Mojira Archive
MC-252727

Server can send signed-only messages with arbitrary content displayed

With display name and team name not being signed and formats not actually needing a parameter for content, you can abuse custom chat types and display/team name to show whatever you (the server) like, even with the client only having signed messages enabled.

See the following video with a Vanilla client (right) sending a message, received by a modded server (left, as local lan host): https://streamable.com/57sif1

Modded server code:

private static final ResourceKey<ChatType> CUSTOM = create("custom");
...
// Register
BuiltinRegistries.register(registry, CUSTOM, new ChatType(
        Optional.of(ChatType.TextDisplay.decorated(ChatDecoration.withSender("disconnect.genericReason"))),
        Optional.empty(),
        Optional.empty()
)) 
...
// On receiving a player chat packet
public void handle(final ServerboundChatPacket packet) {
    this.server.getPlayerList().broadcastAll(new ClientboundPlayerChatPacket(
            Component.literal(packet.getMessage()), Optional.empty(),
            BuiltinRegistries.CHAT_TYPE.getId(BuiltinRegistries.CHAT_TYPE.get(CUSTOM)),
            new ChatSender(player.getUUID(), Component.literal("<kennytv> This is definitely not the text I signed..."), null),
            packet.getTimeStamp(),
            packet.getSignature(player.getUUID()).saltSignature()
    ));
}

“Problem” number two:

Similar issue when the server is sending player chat packets "from" a player that isn't actually online/has no player info (e.g. by also being temporarily removed by the server while online); the client skips validation of the signature with no warning

 

Fixed

[Mod] Nassim Jahnke

[Mojang] Gegy

2022-06-09, 04:46 PM

2022-06-30, 01:15 PM

2022-06-30, 01:15 PM

1

2

Plausible

Very Important

Social Interactions

1.19

1.19.1 Pre-release 2