoRequest.request.body)[2:-3].split("\\n") try: # Make sure loginData is valid if len(loginData) < 3: raise exceptions.invalidArgumentsException() # Get HWID, MAC address and more # Structure (new line = "|", already split) # [0] osu! version # [1] plain mac addressed, separated by "." # [2] mac addresses hash set # [3] unique ID # [4] disk ID splitData = loginData[2].split("|") osuVersion = splitData[0] timeOffset = int(splitData[1]) clientData = splitData[3].split(":")[:5] if len(clientData) < 4: raise exceptions.forceUpdateException() # Try to get the ID from username username = str(loginData[0]) userID = userUtils.getID(username) if not userID: # Invalid username raise exceptions.loginFailedException() if not userUtils.checkLogin(userID, loginData[1]): # Invalid password raise exceptions.loginFailedException() # Make sure we are not banned or locked priv = userUtils.getPrivileges(userID) if userUtils.isBanned(userID) and priv & privileges.USER_PENDING_VERIFICATION == 0: raise exceptions.loginBannedException() if userUtils.isLocked(userID) and priv & privileges.USER_PENDING_VERIFICATION == 0: raise exceptions.loginLockedException() # 2FA check if userUtils.check2FA(userID, requestIP): log.warning("Need 2FA check for user {}".format(loginData[0])) raise exceptions.need2FAException() # No login errors! # Verify this user (if pending activation) firstLogin = False if priv & privileges.USER_PENDING_VERIFICATION > 0 or not userUtils.hasVerifiedHardware(userID): if userUtils.verifyUser(userID, clientData): # Valid account log.info("Account ID {} verified successfully!".format(userID)) glob.verifiedCache[str(userID)] = 1 firstLogin = True else: # Multiaccount detected log.info("Account ID {} NOT verified!".format(userID)) glob.verifiedCache[str(userID)] = 0 raise exceptions.loginBannedException() # Save HWID in db for multiaccount detection hwAllowed = userUtils.logHardware(userID, clientData, firstLogin) # This is false only if HWID is empty # if HWID is banned, we get restricted so there's no # need to deny bancho access if not hwAllowed: raise exceptions.haxException() # Log user IP userUtils.logIP(userID, requestIP) # Log user osuver kotrikhelper.setUserLastOsuVer(userID, osuVersion) # Delete old tokens for that user and generate a new one isTournament = "tourney" in osuVersion if not isTournament: glob.tokens.deleteOldTokens(userID) responseToken = glob.tokens.addToken(userID, requestIP, timeOffset=timeOffset, tournament=isTournament) responseTokenString = responseToken.token # Check restricted mode (and eventually send message) responseToken.checkRestricted() # Send message if donor expires soon if responseToken.privileges & privileges.USER_DONOR > 0: expireDate = userUtils.getDonorExpire(responseToken.userID) if expireDate-int(time.time()) <= 86400*3: expireDays = round((expireDate-int(time.time()))/86400) expireIn = "{} days".format(expireDays) if expireDays > 1 else "less than 24 hours" responseToken.enqueue(serverPackets.notification("Your donor tag expires in {}! When your donor tag expires, you won't have any of the donor privileges, like yellow username, custom badge and discord custom role and username color! If you wish to keep supporting Ripple and you don't want to lose your donor privileges, you can donate again by clicking on 'Support us' on Ripple's website.".format(expireIn))) # Deprecate telegram 2fa and send alert if userUtils.deprecateTelegram2Fa(userID): responseToken.enqueue(serverPackets.notification("As stated on our blog, Telegram 2FA has been deprecated on 29th June 2018. Telegram 2FA has just been disabled from your account. If you want to keep your account secure with 2FA, please enable TOTP-based 2FA from our website https://ripple.moe. Thank you for your patience.")) # Set silence end UNIX time in token responseToken.silenceEndTime = userUtils.getSilenceEnd(userID) # Get only silence remaining seconds silenceSeconds = responseToken.getSilenceSecondsLeft() # Get supporter/GMT userGMT = False if not userUtils.isRestricted(userID): userSupporter = True else: userSupporter = False userTournament = False if responseToken.admin: userGMT = True if responseToken.privileges & privileges.USER_TOURNAMENT_STAFF > 0: userTournament = True # Server restarting check if glob.restarting: raise exceptions.banchoRestartingException() # Send login notification before maintenance message if glob.banchoConf.config["loginNotification"] != "": responseToken.enqueue(serverPackets.notification(glob.banchoConf.config["loginNotification"])) # Maintenance check if glob.banchoConf.config["banchoMaintenance"]: if not userGMT: # We are not mod/admin, delete token, send notification and logout glob.tokens.deleteToken(responseTokenString) raise exceptions.banchoMaintenanceException() else: # We are mod/admin, send warning notification and continue responseToken.enqueue(serverPackets.notification("HoaqฺBoat is in maintenance mode. Only mods/admins have full access to the server.