Use passwordMd5, more secure

mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/TIMPCBotNetworkHandler.kt

@@ -339,7 +339,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                     socket.sendPacket(
                         SubmitPasswordPacket(
                             bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                             loginTime = loginTime,
                             loginIP = loginIP,
                             privateKey = privateKey,
@@ -369,7 +369,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                     socket.sendPacket(
                         SubmitPasswordPacket(
                             bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                             loginTime = loginTime,
                             loginIP = loginIP,
                             privateKey = privateKey,
@@ -434,7 +434,7 @@ internal class TIMPCBotNetworkHandler internal constructor(coroutineContext: Cor
                     socket.sendPacket(
                         SubmitPasswordPacket(
                             bot = bot.qqAccount,
-                            password = bot.account.password,
+                            passwordMd5 = bot.account.passwordMd5,
                             loginTime = loginTime,
                             loginIP = loginIP,
                             privateKey = privateKey,

mirai-core-timpc/src/commonMain/kotlin/net.mamoe.mirai.timpc/network/packet/login/PasswordSubmission.kt

@@ -51,7 +51,7 @@ internal inline class SubmitPasswordResponseDecrypter(private val privateKey: Pr
 internal object SubmitPasswordPacket : PacketFactory<SubmitPasswordPacket.LoginResponse, SubmitPasswordResponseDecrypter>(SubmitPasswordResponseDecrypter) {
     operator fun invoke(
         bot: Long,
-        password: String,
+        passwordMd5: ByteArray,
         loginTime: Int,
         loginIP: String,
         privateKey: PrivateKey,
@@ -68,7 +68,7 @@ internal object SubmitPasswordPacket : PacketFactory<SubmitPasswordPacket.LoginR
 
         // shareKey 极大可能为 publicKey, key0836 计算得到
         encryptAndWrite(TIMProtocol.shareKey) {
-            writePart1(bot, password, loginTime, loginIP, privateKey, token0825, randomDeviceName, tlv0006)
+            writePart1(bot, passwordMd5, loginTime, loginIP, privateKey, token0825, randomDeviceName, tlv0006)
             if (token00BA != null) {
                 writeHex("01 10")
                 writeHex("00 3C")
@@ -272,7 +272,7 @@ internal inline class SessionResponseDecryptionKey(private val delegate: IoBuffe
 
 private fun BytePacketBuilder.writePart1(
     qq: Long,
-    password: String,
+    password: ByteArray,
     loginTime: Int,
     loginIP: String,
     privateKey: PrivateKey,
@@ -314,9 +314,8 @@ private fun BytePacketBuilder.writePart1(
     this.writeHex("60 C9 5D A7 45 70 04 7F 21 7D 84 50 5C 66 A5 C6")//key
 }
 
-private fun BytePacketBuilder.writeTLV0006(qq: Long, password: String, loginTime: Int, loginIP: String, privateKey: PrivateKey) {
-    val firstMD5 = md5(password)
-    val secondMD5 = md5(firstMD5 + byteArrayOf(0, 0, 0, 0) + qq.toUInt().toByteArray())
+private fun BytePacketBuilder.writeTLV0006(qq: Long, passwordMd5: ByteArray, loginTime: Int, loginIP: String, privateKey: PrivateKey) {
+    val secondMD5 = md5(passwordMd5 + byteArrayOf(0, 0, 0, 0) + qq.toUInt().toByteArray())
 
     this.encryptAndWrite(secondMD5) {
         writeRandom(4)
@@ -325,7 +324,7 @@ private fun BytePacketBuilder.writeTLV0006(qq: Long, password: String, loginTime
         writeFully(TIMProtocol.constantData2)
         writeHex("00 00 01")
 
-        writeFully(firstMD5)
+        writeFully(passwordMd5)
         writeInt(loginTime)
         writeByte(0)
         writeZero(4 * 3)

mirai-core-timpc/src/jvmTest/kotlin/BadQQFilter.kt

@@ -58,5 +58,5 @@ suspend fun main() {
     }
 
     println("Filtering finished")
-    println(goodBotList.joinToString("\n") { it.account.id.toString() + "    " + it.account.password })
+    println(goodBotList.joinToString("\n") { it.account.id.toString() + "    " + it.account.passwordMd5 })
 }

mirai-core/src/commonMain/kotlin/net.mamoe.mirai/BotAccount.kt

@@ -2,7 +2,12 @@
 
 package net.mamoe.mirai
 
+import kotlinx.io.core.toByteArray
+import net.mamoe.mirai.utils.md5
+
 data class BotAccount(
     val id: Long,
-    val password: String
-)
+    val passwordMd5: ByteArray // md5
+){
+    constructor(id: Long, passwordPlainText: String) : this(id, md5(passwordPlainText.toByteArray()))
+}

mirai-demos/mirai-demo-1/src/main/java/demo/subscribe/SubscribeSamples.kt

@@ -41,7 +41,7 @@ suspend fun main() {
     val bot = TIMPC.Bot(
         readTestAccount() ?: BotAccount(//填写你的账号
             id = 1994701121,
-            password = "123456"
+            passwordPlainText = "123456"
         )
     ) {
         // 覆盖默认的配置

mirai-demos/mirai-demo-gentleman/src/main/kotlin/demo/gentleman/Main.kt

@@ -47,7 +47,7 @@ suspend fun main() {
     val bot = Bot(
         readTestAccount() ?: BotAccount(
             id = 913366033,
-            password = "a18260132383"
+            passwordPlainText = "a18260132383"
         )
     ) {
         // override config here.