mirror of
https://git.huckle.dev/Huckles-Minecraft-Archive/LCE-Revelations.git
synced 2026-05-31 02:54:51 +00:00
ba3ebe666c
Comprehensive security system to protect against packet-sniffing attacks, XUID harvesting, privilege escalation, bot flooding, and XUID impersonation. - Stream cipher: per-session XOR cipher with 4-message handshake via CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection, backwards compatible (old clients/servers fall back to plaintext). - Security gate: buffers all game data until cipher handshake completes, preventing unsecured clients from receiving any XUIDs or game state. - Cipher handshake enforcer: kicks clients that don't complete the handshake within 5 seconds (configurable via require-secure-client). - Identity tokens: persistent per-XUID tokens in identity-tokens.json, issued over the encrypted channel, verified on reconnect. Prevents XUID replay attacks. Client stores server-specific tokens. - PROXY protocol v1: parses real client IPs from playit.gg tunnel headers so rate limiting, IP bans, and XUID spoof detection work per-player. - Rate limiting: per-IP sliding window (default 5 connections/30s) with pending connection cap (default 10). - Privilege hardening: OP requires ops.json, live checks on every command and privilege packet. Host-only server settings changes. - XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders. - Packet validation: readUtf global string cap, reduced max packet size, stream desync protection on oversized strings. - OpManager: persistent ops.json with XUID-based OP list. - Whitelist improvements: whitelist add accepts player names with ambiguity detection, XUID cache from login attempts. - revoketoken command: revoke identity tokens for players who lost theirs. - server.log: persistent log file written alongside console output with flush-per-write to survive crashes. - CLI security logging: consolidated per-join security summary with cipher status, token status, XUID, and real IP. Security warnings for kicks, spoofing, and unauthorized commands.
71 lines
1.7 KiB
C++
71 lines
1.7 KiB
C++
#pragma once
|
|
|
|
#include <cstdint>
|
|
|
|
namespace ServerRuntime
|
|
{
|
|
namespace Security
|
|
{
|
|
/**
|
|
* Lightweight XOR stream cipher for traffic obfuscation.
|
|
*
|
|
* This is NOT cryptographically secure. It prevents passive packet sniffing
|
|
* (e.g., Wireshark-based XUID harvesting) but does not protect against
|
|
* active man-in-the-middle attacks. For real encryption, use TLS via a
|
|
* reverse proxy (stunnel, nginx stream).
|
|
*
|
|
* Usage:
|
|
* 1. Server generates a random 16-byte key during PreLogin handshake
|
|
* 2. Key is sent to the client (in a SecurityHandshakePacket)
|
|
* 3. Both sides create a StreamCipher with the same key
|
|
* 4. All subsequent TCP traffic is XOR'd through the cipher
|
|
* 5. The cipher maintains separate send/recv rolling key positions
|
|
*/
|
|
class StreamCipher
|
|
{
|
|
public:
|
|
static const int KEY_SIZE = 16;
|
|
|
|
StreamCipher();
|
|
|
|
/**
|
|
* Initialize with a key. Call before any encrypt/decrypt.
|
|
*/
|
|
void Initialize(const uint8_t key[KEY_SIZE]);
|
|
|
|
/**
|
|
* XOR-encrypt data in place for sending.
|
|
* Advances the send key position.
|
|
*/
|
|
void Encrypt(uint8_t *data, int length);
|
|
|
|
/**
|
|
* XOR-decrypt data in place after receiving.
|
|
* Advances the recv key position.
|
|
*/
|
|
void Decrypt(uint8_t *data, int length);
|
|
|
|
/**
|
|
* Returns true if the cipher has been initialized with a key.
|
|
*/
|
|
bool IsActive() const { return m_active; }
|
|
|
|
/**
|
|
* Reset to inactive state and securely wipe key material.
|
|
*/
|
|
void Reset();
|
|
|
|
/**
|
|
* Generates a cryptographically random key using CryptGenRandom (Windows).
|
|
*/
|
|
static bool GenerateKey(uint8_t outKey[KEY_SIZE]);
|
|
|
|
private:
|
|
uint8_t m_key[KEY_SIZE];
|
|
int m_sendPos;
|
|
int m_recvPos;
|
|
bool m_active;
|
|
};
|
|
}
|
|
}
|