WorldGuard Bypass
Рет қаралды 140,615
Күн бұрынGet the LiveOverflow Font: shop.liveoverflow.com (advertisement)
Telling the story how code review lead to the discovery of a common mistake plugin developers make. It also affects worldguard. However is it really worth fixing?
Maizuma Games: / maizumagames
WorldGuard: github.com/EngineHub/WorldGuard
HackForums: hackforums.net/showthread.php...
Episode 13:
00:00 - Intro
01:03 - State of Griefing on the Server
04:00 - Research Motivation
05:26 - Building Club Mate Bottle Challenge
06:08 - Challenge Bypasses
08:24 - WorldGuard Region Entry Protection
09:24 - Code Review of Movement Packets
10:49 - Building the Club Mate Fountain Ruin
11:38 - WorldGuard Bypass Showcase
12:11 - Minecraft 1.9 AntiCheat Bypass
12:55 - Should this be fixed?
14:30 - Community Showcase: DarkReaper
Credits/Comments from DarkReaper:
Hack based on: github.com/BleachDev/BleachHack
Special thanks to wagyourtail for optimizing EventlessFly: github.com/wagyourtail
github.com/GreenScripter/sign...
Episode 14 Teaser: • A new beginning...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
@ByteBeacon9660 Жыл бұрын
This has become my favorite youtube series. Please keep it going for as long as possible.
@savagetheunicorn4555 Жыл бұрын
Agreed, every time I see a new episode I get excited haha
@wondergames92 Жыл бұрын
Dude yes, I learned so much from working on these challenges and watching these videos
@RohanPlayZ_YT Жыл бұрын
Same dude
@suitkais7 Жыл бұрын
So sad it’s over 😢😢
@Kashubialover Жыл бұрын
@@suitkais7 yeah
@Embuer Жыл бұрын
It's just so impressive how you manage to break the game every episode and also how you include the community!
@EnergeticSpark63 Жыл бұрын
hey
@xImSmile Жыл бұрын
AntiCheat Dev here, nowadays this is basically a non-issue as most modern anticheats don’t rely on any spigot events. Most are packet based analyzing every single movement.
@MargootMC Жыл бұрын
What server do you work on?
@MargootMC Жыл бұрын
@@evil_peanut5 oh
@ninjasiren Жыл бұрын
@@MargootMC what you should have asked is what anti-cheat plugin he is involved with lol
@ninjasiren Жыл бұрын
Maybe LiveOverflow allows hacked clients to be used, but not to the extent as pure anarchy?
@zaj5924 3 ай бұрын
Even if you didn't rely on packets, you can just create a task that runs every 1 or so seconds (less performance heavy than listening to everyOnPlayerMoveEvent) and check the player coordinates which cannot be bypassed ever. So in the end just don't use the OnPlayerMoveEvent.
@istvanbarta Жыл бұрын
DarkReaper's story (and the server community) and his skill are amazing. It's showing how the "evil" hackers are not bad, just want some challenge to solve :)
@Sky_Shaymin Жыл бұрын
It was super fun to figure out both bypasses. Figuring out the bot movement bypass was simple enough but man it took forever to figure out the worldguard/fabric bypass. I think I had the same eureka moment when I saw that section about not spamming events. I would love to see more challenges like this in the future! Edit: Actually, looking at the comments it sounds like there is a new challenge ;)
@nullstring1549 Жыл бұрын
any chance you can offer advice on the worldguard bypass. we keep getting kicked for flying
@Sky_Shaymin Жыл бұрын
@@nullstring1549 I think he covered how to bypass the fly kick in another video. You want to do something along the same lines. Read the conditions in the code for when you get kicked and avoid them.
@b0tanicbeats Жыл бұрын
what is the IP adress?
@eureka1251 Жыл бұрын
moment
@thefastjojo Жыл бұрын
Now I want a video of DarkReaper showing he's Linux, nice setup man
@zafoquat Жыл бұрын
This video is my first exposure to your entire project and server. The entire idea and project is amazing and inspirational. I love the balance of cooperative anarchism here. Subbed and watching more!
@realjame Жыл бұрын
These Minecraft videos have a really comfy feel, especially with the first few minutes where you talk about what the community has done on your server. Keep it up, I love this series! Makes me want to learn Java and start messing with Minecraft : ]
@ChillerDragon Жыл бұрын
I hope the next episode includes a technical breakdown of philipps proxy!
