mirror of
https://git.revela.dev/itsRevela/LCE-Revelations.git
synced 2026-05-22 03:36:14 +00:00
ba3ebe666c
Comprehensive security system to protect against packet-sniffing attacks, XUID harvesting, privilege escalation, bot flooding, and XUID impersonation. - Stream cipher: per-session XOR cipher with 4-message handshake via CustomPayloadPacket (MC|CKey, MC|CAck, MC|COn). Negotiated per-connection, backwards compatible (old clients/servers fall back to plaintext). - Security gate: buffers all game data until cipher handshake completes, preventing unsecured clients from receiving any XUIDs or game state. - Cipher handshake enforcer: kicks clients that don't complete the handshake within 5 seconds (configurable via require-secure-client). - Identity tokens: persistent per-XUID tokens in identity-tokens.json, issued over the encrypted channel, verified on reconnect. Prevents XUID replay attacks. Client stores server-specific tokens. - PROXY protocol v1: parses real client IPs from playit.gg tunnel headers so rate limiting, IP bans, and XUID spoof detection work per-player. - Rate limiting: per-IP sliding window (default 5 connections/30s) with pending connection cap (default 10). - Privilege hardening: OP requires ops.json, live checks on every command and privilege packet. Host-only server settings changes. - XUID stripping: PreLoginPacket response sends INVALID_XUID placeholders. - Packet validation: readUtf global string cap, reduced max packet size, stream desync protection on oversized strings. - OpManager: persistent ops.json with XUID-based OP list. - Whitelist improvements: whitelist add accepts player names with ambiguity detection, XUID cache from login attempts. - revoketoken command: revoke identity tokens for players who lost theirs. - server.log: persistent log file written alongside console output with flush-per-write to survive crashes. - CLI security logging: consolidated per-join security summary with cipher status, token status, XUID, and real IP. Security warnings for kicks, spoofing, and unauthorized commands.
91 lines
1.7 KiB
C++
91 lines
1.7 KiB
C++
#include "stdafx.h"
|
|
#include "StreamCipher.h"
|
|
|
|
#ifdef _WINDOWS64
|
|
#include <Windows.h>
|
|
#include <wincrypt.h>
|
|
#pragma comment(lib, "Advapi32.lib")
|
|
#endif
|
|
|
|
#include <cstring>
|
|
|
|
namespace ServerRuntime
|
|
{
|
|
namespace Security
|
|
{
|
|
StreamCipher::StreamCipher()
|
|
: m_sendPos(0)
|
|
, m_recvPos(0)
|
|
, m_active(false)
|
|
{
|
|
memset(m_key, 0, sizeof(m_key));
|
|
}
|
|
|
|
void StreamCipher::Initialize(const uint8_t key[KEY_SIZE])
|
|
{
|
|
memcpy(m_key, key, KEY_SIZE);
|
|
m_sendPos = 0;
|
|
m_recvPos = 0;
|
|
m_active = true;
|
|
}
|
|
|
|
void StreamCipher::Reset()
|
|
{
|
|
SecureZeroMemory(m_key, sizeof(m_key));
|
|
m_sendPos = 0;
|
|
m_recvPos = 0;
|
|
m_active = false;
|
|
}
|
|
|
|
void StreamCipher::Encrypt(uint8_t *data, int length)
|
|
{
|
|
if (!m_active || data == nullptr || length <= 0)
|
|
{
|
|
return;
|
|
}
|
|
|
|
for (int i = 0; i < length; ++i)
|
|
{
|
|
data[i] ^= m_key[m_sendPos];
|
|
m_sendPos = (m_sendPos + 1) % KEY_SIZE;
|
|
}
|
|
}
|
|
|
|
void StreamCipher::Decrypt(uint8_t *data, int length)
|
|
{
|
|
if (!m_active || data == nullptr || length <= 0)
|
|
{
|
|
return;
|
|
}
|
|
|
|
for (int i = 0; i < length; ++i)
|
|
{
|
|
data[i] ^= m_key[m_recvPos];
|
|
m_recvPos = (m_recvPos + 1) % KEY_SIZE;
|
|
}
|
|
}
|
|
|
|
bool StreamCipher::GenerateKey(uint8_t outKey[KEY_SIZE])
|
|
{
|
|
#ifdef _WINDOWS64
|
|
HCRYPTPROV hProv = 0;
|
|
if (!CryptAcquireContext(&hProv, nullptr, nullptr, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
BOOL result = CryptGenRandom(hProv, KEY_SIZE, outKey);
|
|
CryptReleaseContext(hProv, 0);
|
|
return result != FALSE;
|
|
#else
|
|
// Fallback: not cryptographically random, but better than nothing
|
|
for (int i = 0; i < KEY_SIZE; ++i)
|
|
{
|
|
outKey[i] = static_cast<uint8_t>(rand() & 0xFF);
|
|
}
|
|
return true;
|
|
#endif
|
|
}
|
|
}
|
|
}
|