migrate code from to2mbn/authlib-agent

2024-11-15 06:11:09 +01:00 · 2017-08-13 17:43:13 +08:00 · 2017-08-13 17:43:13 +08:00 · b3376d61ce
commit b3376d61ce
parent 1405523046
15 changed files with 730 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,57 @@
 # authlib-injector
 通过运行时修改authlib实现游戏外登录
+
+## 编译
+```
+gradle clean shadowJar
+```
+构建输出位于`build/libs`下。
+
+或者直接从[Jenkins](https://ci.to2mbn.org/job/authlib-injector)下载构建好的JAR。
+
+
+## 部署
+
+### 配置
+配置文件模板位于[authlib-injector.example.yaml](https://github.com/to2mbn/authlib-injector/blob/master/authlib-injector.example.yaml)。
+
+#### 生成签名公钥
+服务端返回的profile properties需要带有数字签名。
+
+可以通过以下方法生成一个新的RSA私钥：
+```
+openssl genrsa -out key.pem
+```
+
+然后从私钥产生公钥：
+```
+openssl rsa -in key.pem -pubout
+```
+
+### 加载
+#### 作为javaagent加载
+向JVM参数中添加`-javaagent:<path_to_authlib-injector.jar>`
+
+该方法适用于所有客户端、服务端、启动器等。
+
+#### 作为mod加载
+直接放入mods目录即可。
+
+该方法适用于Forge及Liteloader。
+
+### 指定配置文件
+authlib-injector提供了以下方式来指定配置文件（按优先级排序）：
+
+1. 通过javaagent参数指定
+   * 在`javaagent`参数后面添加`=<path_to_config>`
+   * 例如`-javaagent:authlib-injector.jar=my-authlib-injector.yaml`
+   * 仅适用于通过javaagent加载
+2. 通过`org.to2mbn.authlibinjector.config`属性指定
+   * 如`-Dorg.to2mbn.authlibinjector.config=my-authlib-injector.yaml`
+3. JAR中的`/authlib-injector.yaml`文件
+   * 可以在编译时向`src/main/resources`中添加配置文件，或者直接向JAR中添加（JAR为zip格式）
+4. 当前目录下的`authlib-injector.yaml`文件
+
+## 本项目与authlib-agent的关系
+authlib-agent项目存在较多历史遗留问题，并且原项目的javaagent部分及后端部分耦合在一起，需要一起构建。因此将原项目的javaagent部分重写，并更名authlib-injector，同时提供更加友好的配置方式，以供其它yggdrasil服务端实现使用。
+
--- a/authlib-injector.example.yaml
+++ b/authlib-injector.example.yaml
@ -0,0 +1,50 @@
+# authlib-injector配置文件模板
+# 该文件仅作为参考, 请不要复制粘贴该文件中的内容
+
+# 配置文件查找顺序
+#   authlib-injector会按照以下顺序搜索配置文件, 并使用第一个找到的
+#   - 以javaagent方式启动时指定的参数
+#       例如通过 -javaagent:authlib-injector.jar=my-authlib-injector.yaml
+#       指定 my-authlib-injector.yaml 为配置文件
+#   - org.to2mbn.authlibinjector.config 属性
+#       例如 -Dorg.to2mbn.authlibinjector.config=my-authlib-injector.yaml
+#   - JAR中的 /authlib-injector.yaml 文件
+#   - 当前目录下的 authlib-injector.yaml 文件
+
+# 是否开启调试模式
+#   开启后会将修改过的字节码存于当前目录下名为
+#   {className}_modified.class 的文件中
+debug: false
+
+# API路径
+#   对于如下格式的MojangAPI: https://{subdomain}.mojang.com/{path}
+#   将会被替换为: {apiRoot}{subdomain}/{path}
+#
+#   例如, apiRoot为 https://yggdrasil.example.com/
+#   则 https://sessionserver.mojang.com/session/minecraft/join
+#   会被替换为 https://yggdrasil.example.com/sessionserver/session/minecraft/join
+apiRoot: https://yggdrasil.example.com/
+
+# 加入皮肤白名单的域名后缀
+#   只有以 .minecraft.net, .mojang.com,
+#   或以下列表中任一元素为后缀的域名才能提供材质
+skinWhitelistDomains:
+  - .example.com
+
+# 用于验证profile properties的公钥
+#   如果不想进行公钥替换, 可将该属性删除
+publicKey: |-
+  -----BEGIN PUBLIC KEY-----
+  MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAylB4B6m5lz7jwrcFz6Fd
+  /fnfUhcvlxsTSn5kIK/2aGG1C3kMy4VjhwlxF6BFUSnfxhNswPjh3ZitkBxEAFY2
+  5uzkJFRwHwVA9mdwjashXILtR6OqdLXXFVyUPIURLOSWqGNBtb08EN5fMnG8iFLg
+  EJIBMxs9BvF3s3/FhuHyPKiVTZmXY0WY4ZyYqvoKR+XjaTRPPvBsDa4WI2u1zxXM
+  eHlodT3lnCzVvyOYBLXL6CJgByuOxccJ8hnXfF9yY4F0aeL080Jz/3+EBNG8RO4B
+  yhtBf4Ny8NQ6stWsjfeUIvH7bU/4zCYcYOq4WrInXHqS8qruDmIl7P5XXGcabuzQ
+  stPf/h2CRAUpP/PlHXcMlvewjmGU6MfDK+lifScNYwjPxRo4nKTGFZf/0aqHCh/E
+  AsQyLKrOIYRE0lDG3bzBh8ogIMLAugsAfBb6M3mqCqKaTMAf/VAjh5FFJnjS+7bE
+  +bZEV0qwax1CEoPPJL1fIQjOS8zj086gjpGRCtSy9+bTPTfTR/SJ+VUB5G2IeCIt
+  kNHpJX2ygojFZ9n5Fnj7R9ZnOM+L8nyIjPu3aePvtcrXlyLhH/hvOfIOjPxOlqW+
+  O5QwSFP4OEcyLAUgDdUgyW36Z5mB285uKW/ighzZsOTevVUG2QwDItObIV6i8RCx
+  FbN2oDHyPaO5j1tTaBNyVt8CAwEAAQ==
+  -----END PUBLIC KEY-----
--- a/build.gradle
+++ b/build.gradle
@ -5,11 +5,15 @@ plugins {

 repositories {
