From 88531ccd0ebdb9d7174d60874f42d5e87e7eba7c Mon Sep 17 00:00:00 2001 From: James58899 Date: Wed, 8 Jun 2022 12:08:53 +0800 Subject: [PATCH] Support velocity forward protocol 2 --- src/main/java/one/oktw/PacketHandler.java | 29 ++++++++++++++-- src/main/java/one/oktw/VelocityLib.java | 33 ++++++++++++++++--- ...erLoginNetworkHandler_ProfileAccessor.java | 4 +++ ...rverLoginNetworkHandler_SkipKeyPacket.java | 5 +++ 4 files changed, 64 insertions(+), 7 deletions(-) diff --git a/src/main/java/one/oktw/PacketHandler.java b/src/main/java/one/oktw/PacketHandler.java index 7344200..ec26e2c 100644 --- a/src/main/java/one/oktw/PacketHandler.java +++ b/src/main/java/one/oktw/PacketHandler.java @@ -4,14 +4,17 @@ import net.fabricmc.fabric.api.networking.v1.PacketSender; import net.fabricmc.fabric.api.networking.v1.ServerLoginNetworking; import net.minecraft.network.PacketByteBuf; +import net.minecraft.network.encryption.PlayerPublicKey; +import net.minecraft.network.packet.c2s.login.LoginHelloC2SPacket; import net.minecraft.server.MinecraftServer; import net.minecraft.server.network.ServerLoginNetworkHandler; import net.minecraft.text.Text; -import one.oktw.mixin.ServerLoginNetworkHandler_DelayHello; import one.oktw.mixin.core.ClientConnection_AddressAccessor; import one.oktw.mixin.core.ServerLoginNetworkHandler_ProfileAccessor; import org.apache.logging.log4j.LogManager; +import java.util.Optional; + class PacketHandler { private final ModConfig config; @@ -19,18 +22,20 @@ class PacketHandler { this.config = config; } - void handleVelocityPacket(MinecraftServer server, ServerLoginNetworkHandler handler, boolean understood, PacketByteBuf buf, ServerLoginNetworking.LoginSynchronizer synchronizer, PacketSender responseSender) { + void handleVelocityPacket(MinecraftServer server, ServerLoginNetworkHandler handler, boolean understood, PacketByteBuf buf, ServerLoginNetworking.LoginSynchronizer synchronizer, PacketSender ignored) { if (!understood) { handler.disconnect(Text.of("This server requires you to connect with Velocity.")); return; } synchronizer.waitFor(server.submit(() -> { + int forwardVersion; try { if (!VelocityLib.checkIntegrity(buf)) { handler.disconnect(Text.of("Unable to verify player details")); return; } + forwardVersion = VelocityLib.checkVersion(buf); } catch (Throwable e) { LogManager.getLogger().error("Secret check failed.", e); handler.disconnect(Text.of("Unable to verify player details")); @@ -48,11 +53,29 @@ void handleVelocityPacket(MinecraftServer server, ServerLoginNetworkHandler hand return; } + // Public key + boolean keyEnforce = server.shouldEnforceSecureProfile(); + Optional publicKey = Optional.empty(); + try { + if (forwardVersion >= VelocityLib.MODERN_FORWARDING_WITH_KEY) publicKey = VelocityLib.readKey(buf); + if (keyEnforce && publicKey.isEmpty()) { + handler.disconnect(Text.translatable("multiplayer.disconnect.missing_public_key")); + return; + } + } catch (Exception e) { + LogManager.getLogger().error("Public key read failed.", e); + if (keyEnforce) { + handler.disconnect(Text.translatable("multiplayer.disconnect.invalid_public_key")); + return; + } + } + if (config.getHackEarlySend()) { - handler.onHello(((ServerLoginNetworkHandler_DelayHello) handler).delayedHelloPacket()); + handler.onHello(new LoginHelloC2SPacket(profile.getName(), publicKey.map(PlayerPublicKey::data))); } ((ServerLoginNetworkHandler_ProfileAccessor) handler).setProfile(profile); + publicKey.ifPresent(((ServerLoginNetworkHandler_ProfileAccessor) handler)::setPublicKey); })); } } diff --git a/src/main/java/one/oktw/VelocityLib.java b/src/main/java/one/oktw/VelocityLib.java index 681b604..52260ee 100644 --- a/src/main/java/one/oktw/VelocityLib.java +++ b/src/main/java/one/oktw/VelocityLib.java @@ -4,6 +4,8 @@ import com.mojang.authlib.GameProfile; import com.mojang.authlib.properties.Property; import net.minecraft.network.PacketByteBuf; +import net.minecraft.network.encryption.NetworkEncryptionException; +import