import java.io.BufferedReader;import java.io.Console;import java.io.DataOutp

1. import java.io.BufferedReader;
2. import java.io.Console;
3. import java.io.DataOutputStream;
4. import java.io.File;
5. import java.io.FileOutputStream;
6. import java.io.IOException;
7. import java.io.InputStreamReader;
8. import java.nio.ByteBuffer;
9. import java.nio.CharBuffer;
10. import java.nio.charset.Charset;
11. import java.nio.charset.CharsetEncoder;
12. import java.security.InvalidAlgorithmParameterException;
13. import java.security.InvalidKeyException;
14. import java.security.NoSuchAlgorithmException;
15. import java.security.spec.InvalidKeySpecException;
16. import java.util.Arrays;
17. import java.util.Random;
18.  
19. import javax.crypto.Cipher;
20. import javax.crypto.CipherOutputStream;
21. import javax.crypto.NoSuchPaddingException;
22. import javax.crypto.SecretKey;
23. import javax.crypto.SecretKeyFactory;
24. import javax.crypto.spec.PBEKeySpec;
25. import javax.crypto.spec.PBEParameterSpec;
26.  
27. public class MinecraftLoginEncrypter {
28.     public static void main(String[] args) throws IOException {
29.         System.err.println("Security Note: Please check that this program has not been modified to harvest your login before inputting your username-password combination. In the source, look for \"java.net\"; in the binary, look for \"Ljava/net\" in a hex editor.");
30.         BufferedReader keyboardLines = new BufferedReader(new InputStreamReader(System.in));
31.         System.err.print("Username: ");
32.         String user = keyboardLines.readLine();
33.         char[] pass = null;
34.         try {
35.             Console console = System.console();
36.             if (console != null) {
37.                 System.err.print("Password: ");
38.                 pass = console.readPassword();
39.             }
40.         } catch (NoClassDefFoundError ncdfe) {
41.             // pass = null;
42.         } catch (NoSuchMethodError nsme) {
43.             // pass = null;
44.         }
45.         if (pass == null) {
46.             System.err.println("Security Note: No password-hiding functionality is available in this Java VM. The following password prompt will SHOW the password you enter.");
47.             System.err.print("Password: ");
48.             pass = keyboardLines.readLine().toCharArray();
49.         }
50.         MinecraftLoginEncrypter encrypter = new MinecraftLoginEncrypter(user, pass);
51.         try {
52.             encrypter.writeFile(new File(".", "lastlogin"));
53.             System.err.println("File written.");
54.         } finally {
55.             encrypter.close();
56.         }
57.     }
58.  
59.     private final String user;
60.  
61.     private final char[] pass;
62.  
63.     public MinecraftLoginEncrypter(final String user, final char[] pass) {
64.         this.user = user;
65.         this.pass = pass;
66.     }
67.  
68.     public void writeFile(File file) throws IOException {
69.         Cipher cipher;
70.         try {
71.             cipher = getCipher(Cipher.ENCRYPT_MODE, "passwordfile");
72.         } catch (Exception e) {
73.             throw new IOException("Error occurred while creating the cipher for the Minecraft login file", e);
74.         }
75.         DataOutputStream dos;
76.         if (cipher != null)
77.             dos = new DataOutputStream(new CipherOutputStream(new FileOutputStream(file), cipher));
78.         else {
79.             dos = new DataOutputStream(new FileOutputStream(file));
80.         }
81.         dos.writeUTF(user);
82.         CharsetEncoder c = Charset.forName("UTF-8").newEncoder();
83.         ByteBuffer bb = ByteBuffer.allocate(pass.length * (int) Math.ceil(c.maxBytesPerChar()));
84.         try {
85.             c.encode(CharBuffer.wrap(pass), bb, true);
86.             c.reset();
87.             dos.writeShort(bb.position());
88.             bb.flip();
89.             byte[] passBytes = new byte[bb.remaining()];
90.             try {
91.                 bb.get(passBytes);
92.                 dos.write(passBytes);
93.             } finally {
94.                 // Avoid memory sniffing attacks: zero out the password
95.                 Arrays.fill(passBytes, (byte) 0);
96.             }
97.         } finally {
98.             bb.clear();
99.             // Avoid memory sniffing attacks: zero out the password
100.             for (int i = 0; i < bb.limit(); i++) {
101.                 bb.put(i, (byte) 0);
102.             }
103.         }
104.         dos.flush();
105.         dos.close();
106.     }
107.  
108.     public void close() {
109.         // Avoid memory sniffing attacks: zero out the password
110.         Arrays.fill(pass, '\0');
111.     }
112.  
113.     protected void finalize() throws Throwable {
114.         close();
115.     }
116.  
117.     private Cipher getCipher(int mode, String password) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
118.         Random random = new Random(43287234L);
119.         byte[] salt = new byte[8];
120.         random.nextBytes(salt);
121.         PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 5);
122.  
123.         SecretKey pbeKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(password.toCharArray()));
124.         Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
125.         cipher.init(mode, pbeKey, pbeParamSpec);
126.         return cipher;
127.     }
128. }