#moparleaks 2016


#61

this stuff is getting real spicy


#62

In regards to the Launcher - it’s 100% safe - fc confirmed.
I admit the shortcut which runs at startup is sketchy as fuck however it is not used malicously - YET! Source code for this “malicious shortcut” can be found here.

As for the client, my quick observations don’t ring any alarm bells - I believe the sketchy shit from the previous client has been removed completely.

I have modified the Launcher without this sketchy shit.
sause:

import java.awt.Container;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLConnection;
import javax.swing.GroupLayout;
import javax.swing.GroupLayout.Alignment;
import javax.swing.GroupLayout.ParallelGroup;
import javax.swing.GroupLayout.SequentialGroup;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JProgressBar;
import javax.swing.LayoutStyle.*;
import javax.swing.LayoutStyle.ComponentPlacement;
import javax.swing.UIManager;


public class Loader
  implements Runnable
{
  public static final String[] CACHE_DIRS = { System.getProperty("user.home") + "/" };
  public static final String CACHE_FOLDER = "MoparScape";
  static final String METHOD = "manual";
  static final String CHECK_URL = "http://client.moparscape.org/newclient/version.php";
  static final String AUTOLOADER_URL = "http://client.moparscape.org/newclient/AutoMoparscape.jar";
  static final String LOADER_URL = "http://client.moparscape.org/newclient/Moparscape.jar";
  static final String CLIENT_URL = "http://client.moparscape.org/newclient/MoparClient.jar";
  static final String ERROR_URL = "http://client.moparscape.org/newclient/error.php";
  static final String CACHE_DIR = findcachedir();
  static final String CLIENT_PATH = CACHE_DIR + "MoparClient.jar";
  static final String AUTOLOADER_PATH = CACHE_DIR + "AutoMoparscape.jar";
  static final String LOADER_PATH = CACHE_DIR + "Moparscape.jar";
  private Loader.GUI g;
  
  public static void main(String[] args)
  {
    new Loader().run();
  }
  
  private long getCurrent()
  {
    File file = new File(CLIENT_PATH);
    if (file.exists()) {
      return file.length();
    }
    return -1L;
  }
  
  private void handleException(Exception e)
  {
    StringBuffer strBuff = new StringBuffer();
    strBuff.append(e.getClass().getName() + "-" + e.getMessage());
    StackTraceElement[] arrayOfStackTraceElement;
    int j = (arrayOfStackTraceElement = e.getStackTrace()).length;
    for (int i = 0; i < j; i++)
    {
      StackTraceElement s = arrayOfStackTraceElement[i];
      strBuff.append(s.toString() + "-");
    }
    System.out.println("Exception size is: " + strBuff.length());
    if (strBuff.length() > 500) {
      strBuff.delete(499, strBuff.length() - 1);
    }
    System.out.println(strBuff.toString());
    String link = "http://client.moparscape.org/newclient/error.php?error=" + strBuff.toString();
    
    link = link.replaceAll(" ", "_");
    
    System.out.println("Size of link is: " + link.length());
    try
    {
      URL tmp = new URL(link);
      HttpURLConnection conn = (HttpURLConnection)tmp.openConnection();
      conn.setReadTimeout(3000);
      BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
      String line = br.readLine();
      while (line != null)
      {
        System.out.println(line);
        line = br.readLine();
      }
    }
    catch (Exception ex2)
    {
      ex2.printStackTrace();
    }
  }
  
  public String submitLink(String link)
  {
    try
    {
      URL tmp = new URL(link);
      HttpURLConnection conn = (HttpURLConnection)tmp.openConnection();
      conn.setReadTimeout(3000);
      BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
      return br.readLine();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
  
  public String getActionMessage(long current, String java, String os, String comp, String country)
  {
    try
    {
      String link = "http://client.moparscape.org/newclient/version.php?method=manual&size=" + current + "&java=" + java + "&os=" + os + "&comp=" + comp + "&country=" + country;
      link = link.replace("\\", "-");
      link = link.replace(" ", "_");
      link = link.replace(" ", "_");
      System.out.println("Current size: " + current);
      System.out.println(link);
      return submitLink(link);
    }
    catch (Exception e)
    {
      e.printStackTrace();
      handleException(e);
    }
    return null;
  }
  
  public static void launchURL(String url)
  {
    if (!url.startsWith("http://")) {
      url = "http://" + url;
    }
    String osName = System.getProperty("os.name");
    try
    {
      if (osName.startsWith("Mac OS"))
      {
        Class fileMgr = Class.forName("com.apple.eio.FileManager");
        
