Just in case anybody wonders about disclosure timelines. Since reporting my issue, I have heard about a related issue reported in November. So there was plenty of time. But even if that wouldn’t have been the case, I still believe the issue is not really exploitable in practice. As I said in the video, even I wouldn’t prioritize fixing this issue :)
@-..._-.2 жыл бұрын
alright
@tenredstonetypek10762 жыл бұрын
That ilmango intro 😂
@yy6u2 жыл бұрын
good point, makes for a nice clickbait title through
@Marenthyu2 жыл бұрын
The newest Snapshots have added "encrypted chat" - perchance that was in response to these reports?
@nikohegeheiskanen2 жыл бұрын
Interesting enough I noticed the vulnerability when you showed the the picture because I remember exploiting the same vulnerability in CTR mode for AES :D
@recrucity2 жыл бұрын
I love how you divide these videos up with gameplay, hacking and programming! Keep up the good work!
@arcowo2 жыл бұрын
This would be a great opportunity to create a "nuker" hack!
@itskdog2 жыл бұрын
Laughed my head off and I'm not even 10 seconds in. The ilmango intro parody was AMAZING.
@tr7zw2 жыл бұрын
THANK YOU for explaining the implications of the account migration correctly. I've worked on the anticheat/antibot end in ~2016-18, and the amount of hacked accounts used for cheating and botting are way up in the multiple of millions. Bots auto joining the server, walking to some predetermined spots and spamming private messages to all online users with links/serverips, running for 24/7, while you are banning them every 30-60 second. Hackers just throwing tens or hundreds of accounts against the anticheat to try to figure out settings that it won't detect. The account migration came WAY too late IMO, looking at the madness from the peak times of Minecraft.
@jlle52892 жыл бұрын
FYI it’s still possible to use non migrated accounts
@JoaBro2 жыл бұрын
@@jlle5289i think it's actually mandatory as of roughly a week ago
@Bluepaccao2 жыл бұрын
Sounds great for you! I unfortunately lost access to my 10 year old minecraft account
@Koroistro2 жыл бұрын
@@Bluepaccao I had a friend which lost access to theirs, if you have proof of payment (ideally the mail they sent you when you opened your account) they can get your account reinstated, he was successful in doing so. This was a couple of years ago.
@Bluepaccao2 жыл бұрын
@@Koroistro Thank you for the information. Unfortunately the only thing I have lost access to is my google account which has been removed because of inactivity. And I wasn't able to change the email adress associated with my minecraft account because of the migrations. :P
@fledermaus70612 жыл бұрын
4:47 You can't obtain mending from an enchantment table as it is considered a treasure enchantment. 13:15 Abuse the 3 second invulnerbility after connecting to a server
@natew47242 жыл бұрын
I thought the invulnerability was "fixed", at least with fall damage.
@fabriperoconalgomasytodojunto2 жыл бұрын
I thought that only worked in singleplayer, does it really work in multiplayer too?
@tabletkatabletkova11072 жыл бұрын
Also, whe he is testing the proof of concent attack, he joind the game with main account(he has correct tools and is on lets play world, then switched to creative and tested it. So he has already escaped, by any way :)
@fledermaus70612 жыл бұрын
@@natew4724 It's intentional
@stekeblad2 жыл бұрын
I wonder if the 3 seconds can be increased. It takes minutes to join worlds when playing modded...
@computerdores2 жыл бұрын
A tip for the future: If you find your self farming ancient debris DON'T use TNT, use beds instead! Beds are way cheaper
@BooleanDev2 жыл бұрын
unless you have a gunpowder farm, then use tnt
@cscback2 жыл бұрын
bed wasnt efficient tho, and cause a lot of fire
@KLEY_2 жыл бұрын
beds are not stack and not destroyed in one time
@Skelyvelocirap2 жыл бұрын
The reason tnt is usually used is because you can stack it. Last time i checked you can’t stack beds anymore, but I honestly have no clue because im still behind slightly on the versions...
