using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Text; using System.Threading; using System.Threading.Tasks; using Newtonsoft.Json; using ShiftOS.Engine; using ShiftOS.Objects; using ShiftOS.WinForms.Applications; using static ShiftOS.Objects.ShiftFS.Utils; namespace ShiftOS.WinForms { [Namespace("puppy")] [RequiresUpgrade("hacker101_deadaccts")] [KernelMode] public static class KernelPuppyCommands { [Command("clear", true)] public static bool ClearLogs() { WriteAllText("0:/system/data/kernel.log", ""); Console.WriteLine(" logs cleared successfully."); return true; } } [Namespace("krnl")] public static class KernelCommands { [Command("control", true)] [RequiresArgument("pass")] public static bool Control(Dictionary args) { if(args["pass"].ToString() == ServerManager.thisGuid.ToString()) { KernelWatchdog.Log("warn", "User has breached the kernel."); KernelWatchdog.EnterKernelMode(); } return true; } [Command("lock_session")] [KernelMode] public static bool LeaveControl() { KernelWatchdog.Log("inf", "User has left the kernel-mode session."); KernelWatchdog.LeaveKernelMode(); KernelWatchdog.MudConnected = true; return true; } } [Namespace("hacker101")] [RequiresUpgrade("hacker101_deadaccts")] public static class HackerCommands { private static void writeSlow(string text) { ConsoleEx.ForegroundColor = ConsoleColor.DarkYellow; ConsoleEx.Bold = false; ConsoleEx.Italic = false; Console.Write("["); ConsoleEx.ForegroundColor = ConsoleColor.Magenta; ConsoleEx.Bold = true; Console.Write("hacker101"); ConsoleEx.ForegroundColor = ConsoleColor.DarkYellow; ConsoleEx.Italic = true; Console.Write("@"); ConsoleEx.ForegroundColor = ConsoleColor.White; Console.Write("undisclosed"); ConsoleEx.ForegroundColor = ConsoleColor.DarkYellow; ConsoleEx.Bold = false; ConsoleEx.Italic = false; Console.Write("]: "); Thread.Sleep(850); Console.WriteLine(text); Thread.Sleep(4000); } [Story("hacker101_deadaccts")] public static void DeadAccountsStory() { if (!terminalIsOpen()) { AppearanceManager.SetupWindow(new Terminal()); } var t = new Thread(() => { Console.WriteLine("[sys@mud]: Warning: User connecting to system..."); Thread.Sleep(75); Console.WriteLine("[sys@mud]: UBROADCAST: Username: hacker101 - Sysname: undisclosed"); Thread.Sleep(50); Console.Write("--locking mud connection resources..."); Thread.Sleep(50); Console.WriteLine("...done."); Console.Write("--locking user input... "); Thread.Sleep(75); TerminalBackend.PrefixEnabled = false; TerminalBackend.InStory = true; Console.WriteLine("...done."); Thread.Sleep(2000); writeSlow($"Hello there, fellow multi-user domain user."); writeSlow("My name, as you can tell, is hacker101."); writeSlow("And yours must be... don't say it... it's " + SaveSystem.CurrentSave.Username + "@" + SaveSystem.CurrentSave.SystemName + ", right?"); writeSlow("Of course it is."); writeSlow("And I bet you 10,000 Codepoints that you have... " + SaveSystem.CurrentSave.Codepoints.ToString() + " Codepoints."); writeSlow("Oh, and how much upgrades have you installed since you first started using ShiftOS?"); writeSlow("That would be... uhh... " + SaveSystem.CurrentSave.CountUpgrades().ToString() + "."); writeSlow("I'm probably freaking you out right now. You are probably thinking that you're unsafe and need to lock yourself down."); writeSlow("But, don't worry, I mean no harm."); writeSlow("In fact, I am a multi-user domain safety activist and security professional."); writeSlow("I need your help with something."); writeSlow("Inside the multi-user domain, every now and then these 'dead' user accounts pop up."); writeSlow("They're infesting everything. They're in every legion, they infest chatrooms, and they take up precious hard drive space."); writeSlow("Eventually there's going to be tons of them just sitting there taking over the MUD. We can't have that."); writeSlow("It sounds like a conspiracy theory indeed, but it's true, in fact, these dead accounts hold some valuable treasures."); writeSlow("I'm talking Codepoints, skins, documents, the possibilities are endless."); writeSlow("I'm going to execute a quick sys-script that will show you how you can help get rid of these accounts, and also gain some valuable resources to help you on your digital frontier."); writeSlow("This script will also show you the fundamentals of security exploitation and theft of resources - which if you want to survive in the multi-user domain is paramount."); writeSlow("Good luck."); Thread.Sleep(1000); Console.WriteLine("--user disconnected"); Thread.Sleep(75); Console.WriteLine("--commands unlocked - check sos.help."); Thread.Sleep(45); SaveSystem.SaveGame(); Console.Write("--unlocking user input..."); Thread.Sleep(75); Console.Write(" ..done"); TerminalBackend.InStory = false; TerminalBackend.PrefixEnabled = true; Console.Write($"{SaveSystem.CurrentSave.Username}@{SaveSystem.CurrentSave.SystemName}:~$ "); StartHackerTutorial(); TerminalBackend.PrefixEnabled = true; TerminalBackend.PrintPrompt(); }); t.IsBackground = true; t.Start(); TerminalBackend.PrefixEnabled = false; } internal static void StartHackerTutorial() { Desktop.InvokeOnWorkerThread(() => { var tut = new TutorialBox(); AppearanceManager.SetupWindow(tut); new Thread(() => { int tutPos = 0; Action ondec = () => { tutPos++; }; TerminalBackend.CommandProcessed += (o, a) => { switch (tutPos) { case 0: case 10: if (o.ToLower().StartsWith("mud.disconnect")) { tutPos++; } break; case 11: if (o.ToLower().StartsWith("krnl.lock_session")) tutPos++; break; case 1: if (o.ToLower().StartsWith("hacker101.brute_decrypt")) { if (a.Contains("0:/system/data/kernel.log")) { tutPos++; } } break; case 3: if (o.ToLower().StartsWith("krnl.control")) { tutPos++; } break; case 4: if (o.ToLower().StartsWith("puppy.clear")) tutPos++; break; case 5: if (o.ToLower().StartsWith("mud.reconnect")) tutPos++; break; case 6: if (o.ToLower().StartsWith("mud.sendmsg")) { var msg = JsonConvert.DeserializeObject(a); try { if (msg.header == "getusers" && msg.body == "dead") tutPos++; } catch { } } break; case 7: if (o.ToLower().StartsWith("hacker101.breach_user_password")) tutPos++; break; case 8: if (o.ToLower().StartsWith("hacker101.print_user_info")) tutPos++; break; case 9: if (o.ToLower().StartsWith("hacker101.steal_codepoints")) tutPos++; break; } }; tut.SetObjective("Welcome to the dead account exploitation tutorial. In this tutorial you will learn the basics of hacking within the multi-user domain."); Thread.Sleep(1000); tut.SetObjective("We will start with a simple system exploit - gaining kernel-level access to ShiftOS. This can help you perform actions not ever possible in the user level."); Thread.Sleep(1000); tut.SetObjective("To gain root access, you will first need to breach the system watchdog to keep it from dialing home to DevX."); Thread.Sleep(1000); tut.SetObjective("The watchdog can only function when it has a successful connection to the multi-user domain. You will need to use the MUD Control Centre to disconnect yourself from the MUD. This will lock you out of most features. To disconnect from the multi-user domain, simply run the 'mud.disconnect' command."); while(tutPos == 0) { } tut.SetObjective("As you can see, the kernel watchdog has shut down temporarily, however before the disconnect it was able to tell DevX that it has gone offline."); Thread.Sleep(1000); tut.SetObjective("You'll also notice that commands like the shiftorium, MUD control centre and various applications that utilize these system components no longer function."); Thread.Sleep(1000); tut.SetObjective("The watchdog, however, is still watching. DevX was smart and programmed the kernel to log all events to a local file in 0:/system/data/kernel.log."); Thread.Sleep(1000); tut.SetObjective("You will need to empty out this file before you can connect to the multi-user domain, as the watchdog will send the contents of this file straight to DevX."); Thread.Sleep(1000); tut.SetObjective("Or, you can do what we're about to do and attempt to decrypt the log and sniff out the kernel-mode access password."); Thread.Sleep(1000); tut.SetObjective("This will allow us to gain kernel-level access to our system using the krnl.control{pass:} command."); Thread.Sleep(1000); tut.SetObjective("Let's start decrypting the log file