BetterDiscordApp-v2/client/src/builtin/E2EE.js

/**
 * BetterDiscord E2EE Module
 * Copyright (c) 2015-present Jiiks/JsSucks - https://github.com/Jiiks / https://github.com/JsSucks
 * All rights reserved.
 * https://betterdiscord.net
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
*/

import { Settings, Cache } from 'modules';
import BuiltinModule from './BuiltinModule';
import { WebpackModules, ReactComponents, MonkeyPatch, Patcher, DiscordApi, Security } from 'modules';
import { VueInjector, Reflection } from 'ui';
import { ClientLogger as Logger } from 'common';
import { request } from 'vendor';
import { Utils } from 'common';
import E2EEComponent from './E2EEComponent.vue';
import E2EEMessageButton from './E2EEMessageButton.vue';
import aes256 from 'aes256';
import crypto from 'node-crypto';

let seed = Math.random().toString(36).replace(/[^a-z]+/g, '');

export default new class E2EE extends BuiltinModule {

    constructor() {
        super();
        this.master = this.encrypt(seed, 'temporarymasterkey');
        this.encryptNewMessages = true;
    }

    setMaster(key) {
        seed = Math.random().toString(36).replace(/[^a-z]+/g, '');
        const newMaster = this.encrypt(seed, key);
        // TODO re-encrypt everything with new master
        return (this.master = newMaster);
    }

    get settingPath() {
        return ['security', 'default', 'e2ee'];
    }

    get database() {
        return Settings.getSetting('security', 'e2eedb', 'e2ekvps').value;
    }

    encrypt(key, content, prefix = '') {
        if (!content) {
            // Get key for current channel and encrypt
            const haveKey = this.getKey(DiscordApi.currentChannel.id);
            if (!haveKey) return 'nokey';
            return this.encrypt(this.decrypt(this.decrypt(seed, this.master), haveKey), key);
        }
        return prefix + aes256.encrypt(key, content);
    }

    decrypt(key, content, prefix = '') {
        return aes256.decrypt(key, content.replace(prefix, ''));
    }

    async createHmac(data) {
        const haveKey = this.getKey(DiscordApi.currentChannel.id);
        if (!haveKey) return null;
        return Security.createHmac(haveKey, data);
    }

    getKey(channelId) {
        const haveKey = this.database.find(kvp => kvp.value.key === channelId);
        if (!haveKey) return null;
        return haveKey.value.value;
    }

    async enabled(e) {
        this.patchMessageContent();
        const selector = '.' + WebpackModules.getClassName('channelTextArea', 'emojiButton');
        const cta = await ReactComponents.getComponent('ChannelTextArea', { selector });
        this.patchChannelTextArea(cta);
        this.patchChannelTextAreaSubmit(cta);
        cta.forceUpdateAll();
    }

    async patchMessageContent() {
        const selector = '.' + WebpackModules.getClassName('container', 'containerCozy', 'containerCompact', 'edited');
        const MessageContent = await ReactComponents.getComponent('MessageContent', { selector });
        MonkeyPatch('BD:E2EE', MessageContent.component.prototype).before('render', this.beforeRenderMessageContent.bind(this));
        MonkeyPatch('BD:E2EE', MessageContent.component.prototype).after('render', this.renderMessageContent.bind(this));
        const ImageWrapper = await ReactComponents.getComponent('ImageWrapper', { selector: '.' + WebpackModules.getClassName('imageWrapper') });
        MonkeyPatch('BD:E2EE', ImageWrapper.component.prototype).before('render', this.beforeRenderImageWrapper.bind(this));
    }

    beforeRenderMessageContent(component, args, retVal) {
        const key = this.getKey(DiscordApi.currentChannel.id);
        if (!key) return; // We don't have a key for this channel

        const Message = WebpackModules.getModuleByPrototypes(['isMentioned']);
        const MessageParser = WebpackModules.getModuleByName('MessageParser');
        const currentChannel = DiscordApi.currentChannel.discordObject;

        if (!component.props || !component.props.message) return;
        const { content } = component.props.message;
        if (typeof content !== 'string') return; // Ignore any non string content
        if (!content.startsWith('$:')) return; // Not an encrypted string
        let decrypt;
        try {
            decrypt = this.decrypt(this.decrypt(this.decrypt(seed, this.master), key), component.props.message.content);
        } catch (err) { return } // Ignore errors such as non empty

        component.props.message.bd_encrypted = true;