@bwjclego2 жыл бұрын
I've done both, and if you have any sort of gunpowder farm, TNT is *vastly* superior. But I am actually partial to just straight strip mining at y=15, seems to be just as fast with a good pick, and much more mindless and resource light.
@eleos52 жыл бұрын
"I almost got killed" *loses half a heart
@EnZaXD2 жыл бұрын
In Minecraft 1.8 there really was a bug in the login system, Spigot had tracked the socket address of the connection in the login handler without checking whether the address is zero, you could then reset the IP to "zero" with a TCP reset and trigger a NullPointer in the main thread, this then led to the server closing immediately with "Server closed".
@0x2252 жыл бұрын
Amazing that you also found the same AES vulnerabilities that we found over the years just reading random game code, we don't believe this to be significantly exploitable as you have stated as sure you can modify packets but if you cause any malformed packet your basically done and it only lets you manipulate the stream but they do technically reuse IV and key (they also use the key as IV) between the server and client but in our limited experience with AES CFB you can probably only decrypt the first block but we are not entirely sure because we are not cryptographers but we determined this as something not exploitable in a significant way so we never reported it.
@aweloop62482 жыл бұрын
If you can change a part of the message cant you just exchange the whole message? Like changing a simple "hello" to the text you desire?
@aiyaonishi32822 жыл бұрын
Didn't expect to see the Future client developer here. Hallo!
@meilihr39822 жыл бұрын
:o 0x22 watches LiveOverflow!
@0x2252 жыл бұрын
@@mattmurphy7030 I mean it is not entirely the same comparison but in the case of Minecraft this is not serious at all for what can be done but from what actual cryptographers have said what is being done here is bad and bad practice but is probably fine :) If they used a much better cipher they would actually have much more of a problem then what they have right now if everything else was the same. The cryptographic usage in Minecraft is held together with a thin string that just happens to be secure enough for the threat model unless it is possible to recover the key/iv or the internal AES state.
@0x2252 жыл бұрын
@@aweloop6248 You should be able to change up to 128 bits then the next AES block will be out of sync and will probally fail to decrypt due to the internal AES state no longer being in-sync.
@itsxunlight2 жыл бұрын
Love seeing ilmango in the description, since I was asking if you know him under your last video. Grüße gehen raus!
@1Hippo2 жыл бұрын
@Haze Ja, aus Berlin :)
@0xGRIDRUNR2 жыл бұрын
my cryptography teacher focused too much on math and I lost interest real quick due to the sheer complexity of all of the math AES uses, but the explanation for ECB and CFB was incredible! I never understood what my teacher was getting at and the diagrams didnt make sense to me (yet somehow I graduated this past spring lmao) but it now is clear. This series is awesome!
@justanormalperson2 жыл бұрын
gotta say, the xray mod reminds me of good old TeamAvolition griefing videos back in 2011-2012 :) if i remember correctly they were one of the first ones to use/create hacked clients (correct me if im wrong)
@UYNiko2 жыл бұрын
I basically did the “Evil Server” thing a while ago to track stats and do other cool things like creating replays by recording the packets, I got around the Mojang auth server issue by creating a server that dosn’t auth with mojang and I did the auth server side (obviously I used my own account), alternatively you could use two accounts which was what I ended up doing after a while (mostly to get my skin although I discovered a way to get any skin by messing around with the respawn packet), by doing this I was able to read and modify packets, I even wrote some stuff to manipulate packets in python that was stupidly easy to use, basically you could use a decorator to filter packets (including the info inside the packet), I kinda want to revive the project now, it was a lot of fun and now I’m sure I can get around some of the issues I had at the time, the filter chugged if I had to deal with a lot of packages because I basically had no idea about data structures and big O lol.
@Bluscream2 жыл бұрын
Can you please send me a link to your repo?