 	mavenCentral()
+	maven { url 'https://libraries.minecraft.net/' }
 }

 dependencies {
 	compile 'org.ow2.asm:asm:5.2'
 	compile 'org.yaml:snakeyaml:1.18'
+	compileOnly ('net.minecraft:launchwrapper:1.12') {
+		transitive = false
+	}
 	testCompile 'junit:junit:4.12'
 }

@ -21,8 +25,12 @@ jar {
 		attributes (
 			'Implementation-Title': project.name,
 			'Implementation-Version': version,
-			'Premain-Class': 'org.to2mbn.authlibtweaker.javaagent.AuthlibInjectorPremain',
-			'TweakClass': 'org.to2mbn.authlibtweaker.tweaker.AuthlibInjectorTweaker'
+			'Premain-Class': 'org.to2mbn.authlibinjector.javaagent.AuthlibInjectorPremain',
+			'TweakClass': 'org.to2mbn.authlibinjector.tweaker.AuthlibInjectorTweaker'
 		)
 	}
 }
+
+shadowJar {
+	classifier = null
+}
--- a/src/main/java/org/to2mbn/authlibinjector/AuthlibInjector.java
+++ b/src/main/java/org/to2mbn/authlibinjector/AuthlibInjector.java
@ -0,0 +1,78 @@
+package org.to2mbn.authlibinjector;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.UncheckedIOException;
+import java.lang.instrument.ClassFileTransformer;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.text.MessageFormat;
+import java.util.function.Consumer;
+import org.to2mbn.authlibinjector.transform.ClassTransformer;
+import org.yaml.snakeyaml.Yaml;
+
+public final class AuthlibInjector {
+
+	private static final String[] nonTransformablePackages = new String[] { "java.", "javax.", "com.sun.", "com.oracle.", "jdk.", "sun.", "org.apache.", "com.google.", "oracle.", "com.oracle.", "com.paulscode.", "io.netty.", "org.lwjgl.", "net.java.", "org.w3c.", "javassist." };
+
+	private AuthlibInjector() {}
+
+	public static void log(String message, Object... args) {
+		System.err.println("[authlib-injector] " + MessageFormat.format(message, args));
+	}
+
+	public static void bootstrap(Consumer<ClassFileTransformer> transformerRegistry) {
+		InjectorConfig config = loadConfig();
+		ClassTransformer transformer = new ClassTransformer();
+
+		if (config.isDebug()) transformer.debug = true;
+
+		for (String ignore : nonTransformablePackages)
+			transformer.ignores.add(ignore);
+
+		config.applyTransformers(transformer.units);
+		transformerRegistry.accept(transformer);
+	}
+
+	private static InjectorConfig loadConfig() {
+		try (Reader reader = new InputStreamReader(lookupConfig(), StandardCharsets.UTF_8)) {
+			Yaml yaml = new Yaml();
+			return yaml.loadAs(reader, InjectorConfig.class);
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
+	private static InputStream lookupConfig() throws IOException {
+		String configProperty = System.getProperty("org.to2mbn.authlibinjector.config");
+		if (configProperty != null) {
+			Path configFile = Paths.get(configProperty);
+			if (!Files.exists(configFile)) {
+				log("file not exists: {0}", configProperty);
+			} else {
+				log("using config: " + configProperty);
+				return Files.newInputStream(configFile);
+			}
+		}
+
+		InputStream packedConfig = AuthlibInjector.class.getResourceAsStream("/authlib-injector.yaml");
+		if (packedConfig != null) {
+			log("using config: jar:/authlib-injector.yaml");
+			return packedConfig;
+		}
+
+		Path currentConfigFile = Paths.get("authlib-injector.yaml");
+		if (!Files.exists(currentConfigFile)) {
+			throw new FileNotFoundException("no config is found");
+		} else {
+			log("using config: ./authlib-injector.yaml");
+			return Files.newInputStream(currentConfigFile);
+		}
+	}
+
+}
--- a/src/main/java/org/to2mbn/authlibinjector/InjectorConfig.java
+++ b/src/main/java/org/to2mbn/authlibinjector/InjectorConfig.java
@ -0,0 +1,66 @@
+package org.to2mbn.authlibinjector;
+
+import java.util.Base64;
