com.mobshep.mobileshepherd.CSInjection1.java Source code

Java tutorial

Introduction

Here is the source code for com.mobshep.mobileshepherd.CSInjection1.java

Source

package com.mobshep.mobileshepherd;

import java.io.File;
import java.io.IOException;

import android.content.Context;
import android.content.Intent;
import android.database.Cursor;
import android.database.sqlite.SQLiteException;
import android.os.Bundle;
import android.support.design.widget.NavigationView;
import android.support.v4.view.GravityCompat;
import android.support.v4.widget.DrawerLayout;
import android.support.v7.app.ActionBarDrawerToggle;
import android.support.v7.widget.Toolbar;
import android.view.MenuItem;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TabHost;
import android.widget.TabHost.TabSpec;
import android.widget.Toast;

import net.sqlcipher.database.SQLiteDatabase;

/**
 * This file is part of the Security Shepherd Project.
 * 
 * The Security Shepherd project is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.<br/>
 * 
 * The Security Shepherd project is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.<br/>
 * 
 * You should have received a copy of the GNU General Public License
 * along with the Security Shepherd project.  If not, see <http://www.gnu.org/licenses/>. 
 * 
 * @author Sean Duggan
 */

public class CSInjection1 extends MainActivity
        implements OnClickListener, NavigationView.OnNavigationItemSelectedListener {

    TabHost th;
    Button Login;
    EditText username;
    EditText password;
    EditText key;
    String dbPassword = "P93Eid3D33DE0ZanbffGpo101Sirjw2";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        // TODO Auto-generated method stub
        super.onCreate(savedInstanceState);
        setContentView(R.layout.csi1_layout);
        th = (TabHost) findViewById(R.id.tabhost);
        populateTable(this, dbPassword);
        referenceXML();

        Toolbar toolbar = (Toolbar) findViewById(R.id.toolbar);
        setSupportActionBar(toolbar);

        DrawerLayout drawer = (DrawerLayout) findViewById(R.id.drawer_layout);
        ActionBarDrawerToggle toggle = new ActionBarDrawerToggle(this, drawer, toolbar,
                R.string.navigation_drawer_open, R.string.navigation_drawer_close);
        drawer.setDrawerListener(toggle);
        toggle.syncState();

        NavigationView navigationView = (NavigationView) findViewById(R.id.nav_view);
        navigationView.setNavigationItemSelectedListener(this);

        th.setup();
        generateKey(this, dbPassword);

        TabSpec specs = th.newTabSpec("tag1");
        specs.setContent(R.id.tab1);
        specs.setIndicator("Login");
        th.addTab(specs);

        specs = th.newTabSpec("tag2");
        specs.setContent(R.id.tab2);
        specs.setIndicator("Key");
        th.addTab(specs);
    }

    private void referenceXML() {
        // TODO Auto-generated method stub
        Login = (Button) findViewById(R.id.bLogin);
        // Login.setFilterTouchesWhenObscured(true);
        username = (EditText) findViewById(R.id.etName);
        password = (EditText) findViewById(R.id.etPass);
        key = (EditText) findViewById(R.id.etKey);
        Login.setOnClickListener(this);

    }

    @Override
    public void onBackPressed() {
        DrawerLayout drawer = (DrawerLayout) findViewById(R.id.drawer_layout);
        if (drawer.isDrawerOpen(GravityCompat.START)) {
            drawer.closeDrawer(GravityCompat.START);
        } else {
            super.onBackPressed();
        }
    }

    public void onClick(View arg0) {
        switch (arg0.getId()) {

        case (R.id.bLogin):

            String unsanitizeName = username.getText().toString();
            String unsanitizePass = password.getText().toString();

            String sanitizeName = unsanitizeName.replace("OR", " ");
            sanitizeName = sanitizeName.replace("or", " ");
            sanitizeName = sanitizeName.replace("SELECT", " ");
            sanitizeName = sanitizeName.replace("AND", " ");
            sanitizeName = sanitizeName.replace("UPDATE", " ");
            sanitizeName = sanitizeName.replace("DROP", " ");
            sanitizeName = sanitizeName.replace("1=1", " ");
            sanitizeName = sanitizeName.replace("1 = 1", " ");