using the hacker101.brute_decrypt{file:} script. The file: argument is a string and should point to a .log file. When the script succeeds, you will see a TextPad open with the decrypted contents."); while(tutPos == 1) { } onCompleteDecrypt += ondec; tut.SetObjective("This script isn't the most agile script ever, but it'll get the job done."); while(tutPos == 2) { } onCompleteDecrypt -= ondec; tut.SetObjective("Alright - it's done. Here's how it's laid out. In each log entry, you have the timestamp, then the event name, then the event description."); Thread.Sleep(1000); tut.SetObjective("Look for the most recent 'mudhandshake' event. This contains the kernel access code."); Thread.Sleep(1000); tut.SetObjective("Once you have it, run 'krnl.control{pass:\"the-kernel-code-here\"}. This will allow you to gain access to the kernel."); while(tutPos == 3) { } tut.SetObjective("You are now in kernel mode. Every command you enter will run on the kernel. Now, let's clear the watchdog's logfile and reconnect to the multi-user domain."); Thread.Sleep(1000); tut.SetObjective("To clear the log, simply run 'puppy.clear'."); while(tutPos == 4) { } tut.SetObjective("Who's a good dog... You are, ShiftOS. Now, we can connect back to the MUD using 'mud.reconnect'."); Thread.Sleep(1000); while(tutPos == 5) { } tut.SetObjective("We have now snuck by the watchdog and DevX has no idea. With kernel-level access, everything you do is not logged, however if you perform too much in one shot, you'll get kicked off and locked out of the multi-user domain temporarily."); Thread.Sleep(1000); tut.SetObjective("So, let's focus on the job. You want to get into one of those fancy dead accounts, don't ya? Well, first, we need to talk with the MUD to get a list of these accounts."); Thread.Sleep(1000); tut.SetObjective("Simply run the `mud.sendmsg` command, specifying a 'header' of \"getusers\", and a body of \"dead\"."); while(tutPos == 6) { } tut.SetObjective("Great. We now have the usernames and sysnames of all dead accounts on the MUD. Now let's use the hacker101.breach_user_password{user:,sys:} command to breach one of these accounts' passwords."); while(tutPos == 7) { } tut.SetObjective("There - you now have access to that account. Use its password, username and sysname and run the hacker101.print_user_info{user:,pass:,sys:} command to print the entirety of this user's information."); while(tutPos == 8) { } tut.SetObjective("Now you can see a list of the user's Codepoints among other things. Now you can steal their codepoints by using the hacker101.steal_codepoints{user:,pass:,sys;,amount:} command. Be careful. This may alert DevX."); while(tutPos == 9) { } if(devx_alerted == true) { tut.SetObjective("Alright... enough fun and games. DevX just found out we were doing this."); Thread.Sleep(500); tut.SetObjective("Quick! Disconnect from the MUD!!"); while(tutPos == 10) { } tut.SetObjective("Now, get out of kernel mode! To do that, run krnl.lock_session."); while(tutPos == 11) { } } else { tut.SetObjective("OK, that was risky, but we pulled it off. Treat yourself! But first, let's get you out of kernel mode."); Thread.Sleep(500); tut.SetObjective("First we need to get you off the MUD. Simply run mud.disconnect again."); while (tutPos == 10) { } tut.SetObjective("Now, let's run krnl.lock_session. This will lock you back into the user mode, and reconnect you to the MUD."); while (tutPos == 11) { } tut.SetObjective("If, for some reason, DevX DOES find out, you have to be QUICK to get off of kernel mode. You don't want to make him mad."); } Thread.Sleep(1000); tut.SetObjective("So that's all for now. Whenever you're in kernel mode again, and you have access to a user account, try breaching their filesystem next time. You can use sos.help{ns:} to show commands from a specific namespace to help you find more commands easily."); Thread.Sleep(1000); tut.SetObjective("You can now close this window."); tut.IsComplete = true; }).Start(); }); } private static bool devx_alerted = false; private static event Action onCompleteDecrypt; private static bool terminalIsOpen() { foreach(var win in