mirror of
https://github.com/BluTac10/Xbox-Neo.git
synced 2026-05-23 19:34:54 +00:00
ba3ebe666c
Comprehensive security system to protect against packet-sniffing attacks, XUID harvesting, privilege escalation, bot flooding, and XUID impersonation. - Stream cipher: per-session XOR cipher with 4-message handshake via CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection, backwards compatible (old clients/servers fall back to plaintext). - Security gate: buffers all game data until cipher handshake completes, preventing unsecured clients from receiving any XUIDs or game state. - Cipher handshake enforcer: kicks clients that don't complete the handshake within 5 seconds (configurable via require-secure-client). - Identity tokens: persistent per-XUID tokens in identity-tokens.json, issued over the encrypted channel, verified on reconnect. Prevents XUID replay attacks. Client stores server-specific tokens. - PROXY protocol v1: parses real client IPs from playit.gg tunnel headers so rate limiting, IP bans, and XUID spoof detection work per-player. - Rate limiting: per-IP sliding window (default 5 connections/30s) with pending connection cap (default 10). - Privilege hardening: OP requires ops.json, live checks on every command and privilege packet. Host-only server settings changes. - XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders. - Packet validation: readUtf global string cap, reduced max packet size, stream desync protection on oversized strings. - OpManager: persistent ops.json with XUID-based OP list. - Whitelist improvements: whitelist add accepts player names with ambiguity detection, XUID cache from login attempts. - revoketoken command: revoke identity tokens for players who lost theirs. - server.log: persistent log file written alongside console output with flush-per-write to survive crashes. - CLI security logging: consolidated per-join security summary with cipher status, token status, XUID, and real IP. Security warnings for kicks, spoofing, and unauthorized commands.
62 lines
1.3 KiB
C++
62 lines
1.3 KiB
C++
#pragma once
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
namespace ServerRuntime
|
|
{
|
|
namespace Access
|
|
{
|
|
struct OpMetadata
|
|
{
|
|
std::string created;
|
|
std::string source;
|
|
};
|
|
|
|
struct OpPlayerEntry
|
|
{
|
|
std::string xuid;
|
|
std::string name;
|
|
OpMetadata metadata;
|
|
};
|
|
|
|
/**
|
|
* Persistent OP (operator) list manager.
|
|
*
|
|
* Stores XUID-based operator entries in `ops.json`.
|
|
* Used as the authoritative source of truth for who has OP privileges,
|
|
* preventing in-memory-only OP escalation via crafted packets.
|
|
*/
|
|
class OpManager
|
|
{
|
|
public:
|
|
explicit OpManager(const std::string &baseDirectory = ".");
|
|
|
|
bool EnsureOpFileExists() const;
|
|
bool Reload();
|
|
bool Save() const;
|
|
|
|
bool LoadOps(std::vector<OpPlayerEntry> *outEntries) const;
|
|
bool SaveOps(const std::vector<OpPlayerEntry> &entries) const;
|
|
|
|
const std::vector<OpPlayerEntry> &GetOps() const;
|
|
bool SnapshotOps(std::vector<OpPlayerEntry> *outEntries) const;
|
|
|
|
bool IsPlayerOp(const std::string &xuid) const;
|
|
bool AddOp(const OpPlayerEntry &entry);
|
|
bool RemoveOpByXuid(const std::string &xuid);
|
|
|
|
std::string GetOpFilePath() const;
|
|
|
|
static OpMetadata BuildDefaultMetadata(const char *source = "Server");
|
|
|
|
private:
|
|
std::string BuildPath(const char *fileName) const;
|
|
|
|
private:
|
|
std::string m_baseDirectory;
|
|
std::vector<OpPlayerEntry> m_ops;
|
|
};
|
|
}
|
|
}
|