-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it actual sniffer and support encryption. #1
Comments
Actually I've already considered the sniffing option over proxy. And I've selected proxying because of two problems with packet sniffing:
For the encryption I didn't know the existence of any Lua script capability in minecraft. Is this a mod? But it should in theory be a solution, at the cost of asking people to add at least this script to their client. Could you give me more information on this Lua thing? I'll see if I can find some time to dig more in this direction. And good catch for the handshake packet, I'll fix this. |
I use this mod because besides exposed Lua stuff However, I believe it is possible to Here is a link to the mod on CurseForge where releases are hosted: I have posted and explained usage here: inb4: How to enable private access for LuaJ If you have any more questions about the Mod, |
I've fixed the potential issue with the Handshake packet. I've also decided I wouldn't implement the encryption support using a client modification. If a client mod is needed for it to work then you might as well directly get the packets from the client and avoid the hassle of using SniffCraft in the first place. |
@adepierre any hints on how could I bring encryption to SniffCraft in my own build knowing encryption keys? |
You should look at the AESEncrypter class in Botcraft . It's responsible to encrypt outgoing packets here and decrypt incoming packets here. You should check how it is initialized in Botcraft and try to mirror it in SniffCraft using the shared secret you got. |
Wireshark developers already done all work.
Err... What? Maybe probloblems with translation. |
Yep, I know it's possible, I've done it for another project. But pointless in this case as the proxy approach is used.
Nope, no probloblems here. I've already seen situations in which an application actually received some packets that wireshark didn't capture at all.
|
Ouch. Mistyped. But at least now I know how to name problems with blobs - probloblems. |
Thanks |
@uis246 @adepierre |
Not the best design choice |
I meant it for local connections, |
@adepierre any updates about proxying with encryption? or is it still open case? |
It's actually supported since september 2021 😀 See this part of the readme for more info. |
Microsoft Authentication@adepierre Any hints how to wrap around MS authentification? SniffCraft/sniffcraft/src/MinecraftProxy.cpp Lines 215 to 224 in b911259
I have spotted this very code piece above which uses OfftopicJust remembered about this issue I wrote long time ago here. Encryption done in assemblyRecently I am tinkering with
Would any of this have an use here in proxy domain? |
Regarding Microsoft Auth, I basically created one dummy azure application and got the ID and never touched the app since. Hope it'll stay alive somewhere in Microsoft world. There are two ways of authenticating using this ID. First way is traditional oauth stuff with HTTP server and redirections. The second way is device flow authentication for which you basically give a code to the user. This code can be used to authenticate on any browser (externally from the app). In the meantime, the app pings a Microsoft server endpoint using the given code and the server responds with "nope, the user is not logged in yet" or "all good, user authenticated here is your token". Regarding the efficiency of the current encryption/decryption methods, I never really try to benchmark/optimize openssl functions but it never appeared as a bottleneck so I prefer keeping it working rather than touching and risking breaking it. I'm not very familiar with these cryptographic topics so I just use what's available and working for me. Btw if you want to discuss more you could join the discord server, it's on the readme, it could be easier to exchange than github issues. |
Move from proxying to sniffing is optional here.
When encryption is requested, we may still listen to packet talk,
but not interfere with communication happening after that.
We may breach encryption by making the client share it's shared secret.
I have made a Lua script that logs it to a file for further use.
I have already tested this solution by dumping TCP streams
and decrypting them with said logged key.
I suggested this somewhere else already:
uis246/MCPC_dissect#2
All SniffCraft has to do on encryption request is to start
listening to that file for key and match proxy connection
by identifying local(Client) and remote(Proxy) addresses
and their ports. (Not server's IP+port we proxy to.)
BTW For connecting beside the local machine,
the proxy should always patch Handshake packet to
proper values to not include local IP and port.
BTW2 I might implement that script for other MC versions if needed.
You can contact me on Discord under username MajsterTynek#8884
or find me on AdvancedMacros Discord server.
The text was updated successfully, but these errors were encountered: