Version 1.1.5

More Patches & Fixes

Detection Patches

• Removed on-demand chat signing that allowed servers to request signed copies of previously-sent chat messages.
• Aligned 305 redirect and websocket handling in the local URL blocker so probes no longer return a non-vanilla response. - Informed by @NikOverflow
• Restored the resource pack key poisoning patch that v1.0.6 originally shipped and accidentally removed. - Informed by @Allawie
• Whitelist now link mods with its hard dependencies, since a server can identify the discrepancy of a whitelisted mod without its required dependency to detect OpSec.
• Nested jars are now dynamically attributed with the parent mod to allow proper whitelisting of all Fabric-API sub-modules without a hard coded list.
• Added Known-Pack Filtering to strip built-in pack identification belonging to non-whitelisted mods that servers could probe. - Inspired by ExploitPreventer's recent patch.

Fixes

• Reduced false positives in TrackPack detection by tightening the rapid-request and hash-probing heuristics.
• Local port scan alert no longer triggers on :0 URLs since they fail on their own.
• Key resolution alert pipeline moved off the main thread, heavy keybind probes was able to stall the client. - Informed by @NikOverflow (potentially fixed #10)
• Removed a duplicate TrackPack alert that fired twice for the same request.

Other Changes

• /opsec info <mod> now reports known-pack identifiers alongside translation keys, key-binds, and channels.
• Whitelisted translation key probes now show in debug alerts.

For Minecraft Fabric 1.20 to 26.1.2
Full Changelog: V1.1.4...V1.1.5

Version 1.1.4

Detection patch & Quality of Life Updates

HTTP Fingerprinting Patch

• Patched a detection vector in OpSec's local URL blocking. The redirect handling allowed for discrepancies from a vanilla client's response.

New Features

• Extended Minecraft support all the way back to 1.20 release (Oldest known key resolution exploitable version).
  Block Local URLs is disabled on 1.20.1 due to an unreliable mixin conflict with a legacy Meteor client version.
• Translations for OpSec's UI. New bundled languages include: German, Spanish, Hindi, Japanese, Korean, Russian, Vietnamese, Simplified Chinese and Traditional Chinese.

Other Changes

• New mod icon.
• Removed the ability to toggle channel spoofing since it's already handled by vanilla spoofing and whitelist behavior, making it harder for user misconfiguration.
• Removed identity tab and moved brand section to protection tab,
• Removed unused icons, tamper warning's dismiss button, and consolidated /opsec command feedback styling.
• Chat signing alerts now gate behind debug alerts.
• Dropped the redundant hardcoded vanilla keybind list and read the actual vanilla defaults from the running Minecraft version instead.
• Meteor Fix toggle is now hidden on Minecraft 26.1+ due to Meteor's removal of the problematic mixin on later versions.
• Bumped Mod Menu dependency.
• Cleaned up ~400 lines of dead code.

For Minecraft Fabric 1.20 to 26.1.2
Full Changelog: V1.1.3...V1.1.4

Version 1.1.3

Fixes and Improvements

Fixes

• Remove the chat signing fallback where where a malicious server could force OpSec to resend the user's last unsigned chat as signed.
• Key resolution probes are now tagged at the packet codec level to patch #5. Special thanks to @zyrafaq for helping me debug this issue.

Changes

• Removed the redundant Fabric networking API mixins.
• Tightened server resource pack detection.
• Added autismsexdefender to the incompatible mod list. It has numerous detection and bypass vectors, conflicting with OpSec.

For Minecraft Fabric 1.21 to 26.1.2
Full Changelog: V1.1.2...V1.1.3

Version 1.1.2

New Features and Other Changes

New Features

• Added Bypass Server Pack Requirement. Servers can push required resource packs that vanilla forces the client to apply, and fake-accepting them is detectable via the key resolution exploit. Minecraft still accepts and downloads these packs as normal but OpSec lets you toggle the pack textures at the client level.

Server resource pack's language file will still be applied so that servers probing translation keys (e.g. {"translate": "some.pack.key"}) still get the pack-defined value a vanilla client would resolve.

Fixes

• Patched detection vectors with fake default key binds so that resource pack key overrides and locale changes would return vanilla-identical output.

