server ban

This is a vulnerability that can block an account.

Remember the activation lock vulnerability in 2013ios7?

Now minecraft has the same vulnerability.

As you can see from the anti obfuscation code (not what I did), you added a method to generate signatures in 1.19.

And the UUID, sending time and sending content are passed in.

Then, upload it to your server to judge violations.

Finally, it is forbidden according to UUID

Attackers can hijack and replace UUIDs with mod, which is simpler than ios7 activation lock vulnerability.

Because everyone's UUID can be searched using namemc.

The solution I came up with:

1. check UUID before each speech

2. cancel the reporting function

3. temporarily close API