        // Create a new message to parse it properly
        const create = Message.create(MessageParser.createMessage(currentChannel, MessageParser.parse(currentChannel, decrypt).content));
        if (!create.content || !create.contentParsed) return;

        component.props.message.content = create.content;
        component.props.message.contentParsed = create.contentParsed;
    }

    renderMessageContent(component, args, retVal) {
        if (!component.props.message.bd_encrypted) return;
        retVal.props.children[0].props.children.props.children.props.children.unshift(VueInjector.createReactElement(E2EEMessageButton));
    }

    beforeRenderImageWrapper(component, args, retVal) {
        if (!component.props || !component.props.src) return;
        if (component.props.decrypting) return;
        component.props.decrypting = true;

        const src = component.props.original || component.props.src.split('?')[0];
        if (!src.includes('bde2ee')) return;
        component.props.className = 'bd-encryptedImage';

        const haveKey = this.getKey(DiscordApi.currentChannel.id);
        if (!haveKey) return;

        const cached = Cache.find('e2ee:images', item => item.src === src);
        if (cached) {
            Logger.info('E2EE', 'Returning encrypted image from cache');
            try {
                const decrypt = this.decrypt(this.decrypt(this.decrypt(seed, this.master), haveKey), cached.image);
                component.props.className = 'bd-decryptedImage';
                component.props.src = component.props.original = 'data:;base64,' + decrypt;
            } catch (err) { return } finally { component.props.readyState = 'READY' }
            return;
        }

        component.props.readyState = 'LOADING';
        Logger.info('E2EE', 'Decrypting image: ' + src);
        request.get(src, { encoding: 'binary' }).then(res => {
            (async () => {
                const arr = new Uint8Array(new ArrayBuffer(res.length));
                for (let i = 0; i < res.length; i++) arr[i] = res.charCodeAt(i);

                const aobindex = Utils.aobscan(arr, [73, 69, 78, 68]) + 8;
                const sliced = arr.slice(aobindex);
                const image = new TextDecoder().decode(sliced);

                const hmac = image.slice(-64);
                const data = image.slice(0, -64);
                const validateHmac = await this.createHmac(data);
                if (hmac !== validateHmac) {
                    console.log('INVALID HMAC!');
                    return;
                }

                Cache.push('e2ee:images', { src, image: data });

                if (!component || !component.props) {
                    Logger.warn('E2EE', 'Component seems to be gone');
                    return;
                }

                component.props.decrypting = false;
                component.forceUpdate();
            })();
        }).catch(err => {
            console.log('request error', err);
        });
    }

    patchChannelTextArea(cta) {
        MonkeyPatch('BD:E2EE', cta.component.prototype).after('render', this.renderChannelTextArea);
    }

    renderChannelTextArea(component, args, retVal) {
        if (!(retVal.props.children instanceof Array)) retVal.props.children = [retVal.props.children];
        const inner = retVal.props.children.find(child => child.props.className && child.props.className.includes('inner'));
        inner.props.children.splice(0, 0, VueInjector.createReactElement(E2EEComponent));
    }

    patchChannelTextAreaSubmit(cta) {
        MonkeyPatch('BD:E2EE', cta.component.prototype).before('handleSubmit', this.handleChannelTextAreaSubmit.bind(this));
    }

    handleChannelTextAreaSubmit(component, args, retVal) {
        const key = this.getKey(DiscordApi.currentChannel.id);
        if (!this.encryptNewMessages || !key) return;
        component.props.value = this.encrypt(this.decrypt(this.decrypt(seed, this.master), key), component.props.value, '$:');
    }

    async disabled(e) {
        for (const patch of Patcher.getPatchesByCaller('BD:E2EE')) patch.unpatch();
        const ctaComponent = await ReactComponents.getComponent('ChannelTextArea');
        ctaComponent.forceUpdateAll();
    }