\nType !system maintenance off in chat to turn off maintenance mode.")) # BAN CUSTOM CHEAT CLIENTS #Ainu Client 2020 # b20190226.2 = hqOsu (hq-af) if glob.conf.extra["mode"]["anticheat"]: # Ainu Client 2020 update if tornadoRequest.request.headers.get("ainu") == "happy": log.info("Account ID {} เขาใช้ Ainu Client".format(userID)) if userUtils.isRestricted(userID): responseToken.enqueue(serverPackets.notification("osu!lumilous Anticheat - เจ้าโดนแบนนะเพราะเจ้าใช้ Ainu Cilent ในเซิฟที่ไม่อนุญาตินะ... ทำไมเข้าไม่อ่านกฎก่อนหล่ะ? แต่อย่างไรก็ตาม ขอให้สนุกกับผลที่ได้รับนะ :)")) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() else: glob.tokens.deleteToken(userID) userUtils.restrict(userID) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() raise exceptions.loginCheatClientsException() # Ainu Client elif aobaHelper.getOsuVer(userID) in ["0Ainu", "b20190326.2", "b20190401.22f56c084ba339eefd9c7ca4335e246f80", "b20191223.3"]: log.info("Account ID {} เขาใช้ Ainu Client!".format(userID)) if userUtils.isRestricted(userID): responseToken.enqueue(serverPackets.notification("osu!lumilous Anticheat - เจ้าโดนแบนนะเพราะเจ้าใช้ Ainu Cilent ในเซิฟที่ไม่อนุญาตินะ... ทำไมเข้าไม่อ่านกฎก่อนหล่ะ? แต่อย่างไรก็ตาม ขอให้สนุกกับผลที่ได้รับนะ :)")) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() else: glob.tokens.deleteToken(userID) userUtils.restrict(userID) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() raise exceptions.loginCheatClientsException() # hqOsu elif aobaHelper.getOsuVer(userID) == "b20190226.2": log.info("Account ID {} เขาใช้ hqOsu!".format(userID)) if userUtils.isRestricted(userID): responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<")) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() else: glob.tokens.deleteToken(userID) userUtils.restrict(userID) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() raise exceptions.loginCheatClientsException() elif aobaHelper.getOsuVer(userID) == "b20191223.3": log.info("Account ID {} เขาใช้ hqOsu!".format(userID)) if userUtils.isRestricted(userID): responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<")) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() else: glob.tokens.deleteToken(userID) userUtils.restrict(userID) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() raise exceptions.loginCheatClientsException() elif aobaHelper.getOsuVer(userID) == "b20160403.6": log.info("Account ID {} เขาใช้ hqOsu!".format(userID)) if userUtils.isRestricted(userID): responseToken.enqueue(serverPackets.notification("เจ้ากำลังทดสอบ hqOsu อย่างนั้นหรอ? ไปเล่น https://cookiezi.pw ซะนะคะ >w<")) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() else: glob.tokens.deleteToken(userID) userUtils.restrict(userID) if glob.conf.config["discord"]["enable"]: webhook = Webhook(glob.conf.config["discord"]["anticheat"], color=0xadd836, footer="Man... this is worst player.") webhook.set_title(title=f"Catched some cheater {username} ({userID})") webhook.set_desc(f'This body catched with flag {haxFlags}\nIn enuming: {hack}') webhook.post() raise exceptions.loginCheatClientsException() # Send all needed login packets responseToken.enqueue(serverPackets.silenceEndTime(silenceSeconds)) responseToken.enqueue(serverPackets.userID(userID)) responseToken.enqueue(serverPackets.protocolVersion()) responseToken.enqueue(serverPackets.userSupporterGMT(userSupporter, userGMT, userTournament)) responseToken.enqueue(serverPackets.userPanel(userID, True)) responseToken.enqueue(serverPackets.userStats(userID, True)) # Channel info end (before starting!?! wtf bancho?) responseToken.enqueue(serverPackets.channelInfoEnd()) # Default opened channels # TODO: Configurable default channels chat.joinChannel(token=responseToken, channel="#osu") chat.joinChannel(token=responseToken, channel="#announce") chat.joinChannel(token=responseToken, channel="#thai") chat.joinChannel(token=responseToken, channel="#ranked") # Join