+import java.util.List;
+import org.to2mbn.authlibinjector.transform.SkinWhitelistTransformUnit;
+import org.to2mbn.authlibinjector.transform.TransformUnit;
+import org.to2mbn.authlibinjector.transform.YggdrasilApiTransformUnit;
+import org.to2mbn.authlibinjector.transform.YggdrasilKeyTransformUnit;
+
+public class InjectorConfig {
+
+	private static byte[] decodePublicKey(String input) {
+		final String header = "-----BEGIN PUBLIC KEY-----\n";
+		final String end = "-----END PUBLIC KEY-----";
+		if (input.startsWith(header) && input.endsWith(end)) {
+			return Base64.getDecoder().decode(input.substring(header.length(), input.length() - end.length()).replace("\n", ""));
+		} else {
+			throw new IllegalArgumentException("Bad key format");
+		}
+	}
+
+	private String apiRoot;
+	private List<String> skinWhitelistDomains;
+	private String publicKey;
+	private boolean debug;
+
+	public String getApiRoot() {
+		return apiRoot;
+	}
+
+	public void setApiRoot(String apiRoot) {
+		this.apiRoot = apiRoot;
+	}
+
+	public List<String> getSkinWhitelistDomains() {
+		return skinWhitelistDomains;
+	}
+
+	public void setSkinWhitelistDomains(List<String> skinWhitelistDomains) {
+		this.skinWhitelistDomains = skinWhitelistDomains;
+	}
+
+	public String getPublicKey() {
+		return publicKey;
+	}
+
+	public void setPublicKey(String publicKey) {
+		this.publicKey = publicKey;
+	}
+
+	public boolean isDebug() {
+		return debug;
+	}
+
+	public void setDebug(boolean debug) {
+		this.debug = debug;
+	}
+
+	public void applyTransformers(List<TransformUnit> units) {
+		units.add(new YggdrasilApiTransformUnit(apiRoot));
+		units.add(new SkinWhitelistTransformUnit(skinWhitelistDomains.toArray(new String[0])));
+		if (publicKey != null) {
+			units.add(new YggdrasilKeyTransformUnit(decodePublicKey(publicKey)));
+		}
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/javaagent/AuthlibInjectorPremain.java
+++ b/src/main/java/org/to2mbn/authlibinjector/javaagent/AuthlibInjectorPremain.java
@ -0,0 +1,21 @@
+package org.to2mbn.authlibinjector.javaagent;
+
+import static org.to2mbn.authlibinjector.AuthlibInjector.bootstrap;
+import static org.to2mbn.authlibinjector.AuthlibInjector.log;
+import java.lang.instrument.Instrumentation;
+
+public class AuthlibInjectorPremain {
+
+	public static void premain(String arg, Instrumentation instrumentation) {
+		try {
+			log("launched from javaagent");
+			if (arg != null && !arg.isEmpty()) {
+				System.setProperty("org.to2mbn.authlibinjector.config", arg);
+			}
+			bootstrap(instrumentation::addTransformer);
+		} catch (Throwable e) {
+			// prevent the exception being thrown to VM
+			e.printStackTrace();
+		}
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/ClassTransformer.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/ClassTransformer.java
@ -0,0 +1,109 @@
+package org.to2mbn.authlibinjector.transform;
+
+import static org.to2mbn.authlibinjector.AuthlibInjector.log;
+import java.io.IOException;
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.IllegalClassFormatException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
+import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import org.objectweb.asm.ClassReader;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.ClassWriter;
+
+public class ClassTransformer implements ClassFileTransformer {
+
+	public List<TransformUnit> units = new ArrayList<>();
+	public Set<String> ignores = new HashSet<>();
+	public boolean debug;
+
+	private static class TransformHandle {
+
+		private boolean modified = false;
+		private boolean currentModified;
+		private String className;
+		private byte[] classBuffer;