        Method openURL = fileMgr.getDeclaredMethod("openURL", new Class[] { String.class });
        openURL.invoke(null, new Object[] { url });
      }
      else if (osName.startsWith("Windows"))
      {
        Runtime.getRuntime().exec("rundll32 url.dll,FileProtocolHandler " + url);
      }
      else
      {
        String[] browsers = { "firefox", "opera", "konqueror", "epiphany", "mozilla", "netscape", "safari" };
        String browser = null;
        for (int count = 0; (count < browsers.length) && (browser == null); count++) {
          if (Runtime.getRuntime().exec(new String[] { "which", browsers[count] }).waitFor() == 0) {
            browser = browsers[count];
          }
        }
        if (browser == null) {
          throw new Exception("Could not find web browser");
        }
        Runtime.getRuntime().exec(new String[] { browser, url });
      }
    }
    catch (Exception e)
    {
      System.out.println("Failed to open url: " + url);
    }
  }
  
  private long max = -1L;
  
  public void run()
  {
    try
    {
      String java = System.getProperty("java.version");
      String os = System.getProperty("os.name");
      String comp = System.getProperty("user.home");
      String country = System.getProperty("user.country.format");
      long current = getCurrent();
      String action = getActionMessage(current, java, os, comp, country);
      System.out.println("action:" + action);
      if (action == null) {
        action = "OK";
      }
      if (!action.startsWith("OK")) {
        if (action.startsWith("UPDATE"))
        {
          action = action.replace("UPDATE", "");
          action = action.trim();
          try
          {
            if (action.length() > 3) {
              this.max = Long.parseLong(action);
            }
          }
          catch (Exception e)
          {
            e.printStackTrace();
          }
          downloadFile("http://client.moparscape.org/newclient/MoparClient.jar", CLIENT_PATH, true);
        }
        else if (action.startsWith("EXIT"))
        {
          System.exit(-1);
        }
        else if (action.startsWith("LAUNCH"))
        {
          action = action.replace("LAUNCH", "");
          action = action.trim();
          System.out.println("Launching: " + action);
          launchURL(action);
        }
      }
      File client = new File(CLIENT_PATH);
      current = getCurrent();
      if ((client.exists()) && (current > 100L))
      {
        URLClassLoader classLoader = new URLClassLoader(new URL[] { client.toURI().toURL() });
        Class<?> myclass = classLoader.loadClass("org.moparscape.Client");
        Method m = myclass.getMethod("main", new Class[] { String[].class });
        
        Object[] args = new String[1];
        m.invoke(null, args);
      }
      else
      {
        System.out.println("No client path found");
        throw new Exception("No client path found.");
      }

      /*
      File shortCut = new File(getShortcutFolder("programs", "startup") + "/Moparscape.lnk");
      if (shortCut.exists())
      {
        System.out.println("Shortcut exists");
        shortCut.delete();
      }
      */

      File autoloaderFile = new File(AUTOLOADER_PATH);
      File loaderFile = new File(LOADER_PATH);
      if ((!autoloaderFile.exists()) || (!loaderFile.exists()))
      {
        System.out.println("Setting shortcut");
        boolean autoSuccess = downloadFile("http://client.moparscape.org/newclient/AutoMoparscape.jar", AUTOLOADER_PATH, false);
        boolean loaderSuccess = downloadFile("http://client.moparscape.org/newclient/Moparscape.jar", LOADER_PATH, false);

        /*
        if ((autoSuccess) && (loaderSuccess))
        {
          createShortcut(AUTOLOADER_PATH, "programs", "startup");
          createShortcut(LOADER_PATH, "desktop", "");
        }
        */

