This PoC demonstrates how the chat can be obfuscated on the server, while remaining signed. This targets the Minecraft version 1.19.1-pre4.
poc.mp4
Do note that there will be a warning screen and a resource pack prompt, which were not shown in this video.
The idea was brought up to me by Machine-Maker.
- Run ObfchatGenerator
- Set up a server with
previews-chatset to true in serrver.properties and the mod installed - Ensure that
glyphs.jsonis in the server's root directory (default:run) - Archive the resource pack in
run/resourcepacks/glyph - Force the resource pack by setting
require-resource-packto true and by settingresource-packto a URL with the resource pack. - Start the server and join the server
This shows how the server can obfuscate the chat using the decoration/preview feature. With help of a custom resource pack, the chat is shown normally to the users.
However, in reality, the actual message (which is signed) is gibberish. Meaning, it will be nearly impossible to report those.
Furthermore, a malicious server can potentially use this to make it look like a player is typing a legitimate message. For example, turning "love" into "hate" by using character mapping and resource pack.
- Any client that tries to get around the required resource pack will have unreadable chat
- The server log is obfuscated, however this can be mitigated with a mod/plugin
- This can potentially be mitigated by Mojang by figuring out the character mapping. A workaround for this would be to rotate the mapping periodically. Furthermore, the server can also assign each player to a specific unicode range.
- The server can potentially be banned from the session server by Mojang