Merge branch 'develop'

CHANGELOG.txt

@@ -8,6 +8,14 @@ YYYY/MM/DD - MAJOR.MINOR.RELEASE
 [!] = Fix / Security
 
 
+2021/11/08 - 1.1.3
+——————————————————
+[!] TOTP generation for other than otpauth Key Uri
+[+] Steam Authenticator codes can be generated now
+[+] Added validations for self-signed certificates issues
+[=] Bitwarden CLI version >= 1.11.0
+
+
 2021/10/08 - 1.1.2
 ——————————————————
 [!] Minor fixes and wording

Lib/autoType.ahk → Lib/AutoType.ahk

@@ -8,9 +8,12 @@ AutoType(Entry, Mode)
 		Exit
 
 	; Generate TOTP
-	totp := TOTP_Parse(Entry.otpauth, Mode)
-	if (totp)
-		Entry.totp := totp
+	if StrLen(Entry.otpauth)
+	{
+		totp := TOTP_Parse(Entry.otpauth, Mode)
+		if StrLen(totp)
+			Entry.totp := totp
+	}
 
 	; TCATO
 	switch Entry.tcato

Lib/Bitwarden.ahk

@@ -91,8 +91,12 @@ Bitwarden_Status()
 	BwStatus := JSON.Load(out)
 	lastSync := RegExReplace(BwStatus.lastSync, "\D|.{4}$")
 	epoch := Epoch(lastSync) + Epoch(A_Now) - Epoch()
-	Menu Tray, Tip, % AppTitle "`n"
-		. Epoch_Date(epoch, "'Sync:' MM/dd/yy h:mm tt")
+	if (A_IsCompiled)
+		FileGetVersion version, % A_ScriptFullPath
+	else
+		FileRead version, % A_ScriptDir "\version"
+	Menu Tray, Tip, % AppTitle " v" version "`n"
+		. Epoch_Date(epoch, "'Last Sync:' MM/dd/yy h:mm tt")
 }
 
 Bitwarden_Sync(showTip := true)

Lib/settings.ahk → Lib/Settings.ahk

@@ -101,6 +101,7 @@ Settings()
 		Alert(0x34, "Existing unlock method will be overridden, continue?")
 		IfMsgBox No
 			return
+		INI.DATA.pin := ""
 	}
 	INI.GENERAL.pin := Pin
 	if (!MasterPw)

Lib/tip.ahk → Lib/Tip.ahk

@@ -1,10 +1,10 @@
 
-Tip(txt)
+Tip(Message, Timeout := 10)
 {
 	TrayTip
 	SetTimer Tip_Hide, Delete
-	TrayTip % AppTitle, % txt, 30, 0x20
-	SetTimer Tip_Hide, -10000
+	TrayTip % AppTitle, % Message, 30, 0x20
+	SetTimer Tip_Hide, % -1000 * Timeout
 	fObject := Func("DllCall").Bind("K32EmptyWorkingSet", "Int",-1)
 	SetTimer % fObject, -1000
 }

