Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduction
This has long been a missing part of PocketMine-MP's network security.
Network encryption was introduced in the pre-0.15.0 Realms alpha. It is used to prevent leakage of sensitive data and also to enforce validity of XBL login.
This is something I put off implementing for a long time because I didn't see it as necessary, it was difficult to do previously (due to the necessity to change various API to make it possible), and also incurs a performance hit.
However, some community members (generally proxy hackers) have discovered that it is possible to capture a pre-signed login from other sessions and replay it in a later session, passing authentication. This is known as a session stealing attack, like those which occurred on PC.
Session stealing attacks are possible because the client is not required to provide proof of ownership of the ECC keys used to sign the login.
Encryption fills in the missing piece of this jigsaw, making XBL authentication now completely secure unless one's account is hacked.
For those who don't know, historically login plugins like SimpleAuth were used prior to the implementation of XBL authentication. These kinds of plugins are still used by some server owners who were aware of the above session stealing attacks, but these are also insecure. SimpleAuth, for example, requires a player to type a password into chat, which can be stolen by MITM attack because it is sent across an unencrypted connection in cleartext!
Changes
Behavioural changes
pocketmine.yml
optionnetwork.enable-encryption
has been added, and is enabled by default. This can be disabled if you care more about performance than these kinds of attacks.The impact of these changes on performance has not been fully measured yet - this is a TODO.
Dependency changes
Dependencies have been added for the following:
mdanter/ecc
versions^0.5.0
php-crypto
versions^0.3.1
Backwards compatibility
This does not pose any backwards compatibility issues for plugins by itself, although it requires prior changes that do break API.
Furthermore, I anticipate that this will break the tools of most proxy hackers, which I don't think many server owners will be terribly bothered about. Server owners might even be thankful 🙃
Follow-up
Consider moving more of this code into extensions, since it is rather performance sensitive.
Tests
Has been tested with a range of clients.