admin channel if we are an admin if responseToken.admin: chat.joinChannel(token=responseToken, channel="#admin") # Output channels info for key, value in glob.channels.channels.items(): if value.publicRead and not value.hidden: responseToken.enqueue(serverPackets.channelInfo(key)) # Send friends list responseToken.enqueue(serverPackets.friendList(userID)) # Send main menu icon if glob.banchoConf.config["menuIcon"] != "": responseToken.enqueue(serverPackets.mainMenuIcon(glob.banchoConf.config["menuIcon"])) # Send online users' panels with glob.tokens: for _, token in glob.tokens.tokens.items(): if not token.restricted: responseToken.enqueue(serverPackets.userPanel(token.userID)) # Get location and country from ip.zxq.co or database if glob.localize: # Get location and country from IP latitude, longitude = locationHelper.getLocation(requestIP) countryLetters = locationHelper.getCountry(requestIP) country = countryHelper.getCountryID(countryLetters) else: # Set location to 0,0 and get country from db log.warning("Location skipped") latitude = 0 longitude = 0 countryLetters = "XX" country = countryHelper.getCountryID(userUtils.getCountry(userID)) # Set location and country responseToken.setLocation(latitude, longitude) responseToken.country = country # Set country in db if user has no country (first bancho login) if userUtils.getCountry(userID) == "XX": userUtils.setCountry(userID, countryLetters) # Send to everyone our userpanel if we are not restricted or tournament if not responseToken.restricted: glob.streams.broadcast("main", serverPackets.userPanel(userID)) # Set reponse data to right value and reset our queue responseData = responseToken.queue responseToken.resetQueue() except exceptions.loginFailedException: # Login failed error packet # (we don't use enqueue because we don't have a token since login has failed) responseData += serverPackets.loginFailed() except exceptions.invalidArgumentsException: # Invalid POST data # (we don't use enqueue because we don't have a token since login has failed) responseData += serverPackets.loginFailed() responseData += serverPackets.notification("I see what you're doing...") except exceptions.loginBannedException: # Login banned error packet responseData += serverPackets.loginBanned() except exceptions.loginLockedException: # Login banned error packet responseData += serverPackets.loginLocked() except exceptions.loginCheatClientsException: # Banned for logging in with cheats responseData += serverPackets.loginCheats() except exceptions.banchoMaintenanceException: # Bancho is in maintenance mode responseData = bytes() if responseToken is not None: responseData = responseToken.queue responseData += serverPackets.notification("Our bancho server is in maintenance mode. Please try to login again later.") responseData += serverPackets.loginFailed() except exceptions.banchoRestartingException: # Bancho is restarting responseData += serverPackets.notification("HoaqBoat is restarting. Try again in a few minutes.") responseData += serverPackets.loginFailed() except exceptions.need2FAException: # User tried to log in from unknown IP responseData += serverPackets.needVerification() except exceptions.haxException: # Using oldoldold client, we don't have client data. Force update. # (we don't use enqueue because we don't have a token since login has failed) responseData += serverPackets.forceUpdate() responseData += serverPackets.notification("Your client is too Old, Please turn update it from the settings!") except: log.error("Unknown error!\n```\n{}\n{}```".format(sys.exc_info(), traceback.format_exc())) finally: # Console and discord log if len(loginData) < 3: log.info("Invalid bancho login request from **{}** (insufficient POST data)".format(requestIP), "bunker") # Return token string and data return responseTokenString, responseData
