-
Notifications
You must be signed in to change notification settings - Fork 200
Encryption 1.17 forward
The encryption from bedrock version 1.17 and forward changed. The new encryption use standard AES CRT non-blocking cipher, however it is used in a non standard way. Some notes on the implementation in MiNET.
Uses a stream-enabled version of CRT, based Bouncy Castle, but modified according to a stack overflow answer you can find here https://stackoverflow.com/questions/51286633/java-bc-sicblockcipher-direct-output-equivalent-in-c-sharp
The CRT implementation in Bouncy Castle normally require you to terminate the encryption session in order to output the finished, encrypted message. However, since bedrock is implemented as a stream-based crypto, this doesn't actually work. So the code for encrypting and decrypting keeps the crypto context live throughout the entire session with the player (client).
The optimal IV for CRT is 12 bytes long. However, the implementation require 16 bytes. Hence an additional 4 bytes, ending with a 0x02, are added to the finished IV.