net.minecraft.network.encryption.PlayerPublicKey; import net.minecraft.util.Identifier; import javax.crypto.Mac; @@ -12,10 +14,20 @@ import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.time.Instant; +import java.util.Arrays; +import java.util.Optional; + +import static java.util.Arrays.binarySearch; +import static net.minecraft.network.encryption.NetworkEncryptionUtils.decodeEncodedRsaPublicKey; public class VelocityLib { public static final Identifier PLAYER_INFO_CHANNEL = new Identifier("velocity", "player_info"); - private static final int SUPPORTED_FORWARDING_VERSION = 1; + + public static final int MODERN_FORWARDING_DEFAULT = 1; + public static final int MODERN_FORWARDING_WITH_KEY = 2; + private static final int[] SUPPORTED_FORWARDING_VERSION = {MODERN_FORWARDING_DEFAULT, MODERN_FORWARDING_WITH_KEY}; public static boolean checkIntegrity(final PacketByteBuf buf) { final byte[] signature = new byte[32]; @@ -35,15 +47,20 @@ public static boolean checkIntegrity(final PacketByteBuf buf) { throw new AssertionError(e); } + return true; + } + + public static int checkVersion(final PacketByteBuf buf) { int version = buf.readVarInt(); - if (version != SUPPORTED_FORWARDING_VERSION) { - throw new IllegalStateException("Unsupported forwarding version " + version + ", wanted " + SUPPORTED_FORWARDING_VERSION); + if (binarySearch(SUPPORTED_FORWARDING_VERSION, version) < 0) { + throw new IllegalStateException("Unsupported forwarding version " + version + ", supported " + Arrays.toString(SUPPORTED_FORWARDING_VERSION)); } - return true; + return version; } public static InetAddress readAddress(final PacketByteBuf buf) { + //noinspection UnstableApiUsage return InetAddresses.forString(buf.readString(Short.MAX_VALUE)); } @@ -53,6 +70,14 @@ public static GameProfile createProfile(final PacketByteBuf buf) { return profile; } + public static Optional readKey(final PacketByteBuf buf) throws NetworkEncryptionException { + Instant expiry = Instant.ofEpochMilli(buf.readLong()); + PublicKey key = decodeEncodedRsaPublicKey(buf.readByteArray(512)); + byte[] signature = buf.readByteArray(4096); + + return Optional.of(new PlayerPublicKey(new PlayerPublicKey.PublicKeyData(expiry, key, signature))); + } + private static void readProperties(final PacketByteBuf buf, final GameProfile profile) { final int properties = buf.readVarInt(); for (int i1 = 0; i1 < properties; i1++) { diff --git a/src/main/java/one/oktw/mixin/core/ServerLoginNetworkHandler_ProfileAccessor.java b/src/main/java/one/oktw/mixin/core/ServerLoginNetworkHandler_ProfileAccessor.java index aef31b4..1954785 100644 --- a/src/main/java/one/oktw/mixin/core/ServerLoginNetworkHandler_ProfileAccessor.java +++ b/src/main/java/one/oktw/mixin/core/ServerLoginNetworkHandler_ProfileAccessor.java @@ -1,6 +1,7 @@ package one.oktw.mixin.core; import com.mojang.authlib.GameProfile; +import net.minecraft.network.encryption.PlayerPublicKey; import net.minecraft.server.network.ServerLoginNetworkHandler; import org.spongepowered.asm.mixin.Mixin; import org.spongepowered.asm.mixin.gen.Accessor; @@ -9,4 +10,7 @@ public interface ServerLoginNetworkHandler_ProfileAccessor { @Accessor void setProfile(GameProfile profile); + + @Accessor + void setPublicKey(PlayerPublicKey publicKey); } diff --git a/src/main/java/one/oktw/mixin/hack/ServerLoginNetworkHandler_SkipKeyPacket.java b/src/main/java/one/oktw/mixin/hack/ServerLoginNetworkHandler_SkipKeyPacket.java index ceaf545..a2c3a72 100644 --- a/src/main/java/one/oktw/mixin/hack/ServerLoginNetworkHandler_SkipKeyPacket.java +++ b/src/main/java/one/oktw/mixin/hack/ServerLoginNetworkHandler_SkipKeyPacket.java @@ -12,4 +12,9 @@ public class ServerLoginNetworkHandler_SkipKeyPacket { private boolean skipKeyPacket(MinecraftServer minecraftServer) { return false; } + + @Redirect(method = "onHello", at = @At(value = "INVOKE", target = "Lnet/minecraft/server/MinecraftServer;shouldEnforceSecureProfile()Z")) + private boolean skipCheckKey(MinecraftServer minecraftServer) { + return false; + } }