AppearanceManager.OpenForms) { if (win.ParentWindow is Terminal) return true; } return false; } const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-_"; [MultiplayerOnly] [Command("breach_user_password")] [KernelMode] [RequiresArgument("user")] [RequiresArgument("sys")] [RequiresUpgrade("hacker101_deadaccts")] public static bool BreachUserPassword(Dictionary args) { string usr = args["user"].ToString(); string sys = args["sys"].ToString(); bool received = false; ServerMessageReceived msgReceived = null; Console.WriteLine("--hooking system thread..."); msgReceived = (msg) => { if(msg.Name == "user_data") { var sve = JsonConvert.DeserializeObject(msg.Contents); var rnd = new Random(); var sw = new Stopwatch(); sw.Start(); Thread.Sleep(2000); if(rnd.Next(0, 100) >= 75) { Console.WriteLine("--operation took too long - failed."); ServerManager.SendMessage("mud_save_allow_dead", JsonConvert.SerializeObject(sve)); ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrefixEnabled = true; return; } sw.Stop(); Console.WriteLine(sve.Password); Console.WriteLine(); Console.WriteLine("--password breached. Operation took " + sw.ElapsedMilliseconds + " milliseconds."); received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } else if(msg.Name == "user_data_not_found") { Console.WriteLine("--access denied."); received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } TerminalBackend.PrefixEnabled = true; }; Console.WriteLine("--beginning brute-force attack on " + usr + "@" + sys + "..."); ServerManager.MessageReceived += msgReceived; ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new { user = usr, sysname = sys })); TerminalBackend.PrefixEnabled = false; Thread.Sleep(500); return true; } [MultiplayerOnly] [Command("print_user_info")] [KernelMode] [RequiresArgument("pass")] [RequiresArgument("user")] [RequiresArgument("sys")] [RequiresUpgrade("hacker101_deadaccts")] public static bool PrintUserInfo(Dictionary args) { string usr = args["user"].ToString(); string sys = args["sys"].ToString(); string pass = args["pass"].ToString(); bool received = false; ServerMessageReceived msgReceived = null; Console.WriteLine("--hooking multi-user domain response call..."); msgReceived = (msg) => { if (msg.Name == "user_data") { var sve = JsonConvert.DeserializeObject(msg.Contents); if(sve.Password == pass) { Console.WriteLine("Username: " + sve.Username); Console.WriteLine("Password: " + sve.Password); Console.WriteLine("System name: " + sve.SystemName); Console.WriteLine(); Console.WriteLine("Codepoints: " + sve.Codepoints.ToString()); } else { Console.WriteLine("--access denied."); } received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } else if (msg.Name == "user_data_not_found") { Console.WriteLine("--access denied."); received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } TerminalBackend.PrefixEnabled = true; }; Console.WriteLine("--contacting multi-user domain..."); ServerManager.MessageReceived += msgReceived; ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new { user = usr, sysname = sys })); Thread.Sleep(500); TerminalBackend.PrefixEnabled = false; return true; } [MultiplayerOnly] [Command("steal_codepoints")] [KernelMode] [RequiresArgument("amount")] [RequiresArgument("pass")] [RequiresArgument("user")] [RequiresArgument("sys")] [RequiresUpgrade("hacker101_deadaccts")] public static bool StealCodepoints(Dictionary args) { string usr = args["user"].ToString(); string sys = args["sys"].ToString(); string pass = args["pass"].ToString(); long amount = (long)args["amount"]; bool received = false; if(amount < 0) { Console.WriteLine("--invalid codepoint amount - halting..."); return true; } ServerMessageReceived msgReceived = null; Console.WriteLine("--hooking multi-user domain response call..."); msgReceived = (msg) => { if (msg.Name == "user_data") { var sve = JsonConvert.DeserializeObject(msg.Contents); if (sve.Password == pass) { if(amount > sve.Codepoints) { Console.WriteLine("--can't steal this many codepoints from user."); ServerManager.SendMessage("mud_save_allow_dead", JsonConvert.SerializeObject(sve)); TerminalBackend.PrefixEnabled = true; return; } sve.Codepoints -= amount; SaveSystem.TransferCodepointsFrom(sve.Username, amount); ServerManager.SendMessage("mud_save_allow_dead", JsonConvert.SerializeObject(sve)); SaveSystem.SaveGame(); } else { Console.WriteLine("--access denied."); } received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } else if (msg.Name == "user_data_not_found") { Console.WriteLine("--access denied."); received = true; ServerManager.MessageReceived -= msgReceived; TerminalBackend.PrintPrompt(); } TerminalBackend.PrefixEnabled = true; }; Console.WriteLine("--contacting multi-user domain..."); Thread.Sleep(500); ServerManager.MessageReceived += msgReceived; ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new { user = usr, sysname = sys })); Thread.Sleep(500); TerminalBackend.PrefixEnabled = false; return true; } [MultiplayerOnly] [Command("purge_user")] [KernelMode] [RequiresArgument("pass")] [RequiresArgument("user")] [RequiresArgument("sys")] [RequiresUpgrade("hacker101_deadaccts")] public static bool PurgeUser(Dictionary args) { string usr = args["user"].ToString(); string sys = args["sys"].ToString(); string pass = args["pass"].ToString(); ServerMessageReceived msgReceived = null; Console.WriteLine("--hooking multi-user domain response call..."); msgReceived = (msg) => { if (msg.Name == "user_data") { var sve = JsonConvert.DeserializeObject(msg.Contents); if (sve.Password == pass) { ServerManager.SendMessage("delete_dead_save", JsonConvert.SerializeObject(sve)); Console.WriteLine(" User purged successfully."); } else { Console.WriteLine("--access denied."); } ServerManager.MessageReceived -= msgReceived; } else if (msg.Name == "user_data_not_found") { Console.WriteLine("--access denied."); ServerManager.MessageReceived -= msgReceived; } TerminalBackend.PrintPrompt(); TerminalBackend.PrefixEnabled = true; }; Console.WriteLine("--contacting multi-user domain..."); Thread.Sleep(500); ServerManager.MessageReceived += msgReceived; ServerManager.SendMessage("get_user_data", JsonConvert.SerializeObject(new { user = usr, sysname = sys })); Thread.Sleep(500); TerminalBackend.PrefixEnabled = false; return true; } [Command("brute_decrypt", true)] [RequiresArgument("file")] public static bool BruteDecrypt(Dictionary args) { if (FileExists(args["file"].ToString())) { string pass = new Random().Next(1000, 10000).ToString(); string fake = ""; Console.WriteLine("Beginning brute-force attack on password."); var s = new Stopwatch(); s.Start(); for(int i = 0; i < pass.Length; i++) { for(int num = 0; num < 10; num++) { if(pass[i].ToString() == num.ToString()) { fake += num.ToString(); Console.Write(num); } } } s.Stop(); Console.WriteLine("...password cracked - operation took " + s.ElapsedMilliseconds + " milliseconds."); var tp = new TextPad(); AppearanceManager.SetupWindow(tp); WriteAllText("0:/temp.txt", ReadAllText(args["file"].ToString())); tp.LoadFile("0:/temp.txt"); Delete("0:/temp.txt"); onCompleteDecrypt?.Invoke(); } else { Console.WriteLine("brute_decrypt: file not found"); } return true; } } [MultiplayerOnly] [Namespace("storydev")] public static class StoryDevCommands { [Command("start", description = "Starts a story plot.", usage ="id:string")] [RequiresArgument("id")] [RemoteLock] public static bool StartStory(Dictionary args) { Story.Start(args["id"].ToString()); return true; } [Command("unexperience", description = "Marks a story plot as not-experienced yet.", usage ="id:string")] [RemoteLock] [RequiresArgument("id")] public static bool Unexperience(Dictionary args) { string id = args["id"].ToString(); if (SaveSystem.CurrentSave.StoriesExperienced.Contains(id)) { Console.WriteLine("Unexperiencing " + id + "."); SaveSystem.CurrentSave.StoriesExperienced.Remove(id); SaveSystem.SaveGame(); } else { Console.WriteLine("Story ID not found."); } return true; } [Command("experience", description = "Marks a story plot as experienced without triggering the plot.", usage ="{id:}")] [RequiresArgument("id")] [RemoteLock] public static bool Experience(Dictionary args) { SaveSystem.CurrentSave.StoriesExperienced.Add(args["id"].ToString()); SaveSystem.SaveGame(); return true; } } }