+		private ClassWriter pooledClassWriter;
+
+		public TransformHandle(String className, byte[] classBuffer) {
+			this.className = className;
+			this.classBuffer = classBuffer;
+		}
+
+		public void accept(TransformUnit unit) {
+			ClassWriter writer;
+			if (pooledClassWriter == null) {
+				writer = new ClassWriter(ClassWriter.COMPUTE_MAXS);
+			} else {
+				writer = pooledClassWriter;
+				pooledClassWriter = null;
+			}
+
+			Optional<ClassVisitor> optionalVisitor = unit.transform(className, writer, () -> currentModified = true);
+			if (optionalVisitor.isPresent()) {
+				currentModified = false;
+				ClassReader reader = new ClassReader(classBuffer);
+				reader.accept(optionalVisitor.get(), 0);
+				if (currentModified) {
+					log("transform {0} using {1}", className, unit);
+					modified = true;
+					classBuffer = writer.toByteArray();
+				}
+			} else {
+				pooledClassWriter = writer;
+			}
+		}
+
+		public Optional<byte[]> getResult() {
+			if (modified) {
+				return Optional.of(classBuffer);
+			} else {
+				return Optional.empty();
+			}
+		}
+
+	}
+
+	@Override
+	public byte[] transform(ClassLoader loader, String internalClassName, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
+		if (internalClassName != null && classfileBuffer != null) {
+			try {
+				String className = internalClassName.replace('/', '.');
+				for (String prefix : ignores)
+					if (className.startsWith(prefix)) return null;
+
+				TransformHandle handle = new TransformHandle(className, classfileBuffer);
+				units.forEach(handle::accept);
+				if (handle.getResult().isPresent()) {
+					byte[] classBuffer = handle.getResult().get();
+					if (debug) {
+						saveClassFile(className, classBuffer);
+					}
+					return classBuffer;
+				} else {
+					return null;
+				}
+			} catch (Throwable e) {
+				log("unable to transform {0}: {1}", internalClassName, e);
+				e.printStackTrace();
+			}
+		}
+		return null;
+	}
+
+	private void saveClassFile(String className, byte[] classBuffer) {
+		try {
+			Files.write(Paths.get(className + "_dump.class"), classBuffer, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
+		} catch (IOException e) {
+			log("unable to dump class {0}: {1}", className, e);
+			e.printStackTrace();
+		}
+	}
+
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/LdcTransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/LdcTransformUnit.java
@ -0,0 +1,45 @@
+package org.to2mbn.authlibinjector.transform;
+
+import static org.objectweb.asm.Opcodes.ASM5;
+import static org.to2mbn.authlibinjector.AuthlibInjector.log;
+import java.util.Optional;
+import java.util.function.Function;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.MethodVisitor;
+
+public class LdcTransformUnit implements TransformUnit {
+
+	private Function<String, Optional<String>> ldcMapper;
+
+	public LdcTransformUnit(Function<String, Optional<String>> ldcMapper) {
+		this.ldcMapper = ldcMapper;
+	}
+
+	@Override
+	public Optional<ClassVisitor> transform(String className, ClassVisitor writer, Runnable modifiedCallback) {
+		return Optional.of(new ClassVisitor(ASM5, writer) {
+
+			@Override
+			public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
+				return new MethodVisitor(ASM5, super.visitMethod(access, name, desc, signature, exceptions)) {
+
+					@Override
+					public void visitLdcInsn(Object cst) {
+						if (cst instanceof String) {
+							Optional<String> transformed = ldcMapper.apply((String) cst);
+							if (transformed.isPresent() && !transformed.get().equals(cst)) {
+								modifiedCallback.run();
+								log("transform [{0}] to [{1}]", cst, transformed.get());
+								super.visitLdcInsn(transformed.get());
