margele/openzen

Open Zen is a work-in-progress, reverse-engineered open source version of a Minecraft client called Zen. Zen is a cheat client, the kind of modified Minecraft client that adds unsanctioned features for use against game servers. The target environment is Minecraft 1.20.1 with Forge 47.4.20. The README opens with a warning that the project is in an early stage and many features may not work yet, asking users to file issues or pull requests when they hit gaps. It is written almost entirely in Chinese. The original Zen jar was heavily obfuscated using Zelix KlassMaster: classes, fields, and methods were renamed to meaningless tokens, control flow was flattened, strings were encrypted, and invoke-dynamic calls were used to hide method references. The author describes using Anthropic's Claude Opus 4.7 to analyze the obfuscation, write a custom deobfuscator for the parts existing tools could not handle, and then guess sensible names for classes and methods with the help of an Enigma MCP server and Claude Sonnet 4.6. After about six hours of automated repair plus a small amount of manual fixing, the result is a buildable Gradle project rather than a binary blob. A portion of the cleanup involved the invoke-dynamic and string-encryption layers, whose master key is protected by a native library. The author found that the native library still loads and registers classes even without passing client authentication, which let the deobfuscation cover those parts of the code as well. The README spends a section on backdoors found in the original Zen. The analysis shows that on login, the client triggers a screenshot, and the Zen developer can request screenshots, scan and upload local files, or run remote commands. There is a linked BACKDOOR.md with details. Because of this, the project advises against running the original Zen at all. A standalone screenshot of an in-game click GUI is included for reference. Licensing is explicit: the original obfuscated bytecode has no license, and this repository's deobfuscated source, build scripts, and docs are released for study and research only. The author notes that some recovered symbol names are reconstructed from context and may not match the original developer's intent. Credits go to Claude, the Java Deobfuscator project, references to Themida and Zelix as the obfuscation tools, and the author's own Enigma MCP server.