@UYNiko2 жыл бұрын
@@Bluscream I never made it public, it was for personal use to track stats on a mini game called Dwarves vs Zombies (not cheating although I could’ve cheated if I really wanted, that’s why I never made it public), the server had a way to track stats but they removed them when they changed hosts that’s why I created the project, eventually I did other cool stuff with it which was the reason why I was able to modify packets (I need to modify them for the replays, some of the packets needed to be modified before sending them to the client, I had other ideas to do some crowd control stuff and I created a bot to notify me when a game was about to start, etc), I remember I was writing something to create plugins for it, eventually I abandoned the project when the server started dying and I started getting serious with university.
@fizzdev2 жыл бұрын
That's awesome, if you do revive the project it'd be cool if it could be open source
@eyeborg31482 жыл бұрын
Does this mean all “offline mode” servers are vulnearable to the MITM attack described?
@germankerman9842 жыл бұрын
@@eyeborg3148 Yes, they are not protected against any MITM attacks
@BooleanDev2 жыл бұрын
4:40 you cant get mending at the enchantment table anyways, you must find it in a loot chest or trade with a villager, or fish in open water (no blocks around, nothing above the water)
@InDieTasten2 жыл бұрын
I think fishing in areas with treasure loot also works
@BooleanDev2 жыл бұрын
@@InDieTasten oh yea that too, I forgot since it's somewhat new
@NatoBoram2 жыл бұрын
Fishing it is very impractical, though. It's better to enslave a village to get all the best enchantments before you craft your Netherite armour.
@tissuepaper99622 жыл бұрын
@@NatoBoram "afk fishing is too easy we want players to use _S L A V E R Y_ instead" - Mojang, probably
@payzuni64842 жыл бұрын
I absolutely love this series.
@TwurtleX2 жыл бұрын
I can't speak to the similarity of the exploit, but there was a similar attack used by Nodus Session Stealer almost 10 years ago. It doesn't work anymore of course, but this made me remember it :)
@TwurtleX2 жыл бұрын
@DownloadPizza It involved an admin/op logging into your server to hijack their session to op yourself on the server they're op on. You can lookup how it worked here on KZbin, but I don't recall there being anything relating to logs.
@0x2252 жыл бұрын
indeed the session stealer was patched by protocol encryption.
@kitlith2 жыл бұрын
I'm pretty sure the first attack described that is foiled by the server hash check *is* the attack that was used by session stealer. The vulnerability that is still present (known plaintext, manipulating the encrypted packets) has potential to do similar things, but with much less flexibility (i.e. if the world/chat loads in it may be immediately recognisable as *server they're admin on*, there's no possibility of throwing up a real server that is just a front for stealing the player sessions.
@aidan79132 жыл бұрын
patched since minecraft snapshot 12w17a
@ChakaHamilton2 жыл бұрын
This was a great one! I love the though process and theory , implementation.
@clap_lmao2 жыл бұрын
By the way, when you load the world back up, you have a small invincibility window.
@TheFerdi2652 жыл бұрын
That intro was the best crossover I've ever seen
@spicybaguette77062 жыл бұрын
I actually got banned from hypixel because someone hijacked my account, they also changed the password. Luckily I could reset it with my email. Definitely taught me a lesson😁
@TheoVonMiscClips2 жыл бұрын
wasnt hypixel hacked recently through a godaddy domain hack?
@TheoVonMiscClips2 жыл бұрын
@@antonio32a yea lmao, i did some research they tried to get donations for hypixel "shutting down" and their blockchain address's only received 14 bucks USD 😂. Plus the dude that did the thing started shit talking the hypixel admins like he got root to their servers. everyday we stray further away from God...
@volka21992 жыл бұрын
Same happened to me but I wasn't banned. My account was compromised for a period when I didn't play. I changed my password upon discovering someone else used my account and changed my username and skin and then years later when I decided to play hypixel with a friend I found I already had former scores and game history for some of the minigames despite never playing on the server.
