Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for encrypted connections. #2

Open
MajsterTynek opened this issue Aug 9, 2020 · 2 comments
Open

Support for encrypted connections. #2

MajsterTynek opened this issue Aug 9, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@MajsterTynek
Copy link

I made a script, for AdvancedMacros mod, that logs encryption keys used to a file named keylog.log:

KEY E6FEFDA27AF6D290002EC7BC9F62E8F5 FOR [id: 0xad1ae36a, L:/192.168.1.21:53813 - R:mc.hypixel.net/172.65.238.120:25565]
KEY 801A2DED50FE57C0AC37C8D90699A87A FOR [id: 0x648c0406, L:/192.168.1.21:59582 - R:mc.hypixel.net/172.65.210.134:25565]
KEY 8417CC6430DBF49A02114035EE45346B FOR [id: 0x387d190b, L:/192.168.1.21:60442 - R:mc.hypixel.net/172.65.210.134:25565]
KEY 9B650A12788E120F9597347C3BA78E65 FOR [id: 0xc964c4f5, L:/192.168.1.21:61041 - R:mc.hypixel.net/172.65.219.148:25565]
KEY EEAA925581E6792670175C0DAD41F7F0 FOR [id: 0xad58dc6e, L:/192.168.1.21:61111 - R:mc.hypixel.net/172.65.195.223:25565]
KEY 4F16EAFE841999C217B0E3A8EE8F18FC FOR [id: 0x5100fb74, L:/192.168.1.21:61460 - R:mc.hypixel.net/172.65.237.131:25565]

Could it be possible for this dissector to decrypt captured connections if key is provided?
@uis246 uis246 added the enhancement New feature or request label Aug 9, 2020
@uis246
Copy link
Owner

uis246 commented Aug 9, 2020

Not yet. AFAIK wireshark support tls decryption. So it possible to implement it.

@MajsterTynek
Copy link
Author

Minecraft uses -aes-128-cfb8 cipher stream.
Shared secret generated by client is used both as IV and key.
https://wiki.vg/Protocol_Encryption#Symmetric_Encryption
I have no idea if TLS supports that.

Here's the script I have mentioned earlier, if anyone wishes to work on this:

-- event JoinWorld --
waitTick()

-- SRG mapping 1.12_stable_39 is used here
-- for other versions revise fields yourself

-- here get all the stuff needed
local baseClass = 'com.theincgi.advancedMacros.AdvancedMacros'
local minecraft = luajava.bindClass(baseClass):getMinecraft()
local netManager = minecraft:func_147114_u().field_147302_e

if netManager:func_150731_c() then
    return -- connection is local
end

if not netManager:func_179292_f() then
    return -- connection not encryypted
end

local logger = function(txt)
    assert(type(txt) == "string", "expected string")
    local file = filesystem.open("~/keylog.log", "a")
    file.writeLine(txt)
    file.close()
end

local channel = netManager.field_150746_k
local decrypt = channel:pipeline():get("decrypt")
local cipher = decrypt.field_150509_a.field_150507_a

local hexIV, IV = '', cipher:getIV()
for idx = 1, #IV, 1 do 
    hexIV = hexIV..string.format('%02X',IV:byte(idx)) 
end

logger( "KEY "..hexIV.." FOR "..channel:toString() )
toast( cipher:getAlgorithm(), hexIV )

It may be run manually or by key bind. Way doesn't matter.
Log is stored in .minecraft\mods\advancedMacros\keylog.log.
We might point to it with a enviroment variable,
so it is done similar to SSLKEYLOGFILE as for TLS.

@MajsterTynek MajsterTynek mentioned this issue Nov 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MajsterTynek @uis246