Lib/Totp.ahk

@@ -0,0 +1,98 @@
+
+; https://tools.ietf.org/html/rfc6238
+Totp(Secret, Digits := 6, Period := 30, Algorithm := "SHA1")
+{
+	key := Base32_Hex(Secret)
+	if (!key)
+		return Totp_Tip("Invalid Secret")
+	counter := Format("{:016x}", Epoch() // Period)
+	hmac := Crypt.Hash.HMAC(Algorithm, counter, key, "HEX")
+	offset := hex2dec(SubStr(hmac, 0)) * 2 + 1
+	totp := hex2dec(SubStr(hmac, offset, 8)) & 0x7FFFFFFF
+	return SubStr(totp, -1 * Digits + 1)
+}
+
+Totp_Clipboard(Totp, Period)
+{
+	static fObject := ""
+	if IsObject(fObject)
+	{
+		SetTimer % fObject, Delete
+		fObject := ""
+	}
+	if (!ClipData)
+	{
+		ClipData := ClipboardAll
+		Clipboard := Totp
+	}
+	fObject := Func("Totp_ClipboardReset").Bind(Period)
+	SetTimer % fObject, % 1000
+}
+
+Totp_ClipboardReset(Period)
+{
+	if (A_Sec = 0 || A_Sec = Period)
+	{
+		Clipboard := ClipData
+		ClipData := ""
+		SetTimer ,, Delete
+	}
+}
+
+Totp_Parse(String, Mode)
+{
+	RegExMatch(String, "algorithm=\K\w+", algorithm)
+	if !(algorithm ~= "i)(SHA1|SHA256|SHA512)")
+		algorithm := "SHA1"
+	RegExMatch(String, "digits=\K\d+", digits)
+	digits := digits ? digits : 6
+	RegExMatch(String, "period=\K\d+", period)
+	period := period ? period : 30
+	secret := String
+	if (InStr(String, "otpauth://totp") = 1)
+	{
+		if !RegExMatch(String, "secret=\K\w+", secret)
+			secret := String
+	}
+	else if (InStr(String, "steam://") = 1)
+	{
+		digits := 5
+		secret := SubStr(String, 9)
+	}
+	totp := Totp(secret, digits, period, algorithm)
+	if (Mode = "default")
+	{
+		if (INI.GENERAL.totp)
+			Totp_Clipboard(totp, period)
+		if (INI.GENERAL.totp = 1)
+			Totp_Tip(totp)
+	}
+	return totp
+}
+
+Totp_Tip(Message)
+{
+	timeout := 10
+	if (Message ~= "^\d+$")
+	{
+		mid := StrLen(Message) // 2
+		Message := SubStr(Message, 1, mid) " " SubStr(Message, ++mid)
+		timeout := 30
+	}
+	Tip("TOTP: " Message, timeout)
+}
+
+Totp_Toggle()
+{
+	if (INI.GENERAL.totp)
+		INI.GENERAL.totp := 0
+	else
+	{
+		Alert(0x24, "Show toast notifications?")
+		IfMsgBox Yes
+			INI.GENERAL.totp := 1
+		IfMsgBox No
+			INI.GENERAL.totp := 2
+	}
+	Menu sub1, ToggleCheck, 4&
+}

Lib/UIAccess.ahk

@@ -0,0 +1,30 @@
+
+UIAccess(File, Mode)
+{
+	try
+	{
+		xml := ComObjCreate("Msxml2.DOMDocument")
+		xml.async := false
+		xml.setProperty("SelectionLanguage", "XPath")
+		xml.setProperty("SelectionNamespaces", "xmlns:v1='urn:schemas-microsoft-com:asm.v1' xmlns:v3='urn:schemas-microsoft-com:asm.v3'")
+		if !xml.load("res://" File "/#24/#1")
+			throw
+		if !node := xml.selectSingleNode("/v1:assembly/v3:trustInfo/v3:security/v3:requestedPrivileges/v3:requestedExecutionLevel")
+			throw
+		node.setAttribute("uiAccess", Mode ? "true" : "false")
+		xml := RTrim(xml.xml, "`r`n")
+		size := StrPut(xml, "UTF-8") - 1
+		VarSetCapacity(data, size, 0)
+		StrPut(xml, &data, "UTF-8")
+		if !hRes := DllCall("Kernel32\BeginUpdateResource", "Str",File, "Int",false)
+			throw
+		r := DllCall("Kernel32\UpdateResource", "Ptr",hRes, "Ptr",24, "Ptr",1, "UShort",0x0409, "Ptr",&data, "UInt",size)
+		if !DllCall("Kernel32\EndUpdateResource", "Ptr",hRes, "Int",!r) && r
+			throw
+		return true
+	}
+	catch
+	{
+		MsgBox 0x40010, Error, % "Couldn't update " File
+	}
+}

build.ahk

@@ -43,11 +43,10 @@ for _,script in ["bw-at", "uninstall", "setup"]
 	FileOpen(script ".ahk", 0x1, "UTF-8").Write(buffer)
 	RunWait % A_ProgramFiles "\AutoHotkey\Compiler\Ahk2Exe.exe"
 		. " /in " Quote(A_ScriptDir "\" script ".ahk")
-	RunWait % "PowerShell -ExecutionPolicy Bypass -File .\bw-at.ps1"
-			. " " Quote("Auto-Type-Dist")
-			. " " Quote(A_ScriptDir "\" script ".exe")
-		, % A_ScriptDir, Hide
 }
+RunWait % "PowerShell -ExecutionPolicy Bypass -File .\bw-at.ps1"
+		. " " Quote("Auto-Type-Dist") " " Quote("setup.exe") " start"
+	, % A_ScriptDir, Hide
 FileMove setup.exe, release, % true
 
