UserEncrypt Minecraft Plugin

UserEncrypt

Project Overview: The userencrypt project is a Minecraft server plugin designed to enhance the security of “offline-mode” servers. When a player connects to an offline server, there is no authentication to verify their identity, allowing anyone to join using any username. This vulnerability is especially dangerous if a user impersonates an administrator.

UserEncrypt mitigates this risk by assigning players a unique, irreversible username upon their first login. For example, a player with the username “batman” might be permanently assigned “bat7852”. In-game, this player will always be identified as “bat7852”. If another person attempts to log in as “batman,” the plugin will recognize that the original player has already been assigned a unique identifier, thereby securing the original username.

Objectives

  1. Prevent Username Theft: In the absence of Mojang or Microsoft authentication on offline-mode servers, accounts are susceptible to being stolen. The primary objective of UserEncrypt is to eliminate the risk of impersonation, particularly of server operators who have elevated privileges.

Features

  1. Username Encryption:

    • The core feature automatically encrypts a player’s original username into a unique and un-guessable alias. This new username is consistently applied every time the player joins, ensuring their identity remains secure.

  2. Unique Username Storage Mode:

    • This alternative method assigns a unique, human-readable username to each player, which is then stored in a database. This provides a more user-friendly approach while maintaining the same level of security.

Technology Stack

  • Core Language: Kotlin
  • Build Tool: Gradle
  • Proxy Support: Velocity
  • Server Support: Paper, Spigot
  • Distribution: Published and managed on Modrinth
  • Version Control: Git & GitHub for open-source collaboration

Outcome

The implementation of UserEncrypt successfully addresses a critical security flaw in offline-mode Minecraft servers. The plugin provides a robust and reliable solution for preventing username theft and unauthorized access to privileged accounts. By ensuring that each player has a persistent and unique identity, UserEncrypt helps to create a more stable and secure environment for server communities, fostering trust and protecting the integrity of the game.

Server Owner’s Reflection

Running an offline server always came with the constant worry of someone logging in with my admin username. Since installing UserEncrypt, that fear is gone. My players feel safer knowing their inventories and progress are protected from impersonators, and my staff can manage the server without the risk of their accounts being compromised. It’s an essential plugin for any offline-mode server that is serious about security and player safety.

View Next

Psyzonic

Development of Psyzonic, a high-performance, SEO-optimized platform for dark psychology content.

Horizon

A high-performance, security-focused Remote Administration Tool (RAT) built in Rust for educational purposes and authorized penetration testing engagements.