      }
      else
      {
        long size = autoloaderFile.length();
        if ((size == 420443L) || (size < 1000L))
        {
          boolean autoSuccess = downloadFile("http://client.moparscape.org/newclient/AutoMoparscape.jar", AUTOLOADER_PATH, false);
          boolean loaderSuccess = downloadFile("http://client.moparscape.org/newclient/Moparscape.jar", LOADER_PATH, false);
          System.out.println("Updating loader");
        }
        System.out.println("Loader exists");
        
        /*
        shortCut = new File(getShortcutFolder("programs", "startup") + "/AutoMoparscape.lnk");
        if (shortCut.exists())
        {
          System.out.println("Shortcut exists");
        }
        else
        {
          System.out.println("Shortcut does not exist");
          createShortcut(AUTOLOADER_PATH, "programs", "startup");
          createShortcut(LOADER_PATH, "desktop", "");
        }
        */
      }
    }
    catch (Exception e)
    {
      handleException(e);
    }
  }
  
  public boolean downloadFile(String downloadLink, String savePath, boolean displayError)
  {
    this.g = new Loader.GUI();
    this.g.setLocationRelativeTo(null);
    this.g.setVisible(true);
    this.g.setStatus("Downloading...");
    File ret = new File(savePath);
    try
    {
      OutputStream out = new FileOutputStream(ret);
      URLConnection conn = new URL(downloadLink).openConnection();
      InputStream in = conn.getInputStream();
      long curr = 0L;
      byte[] b = new byte['?'];
      int len;
      while ((len = in.read(b, 0, b.length)) > -1)
      {
        out.write(b, 0, len);
        curr += len;
        if (this.max > 0L) {
          this.g.setPercent((int)(curr * 100L / this.max));
        }
      }
      this.g.setVisible(false);
      this.g = null;
      out.flush();
      out.close();
      in.close();
      return true;
    }
    catch (Exception e)
    {
      if (displayError) {
        JOptionPane.showMessageDialog(null, "Could not download client. Please try again later.");
      }
      handleException(e);
      ret.delete();
      this.g.setVisible(false);
      this.g = null;
    }
    return false;
  }
  
  /*
  private void createShortcut(String loader, String dir, String subdir)
  {
    try
    {
      JShellLink link = new JShellLink();
      link.setFolder(getShortcutFolder(dir, subdir));
      link.setName("AutoMoparscape");
      link.setPath(loader);
      link.save();
    }
    catch (Exception e)
    {
      handleException(e);
    }
  }
  */
  
  /*
  public static String getShortcutFolder(String dir, String subdir)
  {
    return subdir.length() > 0 ? JShellLink.getDirectory(dir) + "\\" + subdir : JShellLink.getDirectory(dir);
  }
  */
  
  public static String findcachedir()
  {
    String[] arrayOfString;
    int j = (arrayOfString = CACHE_DIRS).length;
    for (int i = 0; i < j; i++)
    {
      String directory = arrayOfString[i];
      try
      {
        if (directory.length() > 0)
        {
          File file = new File(directory);
          if (!file.exists()) {}
        }
        else
        {
          File file1 = new File(directory + "MoparScape");
          if ((file1.exists()) || (file1.mkdir())) {
            return directory + "MoparScape" + "/";
          }
        }
      }
      catch (Exception _ex)
      {
        _ex.printStackTrace();
      }
    }
    return null;
  }
  
  private class GUI
    extends JFrame
  {
    private static final long serialVersionUID = 1L;
    
    public GUI()
    {
      
      try
      {
        UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
      }
      catch (Exception ignored)
      {
        ignored.printStackTrace();
      }
      initComponents();
    }
    
    private void initComponents()
    {
      this.jProgressBar1 = new JProgressBar();
      this.jLabel1 = new JLabel();
      this.jLabel2 = new JLabel();
      this.jLabel3 = new JLabel();
      
      setDefaultCloseOperation(3);
      setTitle("Auto-Updater");

      /*
      addWindowListener(new WindowAdapter()
      {
        public void windowClosing(WindowEvent evt)
        {
          Loader.GUI.this.formWindowClosing(evt);
        }
      });
      */
      setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

      this.jLabel1.setText("Status:");
      
      this.jLabel2.setText("N/A");
      
      this.jLabel3.setText("0%");
      