 ; Portable
@@ -58,7 +57,7 @@ FileOpen("bw-at.ahk", 0x1, "UTF-8").Write(buffer)
 ; ExitApp
 RunWait % A_ProgramFiles "\AutoHotkey\Compiler\Ahk2Exe.exe /in bw-at.ahk"
 RunWait % "PowerShell -ExecutionPolicy Bypass -File .\bw-at.ps1 "
-		. Quote("Auto-Type-Dist") " " Quote("bw-at.exe")
+		. Quote("Auto-Type-Dist") " " Quote("bw-at.exe") " end"
 	, % A_ScriptDir, Hide
 
 FileDelete release\bw-at.zip
@@ -71,10 +70,6 @@ Zip("release\bw-at.zip"
 
 ; Clean
 FileDelete *.exe
-RunWait % "PowerShell -Command " Quote("Get-ChildItem Cert:\LocalMachine\*\*"
-		. " | Where-Object {$_.Subject -eq 'CN=Auto-Type-Dist'}"
-		. " | Remove-Item")
-	,, Hide
 
 if (DEBUG)
 {

bw-at.ahk

@@ -31,6 +31,7 @@ global SESSION := ""
 	, BwStatus := {}
 	, MasterPw := ""
 	, UserSeed := ""
+	, ClipData := ""
 	, AppTitle := "Bitwarden Auto-Type"
 
 ; For VSCode only
@@ -199,9 +200,9 @@ return ; End of auto-execute thread
 ;@Ahk2Exe-SetMainIcon %A_ScriptDir%\assets\bw-at.ico
 ;@Ahk2Exe-SetName Bitwarden Auto-Type
 ;@Ahk2Exe-SetOrigFilename bw-at.ahk
-;@Ahk2Exe-SetProductVersion 1.1.2.1
-;@Ahk2Exe-SetVersion 1.1.2.1
-;@Ahk2Exe-UpdateManifest 0, Auto-Type, 1.1.2.1, 0
+;@Ahk2Exe-SetProductVersion 1.1.3.1
+;@Ahk2Exe-SetVersion 1.1.3.1
+;@Ahk2Exe-UpdateManifest 0, Auto-Type, 1.1.3.1, 0
 ; BinMod
 ;@Ahk2Exe-PostExec "%A_ScriptDir%\assets\BinMod.exe" "%A_WorkFileName%"
 ;@Ahk2Exe-Cont  "2.AutoHotkeyGUI.Auto-Type-GUI"

bw-at.ps1

@@ -1,13 +1,33 @@
 
-param([string]$certName, [System.IO.FileInfo]$fileName)
+param([string]$certName, [System.IO.FileInfo]$fileName, [string]$clean)
 
-if (!($cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=$certName" })) {
-	$cert = New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -HashAlgorithm SHA256 -NotAfter (Get-Date).AddMonths(120) -Subject "$certName" -Type CodeSigning
+if ($clean -eq "start") {
+	Get-ChildItem Cert:\LocalMachine\*\* | Where-Object {$_.Subject -like "CN=$certName*"} | Remove-Item
+}
+
+$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "CN=$certName*" }
+
+if (!$cert) {
+	$cert = New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -HashAlgorithm SHA256 -NotAfter (Get-Date).AddMonths(120) -Subject "CN=$certName,O=u/anonymous1184,OU=Bitwarden Auto-Type" -Type CodeSigning
 	foreach ($i in @('TrustedPublisher', 'Root')) {
 		$store = [System.Security.Cryptography.X509Certificates.X509Store]::new($i, 'LocalMachine')
 		$store.Open('ReadWrite')
 		$store.Add($cert)
 		$store.Close()
 	}
 }
-Set-AuthenticodeSignature -Certificate $cert -FilePath "$fileName" -HashAlgorithm SHA256 -TimeStampServer http://timestamp.sectigo.com
+
+$exitCode = 0
+try {
+	Set-AuthenticodeSignature -Certificate $cert -FilePath "$fileName" -HashAlgorithm SHA256 -TimeStampServer http://timestamp.sectigo.com
+} catch {
+	Add-Type -AssemblyName PresentationCore,PresentationFramework
+	[System.Windows.MessageBox]::Show("There was an error while trying to sign the executable.", "Error", 0, 16)
+	$exitCode = 1
+}
+
+if ($clean -eq "end") {
+	Get-ChildItem Cert:\LocalMachine\*\* | Where-Object {$_.Subject -like "CN=$certName*"} | Remove-Item
+}
+
+Exit $exitCode