Comprehensive security system to protect against packet-sniffing attacks,
XUID harvesting, privilege escalation, bot flooding, and XUID impersonation.
- Stream cipher: per-session XOR cipher with 4-message handshake via
CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection,
backwards compatible (old clients/servers fall back to plaintext).
- Security gate: buffers all game data until cipher handshake completes,
preventing unsecured clients from receiving any XUIDs or game state.
- Cipher handshake enforcer: kicks clients that don't complete the handshake
within 5 seconds (configurable via require-secure-client).
- Identity tokens: persistent per-XUID tokens in identity-tokens.json,
issued over the encrypted channel, verified on reconnect. Prevents XUID
replay attacks. Client stores server-specific tokens.
- PROXY protocol v1: parses real client IPs from playit.gg tunnel headers
so rate limiting, IP bans, and XUID spoof detection work per-player.
- Rate limiting: per-IP sliding window (default 5 connections/30s) with
pending connection cap (default 10).
- Privilege hardening: OP requires ops.json, live checks on every command
and privilege packet. Host-only server settings changes.
- XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders.
- Packet validation: readUtf global string cap, reduced max packet size,
stream desync protection on oversized strings.
- OpManager: persistent ops.json with XUID-based OP list.
- Whitelist improvements: whitelist add accepts player names with ambiguity
detection, XUID cache from login attempts.
- revoketoken command: revoke identity tokens for players who lost theirs.
- server.log: persistent log file written alongside console output with
flush-per-write to survive crashes.
- CLI security logging: consolidated per-join security summary with cipher
status, token status, XUID, and real IP. Security warnings for kicks,
spoofing, and unauthorized commands.
The upstream CMake migration missed UIUnicodeBitmapFont in the Windows
client and server source lists, causing linker errors. Also update
nightly release script paths from x64/ to build/ for CMake output.
* Move to cmake
* Move sources to source_groups and ditch more old VS files
* Add BuildVer.h generation
* Break out cmake source lists to platforms
* Don't copy swf files
* Revert audio changes from merge
* Add platform defines
* Match MSBuild flags
* Move BuildVer.h to common include and fix rebuild issue
* Seperate projects properly
* Exclude more files and make sure GameHDD exists
* Missing line
* Remove remaining VS project files
* Update readme and actions
* Use incremental LTCG
* Update workflows
* Update build workflows and output folder
* Disable vcpkg checks
* Force MSVC
* Use precompiled headers
* Only use PCH for cpp
* Exclude compat_shims from PCH
* Handle per-platform source includes
* Copy only current platform media
* Define Iggy libs per platform
* Fix EnsureGameHDD check
* Only set WIN32_EXECUTABLE on Windows
* Correct Iggy libs path
* Remove include of terrain_MipmapLevel
* Correct path to xsb/xwb
* Implement copilot suggestions
* Add clang flags (untested)
* Fix robocopy error checking
* Update documentation
* Drop CMakePresets.json version as we dont use v6 features
* Always cleanup artifacts in nightly even if some builds fail
* Re-work compiler target options
* Move newer iggy dll into redist and cleanup
* Fix typos
* Remove 'Source Files' from all source groups
* Remove old ps1 build scripts
