Skip to content

Instantly share code, notes, and snippets.

View Col-E's full-sized avatar

Matt Col-E

450 followers · 59 following
View GitHub Profile
@Aizistral
Aizistral / AbsoluteStateOfChatReporting.md
Last active February 14, 2024 05:32
The Absolute State of Chat Reporting

The Absolute State of Chat Reporting

Originally introduced in 1.19.1, chat reporting has undergone many changes in Mojang's attempts to eliminate the exploits and make the system functional. The purpose of this paper is to document the current technical state of chat reporting on an ongoing basis, and to provide a reference for the community to use when discussing the system. To that end I will try to keep it as unbiased as possible.

The Basics

Chat reporting heavily relies on cryptographic commitments and signatures to ensure that reported chat messages are not tampered with. The basic idea is that all players sign their chat messages with their private key, and then send the signature along with the message to the server.

Chat signing keypair is not generated by the client as one could expect; instead, it is issued by Mojang's services and is tied to the player's account. This means that the keypair is shared between all clients that the player uses, and the player can't change it. The keypair is f

@Aizistral
Aizistral / MINECRAFT_BANS.md
Last active February 14, 2024 05:32
Research on Minecraft's global bans

Research on Minecraft's global bans

Date: 02.09.2022
Last Update: 24.12.2022
Author: Aizistral
In collaboration with: ejaussie, also known as British Empireball#3906

While I wish this could have been conducted sooner, this is the first verifiable ban case where I could contact the person banned. Some couple weeks ago I even purchased second Minecraft account with the sole intent of committing what would appear as bannable offense and being reported by one of my friends afterwards, which I sucessfully did; however, no action from moderation team followed. At the time this lead me to conclude that reports are not yet actioned on, which was perfectly explainable by unfixed exploits with chat reporting in 1.19.2. This case might indicate that reports are indeed actioned now, at least since the date of this research, but it is also possible that ban occured due to automated chat monitoring on Realms (see [Our Commitment to Player Safe

@kennytv
kennytv / readme.md
Last active May 8, 2024 06:32
Signed Chat and Chat Types

Signed chat

This gist intends on clearing up some of the misinformation surrounding signed chat/the reporting feature Mojang has added to Minecraft 1.19.1. Here you can find both technical information as well as a general explanation of how these work.

Profile keys

After joining a server, clients now send a profile key used for verifying a message's authenticity. This key and thus the whole signing process is optional, but by default, servers enforce secure profiles for clients to send chat messages. Whenever the player sends a chat message and has a key associated, the message will be signed using their own private key, which the server then verifies using the public key sent after join. Assuming signature, timestamp, and message contents line up, the message goes through.

On the other end, clients can also require all broadcasted player messages to be signed, disregarding the ones without sender verified signatures.

Message signatures

@muff-in
muff-in / resources.md
Last active May 30, 2024 06:00
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@ctrl-freak
ctrl-freak / android-adb-pull-apk.md
Last active June 24, 2024 11:41
Retrieve APK from Non-Rooted Android Device through ADB

https://stackoverflow.com/a/18003462/348146

None of these suggestions worked for me, because Android was appending a sequence number to the package name to produce the final APK file name (this may vary with the version of Android OS). The following sequence of commands is what worked for me on a non-rooted device:

  1. Determine the package name of the app, e.g. com.example.someapp. Skip this step if you already know the package name.

    adb shell pm list packages

    Look through the list of package names and try to find a match between the app in question and the package name. This is usually easy, but note that the package name can be completely unrelated to the app name. If you can't recognize the app from the list of package names, try finding the app in Google Play using a browser. The URL for an app in Google Play contains the package name.

@mapsam
mapsam / README.md
Last active June 11, 2023 11:59
Namecheap > Github pages

Namecheap > Github pages

Pointing your domains to a gh-pages branch requires three steps.

  1. Add the Github IPs as A records on Namecheap.
    185.199.108.153
    185.199.109.153
    185.199.110.153
    185.199.111.153
@orlp
orlp / ipow.c
Last active June 19, 2024 16:24
int64_t ipow(int64_t base, uint8_t exp) {
static const uint8_t highest_bit_set[] = {
0, 1, 2, 2, 3, 3, 3, 3,
4, 4, 4, 4, 4, 4, 4, 4,
5, 5, 5, 5, 5, 5, 5, 5,
5, 5, 5, 5, 5, 5, 5, 5,
6, 6, 6, 6, 6, 6, 6, 6,
6, 6, 6, 6, 6, 6, 6, 6,
6, 6, 6, 6, 6, 6, 6, 6,
6, 6, 6, 6, 6, 6, 6, 255, // anything past 63 is a guaranteed overflow with base > 1