uis246
commented
4 years ago Not yet. AFAIK wireshark support tls decryption. So it possible to implement it.
Open MajsterTynek opened 4 years ago
uis246
commented
4 years ago Not yet. AFAIK wireshark support tls decryption. So it possible to implement it.
MajsterTynek
commented
4 years ago Minecraft uses -aes-128-cfb8 cipher stream.
Shared secret generated by client is used both as IV and key.
https://wiki.vg/Protocol_Encryption#Symmetric_Encryption
I have no idea if TLS supports that.
Here's the script I have mentioned earlier, if anyone wishes to work on this:
-- event JoinWorld --
waitTick()
-- SRG mapping 1.12_stable_39 is used here
-- for other versions revise fields yourself
-- here get all the stuff needed
local baseClass = 'com.theincgi.advancedMacros.AdvancedMacros'
local minecraft = luajava.bindClass(baseClass):getMinecraft()
local netManager = minecraft:func_147114_u().field_147302_e
if netManager:func_150731_c() then
return -- connection is local
end
if not netManager:func_179292_f() then
return -- connection not encryypted
end
local logger = function(txt)
assert(type(txt) == "string", "expected string")
local file = filesystem.open("~/keylog.log", "a")
file.writeLine(txt)
file.close()
end
local channel = netManager.field_150746_k
local decrypt = channel:pipeline():get("decrypt")
local cipher = decrypt.field_150509_a.field_150507_a
local hexIV, IV = '', cipher:getIV()
for idx = 1, #IV, 1 do
hexIV = hexIV..string.format('%02X',IV:byte(idx))
end
logger( "KEY "..hexIV.." FOR "..channel:toString() )
toast( cipher:getAlgorithm(), hexIV )It may be run manually or by key bind. Way doesn't matter.
Log is stored in .minecraft\mods\advancedMacros\keylog.log.
We might point to it with a enviroment variable,
so it is done similar to SSLKEYLOGFILE as for TLS.
I made a script, for AdvancedMacros mod, that logs encryption keys used to a file named
keylog.log:Could it be possible for this dissector to decrypt captured connections if key is provided?