+							} else {
+								super.visitLdcInsn(cst);
+							}
+						} else {
+							super.visitLdcInsn(cst);
+						}
+					}
+				};
+			}
+		});
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/RegexTransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/RegexTransformUnit.java
@ -0,0 +1,12 @@
+package org.to2mbn.authlibinjector.transform;
+
+import java.util.Optional;
+import java.util.regex.Pattern;
+
+public class RegexTransformUnit extends LdcTransformUnit {
+
+	public RegexTransformUnit(Pattern find, String replace) {
+		super(input -> Optional.of(find.matcher(input).replaceAll(replace)));
+	}
+
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/SkinWhitelistTransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/SkinWhitelistTransformUnit.java
@ -0,0 +1,107 @@
+package org.to2mbn.authlibinjector.transform;
+
+import static org.objectweb.asm.Opcodes.AASTORE;
+import static org.objectweb.asm.Opcodes.ANEWARRAY;
+import static org.objectweb.asm.Opcodes.ASM5;
+import static org.objectweb.asm.Opcodes.DUP;
+import static org.objectweb.asm.Opcodes.ICONST_0;
+import static org.objectweb.asm.Opcodes.ICONST_1;
+import static org.objectweb.asm.Opcodes.ICONST_2;
+import static org.objectweb.asm.Opcodes.SIPUSH;
+import java.util.Optional;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.MethodVisitor;
+
+public class SkinWhitelistTransformUnit implements TransformUnit {
+
+	private String[] skinWhitelist;
+
+	public SkinWhitelistTransformUnit(String[] skinWhitelist) {
+		this.skinWhitelist = skinWhitelist;
+	}
+
+	@Override
+	public Optional<ClassVisitor> transform(String className, ClassVisitor writer, Runnable modifiedCallback) {
+		if ("com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService".equals(className)) {
+			return Optional.of(new ClassVisitor(ASM5, writer) {
+
+				@Override
+				public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
+					if ("<clinit>".equals(name)) {
+						return new MethodVisitor(ASM5, super.visitMethod(access, name, desc, signature, exceptions)) {
+
+							int status = 0;
+
+							@Override
+							public void visitInsn(int opcode) {
+								if (status == 0 && opcode == ICONST_2) {
+									status++;
+								} else if ((status == 2 || status == 6) && opcode == DUP) {
+									status++;
+								} else if (status == 3 && opcode == ICONST_0) {
+									status++;
+								} else if ((status == 5 || status == 9) && opcode == AASTORE) {
+									status++;
+									if (status == 10) {
+										modifiedCallback.run();
+										super.visitIntInsn(SIPUSH, skinWhitelist.length + 2);
+										super.visitTypeInsn(ANEWARRAY, "java/lang/String");
+										super.visitInsn(DUP);
+										super.visitInsn(ICONST_0);
+										super.visitLdcInsn(".minecraft.net");
+										super.visitInsn(AASTORE);
+										super.visitInsn(DUP);
+										super.visitInsn(ICONST_1);
+										super.visitLdcInsn(".mojang.com");
+										super.visitInsn(AASTORE);
+										for (int i = 0; i < skinWhitelist.length; i++) {
+											super.visitInsn(DUP);
+											super.visitIntInsn(SIPUSH, i + 2);
+											super.visitLdcInsn(skinWhitelist[i]);
+											super.visitInsn(AASTORE);
+										}
+									}
+								} else if (status == 7 && opcode == ICONST_1) {
+									status++;
+								} else {
+									super.visitInsn(opcode);
+								}
+							}
+
+							@Override
+							public void visitTypeInsn(int opcode, String type) {
+								if (status == 1 && opcode == ANEWARRAY && "java/lang/String".equals(type)) {
+									status++;
+								} else {
+									super.visitTypeInsn(opcode, type);
+								}
+							}
