The previous IQNet cleanup in handleRemoveEntity fired on every entity
despawn, which happens both when a player goes out of tracking range
and when they disconnect. This caused players to vanish from the Tab
list whenever they moved beyond render distance.
Introduce two custom payload channels (MC|ForkHello, MC|ForkPLeave) so
the client can distinguish "out of range" from "actually left":
- Server sends MC|ForkHello during login to identify itself as a fork
- Server sends MC|ForkPLeave with the player's gamertag on disconnect
- Client skips IQNet cleanup in handleRemoveEntity on fork servers
- Client cleans up IQNet only when MC|ForkPLeave arrives
Fully backwards-compatible: no existing packet wire formats changed.
Upstream clients ignore the unknown channels, fork clients on upstream
servers fall back to the old entity-tracking-based cleanup.
Replace the XOR obfuscation cipher with AES-128-CTR using the Windows
BCrypt API. Key material grows from 16 to 32 bytes (16 AES key + 16 IV).
All callers auto-adjust via StreamCipher::KEY_SIZE. No handshake or
protocol changes needed beyond the larger MC|CKey payload.
Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.
- Stream cipher: per-session XOR cipher with 4-message handshake via
CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
issued over the encrypted channel, verified on reconnect. Prevents XUID
replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
status, token status, XUID, and real IP. Security warnings for kicks,
spoofing, and unauthorized commands.
* Fixed boats falling and a TP glitch #266
* Replaced every C-style cast with C++ ones
* Replaced every C-style cast with C++ ones
* Fixed boats falling and a TP glitch #266
* Updated NULL to nullptr and fixing some type issues
* Modernized and fixed a few bugs
- Replaced most instances of `NULL` with `nullptr`.
- Replaced most `shared_ptr(new ...)` with `make_shared`.
- Removed the `nullptr` macro as it was interfering with the actual nullptr keyword in some instances.
* Fixing more conflicts
* Replace int loops with size_t and start work on overrides
* Add safety checks and fix a issue with vector going OOR
This code was not tested and breaks in Release builds, reverting to restore
functionality of the nightly. All in-game menus do not work and generating
a world crashes.
This reverts commit a9be52c41a.
* Fixed boats falling and a TP glitch #266
* Replaced every C-style cast with C++ ones
* Replaced every C-style cast with C++ ones
* Fixed boats falling and a TP glitch #266
* Updated NULL to nullptr and fixing some type issues
* Modernized and fixed a few bugs
- Replaced most instances of `NULL` with `nullptr`.
- Replaced most `shared_ptr(new ...)` with `make_shared`.
- Removed the `nullptr` macro as it was interfering with the actual nullptr keyword in some instances.
* Fixing more conflicts
* Replace int loops with size_t and start work on overrides
