mirror of
https://git.revela.dev/itsRevela/LCE-Revelations.git
synced 2026-05-21 19:24:55 +00:00
ba3ebe666c
Comprehensive security system to protect against packet-sniffing attacks, XUID harvesting, privilege escalation, bot flooding, and XUID impersonation. - Stream cipher: per-session XOR cipher with 4-message handshake via CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection, backwards compatible (old clients/servers fall back to plaintext). - Security gate: buffers all game data until cipher handshake completes, preventing unsecured clients from receiving any XUIDs or game state. - Cipher handshake enforcer: kicks clients that don't complete the handshake within 5 seconds (configurable via require-secure-client). - Identity tokens: persistent per-XUID tokens in identity-tokens.json, issued over the encrypted channel, verified on reconnect. Prevents XUID replay attacks. Client stores server-specific tokens. - PROXY protocol v1: parses real client IPs from playit.gg tunnel headers so rate limiting, IP bans, and XUID spoof detection work per-player. - Rate limiting: per-IP sliding window (default 5 connections/30s) with pending connection cap (default 10). - Privilege hardening: OP requires ops.json, live checks on every command and privilege packet. Host-only server settings changes. - XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders. - Packet validation: readUtf global string cap, reduced max packet size, stream desync protection on oversized strings. - OpManager: persistent ops.json with XUID-based OP list. - Whitelist improvements: whitelist add accepts player names with ambiguity detection, XUID cache from login attempts. - revoketoken command: revoke identity tokens for players who lost theirs. - server.log: persistent log file written alongside console output with flush-per-write to survive crashes. - CLI security logging: consolidated per-join security summary with cipher status, token status, XUID, and real IP. Security warnings for kicks, spoofing, and unauthorized commands.
116 lines
2.9 KiB
C++
116 lines
2.9 KiB
C++
#include "stdafx.h"
|
|
#include "ConnectionCipher.h"
|
|
|
|
#include <cstring>
|
|
|
|
namespace ServerRuntime
|
|
{
|
|
namespace Security
|
|
{
|
|
ConnectionCipherRegistry::ConnectionCipherRegistry()
|
|
{
|
|
InitializeCriticalSection(&m_lock);
|
|
memset(m_pending, 0, sizeof(m_pending));
|
|
memset(m_pendingKeys, 0, sizeof(m_pendingKeys));
|
|
}
|
|
|
|
ConnectionCipherRegistry::~ConnectionCipherRegistry()
|
|
{
|
|
SecureZeroMemory(m_pendingKeys, sizeof(m_pendingKeys));
|
|
DeleteCriticalSection(&m_lock);
|
|
}
|
|
|
|
bool ConnectionCipherRegistry::PrepareKey(unsigned char smallId, uint8_t outKey[StreamCipher::KEY_SIZE])
|
|
{
|
|
uint8_t key[StreamCipher::KEY_SIZE];
|
|
if (!StreamCipher::GenerateKey(key))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
EnterCriticalSection(&m_lock);
|
|
memcpy(m_pendingKeys[smallId], key, StreamCipher::KEY_SIZE);
|
|
m_pending[smallId] = true;
|
|
LeaveCriticalSection(&m_lock);
|
|
|
|
memcpy(outKey, key, StreamCipher::KEY_SIZE);
|
|
SecureZeroMemory(key, sizeof(key));
|
|
return true;
|
|
}
|
|
|
|
bool ConnectionCipherRegistry::CommitCipher(unsigned char smallId)
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
if (!m_pending[smallId])
|
|
{
|
|
LeaveCriticalSection(&m_lock);
|
|
return false;
|
|
}
|
|
|
|
m_ciphers[smallId].Initialize(m_pendingKeys[smallId]);
|
|
SecureZeroMemory(m_pendingKeys[smallId], StreamCipher::KEY_SIZE);
|
|
m_pending[smallId] = false;
|
|
LeaveCriticalSection(&m_lock);
|
|
return true;
|
|
}
|
|
|
|
void ConnectionCipherRegistry::CancelPending(unsigned char smallId)
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
SecureZeroMemory(m_pendingKeys[smallId], StreamCipher::KEY_SIZE);
|
|
m_pending[smallId] = false;
|
|
LeaveCriticalSection(&m_lock);
|
|
}
|
|
|
|
bool ConnectionCipherRegistry::HasPendingKey(unsigned char smallId) const
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
bool pending = m_pending[smallId];
|
|
LeaveCriticalSection(&m_lock);
|
|
return pending;
|
|
}
|
|
|
|
void ConnectionCipherRegistry::DeactivateCipher(unsigned char smallId)
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
m_ciphers[smallId].Reset();
|
|
SecureZeroMemory(m_pendingKeys[smallId], StreamCipher::KEY_SIZE);
|
|
m_pending[smallId] = false;
|
|
LeaveCriticalSection(&m_lock);
|
|
}
|
|
|
|
bool ConnectionCipherRegistry::TryEncryptOutgoing(unsigned char smallId, uint8_t *data, int length)
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
bool active = m_ciphers[smallId].IsActive();
|
|
if (active)
|
|
{
|
|
m_ciphers[smallId].Encrypt(data, length);
|
|
}
|
|
LeaveCriticalSection(&m_lock);
|
|
return active;
|
|
}
|
|
|
|
bool ConnectionCipherRegistry::IsCipherActive(unsigned char smallId) const
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
bool active = m_ciphers[smallId].IsActive();
|
|
LeaveCriticalSection(&m_lock);
|
|
return active;
|
|
}
|
|
|
|
void ConnectionCipherRegistry::DecryptIncoming(unsigned char smallId, uint8_t *data, int length)
|
|
{
|
|
EnterCriticalSection(&m_lock);
|
|
m_ciphers[smallId].Decrypt(data, length);
|
|
LeaveCriticalSection(&m_lock);
|
|
}
|
|
|
|
ConnectionCipherRegistry &GetCipherRegistry()
|
|
{
|
|
static ConnectionCipherRegistry s_instance;
|
|
return s_instance;
|
|
}
|
|
}
|
|
}
|