metin-server/m2dev-server-src
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XChaCha20-Poly1305 via libsodium

Browse Source
This commit is contained in:
rtw1x1
2026-02-03 11:11:37 +00:00
parent 66068c1bd5
commit db87d068bc
963 changed files with 49428 additions and 264486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
README.md
View File

@@ -22,27 +22,41 @@ It builds as it is, without external dependencies.
## 📋 Changelog
### 🐛 Bug Fixes
* **Horse skill grade check:** Fixed a check that required the horse skill's grade to be exactly 3 (Grand Master) in order to use skills, leaving GMs that set their skill to P unable to use riding skills
* **Quest state loading:** Fixed an issue where quest states (`when login begin`) was being loaded before character affects on `PHASE_GAME`
* **Sura's Flame Ghost mounting:** Fixed Sura's Flame Ghost when mounting. The skill now damages nearby enemies when the horse skill is more than Level 10.
* **Experience points from chests:** Fixed a bug where experience points were being replaced by Experience Rings when opening chests
* **Gold from chests:** Fixed a bug where Gold was being replaced by a Gold inventory item that had no value when opening chests
### Encryption & Security Overhaul
### ⬆️ Feature Improvements
* **Nemere's Watchtower dungeon safeguards:** Added checks for automatically dismounting/prevent mounting of any kind when the character is inside the new Nemere's Watchtower dungeon
* **Conditional damage immunity system:** Added various checks for true per-hit conditional damage immunity with full control via Lua functions as well as clones of the default mob/group spawning Lua functions that return the monsters' VIDs for further manipulation from the quests. Exposed Lua functions below:
* `d.regen_file_with_immunity`: Spawn all monster/groups from a dungeon folder's regen.txt file with conditional immunity embedded from spawn
* `d.regen_file_with_vids`: The VIDs of all spawned monsters/groups from a dungeon folder's regen.txt file are being returned to Lua for further manipulation
* `d.spawn_group_with_immunity`: Spawn a group of monsters via its ID with conditional immunity embedded from spawn
* `d.spawn_group_with_vids`: The VIDs of all monsters from the group spawned are being returned to Lua for further manipulation
* `d.spawn_mob_with_immunity`: Spawn a single monster with conditional immunity embedded from spawn
* `npc.add_damage_immunity_condition`: Add a damage immunity condition to an already spawned monster
* `npc.clear_damage_immunity_conditions`: Clear all damage immunity from a monster so it can take damage normally again
* `npc.is_damage_immune`: Check if a mob has damage immunity using its VID
* `npc.set_damage_immunity`: Set damage immunity to a monster using its VID
* `npc.set_damage_immunity_with_conditions`: Set conditional damage immunity to a monster using its VID
* **Immunity vs Conditional immunity**: When a monster is immune to damage all hits are returning as MISS and it cannot be poisoned, burned, slowed or stunned. A condition is a rule that when applied, the monster's immunity is being ignored (for example, a mob is immune to damage unless the attacker is a Ninja - job 1). Multiple conditions are possible.
* More about the available conditions for damage immunity in `game/char.h`
The entire legacy encryption system has been replaced with [libsodium](https://doc.libsodium.org/).
#### Removed Legacy Crypto
* **Crypto++ (cryptopp) vendor library** — Completely removed from the project
* **Panama cipher** (`CFilterEncoder`, `CFilterDecoder`) — Removed from `NetStream`
* **TEA encryption** (`tea.h`, `tea.cpp`) — Removed from both client and server
* **DH2 key exchange** (`cipher.h`, `cipher.cpp`) — Removed from `EterBase`
* **Camellia cipher** — Removed all references
* **`_IMPROVED_PACKET_ENCRYPTION_`** — Entire system removed (XTEA key scheduling, sequence encryption, key agreement)
* **`adwClientKey[4]`** — Removed from all packet structs (`TPacketCGLogin2`, `TPacketCGLogin3`, `TPacketGDAuthLogin`, `TPacketGDLoginByKey`, `TPacketLoginOnSetup`) and all associated code on both client and server
* **`LSS_SECURITY_KEY`** — Dead code removed (`"testtesttesttest"` hardcoded key, `GetSecurityKey()` function)
#### New Encryption System (libsodium)
* **X25519 key exchange** — `SecureCipher` class handles keypair generation and session key derivation via `crypto_kx_client_session_keys` / `crypto_kx_server_session_keys`
* **XChaCha20-Poly1305 AEAD** — Used for authenticated encryption of handshake tokens (key exchange, session tokens)
* **XChaCha20 stream cipher** — Used for in-place network buffer encryption via `EncryptInPlace()` / `DecryptInPlace()` (zero overhead, nonce-counter based replay prevention)
* **Challenge-response authentication** — HMAC-based (`crypto_auth`) verification during key exchange to prove shared secret derivation
* **New handshake protocol** — `HEADER_GC_KEY_CHALLENGE` / `HEADER_CG_KEY_RESPONSE` / `HEADER_GC_KEY_COMPLETE` packet flow for secure session establishment
#### Network Encryption Pipeline
* **Client send path** — Data is encrypted at queue time in `CNetworkStream::Send()` (prevents double-encryption on partial TCP sends)
* **Client receive path** — Data is decrypted immediately after `recv()` in `__RecvInternalBuffer()`, before being committed to the buffer
* **Server send path** — Data is encrypted in `DESC::Packet()` via `EncryptInPlace()` after encoding to the output buffer
* **Server receive path** — Newly received bytes are decrypted in `DESC::ProcessInput()` via `DecryptInPlace()` before buffer commit
#### Login Security Hardening
* **Removed plaintext login path** — `HEADER_CG_LOGIN` (direct password to game server) has been removed. All game server logins now require a login key obtained through the auth server (`HEADER_CG_LOGIN2` / `LoginByKey`)
* **CSPRNG login keys** — `CreateLoginKey()` now uses `randombytes_uniform()` (libsodium) instead of the non-cryptographic Xoshiro128PlusPlus PRNG
* **Single-use login keys** — Keys are consumed (removed from the map) immediately after successful authentication
* **Shorter key expiry** — Expired login keys are cleaned up after 15 seconds (down from 60 seconds). Orphaned keys (descriptor gone, never expired) are also cleaned up
* **Login rate limiting** — Per-IP tracking of failed login attempts. After 5 failures within 60 seconds, the IP is blocked with a `BLOCK` status and disconnected. Counter resets after cooldown or successful login
* **Removed Brazil password bypass** — The `LC_IsBrazil()` block that unconditionally disabled password verification has been removed
#### Pack File Encryption
* **libsodium-based pack encryption** — `PackLib` now uses XChaCha20-Poly1305 for pack file encryption, replacing the legacy Camellia/XTEA system
* **Secure key derivation** — Pack encryption keys are derived using `crypto_pwhash` (Argon2id)