@drgabi182 жыл бұрын
the ilmango intro, lmao
@Pritam252 Жыл бұрын
I love how the start is IlmangoOverflow! Love these videos keep up the good work!
@gam_lol Жыл бұрын
for a second i though i clicked on a ilmango video lol
@hl2mukkel2 жыл бұрын
I love this series, that intro is awesome hahaha
@aaaa-fi1dm2 жыл бұрын
Not sure if you fixed this or not but with your Xray code you showed in your video it looks like you are rendering block faces that are occluded by other Xray blocks. Probably should check for that to increase performance, even though it shouldn't be super noticeable due to ore being infrequent, but its something to keep in mind.
@0x2252 жыл бұрын
Blocks are rendered in a VBO multi-threaded so it won't hurt that much but he is actually having some issues with block culling already and that is why he is unable to see the portal while in the nether. I honestly think how he is comparing the blocks causes more a performance hit then anything else here.
@AMaplestoryFan Жыл бұрын
A lot of liveoverflow's code in his hacking videos is unoptimized; and intentionally so. He's just writing code to perform a hack, not to develop a fully-fledged feature
@luqdude2 жыл бұрын
7:14 On the topic of botting servers and using throwaway accounts, it's a pretty big issue for smaller servers (i would argue an even bigger issue) as well. I used to mod a minecraft server that has now shut down, and there were at least 10 different times where the server got botted that I know of (only played on the server for around a year, but there were definitely more than 10 from before). Our discord server also got botted multiple times (either accounts spamming channels or DMing everyone on the server with advertisements for other servers) because of how easy it is to make a discord account. It used to be pretty major, and I believe that migrating to Microsoft accounts would help a lot, but of course that wouldn't get rid of it entirely. EDIT: we also had a lot of cases where people would be hacking on throwaway accounts, on bigger servers like Hypixel there's a pretty big chance that the account is already banned since someone else already used it, but on smaller servers that chance is way lowered. Our rules were that you could have up to 5 different accounts linked (accounts get linked if their on the same ip) before you got IP banned, but only sr. mods could IP ban so us normal mods would end up having to ban people 10+ times until a sr mod got on.
@luqdude2 жыл бұрын
@Ryan We had a custom plugin that would tell us what accounts were linked to a specific IP and track that automatically, but IP banning them was a manual thing. There are cases where if someone logged on with a VPN their accounts would then be linked to 10+ other accounts, so we would be able to leave a note for other moderators to not ban them. If the bans were automatic then it wouldn't be able to check the notes. There's a bunch of other cases like this where we wouldn't want the IP bans to be automatic.
@luqdude2 жыл бұрын
@@mattmurphy7030 I'm confused by what you mean? I know what a whitelist is, and I'm pretty familiar with java, but I'm confused as to how that's related
2 жыл бұрын
Now THIS is the kind of hacking I was expecting from LiveOverflow! Great!
@19182 жыл бұрын
dude i love you. just handing out free education to anyone and including your non-biased views. thank you!!
@juanp53082 жыл бұрын
One lil thing: in TheAltening, nfa or non full access normally get blocked in a very short time, while with full control accounts it is basically impossible to find your account blocked. The price increase was not because of the migration, but because of reliability
@theremyyoutube54312 жыл бұрын
6:17, the chats are not from botting at all ! Just plugins on a Minecraft server !
@anand_bhasme2 жыл бұрын
This series keeps getting better and better
@afunkymonk71072 жыл бұрын
I got so confused at the intro, wasn't expecting an ilmango intro. But i guess you found technical minecraft, ill just say welcome
@Psychopatz2 жыл бұрын
That intro almost made question if I even clicked the right thumbnail lol
@sanderbos42432 жыл бұрын
Before watching this video I watched two of ilmango's videos and I had another one I was planning to watch later, so I was very confused when I clicked this video's tab, haha!
