[原创][KubeJS 7][BrokenClassFilter]关于Nashorn在kjs中的应用
妙妙工具
3
帖子
3
发布者
190
浏览
1
关注中
-
前言
ClassFilter是kjs的一个保护机制,笔者在这里不建议进行对ClassFilter动手脚
此篇仅以替换kjs的ClassFilter为例子展示Nashorn在kjs的使用
本文使用:CC-BY-NC-SA 4.0协议因为1.21.1的kubejs ban了反射,因此只能在nashorn里面进行操作
Nashorn比较复杂,这次就仅展示成品let $KubeJS = Java.loadClass("dev.latvian.mods.kubejs.KubeJS") let $ServerLifecycleHooks = Java.loadClass("net.neoforged.neoforge.server.ServerLifecycleHooks") /**@type {$MinecraftServer_} */ let Server = $ServerLifecycleHooks.getCurrentServer() //所有的scriptmanager获取 let ServerScriptMagager = Server.getServerResources().managers().kjs$getServerScriptManager() let ClientScriptMagager = $KubeJS.getClientScriptManager() let StartupScriptMagager = $KubeJS.getStartupScriptManager() let $ScriptEngineManager = Java.loadClass("javax.script.ScriptEngineManager") let Nashorn = new $ScriptEngineManager().getEngineFactories()[0].getScriptEngine() Nashorn.eval(` var Clazz = Java.type("java.lang.Class") var ClassFilter = Java.type("dev.latvian.mods.kubejs.plugin.ClassFilter") var HashSet = Java.type("java.util.HashSet") var ArrayList = Java.type("java.util.ArrayList") var ScriptManager$Clazz = Clazz.forName("dev.latvian.mods.kubejs.script.ScriptManager") var ScriptManager$classFilter$Field = ScriptManager$Clazz.getDeclaredField("classFilter") var ClassFilter$Clazz = Clazz.forName("dev.latvian.mods.kubejs.plugin.ClassFilter") var ClassFilter$denyStrong$Field = ClassFilter$Clazz.getDeclaredField("denyStrong") var ClassFilter$denyWeak$Field = ClassFilter$Clazz.getDeclaredField("denyWeak") ScriptManager$classFilter$Field.setAccessible(true) ClassFilter$denyStrong$Field.setAccessible(true) ClassFilter$denyWeak$Field.setAccessible(true) var unlock=function(ScriptMagager){ var ClassFilter = ScriptManager$classFilter$Field.get(ScriptMagager) ClassFilter$denyStrong$Field.set(ClassFilter,new HashSet()) ClassFilter$denyWeak$Field.set(ClassFilter,new ArrayList()) } `) //参数传入scriptmanager即可爆破classfilter Nashorn.invokeFunction("unlock",ServerScriptMagager) let $File = Java.loadClass("java.io.File")