}
E2EE module base 2018-08-09 09:56:44 +02:00			`/**`
			`* BetterDiscord E2EE Module`
			`* Copyright (c) 2015-present Jiiks/JsSucks - https://github.com/Jiiks / https://github.com/JsSucks`
			`* All rights reserved.`
			`* https://betterdiscord.net`
			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*/`

Use cache module 2018-08-12 17:10:22 +02:00			`import { Settings, Cache } from 'modules';`
E2EE module base 2018-08-09 09:56:44 +02:00			`import BuiltinModule from './BuiltinModule';`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`import { WebpackModules, ReactComponents, MonkeyPatch, Patcher, DiscordApi, Security } from 'modules';`
E2EE patches 2018-08-10 14:08:21 +02:00			`import { VueInjector, Reflection } from 'ui';`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`import { ClientLogger as Logger } from 'common';`
Tons of stuff 2018-08-11 14:29:30 +02:00			`import { request } from 'vendor';`
			`import { Utils } from 'common';`
E2EE component and material lock icon 2018-08-10 14:30:24 +02:00			`import E2EEComponent from './E2EEComponent.vue';`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`import E2EEMessageButton from './E2EEMessageButton.vue';`
E2EE patches 2018-08-10 14:08:21 +02:00			`import aes256 from 'aes256';`
add hmac 2018-08-12 20:43:59 +02:00			`import crypto from 'node-crypto';`
E2EE module base 2018-08-09 09:56:44 +02:00
Set master key 2018-08-10 16:02:41 +02:00			`let seed = Math.random().toString(36).replace(/[^a-z]+/g, '');`
initial master encrypt 2018-08-10 16:01:07 +02:00
E2EE module base 2018-08-09 09:56:44 +02:00			`export default new class E2EE extends BuiltinModule {`

initial master encrypt 2018-08-10 16:01:07 +02:00			`constructor() {`
			`super();`
			`this.master = this.encrypt(seed, 'temporarymasterkey');`
Add clicking the status icon to toggle encryption 2018-08-11 03:43:02 +02:00			`this.encryptNewMessages = true;`
E2EE module base 2018-08-09 09:56:44 +02:00			`}`

Set master key 2018-08-10 16:02:41 +02:00			`setMaster(key) {`
			`seed = Math.random().toString(36).replace(/[^a-z]+/g, '');`
Set master 2018-08-10 16:04:09 +02:00			`const newMaster = this.encrypt(seed, key);`
			`// TODO re-encrypt everything with new master`
			`return (this.master = newMaster);`
Set master key 2018-08-10 16:02:41 +02:00			`}`

initial master encrypt 2018-08-10 16:01:07 +02:00			`get settingPath() {`
			`return ['security', 'default', 'e2ee'];`
Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`}`

			`get database() {`
Add clicking the status icon to toggle encryption 2018-08-11 03:43:02 +02:00			`return Settings.getSetting('security', 'e2eedb', 'e2ekvps').value;`
Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`}`

Don't prefix everything by default 2018-08-10 20:17:52 +02:00			`encrypt(key, content, prefix = '') {`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`if (!content) {`
			`// Get key for current channel and encrypt`
			`const haveKey = this.getKey(DiscordApi.currentChannel.id);`
			`if (!haveKey) return 'nokey';`
			`return this.encrypt(this.decrypt(this.decrypt(seed, this.master), haveKey), key);`
			`}`
Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`return prefix + aes256.encrypt(key, content);`
			`}`

Don't prefix everything by default 2018-08-10 20:17:52 +02:00			`decrypt(key, content, prefix = '') {`
			`return aes256.decrypt(key, content.replace(prefix, ''));`
Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`}`

add hmac 2018-08-12 20:43:59 +02:00			`async createHmac(data) {`
			`const haveKey = this.getKey(DiscordApi.currentChannel.id);`
			`if (!haveKey) return null;`
			`return Security.createHmac(haveKey, data);`
			`}`

Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`getKey(channelId) {`
			`const haveKey = this.database.find(kvp => kvp.value.key === channelId);`
			`if (!haveKey) return null;`
			`return haveKey.value.value;`
			`}`

