OpSec

More Patches & Fixes

Detection Patches

• Removed on-demand chat signing that allowed servers to request signed copies of previously-sent chat messages.
• Aligned 305 redirect and websocket handling in the local URL blocker so probes no longer return a non-vanilla response. - Informed by @NikOverflow
• Restored the resource pack key poisoning patch that v1.0.6 originally shipped and accidentally removed. - Informed by @Allawie
• Whitelist now link mods with its hard dependencies, since a server can identify the discrepancy of a whitelisted mod without its required dependency to detect OpSec.
• Nested jars are now dynamically attributed with the parent mod to allow proper whitelisting of all Fabric-API sub-modules without a hard coded list.
• Added Known-Pack Filtering to strip built-in pack identification belonging to non-whitelisted mods that servers could probe. - Inspired by ExploitPreventer's recent patch.

Fixes

• Reduced false positives in TrackPack detection by tightening the rapid-request and hash-probing heuristics.
• Local port scan alert no longer triggers on :0 URLs since they fail on their own.
• Key resolution alert pipeline moved off the main thread, heavy keybind probes was able to stall the client. - Informed by @NikOverflow (potentially fixed https://github.com/aurickk/OpSec/issues/10)
• Removed a duplicate TrackPack alert that fired twice for the same request.

Other Changes

• /opsec info <mod> now reports known-pack identifiers alongside translation keys, key-binds, and channels.
• Whitelisted translation key probes now show in debug alerts.

For Minecraft Fabric 1.20 to 26.1.2 Full Changelog: https://github.com/aurickk/OpSec/compare/V1.1.4...V1.1.5