+
+							@Override
+							public void visitLdcInsn(Object cst) {
+								if (status == 4 && ".minecraft.net".equals(cst)) {
+									status++;
+								} else if (status == 8 && ".mojang.com".equals(cst)) {
+									status++;
+								} else {
+									super.visitLdcInsn(cst);
+								}
+							}
+
+						};
+					} else {
+						return super.visitMethod(access, name, desc, signature, exceptions);
+					}
+				}
+
+			});
+		} else {
+			return Optional.empty();
+		}
+	}
+
+	@Override
+	public String toString() {
+		return "skin-whitelist-transform";
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/TransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/TransformUnit.java
@ -0,0 +1,10 @@
+package org.to2mbn.authlibinjector.transform;
+
+import java.util.Optional;
+import org.objectweb.asm.ClassVisitor;
+
+public interface TransformUnit {
+
+	Optional<ClassVisitor> transform(String className, ClassVisitor writer, Runnable modifiedCallback);
+
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/YggdrasilApiTransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/YggdrasilApiTransformUnit.java
@ -0,0 +1,16 @@
+package org.to2mbn.authlibinjector.transform;
+
+import java.util.regex.Pattern;
+
+public class YggdrasilApiTransformUnit extends RegexTransformUnit {
+
+	public YggdrasilApiTransformUnit(String apiRoot) {
+		// ^https:\/\/(api|authserver|sessionserver)\.mojang\.com\/(.*)$
+		super(Pattern.compile("^https:\\/\\/(api|authserver|sessionserver)\\.mojang\\.com\\/(.*)$"), apiRoot + "$1/$2");
+	}
+
+	@Override
+	public String toString() {
+		return "yggdrasil-api-transform";
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/transform/YggdrasilKeyTransformUnit.java
+++ b/src/main/java/org/to2mbn/authlibinjector/transform/YggdrasilKeyTransformUnit.java
@ -0,0 +1,87 @@
+package org.to2mbn.authlibinjector.transform;
+
+import static org.objectweb.asm.Opcodes.ASM5;
+import static org.objectweb.asm.Opcodes.BASTORE;
+import static org.objectweb.asm.Opcodes.BIPUSH;
+import static org.objectweb.asm.Opcodes.DUP;
+import static org.objectweb.asm.Opcodes.INVOKESTATIC;
+import static org.objectweb.asm.Opcodes.INVOKEVIRTUAL;
+import static org.objectweb.asm.Opcodes.NEWARRAY;
+import static org.objectweb.asm.Opcodes.SIPUSH;
+import static org.objectweb.asm.Opcodes.T_BYTE;
+import java.util.Optional;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.MethodVisitor;
+import org.objectweb.asm.Type;
+
+public class YggdrasilKeyTransformUnit implements TransformUnit {
+
+	private byte[] publicKey;
+
+	public YggdrasilKeyTransformUnit(byte[] publicKey) {
+		this.publicKey = publicKey;
+	}
+
+	@Override
+	public Optional<ClassVisitor> transform(String className, ClassVisitor writer, Runnable modifiedCallback) {
+		if ("com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService".equals(className)) {
+			return Optional.of(new ClassVisitor(ASM5, writer) {
+
+				@Override
+				public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
+					if ("<init>".equals(name)) {
+						return new MethodVisitor(ASM5, super.visitMethod(access, name, desc, signature, exceptions)) {
+
+							int state = 0;
+
+							@Override
+							public void visitLdcInsn(Object cst) {
+								if (state == 0 && cst instanceof Type && ((Type) cst).getInternalName().equals("com/mojang/authlib/yggdrasil/YggdrasilMinecraftSessionService")) {
+									state++;
+								} else if (state == 1 && "/yggdrasil_session_pubkey.der".equals(cst)) {
+									state++;
+								} else {
+									super.visitLdcInsn(cst);
+								}
+							}
+
+							@Override
+							public void visitMethodInsn(int opcode, String owner, String name, String desc, boolean itf) {