def asyncGet(self): try: # Get request ip ip = self.getRequestIP() # Argument check if not requestsManager.checkArguments(self.request.arguments, ["u", "h"]): raise exceptions.invalidArgumentsException(MODULE_NAME) # Get user ID username = self.get_argument("u") userID = userUtils.getID(username) if userID is None: self.write("error: pass\n") return # Check login log.info("{} ({}) wants to connect".format(username, userID)) if not userUtils.checkLogin(userID, self.get_argument("h"), ip): self.write("error: pass\n") return # Ban check if userUtils.isBanned(userID): return # Lock check if userUtils.isLocked(userID): return # 2FA check if userUtils.check2FA(userID, ip): self.write("error: verify\n") # Update latest activity userUtils.updateLatestActivity(userID) if "x" in self.request.arguments: if len(self.get_argument("x")) > 4: ''' When "x" is found in the arguments, it means two things, 1. "Monitor" has just been triggered (desktop screenshot """"""anticheat"""""") 2. Files named "LL" (used by *a certain cheat website* for login data) have been found on the users computer. This should *NEVER* happen, but just incase it does, i'll send a notification to the discord. ''' webhook = Webhook( glob.conf.config["discord"] ["ahook"], #send shit to discord hq color=0xc32c74, footer="stupid anticheat") if glob.conf.config["discord"]["enable"]: webhook.set_title( title=f"Catched some cheater {username} ({userID})" ) webhook.set_desc( f'They just tried to send bancho_monitor and they have LL files!' ) webhook.set_footer(text="peppycode anticheat") webhook.post() # Get country and output it country = glob.db.fetch( "SELECT country FROM users_stats WHERE id = %s", [userID])["country"] self.write(country) except exceptions.invalidArgumentsException: pass except exceptions.loginFailedException: self.write("error: pass\n") except exceptions.userBannedException: pass except exceptions.userLockedException: pass except exceptions.need2FAException: self.write("error: verify\n")
def asyncGet(self): webhook = Webhook(glob.conf.config["discord"]["ahook"], color=0xc32c74, footer="stupid anticheat") ip = self.getRequestIP() if not requestsManager.checkArguments(self.request.arguments, ["b", "ha", "us"]): return self.write("error: gimme more arguments") username = self.get_argument("us") password = self.get_argument("ha") beatmap_ban = self.get_argument("b", None) userID = userUtils.getID(username) if userID == 0: return self.write("error: user is unknown") if not userUtils.checkLogin(userID, password, ip): return self.write("error: this dude is not authorized. BAN!") if not beatmap_ban or beatmap_ban and not beatmap_ban.startswith("a"): return self.write("-3") arguments_cheat = beatmap_ban[1:] if not arguments_cheat.isdigit(): return self.write("error: srsly?") arguments_cheat = int(arguments_cheat) # Let's try found something cheat_flags = kotrikhelper.getHackByFlag(arguments_cheat) webhook.set_title(title=f"Catched some cheater {username} ({userID})") if type(cheat_flags) in [list, tuple]: # OUGH OUGH CALL THE POLICE! WE CATCHED SOME SHIT # LET'S SEND THIS TO POLICE webhook.set_desc( f'This body catched with flag {arguments_cheat}\nIn enuming: {",".join(cheat_flags)}' ) else: webhook.set_desc( f'This body catched with undefined flag {arguments_cheat}') webhook.set_footer(text="sended by lastFMHandler") webhook.post() # Ask cheater to leave game(no i just kill him client ;d) glob.redis.publish("kotrik:hqosu", userID) return self.write("-3")
# Server port serverPort = 0 try: serverPort = int(glob.conf.config["server"]["port"]) except ValueError: consoleHelper.printColored("[!] Invalid server port! Please check your config.ini and run the server again", bcolors.RED) # Server start message and console output log.logMessage("Server started!", discord="bunker", of="info.txt", stdout=False) consoleHelper.printColored("> Tornado listening for HTTP(s) clients on 127.0.0.1:{}...".format(serverPort), bcolors.GREEN) # Discord if glob.conf.config["discord"]["enable"]: url = glob.conf.config["discord"]["serverstarted"] # Then post them! webhook = Webhook(url, color=0x1d9325, footer="ประกาศจาก Osu!lumilous") webhook.set_author(name='Lumilous Annoucement', icon='https://osu.lumilous.pw/static/logos/lumilous.png') webhook.set_title(title=f"Bancho ได้เริ่มต้นขึ้นแล้ว") webhook.set_desc("ตอนนี้ Bancho (ตัวเซิฟเวอร์) ได้เริ่มต้นขึ้นแล้ว : ขอให้ทุกคน Have Fun กับการ Farm PP นะครับ") webhook.set_image('https://osu.lumilous.pw/static/logos/cover.png') webhook.post() log.logMessage("Discord Annouced!") # Connect to pubsub channels pubSub.listener(glob.redis, { "peppy:disconnect": disconnectHandler.handler(), "peppy:change_username": changeUsernameHandler.handler(), "peppy:reload_settings": lambda x: x == b"reload" and glob.banchoConf.reload(), "peppy:update_cached_stats": updateStatsHandler.handler(), "peppy:silence": updateSilenceHandler.handler(), "peppy:ban": banHandler.handler(),