@honbra Жыл бұрын
and the exploits ;)
@ScReeNy23 Жыл бұрын
omg its real chillerdragon
@Scrumplex Жыл бұрын
omg its real chillerdragon
@ChillerDragon Жыл бұрын
@@Scrumplex lmao u here the world is so small
@SOOWOOGEE Жыл бұрын
dang i found a teeworlds player in the comments
@peacefulexistence_ Жыл бұрын
6:08 I welcome you to the world of developing minecraft modifications.
@charlotteathena Жыл бұрын
It's wild to see how far notebot has spread since Jordin, me, and Valkyrie wrote it & started doing it on random HCF servers in 2015 (2016?)
@user-lx2ep9hd4k Жыл бұрын
Can't forget how Bleach inovated the original notebot by implementing the whole noteblock raycast thing back in 2017-18. We wouldn't have modern notebot chambers without that.
@slygg Жыл бұрын
When you select the area for a new worldguard region run the //expand vert command after you have selected your two positions. This way you select every y-value between your two selection points and you won't have to build your ruins at build height.
@jan_harald Жыл бұрын
yeah most every protection plugin supports protecting full chunk height, some ONLY that, but even the more flexible ones, like worldguard, would also include that
@lazeman7003 Жыл бұрын
great video as always, enjoying this series
@kaduvert Жыл бұрын
i love this series. it's so enjoyable...
@demp11 Жыл бұрын
Wow I never seen a server that prevents griefing by giving everyone hacks, that's such a cool concept! I will definitely join and help protect it when I have time, seems really fun :D
@graemewiebe2815 Жыл бұрын
Wow, this is really cool. I definitely have to get more into this sort of stuff! I might look into joining the server at some point in the future.
@wh1t3h3ll Жыл бұрын
that's a clean arch install, love it
@zekiz774 Жыл бұрын
I love this Series so much.
@sWi5s Жыл бұрын
This is just the best Minecraft series on KZbin. Ever.
@_AN203 Жыл бұрын
I didn't know that modding would be such fun !!! I hope that this community would live long enough.. And one day... I will be on that server... Thanks live....
@benoxiid Жыл бұрын
Legit, you're the first youtube creator that I dare turn on the bell !
@Patashu Жыл бұрын
My favourite video yet. Well done. Such creative exploiting
@guillaume6373 Жыл бұрын
I love this series!
@AliceDTRH_ Жыл бұрын
Flashing screen warning at 9:02, in case you missed the quick warning message in video. Also a bit later. Keep an eye out of warning screens.
@elliot_yoyo Жыл бұрын
Great video as always thx
@sierra991 Жыл бұрын
i was more concerened with how amazing darkreaper's linux install looks
@jonathan-._.- Жыл бұрын
wouldnt it be easier to just make your client round your position ? i'd imagine it would look chunky fpr other players but you yourself could play normally
@josephcosta7061 Жыл бұрын
Yes that’s how it works
@Omena0 Жыл бұрын
Lol
@57d Жыл бұрын
@@josephcosta7061 I think they’re saying in contrast to keeping it below the delta and teleporting to reset the count
@zeratax Жыл бұрын
@@josephcosta7061but why does it not look chunky? ^^
@FrugalPudle Жыл бұрын
you could just add a lastTeleportPos variable to the move handler so that teleports don't reset the last player movement position
@rogercruz1547 Жыл бұрын
I love how you are slowly becoming a minecraft channel without leaving hacking behind hahahah
@MithicSpirit Жыл бұрын
Hell yeah DarkReaper is a fellow arch user
@dadik7466 Жыл бұрын
damn now I'm sad I didn't figure out to teleport :( will you be making any more challenges?
@Shadownrun2 Жыл бұрын
end song is Africa by ToTo lol, too me a while to figure out
@mosemister Жыл бұрын
To be clear. It is difficult due to the implementation of the MovePlayerEvent. Sponge (an alternative to Bukkit) triggers its move event for any movement (ender perl, vehicle, etc)
@marvin7001 Жыл бұрын
There is actually a jira issues (SPIGOT-745) for this in spigot from March 2015 talking about this. Wanting an extra move event for anticheat plugins.
@OwO-. Жыл бұрын
Wouldn't just triggering the onmove event when you get rubberbanded back fix this?
@Furdox Жыл бұрын
here before premiere!
