Implement Full Bedrock Encryption Pipeline (AES-256-CFB8 & Key Exchange)

[WenoxGB]

Current Status
The proxy currently supports Xbox Live login parsing. It successfully extracts the player's Gamertag, XUID, and identity public key from the login chain. Players can connect and play, but only if encryption is disabled (plaintext mode).

The Issue
When encryption is enabled, the connection fails during the handshake phase. The proxy currently lacks the complete logic to:

1. Intercept the backend's encryption handshake.
2. Derive the shared secrets correctly.
3. Re-encrypt traffic for the player.

As a temporary workaround, the handshake interception has been disabled to allow plaintext connections.

Goal
Implement the full Minecraft Bedrock encryption pipeline so that Xbox Live logins work securely without bypassing the encryption handshake.

Technical Requirements

• Key Generation: Ensure ephemeral ECDH keys (secp384r1) are generated correctly on startup.
• Handshake Interception: Re-enable interception of the ServerToClientHandshakePacket (0x03) from the backend.
• Key Derivation: Implement the ECDH shared secret calculation (Salt + Secret -> SHA256) for both upstream and downstream sessions.
• Cipher Implementation: Finalize the EncryptionContext for AES-256-CFB8 with rolling IVs and checksum validation.
• Signature Fix: Ensure all JWT signatures sent to the client are converted from DER (OpenSSL default) to Raw (R+S) format.

[xRookieFight]

Currently it needs to disable encryption in your backend server. But i don't think we will leave this to another version

[xRookieFight]

🥹