+								if (state == 2 && opcode == INVOKEVIRTUAL && "java/lang/Class".equals(owner) && "getResourceAsStream".equals(name) && "(Ljava/lang/String;)Ljava/io/InputStream;".equals(desc)) {
+									state++;
+								} else if (state == 3 && opcode == INVOKESTATIC && "org/apache/commons/io/IOUtils".equals(owner) && "toByteArray".equals(name) && "(Ljava/io/InputStream;)[B".equals(desc)) {
+									state++;
+									if (state == 4) {
+										modifiedCallback.run();
+										super.visitIntInsn(SIPUSH, publicKey.length);
+										super.visitIntInsn(NEWARRAY, T_BYTE);
+										for (int i = 0; i < publicKey.length; i++) {
+											super.visitInsn(DUP);
+											super.visitIntInsn(SIPUSH, i);
+											super.visitIntInsn(BIPUSH, publicKey[i]);
+											super.visitInsn(BASTORE);
+										}
+									}
+								} else {
+									super.visitMethodInsn(opcode, owner, name, desc, itf);
+								}
+							}
+
+						};
+					} else {
+						return super.visitMethod(access, name, desc, signature, exceptions);
+					}
+				}
+
+			});
+		} else {
+			return Optional.empty();
+		}
+	}
+
+	@Override
+	public String toString() {
+		return "yggdrasil-publickey-transform";
+	}
+
+}
--- a/src/main/java/org/to2mbn/authlibinjector/tweaker/AuthlibInjectorTweaker.java
+++ b/src/main/java/org/to2mbn/authlibinjector/tweaker/AuthlibInjectorTweaker.java
@ -0,0 +1,35 @@
+package org.to2mbn.authlibinjector.tweaker;
+
+import static org.to2mbn.authlibinjector.AuthlibInjector.bootstrap;
+import static org.to2mbn.authlibinjector.AuthlibInjector.log;
+import java.io.File;
+import java.lang.instrument.ClassFileTransformer;
+import java.util.ArrayList;
+import java.util.List;
+import net.minecraft.launchwrapper.ITweaker;
+import net.minecraft.launchwrapper.LaunchClassLoader;
+
+public class AuthlibInjectorTweaker implements ITweaker {
+
+	static List<ClassFileTransformer> transformers = new ArrayList<>();
+
+	@Override
+	public void acceptOptions(List<String> args, File gameDir, File assetsDir, String profile) {}
+
+	@Override
+	public void injectIntoClassLoader(LaunchClassLoader launchClassLoader) {
+		log("launched from tweaker");
+		bootstrap(transformers::add);
+		launchClassLoader.registerTransformer(TweakerTransformerAdapter.class.getName());
+	}
+
+	@Override
+	public String getLaunchTarget() {
+		return "net.minecraft.client.main.Main";
+	}
+
+	@Override
+	public String[] getLaunchArguments() {
+		return new String[0];
+	}
+}
--- a/src/main/java/org/to2mbn/authlibinjector/tweaker/TweakerTransformerAdapter.java
+++ b/src/main/java/org/to2mbn/authlibinjector/tweaker/TweakerTransformerAdapter.java
@ -0,0 +1,29 @@
+package org.to2mbn.authlibinjector.tweaker;
+
+import static org.to2mbn.authlibinjector.AuthlibInjector.log;
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.IllegalClassFormatException;
+import net.minecraft.launchwrapper.IClassTransformer;
+import net.minecraft.launchwrapper.Launch;
+
+public class TweakerTransformerAdapter implements IClassTransformer {
+
+	@Override
+	public byte[] transform(String name, String transformedName, byte[] classBuffer) {
+		String internalClassName = name.replace('.', '/');
+		for (ClassFileTransformer transformer : AuthlibInjectorTweaker.transformers) {
+			byte[] result = null;
+			try {
+				result = transformer.transform(Launch.classLoader, internalClassName, null, null, classBuffer);
+			} catch (IllegalClassFormatException e) {
+				log("exception while invoking {0}: {1}", transformer, e);
+				e.printStackTrace();
+			}
+			if (result != null) {
+				classBuffer = result;
+			}
+		}
+		return classBuffer;
+	}
+
+}