            String sanitizePass = unsanitizePass.replace("OR", "  ");
            sanitizePass = sanitizePass.replace("or", "  ");
            sanitizePass = sanitizePass.replace("SELECT", "  ");
            sanitizePass = sanitizePass.replace("AND", "  ");
            sanitizePass = sanitizePass.replace("UPDATE", "  ");
            sanitizePass = sanitizePass.replace("DROP", "  ");
            sanitizePass = sanitizePass.replace("1=1", "  ");
            sanitizePass = sanitizePass.replace("1 = 1", "  ");

            try {
                if (login(sanitizeName, sanitizePass) == true) {
                    outputKey(this, dbPassword);
                    Toast loggedin = Toast.makeText(CSInjection1.this, "Logged in!", Toast.LENGTH_LONG);
                    loggedin.show();

                }
            } catch (IOException e1) {
                Toast error = Toast.makeText(CSInjection1.this, "An error occurred!", Toast.LENGTH_LONG);
                error.show();
            }

            try {
                if (login(sanitizeName, sanitizePass) == false) {
                    Toast invalid = Toast.makeText(CSInjection1.this, "Invalid Credentials, " + sanitizeName,
                            Toast.LENGTH_LONG);
                    invalid.show();

                }
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

            if (sanitizeName.contentEquals("") || sanitizePass.contentEquals("")) {
                Toast blank = Toast.makeText(CSInjection1.this, "Empty Fields Detected.", Toast.LENGTH_SHORT);
                blank.show();

            }

        }

    }

    private boolean login(String username, String password) throws IOException {
        try {
            try {
                String dbPath = this.getDatabasePath("Users.db").getPath();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

                String query = ("SELECT * FROM Users WHERE memName='" + username + "' AND memPass = '" + password
                        + "';");

                Cursor cursor = db.rawQuery(query, null);
                if (cursor != null) {
                    if (cursor.getCount() <= 0) {
                        return false;
                    }
                }

            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection1.this, "An error occurred.", Toast.LENGTH_LONG);
                error.show();
                key.getText().clear();
                key.setHint("The key is only shown to authenticated users.");
                return false;
            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection1.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }

        return true;

    }

    public void populateTable(Context context, String dbpassword) {
        try {

            try {
                SQLiteDatabase.loadLibs(context);

                String dbPath = context.getDatabasePath("Users.db").getPath();

                File dbPathFile = new File(dbPath);
                if (!dbPathFile.exists())
                    dbPathFile.getParentFile().mkdirs();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbpassword, null);

                db.execSQL("DROP TABLE IF EXISTS Users");
                db.execSQL(
                        "CREATE TABLE Users(memID INTEGER PRIMARY KEY AUTOINCREMENT, memName TEXT, memAge INTEGER, memPass VARCHAR)");

                db.execSQL("INSERT INTO Users VALUES( 1,'Admin',20,'49c3a17ad8d8ccd93885e6a28661480d')");
            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection1.this, "An error occurred.", Toast.LENGTH_LONG);
                error.show();

            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection1.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }
    }

    public void outputKey(Context context, String password) {
        SQLiteDatabase.loadLibs(context);

        String dbPath = context.getDatabasePath("key1.db").getPath();

        SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

        String query = ("SELECT * FROM key1;");

        Cursor cursor = db.rawQuery(query, null);

        if (cursor != null) {

            try {
                if (cursor.moveToFirst())
                    key.setText(cursor.getString(0));
            } finally {
                cursor.close();

            }
        }
    }

    public void generateKey(Context context, String password) {
        try {
            try {
                SQLiteDatabase.loadLibs(context);

                String dbPath = context.getDatabasePath("key1.db").getPath();

                File dbPathFile = new File(dbPath);
                if (!dbPathFile.exists())
                    dbPathFile.getParentFile().mkdirs();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

                db.execSQL("DROP TABLE IF EXISTS key1");
                db.execSQL("CREATE TABLE key1(key VARCHAR)");

                db.execSQL("INSERT INTO key1 VALUES('The Key is SourHatsAndAngryCats.')");

            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection1.this, "An error occurred.", Toast.LENGTH_LONG);
                error.show();

            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection1.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }
    }

}