ZenithDetector METEOR CLIENT KILLER v1.1

v1.1.0
Web Dashboard · Public Fingerprint Registry · Discord Bot

Major non-breaking update. The Java plugin is unchanged — same engine, same commands, same config.yml. A full companion web service now ships alongside it.​

---

// WEB DASHBOARD

Live at zenithprojects.it/ZenithDetector

• Sign in with Discord — server roles drive permissions
• Customer dashboard with stats, submissions, verified fingerprints, team
• Optional 2FA TOTP (Google Authenticator / Authy / Aegis / 1Password) with Argon2id-hashed backup codes
• Append-only audit log of every privileged action

// SELF-SERVICE FINGERPRINT REGISTRY

Until today, adding a new mod to detect meant pinging support. Now:

• Drop the mod's .jar on the site
• Sandboxed parser extracts translation keys from assets/<mod>/lang/*.json
• Staff approves or rejects each candidate with a reason
• Public registry of approved entries — JSON API at /api/fingerprints.json

Anti-zip-bomb safeguards: magic-bytes check, 10k entry cap, 200 MB uncompressed cap, 100:1 ratio cap, per-file 5 MB cap. The jar is never executed.

// DISCORD BOT

Five slash commands now live in the support server:

• /zd-whoami — your profile + organization
• /zd-org-invite @user — invite 1 sub-customer (DM with Accept/Decline + automatic role assignment)
• /zd-org-cancel-invite — cancel a pending invitation
• /zd-org-list — show your organization members
• /zd-org-kick — remove the sub-customer

// HARDENED SECURITY

• CSRF on every POST, strict CSP, HSTS, no inline JS
• Per-IP login throttle (5 failed attempts → 1h block)
• Append-only audit log of every privileged action
• systemd hardening on the host (NoNewPrivileges, ProtectSystem=strict, MemoryDenyWriteExecute, etc.)
• Daily encrypted backups, hourly cleanup of expired sessions / invites

// COMING IN v1.2

• Automatic in-plugin sync from the public registry (no more manual config.yml edits)
• Bot DM notifications on verify/reject
• Auto role assignment on purchase via webhook

---

How to access
After purchase, join the support Discord and request the customer zdetector role.
Then sign in at zenithprojects.it/ZenithDetector.

The Java plugin stays plug-and-play with the same config.yml you already have.​

What Is ZenithDetector?

ZenithDetector is a passive, invisible client-detection engine for Paper 1.21.4 servers.
It exploits how Minecraft's sign editor serialises translatable and keybind components — forcing clients to reveal themselves through their own translation pipeline, with zero client-side footprint.

---

Update — Detection History, GUI & Unified Command

This update introduces persistent detection history, a live GUI panel, and a fully restructured command interface — everything you need to review player check results at a glance, without digging through chat logs.

---

🗂 Detection History

Every confirmed detection is now permanently recorded.

• Persistent storage — confirmed detections are saved to history.json in the plugin folder and survive server restarts.
• One entry per day — multiple join/leave cycles on the same calendar day are grouped into a single daily record, keeping the history clean and readable.
• Configurable retention window — set history.max-days in config.yml (default: 14 days); records older than the window are automatically pruned on startup.
• Per-session timestamps — each confirmed session stores its join time and quit time, so you always know the exact window in which a client was flagged.
• Offline player support — history is stored by UUID, so you can look up players even when they are offline.

---

🖥 Live Staff GUI

Open with /zdetect gui — in-game only.

Online-players panel (54 slots)

• Displays a player skull for every currently online player.
• Each skull shows:
  • Current session status (Clean or DETECTED) and detected module names.
  • A warning badge if that player has at least one confirmed detection in the history window.
  • Join time of the current session.
• Supports pagination (← / →) when more than 45 players are online.
• Click any skull to open that player's detail panel.

Player-detail panel (36 slots)

• Top row: Player skull with full current-session info (join time, confirmed status, detected modules). If the player is offline, shows their last confirmed detection instead.
• History rows: Up to 14 day slots — one green glass pane per confirmed detection day.
  • Each slot lore lists every session of that day with its join → quit times and detected module names.
• Back button (top-right) returns to the online-players panel.

---

⌨ Restructured Command Interface

/zd removed. /zdetect is now the unified entry point.

Command	Description	Permission
/zdetect check <player> [modules]	Run a client probe (same as before)	zenithdetector.check
/zdetect gui	Open the live staff GUI	zenithdetector.check
/zdetect history <player>	Print confirmed detection history in chat	zenithdetector.check
/zdetect info <player>	Show last-join session status in chat	zenithdetector.check

• /zenithdetector is retained as an alias for backwards compatibility.
• /zd has been removed.
• All existing subpermissions (zenithdetector.reload, zenithdetector.alerts, zenithdetector.checklang, zenithdetector.bypass) are unchanged.

/zdetect history <player>
Outputs a chronological list of confirmed-detection days for the target (online or offline), each with session join → quit windows and module names.

/zdetect info <player>

• If online: shows current session join time and whether the current session already has a confirmed detection.
• If offline: shows the most recent confirmed session on record (date, join, quit, modules).

---

⚙ Configuration Changes

A new section has been added to config.yml:

Code:

history:
  max-days: 14   # Days of per-player detection history to retain

ConfigUpdater automatically inserts this key into existing configs — no manual migration needed.

---

🛠 Technical Notes

• Detection history is stored in plugins/ZenithDetector/history.json (human-readable JSON).
• Only confirmed detections are persisted. Clean sessions and false positives are discarded on player quit.
• In-memory session tracking begins at join so the GUI always shows a live "current session" status even before a check completes.
• The GUI uses a custom InventoryHolder (ZenithGuiHolder) — no title-string matching, fully safe across reload cycles.
• All file I/O is synchronous on the main thread; detections are infrequent enough that this has no measurable impact.

What changed

ZenithDetector's most effective scan mode works by sending a resource pack to the player on join — the client is busy loading the pack, the loading screen covers everything, and the scan runs completely invisible. For this to work, ZenithDetector needs the URL of your server's resource pack.

Until now, you had to find that URL yourself and paste it manually into scan-pack-url in the config — and repeat the process every time the pack changed or the server restarted.

What's new

• Auto-detection from Nexo and ItemsAdder — Enable auto-detect-pack: true and ZenithDetector will read the resource pack URL directly from Nexo or ItemsAdder. No copy-pasting, no digging through configs.
• Always up to date — The URL is resolved on every server start, every /zdreload, and automatically every time Nexo or ItemsAdder reload their pack. If your pack URL changes, ZenithDetector updates with it instantly.
• Non-breaking — The feature is disabled by default. If you don't use Nexo or ItemsAdder, nothing changes. scan-pack-url still works as a manual fallback if auto-detection can't find a valid URL.

How to enable
In your config.yml, under join-trigger:

Code:

auto-detect-pack: true

Then run /zdreload. The console will confirm the detected URL.