E2EE patches 2018-08-10 14:08:21 +02:00			`async enabled(e) {`
Fix button patching 2018-08-10 19:38:02 +02:00			`this.patchMessageContent();`
			`const selector = '.' + WebpackModules.getClassName('channelTextArea', 'emojiButton');`
Message parsing 2018-08-11 02:39:13 +02:00			`const cta = await ReactComponents.getComponent('ChannelTextArea', { selector });`
			`this.patchChannelTextArea(cta);`
			`this.patchChannelTextAreaSubmit(cta);`
			`cta.forceUpdateAll();`
			`}`

			`async patchMessageContent() {`
			`const selector = '.' + WebpackModules.getClassName('container', 'containerCozy', 'containerCompact', 'edited');`
			`const MessageContent = await ReactComponents.getComponent('MessageContent', { selector });`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`MonkeyPatch('BD:E2EE', MessageContent.component.prototype).before('render', this.beforeRenderMessageContent.bind(this));`
			`MonkeyPatch('BD:E2EE', MessageContent.component.prototype).after('render', this.renderMessageContent.bind(this));`
Tons of stuff 2018-08-11 14:29:30 +02:00			`const ImageWrapper = await ReactComponents.getComponent('ImageWrapper', { selector: '.' + WebpackModules.getClassName('imageWrapper') });`
			`MonkeyPatch('BD:E2EE', ImageWrapper.component.prototype).before('render', this.beforeRenderImageWrapper.bind(this));`
E2EE module base 2018-08-09 09:56:44 +02:00			`}`

Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`beforeRenderMessageContent(component, args, retVal) {`
Fix button patching 2018-08-10 19:38:02 +02:00			`const key = this.getKey(DiscordApi.currentChannel.id);`
Message parsing 2018-08-11 02:39:13 +02:00			`if (!key) return; // We don't have a key for this channel`

			`const Message = WebpackModules.getModuleByPrototypes(['isMentioned']);`
			`const MessageParser = WebpackModules.getModuleByName('MessageParser');`
			`const currentChannel = DiscordApi.currentChannel.discordObject;`

			`if (!component.props \|\| !component.props.message) return;`
			`const { content } = component.props.message;`
			`if (typeof content !== 'string') return; // Ignore any non string content`
			`if (!content.startsWith('$:')) return; // Not an encrypted string`
			`let decrypt;`
			`try {`
			`decrypt = this.decrypt(this.decrypt(this.decrypt(seed, this.master), key), component.props.message.content);`
			`} catch (err) { return } // Ignore errors such as non empty`

Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`component.props.message.bd_encrypted = true;`

Message parsing 2018-08-11 02:39:13 +02:00			`// Create a new message to parse it properly`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`const create = Message.create(MessageParser.createMessage(currentChannel, MessageParser.parse(currentChannel, decrypt).content));`
Message parsing 2018-08-11 02:39:13 +02:00			`if (!create.content \|\| !create.contentParsed) return;`

			`component.props.message.content = create.content;`
			`component.props.message.contentParsed = create.contentParsed;`
Fix button patching 2018-08-10 19:38:02 +02:00			`}`

Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`renderMessageContent(component, args, retVal) {`
			`if (!component.props.message.bd_encrypted) return;`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`retVal.props.children[0].props.children.props.children.props.children.unshift(VueInjector.createReactElement(E2EEMessageButton));`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`}`

Tons of stuff 2018-08-11 14:29:30 +02:00			`beforeRenderImageWrapper(component, args, retVal) {`
			`if (!component.props \|\| !component.props.src) return;`
			`if (component.props.decrypting) return;`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`component.props.decrypting = true;`
Tons of stuff 2018-08-11 14:29:30 +02:00
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`const src = component.props.original \|\| component.props.src.split('?')[0];`
Tons of stuff 2018-08-11 14:29:30 +02:00			`if (!src.includes('bde2ee')) return;`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`component.props.className = 'bd-encryptedImage';`
Tons of stuff 2018-08-11 14:29:30 +02:00
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`const haveKey = this.getKey(DiscordApi.currentChannel.id);`
			`if (!haveKey) return;`