@tw11tube2 жыл бұрын
Well, I think you missed out on crypto education on this video. This is a perfect example for two basic crypto issue: - You don't only want confidentality, you also want authenticity. (For the audience: Authenticity works by sending a value that binds the message to a shared secret. As the MITM attacker wouldn't have the shared secret, it can change the message, but it can't know how to update the authenticity information.) - You don't roll your own crypto, you use an established protocol. As this is about securing stream connections, you shouldn't roll your own AES-CFB8 based encryption protocol, but just use TLS. And guess what: TLS didn't forget about authenticity, and after years of exploits and fixes, TLS finally got authenticity right.
@destru86332 жыл бұрын
the intro had me so confused I thought I was watching ilmango for a sec
@techtheguy51802 жыл бұрын
Just seeing that il mango intro is a quality warranty
@FennecTECH2 жыл бұрын
“Turns out they were all empty”. We’ve all had this letdown Each and every minecrafter has had this letdown
@ursupator36062 жыл бұрын
Very good job on those videos, learning a lot from them and they motivated me to keep learning programming for a project I would like to do. Thank you very much!
@MaximusMuleti Жыл бұрын
I wish computer programming classes were taught like this when I went to school for networking. It would hsve made things a LOT more interesting. And practical, as you'd see the results from what you ve done in a real world example
@simonkhouryAU2 жыл бұрын
haha immediately got the ilmango reference... loving the series.
@gazehound2 жыл бұрын
Woah, the intro on this video SERIOUSLY short circuited my brain.
@zworx52362 жыл бұрын
6:15 if anyone was confused those are messages the server is sending not actual accounts (that's why they're colored, the server plugins are their origin)
@frxdy03052 жыл бұрын
The accounts you compared are completely different. The first one which only costs 7 cents, is often banned, you can’t change the credentials and also you will lose it like 30 min later. The one on the right is full access that means you can change anything and that account has a high chance of staying for your whole life.
@0xf1722 жыл бұрын
yeah, lol , he should investigate more about it
@Derik.2 жыл бұрын
Seems like that was on purpose. Non-full access accounts shouldn't exist anymore, so the full access account is the new cheapest option for hackers.
@LiveOverflow2 жыл бұрын
That’s exactly it ;) now you need full access, because you need full microsoft account. Basic credentials shouldn’t be enough anymore.
@0xf1722 жыл бұрын
@@LiveOverflow We are not saying that what you said is not correct about the potential future pricing changes after the migration to microsoft, but we are just saying that there is more than one reason why these accounts are different (the original reason why prices are diffs), in the end having microsoft or not, it will just add more layers to the scripters to find out how to automate it again😅, by replacing the mojang auth with microsoft one.
@adiopot2 жыл бұрын
Very good video. Your x-ray mod reminded me of other old hacked client mods that might be fun to replicate. 1- Waypoints, like your base. Old mods seemed to use a line drawn on screen towards that waypoint. 2 - minimap There are a bunch of old things that could be fun to reproduce.
@sungodmoth2 жыл бұрын
You have NO IDEA how off-guard that intro caught me
@billy-cg1qq2 жыл бұрын
Herobrine looking down on you at the end like a God can only make me feel a big awe towards him
@Sakrosankt-Bierstube2 жыл бұрын
Du hast dir bei dem Intronachbau sogar so viel Mühe gegeben, dass die Mini-Logos exakt gleich sind xD I love it.
@Reichstaubenminister2 жыл бұрын
iloverflow
@LiamDennehy2 жыл бұрын
Last episode was a lovely credit for LogicalGeekBoy, now a beautiful tribute to Ilmango - which of my other favourite Minecraft content creators are you also a fan of?