Changes

• OpSec UI strings moved away from vanilla translation keys to its own translation entries to prevent server resource pack from messing with it in the future.
• Removed forge spoofing mode. This mode had many detection vectors and it would take too much effort to patch, so I'm just completely dropping it since no one probably used it anyways.
• Bumped Minecraft version support to 26.1.2.

For Minecraft Fabric 1.21 to 26.1.2
Full Changelog: V1.1.1...V1.1.2

Version 1.1.1

Fixes and Improvements

Fixes

• Fixed a detection vector where OpSec didn't whitelist deprecated vanilla keys.
  Informed by @NikOverflow

Improvements

• Improved debug alerts to show the packet origin of key payloads and filtering out whitelisted key noises.
• Server resource pack keys are now resolved through normal vanilla key resolution instead of returning cached values.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.1.0...v1.1.1

Version 1.1.0

Bypass Fix, New Features and Other Changes

Bypass Fix

• Fixed a major key resolution protection bypass where servers could deliver mod detection key probes outside of anvil and sign screens. Key detection now simplified to cover all server network inbound packets for OpSec's key resolution interception.
  Informed by ExploitPreventer's recent patch by @NikOverflow.

New Features

• Added a simple integrity checker that detects if the mod has been tampered with by comparing checksum with official release, and displays a warning screen on startup if integrity checks fail. Could be easily circumvented but its designed to combat simple malware injections.

• Added an in-game update checker in the config menu.

Other Changes

• Fabric API module channels and keys now use the whitelist system instead of the legacy hard-coded pattern based matching bypass list.
• Reset button now updates update screen state.
• Fixed URL redirect for mod download buttons on newer Minecraft versions.
• Improved one-time hint message with a slight delay and color change for better visibility.
• Config menu now preserves scroll position when clicking buttons which was an issues on older Minecraft versions.
• Translation keys are now properly cleared on language reload.
• Remove unnecessary require=0 and fallback methods from Mixins.
• Migrated HttpUtilMixin from Unsafe to OpenSesame.
• Added packet source identification to exploit detection logs
• General performance optimizations.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.0.9.1...V1.1.0

Version 1.0.9.1 - Hotfix

Hotfix

• Fixed a client crash caused by resource pack chat alerts firing from Netty IO threads that effected Minecraft 1.21.5+.

For Minecraft Fabric 1.21 to 26.1
Full Changelog: V1.0.9...V1.0.9.1

Version 1.0.9

New Features and Changes

New Features

• Added offline (cracked) account support to the account manager, allowing users to add username-only accounts without authentication.
• Added a new "Debug Alerts" toggle in Misc settings (disabled by default). When off, key resolution probe alerts only appear when the resolved value was actually changed and spoofed. When enabled, alerts show for all probed keys, even unchanged ones.

Changes

• Key resolution probe chat alerts are now styled less alarming to avoid confusing new users.
• Added Ichor and LabyMod as incompatible mods to prevent conflicts.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.8...V1.0.9

Version 1.0.8

New Features and Changes

New Features

• Added new default automatic whitelist mode that automatically whitelist mods with registered network channels as they are most likely to have server-side features that breaks when not whitelisted.
• Added alert suppression for benign signs and anvils to prevent key resolution alerts triggered by sign or anvil screen search inputs from server plugin.
• OpSec no longer conflicts with ExploitPreventer. When both mods are installed, overlapping features are automatically disabled and deferred to EP. Read More

Changes

• Channel spoofing is now enabled by default.
• Replaced local URL blocking with @NikOverflow's ExploitPreventer's HTTP redirect protection implemention. OpSec had a detection vector due to its lack of 305 redirect handing.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.7...V1.0.8

Version 1.0.7

Bug fix and Code Changes

• ON_DEMAND ("Auto") chat signing now works reliably on proxy-based server networks that didn't advertise secure chat requirement with the enforcesSecureChat flag. If a server rejects an unsigned message, the mod will enable signing, and send the message seamlessly with the signing key.
• Code cleanup to removed 16 unused methods.

For Minecraft Fabric 1.21 to 1.21.11
Full Changelog: V1.0.6...V1.0.7