From 249e0023ae176e82f490ad60e079324e88a8d87a Mon Sep 17 00:00:00 2001
From: Libor Polčák <ipolcak@fit.vutbr.cz>
Date: Feb 25 2022 17:48:35 +0000
Subject: bugfix: Make sure that farbled APIs produce the same results even when the extension configuration changes


Previously all wrappers shared the same random generator but that means
that the generated random value depended on the order of the call to the
random function.

Hence, if a user enabled or disabled an affected wrapper, other wrappers
might have get a different random number, change its output and possibly
change a fingerprint that should have been stable for the session.

---

diff --git a/common/document_start.js b/common/document_start.js
index 6983de9..21bef1c 100644
--- a/common/document_start.js
+++ b/common/document_start.js
@@ -48,7 +48,7 @@ function configureInjection({currentLevel, code, wrappers, domainHash, sessionHa
 	var aleaCode = `(() => {
 	var domainHash =  ${JSON.stringify(domainHash)};
 	${alea}
-	var prng = alea(domainHash);
+	var prng = alea(domainHash); // Do not use this in wrappers, create your own prng to generate repeatable sequences
 	${code}
 	})()`;
 	try {
diff --git a/common/wrappingS-DM.js b/common/wrappingS-DM.js
index 95f949c..2df5996 100644
--- a/common/wrappingS-DM.js
+++ b/common/wrappingS-DM.js
@@ -59,6 +59,7 @@
 			parent_object_property: "deviceMemory",
 			wrapped_objects: [],
 			helping_code: `
+				let dm_prng = alea(domainHash, "navigator.deviceMemory");
 				var validValues = [0.25, 0.5, 1.0, 2.0, 4.0, 8.0];
 				var ret = 4;
 				var realValue = navigator.deviceMemory;
@@ -70,10 +71,10 @@
 					if(maxIndex == -1){
 						maxIndex = validValues.length-1;
 					}
-					ret = validValues[Math.floor((prng()*(maxIndex+1)))];
+					ret = validValues[Math.floor((dm_prng()*(maxIndex+1)))];
 				}
 				else if(args[0]==1){
-					ret = validValues[Math.floor(prng()*(validValues.length))];
+					ret = validValues[Math.floor(dm_prng()*(validValues.length))];
 				}
 			`,
 			post_wrapping_code: [
diff --git a/common/wrappingS-HTML-LS.js b/common/wrappingS-HTML-LS.js
index 0808e35..97dbc05 100644
--- a/common/wrappingS-HTML-LS.js
+++ b/common/wrappingS-HTML-LS.js
@@ -245,13 +245,14 @@ ISBN 978-3-319-66398-2.
 			parent_object_property: "hardwareConcurrency",
 			wrapped_objects: [],
 			helping_code: `
+				var hw_prng = alea(domainHash, "Navigator.prototype.hardwareConcurrency");
 				var ret = 2;
 				if(args[0]==0){
 					var realValue = navigator.hardwareConcurrency;
-					ret = Math.floor(2+prng()*(realValue-2));
+					ret = Math.floor(2+hw_prng()*(realValue-2));
 				}
 				else if(args[0]==1){
-					ret = Math.floor(2+(prng()*6));
+					ret = Math.floor(2+(hw_prng()*6));
 				}
 			`,
 			post_wrapping_code: [
diff --git a/common/wrappingS-MCS.js b/common/wrappingS-MCS.js
index cf17134..81b0bc4 100644
--- a/common/wrappingS-MCS.js
+++ b/common/wrappingS-MCS.js
@@ -74,13 +74,14 @@
 	 * \param browserEnum enum specifying browser 0 - Chrome 1 - Firefox
 	 */
 	function fakeDevice(device){
+		var fd_prng = alea(domainHash, "S-MCS fakeDevice");
 		var kinds = ["videoinput", "audioinput", "audiooutput"];
 		let browserEnum = device.groupId.length == 44 ? 1 : 0;
 		var deviceId = browserEnum == 1 ? randomString(43, browserEnum)+ "=" : "";
 		let fakeData = {
 			deviceId,
 			groupId: deviceRandomString(browserEnum),
-			kind: kinds[Math.floor(prng() * 3)],
+			kind: kinds[Math.floor(fd_prng() * 3)],
 			label: "",
 		};
 		let json = JSON.stringify(fakeData);
@@ -125,7 +126,8 @@
 								return result;
 							};
 							if (level === 1 && result.length) {
-								let additional = Math.floor(prng()*4);
+								var enumd_prng = alea(domainHash, "MediaDevices.prototype.enumerateDevices");
+								let additional = Math.floor(enumd_prng()*4);
 								console.debug("Random additional devices to add:", additional);
 								if (additional > 0) {
 									let adding = [];
diff --git a/common/wrappingS-NP.js b/common/wrappingS-NP.js
index c84794a..ce4f867 100644
--- a/common/wrappingS-NP.js
+++ b/common/wrappingS-NP.js
@@ -213,14 +213,15 @@
 	 * Replaces words in name and description parameters in PDF plugins (default plugins in most browsers)
 	 */
 	function farblePlugin(plugin){
+		var fp_prng = alea(domainHash, "S-NP farblePlugin");
 		var name = plugin.name;
 		var description = plugin.description;
 		if(plugin.name.includes("PDF")){
 			let chrome = ["Chrome ", "Chromium ", "Web ", "Browser ", "OpenSource ", "Online ", "JavaScript ", ""];
 			let pdf = ["PDF ", "Portable Document Format ", "portable-document-format ", "document ", "doc ", "PDF and PS ", "com.adobe.pdf "];
 			let viewer = ["Viewer", "Renderer", "Display", "Plugin", "plug-in", "plug in", "extension", ""];
-			name = chrome[Math.floor(prng() * (chrome.length))]+pdf[Math.floor(prng() * (pdf.length))]+viewer[Math.floor(prng() * (viewer.length))];
-			description = pdf[Math.floor(prng() * (pdf.length))];
+			name = chrome[Math.floor(fp_prng() * (chrome.length))]+pdf[Math.floor(fp_prng() * (pdf.length))]+viewer[Math.floor(fp_prng() * (viewer.length))];
+			description = pdf[Math.floor(fp_prng() * (pdf.length))];
 		}
 		var ret = Object.create(Plugin.prototype);
 		var counter = 0;