@itskdog2 жыл бұрын
He also featured clips from Bdubs showing off Litematica in an earlier episode
@estrobedaaxios23292 жыл бұрын
The Mojang account was really security through obscurity. I lost my email for my Mojang account 3 times, one time I got my account back through some back and forth with the support. The other two times the support sent a link for email recovery, like password recovery but for the email so you could change the email for the account. So you changed the email to a known email and then did a regular password reset. That email change thingy were quite difficult to find on your own though but like... Geeeze
@xdMatthewbx2 жыл бұрын
a little bit disappointed you didnt do something fancy to escape the lava, very interesting vulnerability though. funnily enough there were attacks with similar difficulty pulled off rather frequently back in minecrafts infancy so i honestly wouldnt be surprised if it couldve been used back then actually now that i think about it if one were to register typo domains for big servers they _could_ actually have a shot at pulling this off. not to say you shouldnt have included it though, as you said theyve had time to look at it. just think we might actually see (or not see) this used especially since minecraft to the best of my knowledge doesnt use SSL (mojang should implement that along with the enhanced cryptography theyre adding in 1.19) on the topic of the 1.19 cryptography stuff, i would like to see a regular style video going over how that works. nobodys really said anything about how thats implemented yet, just that "chat messages are signed now" and "this is good for security" (which it probably is assuming theyve done it well, but maybe you might find something if you look in to it like you did here)
@LiEnby2 жыл бұрын
this can easily be fixed if mojang simply used AES-CBC instead.
@xdMatthewbx2 жыл бұрын
@@LiEnby wonder how easy of a fix that is
@DanteDeRuwe2 жыл бұрын
Love the ilmango-inspired intro!
@monkaSisLife2 жыл бұрын
The "Report to Mojang" part is already well known especially for admins on like Hypixel. Probably Wouldn't even work since they most likely use their own permission system too. I think talking about Hacked plugins would be interesting, since it's done very regularly by griefers to get op
@CAEC642 жыл бұрын
if you install a "backdoored" plugin‚ you're a gullible admin to begin with
@FreezeBlaze2 жыл бұрын
In regards to the forced mojang/microsoft account migration, I think it's important to understand the player perspective. When it comes to cheaters using hacked accounts to cheat, this isn't nearly as large of a chunk of the issue on major servers as you might think. I would say >90% of the cheating problem comes from people playing on their MAIN account and getting away with it since the dev teams in charge of these servers don't benefit nearly as much from removing cheaters as they do from making new content. This migration simply isn't going to make a big change on major servers. On the other side, let's talk about players who lost access to their accounts. On average, the older your account, the more hours played there are on it. On average, the older the account, the more likely you are to have permanently lost access to your account. I personally know many people with 10,000+ hours played on their account who have permanently lost access to it. That's 10,000+ hours of effort, for your life, gone forever. Although there are significant security benefits, these don't play out as much of a benefit as you may think, and the negatives are incredibly high. As per usual, Microsoft is a complete plague to every project they take over.
@guitaekm Жыл бұрын
You can just rebuy minecraft and migrate on your servers or your singleplayerworlds
@arturoleveau28972 жыл бұрын
Thanks for this videos! i've been really enjoying this playlist. i stayed HOURS yesterday setting thequarry Proxy. and i learned a lot in the process . thanks again man!
@playerguy22 жыл бұрын
12:54 for as interesting as this dive into the network protocol is and as good as the plot device your fly hack failing over lava is,.. .. as some experienced Minecraft players know: upon connecting to a world, local or remote, the player is given a brief period of invincibility. ~~ This can be abused. ~~ You could repeatedly connect and disconnect, swimming fractions of a block at a time between disconnections and get to safety.
@superzolosolo2 жыл бұрын
I love these videos because they are exactly at my level while being entertaining too!
@glitchtime4042 жыл бұрын
You got me with the ilmango in show you evil evil man
@EliteSparklz2 жыл бұрын
I cannot tell you how confused I was when I heard the ilmango intro... I thought you would be the type of guy to watch scicraft content though
@ChillerDragon2 жыл бұрын
27:33 the most unimpressed herobrine encounter in the history of minecraft
@poketopa12342 жыл бұрын
Wow, I learned about AES in school but never considered that the XOR operation might be invertable
@vaisakh_km2 жыл бұрын
:o in school? or collage?