@heitormbonfim Жыл бұрын
I’m loving it holy shit
@evgenkonyshock4913 Жыл бұрын
My favorite minecraft let's play author
@redacted8220 Жыл бұрын
What about the strict value thing? did it work at all? you only briefly mentioned it
@der_zugvogel Жыл бұрын
Haha, on your Channel for the first time. Like the Club Mate botttle. Im drinking Club Mate since im 14. I'm 25 today. But, are you from Germany? Your accent sounds a little bit like that
@Code12x Жыл бұрын
Can't wait to find the ip :D
@LiliumOrientalis Жыл бұрын
Man each video of this I watch makes me want to join the server more, time to get a hack client and learn how to make plugins for it I guess
@wyhiobcarlile4879 Жыл бұрын
For the area protection thing you could probably target ENTITIES to be forced out of the area as that would prevent both the enderpearl and minecart exploit
@millenniumtree Жыл бұрын
I spent over a month on that sorter, trying to get it to work in newer MC versions, and there are so many problems with it. Very easy to break it.
@Gobillion160 Жыл бұрын
finally thank god more minecraft content
@DarkBraveStuff Жыл бұрын
fun episode
@paw_94 3 ай бұрын
UR INSANEEEEEEEEEE TYYSM ILYYY
@abhiramabhi2768 Жыл бұрын
11:48 that's me in the vid yay i made it!!!!
@MarwanMohamed588 Жыл бұрын
whats the ip
@LeBogo Жыл бұрын
RIP Server, it was a nice time playing on you.
@ES-cf4ph Жыл бұрын
:( wanted to try worldguard challenge, but was greeted with magically appearing TNT 😭
@FyzRDC Жыл бұрын
I just found the IP adress, the server is down ?
@ES-cf4ph Жыл бұрын
@@FyzRDC no it geht's griefed :(
@startforkiller Жыл бұрын
Yep, seems that some plugin or bot is following the player position, and when you move then a tnt spawn, so every players that joins or respawn summon a tnt
@Basti564 Жыл бұрын
If you know how you can bypass the tnt spawn :P
@logiciananimal Жыл бұрын
I'm going to have to use this when people tell me they think access control is easy!
@MatthiasLee1 Жыл бұрын
This feels like a peaceful 2b2t
@INeedAttentionEXE Жыл бұрын
You can move a 16th of a block before you trigger the move event!
@fishbone007 Жыл бұрын
Damn DarkReaper thats a pretty cool Linux you have there. D:
@NaughtyKlaus Жыл бұрын
It may be convenient to tie the event in during the packet handling process, but that makes the game prone to exploits from packet manipulation. Another approach that could be done is comparing the new position from the player's last position, and if they're different, fire the even manually on the server. However, if you fire the event every time the value changes, then it could easily use a lot of resources and essentially spam the server. To avoid this, only compare the movements once per X amount of ticks, X being dependent on how much you want to prioritize the detections efficiency.
@Zappexe Жыл бұрын
I love your videos
@kritzmaker Жыл бұрын
i have a terrible idea if the velocity is below said value, yet not zero, just null the move packet
@mu11668B Жыл бұрын
This is exactly how packetfly works. Took me quite a while to get it when I was working on my client back then honestly.
@RaystormTheWise Жыл бұрын
Why doesn't it just detect the presence or proximity of the player and teleport him out?
@kataraluna8417 Жыл бұрын
trigger the movement on teleporting? and check the location?
@jolly.mp4994 Жыл бұрын
what’s up with the tnt spawning on my head when i join the server
@Onako2 Жыл бұрын
My idea: everybody who gets more than 2 Blocks into illegal gets killed or the server does check every 40 ticks if the position is legal if yes it saves it into another variable where the player gets ported back if moving to fast
@MalLoHi Жыл бұрын
bro, maizuma games is the goat
@stellar4677 Жыл бұрын
Love this
@tqrtlee Жыл бұрын
ty
@slowftw Жыл бұрын
CTF but for Minecraft Hackers Amazing experiment!
@nBlackyHVH Жыл бұрын
I want to learn how to do something like this but I dont know where to start do you have a tutorial I can watch to get started?
@poleq5060 Жыл бұрын
Well, we (devs) can just put BukkitRunnable in enEnable(). That Runnable would be runTastTimer, and this could loop through all online players and check their positions if they are inside some private regions. Well, this should work, but i know that for some bigger servers this could may contribute to the lags. Am i right? Or i have messed something in the video?
@tamaskiss1017 Жыл бұрын
what de (desktop enviroment) does DarkReaper use?
@God-hp2gx Жыл бұрын
Rather interesting, sadly i havent found any mention of the server
@Omio9999 Жыл бұрын
Noted. I suppose that's an additional Easter Egg I can implement on my own server(s), should you be willing to have at least your player's head visible. I keep hearing about people giving Command Blocks a lot of flack, but don't get into the "why" without getting fuzzy. I have a working theory, but my practical understanding fails to see how many "resource leaks" there are in that pipeline.
