LegacyConsole/LCE-Revelations
3
0
Fork 0
mirror of https://git.huckle.dev/Huckles-Minecraft-Archive/LCE-Revelations.git synced 2026-06-28 10:45:35 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

feat: dedicated server security hardening

Browse Source 
Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.

- Stream cipher: per-session XOR cipher with 4-message handshake via
  CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
  backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
  preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
  within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
  issued over the encrypted channel, verified on reconnect. Prevents XUID
  replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
  so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
  pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
  and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
  stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
  detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
  flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
  status, token status, XUID, and real IP. Security warnings for kicks,
  spoofing, and unauthorized commands.
This commit is contained in:
itsRevela
2026-03-28 19:18:06 -05:00
parent ed3fffcc6a
commit ba3ebe666c
42 changed files with 3293 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Minecraft.World/Packet.cpp
View File

@@ -401,20 +401,32 @@ void Packet::writeUtf(const wstring& value, DataOutputStream *dos) // throws IOE
wstring Packet::readUtf(DataInputStream *dis, int maxLength) // throws IOException TODO 4J JEV, should this declare a throws?
{
// Global safety cap to prevent memory exhaustion from malicious string lengths
static const int kMaxGlobalStringLength = 8192;
if (maxLength > kMaxGlobalStringLength)
{
maxLength = kMaxGlobalStringLength;
}
short stringLength = dis->readShort();
if (stringLength > maxLength || stringLength <= 0)
if (stringLength <= 0)
{
return L"";
// throw new IOException( stream.str() );
if (stringLength < 0)
{
app.DebugPrintf("SECURITY: readUtf received negative string length %d\n", stringLength);
}
return L"";
}
if (stringLength < 0)
if (stringLength > maxLength)
{
assert(false);
// throw new IOException(L"Received string length is less than zero! Weird string!");
app.DebugPrintf("SECURITY: readUtf received string length %d exceeding max %d\n", stringLength, maxLength);
// Consume the declared bytes to keep the stream synchronized
dis->skip(static_cast<int64_t>(stringLength) * 2);
return L"";
}
wstring builder = L"";
builder.reserve(stringLength);
for (int i = 0; i < stringLength; i++)
{
wchar_t rc = dis->readChar();