@31redorange082 жыл бұрын
That's what the decryption does, duh.
@poketopa12342 жыл бұрын
@@31redorange08 Yeah I guess so lol
@poketopa12342 жыл бұрын
@@Narimantos Isn't the process of "finding what inputs to this function create the desired output" the same thing as inverting the function?
@Narimantos2 жыл бұрын
@@poketopa1234 Not really? If the function was inverted we would know the input? We still don't know?
@Jinado12 жыл бұрын
Just 6 minutes left! It will be the longest 6 minutes of my life
@birkobird2 жыл бұрын
This series is super cool so far. Do you think you might be able to inject RNG manipulation into the game somehow? This would let you get any enchantment you want, get max item drops with Fortune and Looting, control the flight of the Enderdragon, etc., which would be incredibly fun to watch.
@guitaekm Жыл бұрын
There were some hacks that calculated how often you have to drop an item so you get a special enchantement, so it should be possible, if not that way, then maybe with how often you enchant something with one level
@relt_2 жыл бұрын
i liked this video with all my alts just because of the intro
@peacefulexistence_2 жыл бұрын
That ilmango intro killed me
@PolyRocketMatt2 жыл бұрын
I see that LiveOverflow has met IlMango, very nice :D
@KaseCami2 жыл бұрын
I was really confused, I thought I clicked on a LiveOverflow video and then the ilmango intro plays xDD
@tristanmacc2 жыл бұрын
once again another amazing vid, loving this series and cant wait to see what else is down the line
@nyuh2 жыл бұрын
that ilmango intro caught me off guard. great video as always lol
@aprilnya Жыл бұрын
i dont know why but the shot at 0:35 is SO funny to me
@kpk11712 жыл бұрын
I was so confused by the ilmango intro that I had to make sure I clicked the right video
@JayJay-ly4er2 жыл бұрын
i love this series
@retzerR2 жыл бұрын
At the beginning I thought that KZbin stuffed up the id, and I was watching another subscriber XD
@愛2 жыл бұрын
u probably dont know this but theres a delay between breaking blocks, remove it and you will mine much faster! this doesnt speed your mining speed up it only removes the delay after you break a block
@fdbhiroshima89792 жыл бұрын
when you log in a world, you have a few seconds of invulnerability, even if you felt in lava, you'd have ample time to fly away and just take fire damage once the invulnerability worn off
@Plyrs2 жыл бұрын
damn i thought i watched the wrong channel since i also a fan of ilmango for their amazing farm build and the explanation on how it works
@Matt0x002 жыл бұрын
Haha love the mango intro!!!
@wiger_2 жыл бұрын
cool video, didn't watch it yet but the title suggests it's gonna be awesome
@solider4442 жыл бұрын
you should add a fast mine mudule for your hacked client. since it makes it much easier to mine/collect new blocks such as obsidian
@loganreynolds86882 жыл бұрын
You said that the biggest thing they did was that by requiring people to migrate, a bunch of old compromised accounts were locked out. The thing is, this could have been solved by just disabling all accounts until they confirm their email on the website. Many of the other security features could have also been implemented separately. It isn't that difficult to add 2fa to something. Still agree that the switch made accounts more secure, just it's not like that was the single best solution.
@wizardkashy31332 жыл бұрын
people do build hacked clients for hypixel specifically, to bypass its anticheat. so not only do the fake hackers have access to several accounts, they can cheat for much longer than you'd expect. so thank gosh for the migration.