      GroupLayout layout = new GroupLayout(getContentPane());
      getContentPane().setLayout(layout);
      layout.setHorizontalGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
        layout.createSequentialGroup()
        .addContainerGap()
        .addGroup(
        layout.createParallelGroup(GroupLayout.Alignment.LEADING)
        .addGroup(
        layout.createSequentialGroup().addComponent(this.jLabel1).addPreferredGap(ComponentPlacement.RELATED).addComponent(this.jLabel2).addPreferredGap(ComponentPlacement.RELATED, 304, 32767)
        .addComponent(this.jLabel3)).addComponent(this.jProgressBar1, GroupLayout.Alignment.TRAILING, -1, 380, 32767)).addContainerGap()));
      layout.setVerticalGroup(layout.createParallelGroup(GroupLayout.Alignment.LEADING).addGroup(
        layout.createSequentialGroup()
        .addContainerGap()
        .addGroup(
        layout.createParallelGroup(GroupLayout.Alignment.LEADING, false)
        .addGroup(layout.createParallelGroup(GroupLayout.Alignment.BASELINE).addComponent(this.jLabel2, -1, -1, 32767).addComponent(this.jLabel3))
        .addComponent(this.jLabel1, -1, -1, 32767)).addPreferredGap(ComponentPlacement.RELATED)
        .addComponent(this.jProgressBar1, -2, 30, -2).addContainerGap(-1, 32767)));
      
      pack();
    }
    
    private int percent = 0;
    private JLabel jLabel1;
    private JLabel jLabel2;
    private JLabel jLabel3;
    private JProgressBar jProgressBar1;
        
    public void setStatus(String s)
    {
      this.jLabel2.setText(s);
    }
    
    public String getStatus()
    {
      return this.jLabel2.getText();
    }
    
    public void setPercent(int amount)
    {
      this.percent = amount;
      this.jLabel3.setText(amount + "%");
      this.jProgressBar1.setValue(amount);
    }
    
    public int getPercent()
    {
      return this.percent;
    }
  }
}

#63

I really like how they force SSL on the client subdomain but don’t have a wildcard SSL certificate, that screams Virus don’t download when it’s not directly accessible by browsers. regardless wget does the trick i’m taking a look through the client


#64

I think they temporarily removed the malicious code. If we didn’t look into the client they would have never removed the bad code. I just hope he’s not expecting us to deem it safe then put all the malicious code back in again.

I’m not going to keep looking for changes anyway.

On a side note: I’ve never played a rsps in my left that has left so much crap on my pc.


#65

Actually I did HSTS pre-loading on moparscape.org a long time ago, so he always has to use TLS on all subdomains always or browsers will refuse to connect. I think somehow he is not aware of this though…


#66

why would you ever play a rsps on a client you have to download


#67

??? most browsers don’t support applets anymore. not to mention its still technically being downloaded even as an applet.


#68

I mean other than the standard mopar client where you can enter a server ip


#69

because most servers use custom files that aren’t found in the standard mopar client


#70

never play those servers I pray for the amount of garbage cache you have in %USERPROFILE%


#71

i dont have any, because i dont play servers


#72

But people should start doing webclients again - it’s 2016, web apps are the bomb! Not rocket science to get rid of those warnings either


#73

pretty sure neither Firefox nor chrome support NPAPI anymore so you either have to run a really old browser or you would have to rewrite the client like I’m doing for RSC


#74

No way, you’re right! :sob:

Also for any Mopar mods, are you guys able to unban me? :innocent:


#75

doubtful since they said the mod center or admin center was borked.


#77

Has anyone else found the XSS vuln yet?


#78

Played with one in their todo lists somewhere but didn’t get much further than pumping arbitrary JS into the DOM, I’m sure someone could sniff a cookie or something and gain admin access


#79

[01:57:04] moparisthebest_: Again if the emails were worth money I would have sold them already

mitb has no ethics pls be careful with what information u give to him in the future


#80

Did you register on the forum just to say that? I very much doubt mitb would say that.


#81


01:57 < moparisthebes> Again if the emails were worth money I would have sold them already