Use cache module 2018-08-12 17:10:22 +02:00			`const cached = Cache.find('e2ee:images', item => item.src === src);`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`if (cached) {`
			`Logger.info('E2EE', 'Returning encrypted image from cache');`
			`try {`
			`const decrypt = this.decrypt(this.decrypt(this.decrypt(seed, this.master), haveKey), cached.image);`
			`component.props.className = 'bd-decryptedImage';`
Strip base64 prefix to not have static data in encrypted content 2018-08-12 19:57:02 +02:00			`component.props.src = component.props.original = 'data:;base64,' + decrypt;`
Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`} catch (err) { return } finally { component.props.readyState = 'READY' }`
Tons of stuff 2018-08-11 14:29:30 +02:00			`return;`
			`}`

Image encryption, decryption, styling and other stuff 2018-08-12 14:39:00 +02:00			`component.props.readyState = 'LOADING';`
			`Logger.info('E2EE', 'Decrypting image: ' + src);`
			`request.get(src, { encoding: 'binary' }).then(res => {`
add hmac 2018-08-12 20:43:59 +02:00			`(async () => {`
			`const arr = new Uint8Array(new ArrayBuffer(res.length));`
			`for (let i = 0; i < res.length; i++) arr[i] = res.charCodeAt(i);`

			`const aobindex = Utils.aobscan(arr, [73, 69, 78, 68]) + 8;`
			`const sliced = arr.slice(aobindex);`
			`const image = new TextDecoder().decode(sliced);`

			`const hmac = image.slice(-64);`
			`const data = image.slice(0, -64);`
			`const validateHmac = await this.createHmac(data);`
			`if (hmac !== validateHmac) {`
			`console.log('INVALID HMAC!');`
			`return;`
			`}`

			`Cache.push('e2ee:images', { src, image: data });`

			`if (!component \|\| !component.props) {`
			`Logger.warn('E2EE', 'Component seems to be gone');`
			`return;`
			`}`

			`component.props.decrypting = false;`
			`component.forceUpdate();`
			`})();`
Tons of stuff 2018-08-11 14:29:30 +02:00			`}).catch(err => {`
			`console.log('request error', err);`
			`});`
			`}`

Message parsing 2018-08-11 02:39:13 +02:00			`patchChannelTextArea(cta) {`
			`MonkeyPatch('BD:E2EE', cta.component.prototype).after('render', this.renderChannelTextArea);`
			`}`

			`renderChannelTextArea(component, args, retVal) {`
E2EE patches 2018-08-10 14:08:21 +02:00			`if (!(retVal.props.children instanceof Array)) retVal.props.children = [retVal.props.children];`
			`const inner = retVal.props.children.find(child => child.props.className && child.props.className.includes('inner'));`
Add an encrypted indicator to encrypted messages 2018-08-11 03:58:55 +02:00			`inner.props.children.splice(0, 0, VueInjector.createReactElement(E2EEComponent));`
E2EE patches 2018-08-10 14:08:21 +02:00			`}`
E2EE module base 2018-08-09 09:56:44 +02:00
Message parsing 2018-08-11 02:39:13 +02:00			`patchChannelTextAreaSubmit(cta) {`
			`MonkeyPatch('BD:E2EE', cta.component.prototype).before('handleSubmit', this.handleChannelTextAreaSubmit.bind(this));`
			`}`

			`handleChannelTextAreaSubmit(component, args, retVal) {`
Functional E2EE submitting 2018-08-10 15:22:30 +02:00			`const key = this.getKey(DiscordApi.currentChannel.id);`
Add clicking the status icon to toggle encryption 2018-08-11 03:43:02 +02:00			`if (!this.encryptNewMessages \|\| !key) return;`
Don't prefix everything by default 2018-08-10 20:17:52 +02:00			`component.props.value = this.encrypt(this.decrypt(this.decrypt(seed, this.master), key), component.props.value, '$:');`
E2EE patches 2018-08-10 14:08:21 +02:00			`}`

Fix button patching 2018-08-10 19:38:02 +02:00			`async disabled(e) {`
E2EE patches 2018-08-10 14:08:21 +02:00			`for (const patch of Patcher.getPatchesByCaller('BD:E2EE')) patch.unpatch();`
Fix button patching 2018-08-10 19:38:02 +02:00			`const ctaComponent = await ReactComponents.getComponent('ChannelTextArea');`
			`ctaComponent.forceUpdateAll();`
E2EE module base 2018-08-09 09:56:44 +02:00			`}`

			`}`