@le90382 жыл бұрын
Isn't it funny how for this entire other half of the video, this guy talks about trying to use a AES/CFB8 exploit to try and save himself only for herobrian to save him instead imagine thinking of a 200 iq power move only for there to be a quick and easy solution you didn't see
@Omena02 жыл бұрын
OMG THE ILMANGO INTRO 🤣🤣🤣😆🤣
@stacklysm2 жыл бұрын
That intro caught me off guard lmao
@hatkidchan_2 жыл бұрын
I genuinely thought that missclicked, that was good
@Lim952 жыл бұрын
Man, if Java wasn’t so finicky with compilation i would attempt to do this. Great job, and it’s cool that you’re making your own hacked client.
@samuelhulme83472 жыл бұрын
Using maven or gradle can help you easily compile java
@BenjaminGoldberg12 жыл бұрын
Instead of crafting and enchanting multiple pickaxes, you could made just one, and alternated between enchanting it and using the grindstone to remove enchantments.
@chpoit2 жыл бұрын
ngl, the idea of herobrine still kinda freaks me out, even after all these years
@GGGamesXDlol Жыл бұрын
You can't get mending from enchanting tables, only from villagers or naturally generated armors or books
@juliandurchholz Жыл бұрын
While you may not be able to MITM between an online client and a genuine online server, there is still potential to exploit the unauthenticated key exchange. For instance, plenty of servers operate in offline-mode with custom passwords just waiting to be sniffed. Or, the evil server itself imitates the genuine server and elicits valuable information from the client, say by social engineering or linking malware.
@provokateurin-dp6br2 жыл бұрын
really good episode! i love the series. the ending was truly minecraft youtuber cliche
@Kabutordday2 жыл бұрын
Loving these Minecraft hack videos, the downside is that now I'm getting a lot of "Minecraft videos" suggested by YT :(
@NeseComedy2 жыл бұрын
The worst thing about the old Mojang system is that if something is suspicious about your account activity, Microsoft requests a transaction ID from when you bought the game. In my case that ID is on a deleted web de mail from when I was 14, I would lose my account forever. I really hope they implement a better solution for this.
@ichigo_nyanko2 жыл бұрын
I'm very disappointed in this account migration. I vowed never to make a Microsoft account again after they locked me out of my account for no reason ("Suspicious Activity") and it was gone forever, along with my email which had a lot of important things on it. They wouldn't accept that I no longer had access to the phone number despite offering to give them documents that proved I owned the number and no longer had access to it. So I avoid all microsoft products. That wouldn't be a problem, but I paid for Minecraft - I think it's incredibly unfair they will prevent me from playing the game I paid for because I don't want to make an account with their parent company (which was not the parent company when I bought the game). Especially because the reason I don't want to make an account with that company is because they prevented me from accessing a previous one and I lost everything associated with it, it's a lose lose. Either I lose access to the game, or I make an account with a good chance I end up loosing access to that, and therefore the game.
@ichigo_nyanko2 жыл бұрын
@@leeroyjenkins0 That is true, but it would be pretty much equivalent to pirating the game, which is $20 cheaper than paying for a game that stops letting you play.
@AlexDicy2 жыл бұрын
This intro destroyed me. I burst out laughing HAHAHA
@LucaDornseifer2 жыл бұрын
This series inspired me to learn java. :) Keep up the amazing Videos!
@YzyVivean2 жыл бұрын
Thing is, Mojang alts still work on servers and Microsoft did absolutely nothing to stop people from joining servers if you are unmigrated.
@bladestormX2 жыл бұрын
You should call this series MineOverflow
@pvic69592 жыл бұрын
LOL tat intro! gota love ilmango :)
@cuty53722 жыл бұрын
Couldn't you just have started with sending the Fly packets immediately after setting up authentification?
@Wheagg2 жыл бұрын
no, the server would probably get confused because it is still sending info packets. Players joining a server can actually freeze in midair in the real game while they are loading in. So he could've just flew through it.
@cuty53722 жыл бұрын
@@Wheagg While that is likely, from my own experimentation a few months back, it seemed like the server didnt really care about package order...
@fosspointer2 жыл бұрын
Why do people comment before the premiere even begins? ...