@germimonte Жыл бұрын
the delta might not have that much performance on regular play, but a bad actor could easily saturate the network just by sneaking
@LiveOverflow Жыл бұрын
a bad actor can always just send movement packets larger than delta directly ;)
@tr7zw Жыл бұрын
The real issue is the server not correctly taking into consideration the client tps. There should be no more than 20 move packets per second(but also need to keep in mind lag). Keeping that in mind, it wouldn't be an issue to just call the event on every move packet.
@cannedwither8494 Жыл бұрын
could you please share your current fabric mod with us? it would provide a great opportunity to analyze code and figure out how to do stuff. Your videos have inspired me to make my own hacks, and i would like to look at your code. :) the end.
@snoxzy Жыл бұрын
Noice
@TeakLlax Жыл бұрын
Is anyone allowed to join the server or only ppl you allow in?
@HonestAuntyElle Жыл бұрын
I was so close to getting hacker. I had found the problem code, but was fooling around with NaN until I got frustrated by noobbot blocking all the slots.
@NekosaHaruna Жыл бұрын
3:17 wat is that song
@BlendiGoose Жыл бұрын
Is there a discord server for this?
@AndyIsHereBoi Жыл бұрын
Nicce
@goblinking9846 Жыл бұрын
😂
@MaybeScripted Жыл бұрын
The server is a really cool concept. But(i could be really wrong, Sorry if i am.) I feel like if a genuinely experienced grief "team" (team of 3 to 6 players) would join the server. The server would've been pretty much destroyed. Note: I'm assuming the server has no(or close to 0) protection against cheating. And that things like explosions, withers and x dupe method(s) are not disabled or patched
@TimLF Жыл бұрын
Is that an Stitch (experiment 626) reference?
@eimcca Жыл бұрын
The teleport event is fired for these moves.
@melkileo Жыл бұрын
Hey, is the server still openned and is there a way to find its ip ?
@Familyguycllips Жыл бұрын
is it possible to like apply here? i would love to join your server
@zeroboxer_ Жыл бұрын
My 2 cents regarding the protection plugin you developed. How would it be if instead of it being event/package driven, instead say every server tick/frame/heartbeat or so reads all current player positions and if a position is concluded to be in that secured area, then they will be kicked or teleported outside of it. Surely it will be a more resourceful plugin, but granted it could be a solution that can't be bypassed?
@novelsvoice.blogspot.com508 Жыл бұрын
Good #BestTechnicslPower
@vaibhavsingh130 Жыл бұрын
U BEST!!!
@brunoais Жыл бұрын
In my opinion, OnPlayerMove should be triggered when a player connects or some alternative to that event should exist
@merthyr1831 Жыл бұрын
shoutout to DarkReaper for their sick linux rice too :D
@6dq Жыл бұрын
Bro, why did u do it, now I have to patch it on my server..
@276- Жыл бұрын
:O Meteor client!!!
@cedric1731 Жыл бұрын
You could also create a lightweight thread with the latest Java Version for every player joining. Every 5 seconds you check if their latest position is theoretically possible. This could also prevent any form of flying if properly implemented
@Cyberfishofant Жыл бұрын
soo...this server relies on users to enforce anti-griefing measures?
@fugoogle_was_already_taken Жыл бұрын
is DarkReaper by any chance Czech? :D I think he has quite Slavic accent
@MisterL2_yt Жыл бұрын
yes, it says "cz" at the bottom right of his screen
@fugoogle_was_already_taken Жыл бұрын
@@MisterL2_yt didnt notice lol
@user-lx2ep9hd4k Жыл бұрын
He is
@itsmaybetokyo Жыл бұрын
8:51 what vscode theme?
@PR0WN3D Жыл бұрын
How do you join the server?
@soshimee Жыл бұрын
I've seen someone who placed saplings in protected areas...
@Meowzofficial Жыл бұрын
I reallz hope someone builds a REWE where zou can buz club mate or mazbe a späti
@ModifiedSteve Жыл бұрын
This sever is sooo cool, is there anyway I could join it?
@Doogie13 Жыл бұрын
Its sort of embarrassing that WorldGuard didn't patch this considering "PacketFly" has been a common feature for a whole range of exploits such as phasing, flying, etc in most 1.12.2 clients
@PossiblePanda Жыл бұрын
Is it possible to join this server? It looks really fun!!