From d984461cc065f05b8be2e2a3b5553176fe22544d Mon Sep 17 00:00:00 2001 From: simoleo89 Date: Tue, 9 Jun 2026 20:50:12 +0200 Subject: [PATCH] fix(login): don't reject login when the machine fingerprint arrives after the SSO ticket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Nitro renderer sends the UniqueID (machine fingerprint) packet right AFTER the SSOTicket, so Habbo.connect() ran before the machineId was set and returned false on the empty machineId — silently disposing the client (WS closed with Netty's default "Bye"), so login never completed and no SecureLoginOK was sent. - Habbo.connect(): only set machineID + run the MAC-ban check when the fingerprint is already present; never reject the login solely for a missing machineId (also drop a duplicated MAC/IP-ban block). - MachineIDEvent: enforce the MAC ban when the fingerprint arrives after login, preserving the ban check that connect() now defers. --- .../com/eu/habbo/habbohotel/users/Habbo.java | 30 +++++++------------ .../incoming/handshake/MachineIDEvent.java | 7 +++++ 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/users/Habbo.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/users/Habbo.java index 61f8075e..9983c49c 100644 --- a/Emulator/src/main/java/com/eu/habbo/habbohotel/users/Habbo.java +++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/users/Habbo.java @@ -146,31 +146,23 @@ public class Habbo implements Runnable { this.habboInfo.setIpLogin(ip); } - if (this.client.getMachineId() == null || this.client.getMachineId().length() == 0) { - return false; - } + // The Nitro client sends the UniqueID (machine fingerprint) packet right + // AFTER the SSO ticket, so client.getMachineId() may still be null here. + // Do NOT reject the login for a missing machineId — MachineIDEvent sets it + // and enforces the MAC ban as soon as the UniqueID packet arrives. Only + // MAC-ban check here when the fingerprint is already available. + String machineId = this.client.getMachineId(); + if (machineId != null && !machineId.isEmpty()) { + this.habboInfo.setMachineID(machineId); - this.habboInfo.setMachineID(this.client.getMachineId()); - - if (Emulator.getGameEnvironment().getModToolManager().hasMACBan(this.client)) { - return false; + if (Emulator.getGameEnvironment().getModToolManager().hasMACBan(this.client)) { + return false; + } } if (Emulator.getGameEnvironment().getModToolManager().hasIPBan(this.habboInfo.getIpLogin())) { return false; } - - this.habboInfo.setMachineID(this.client.getMachineId()); - - if (Emulator.getGameEnvironment().getModToolManager().hasMACBan(this.client)) { - return false; - } - - if (Emulator.getGameEnvironment().getModToolManager().hasIPBan(this.habboInfo.getIpLogin())) { - return false; - } - - this.habboInfo.setMachineID(this.client.getMachineId()); this.isOnline(true); this.messenger.connectionChanged(this, true, false); diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/handshake/MachineIDEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/handshake/MachineIDEvent.java index 64696bf7..b39fda3f 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/handshake/MachineIDEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/handshake/MachineIDEvent.java @@ -32,6 +32,13 @@ public class MachineIDEvent extends MessageHandler { if (!storedMachineId.isEmpty() && this.client.getHabbo() != null && this.client.getHabbo().getHabboInfo() != null) { this.client.getHabbo().getHabboInfo().setMachineID(storedMachineId); Emulator.getThreading().run(this.client.getHabbo()); + + // The fingerprint can arrive AFTER login (UniqueID is sent right after the + // SSO ticket), so Habbo.connect() may have skipped the MAC-ban check for + // lack of a machineId. Enforce it now that the fingerprint is known. + if (Emulator.getGameEnvironment().getModToolManager().hasMACBan(this.client)) { + Emulator.getGameServer().getGameClientManager().disposeClient(this.client); + } } LOGGER.debug("Setting client MachineId to {}", storedMachineId);