Exploits: Difference between revisions

From TotalFreedom Wiki
Jump to navigation Jump to search
No edit summary
Line 8: Line 8:
== 2022 ==
== 2022 ==
===Infinity Cart===
===Infinity Cart===
The '''Infinity Cart''' exploit was a rather potent exploit that was used to attack TF in early 2022 that used a modified Minecart With Chest and an invalid loot table that exceeded the vanilla 256 character limit, making it immune to any command to remove it because the game cannot process the data. Any interaction with it would cause the server logs to spit errors with the chance of flooding them to the point it causes the server to cripple. The modified carts cannot be broken, opened or otherwise modified by the player, nor can they be destroyed by any commands designed to kill entities such as <code>/kill</code> or <code>/rd</code>. Putting a bunch of them on the ground would often break the chunk they occupied, putting the server logs in gridlock and causing the server to crash every time the chunk is loaded as well - making it a crash loop if a player happens to be stuck there. In addition to being made to crash the server, the minecart is given a long display name so it serves double-duty as a 'lag entity' so it freezes anyone who's near it by taking advantage of their long display names, trapping them and keeping the chunk it is in loaded. This exploit would, after causing dozens of crashes be successfully combated by running <code>/data modify entity @e[type=minecraft:chest_minecart,limit=1] LootTable set value "air"</code>
Infinity Cart was an exploit discovered by the Moles in March 2022 that abused a lack of validation in entity loot tables which caused affected servers to fail to remove entities with the exploit applied. When a server would attempt to remove the entities (whether it be by command or by the entity being in the void), the invalid loot table would cause an exception to be thrown and would either abort whatever was trying to remove it or outright crash the server. When the entity was put in the void at a world spawn, the server would effectively be sent into a crash loop because the Minecart would be loaded in as soon as it finished starting up.
 
This exploit in particular prompted the development team to begin work on a fork of the Paper server software called Scissors, which became the foundation for exploit patches as the year progressed and more exploits were patched.


=== Worldcom ===
=== Worldcom ===
Worldcom was an exploit discovered in August 2022 that allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.
Worldcom was an exploit discovered by [[Community:VideoGameSm12|videogamesm12]] in August 2022 which allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.
 
[[Community:VideoGameSm12|Video]] created a fork of [[Community:EpsilonBot|EpsilonBot]] to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive.
Video created a fork of [[Community:EpsilonBot|EpsilonBot]] to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive them.


=== New Columbus Grief Exploit ===
=== New Columbus Grief Exploit ===
Line 20: Line 21:


== Unknown ==
== Unknown ==
===Particle Crash Exploit===
===Particle Crash Exploit===


The '''Particle Crash Exploit''' was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the [[Akefu Raids]]. It worked by simply generating a large amount of particles via the <code>/particle</code> command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by [[Community:Alco Rs11|Alco_Rs11]] with often hilarious results while combating the raids.
The '''Particle Crash Exploit''' was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the [[Akefu Raids]]. It worked by simply generating a large amount of particles via the <code>/particle</code> command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by [[Community:Alco Rs11|Alco_Rs11]] with often hilarious results while combating the raids.

Revision as of 04:14, 18 August 2023

TotalFreedom has had a long history of exploits being used both maliciously and harmlessly.

2014

Invalid Flower

Invalid Flower was an exploit discovered in early 2014 for Minecraft 1.7.x that crashed players who attempted to render a nonexistent variant of a flower. This exploit was maliciously used to crash players' clients and prevent them from joining the server.

2022

Infinity Cart

Infinity Cart was an exploit discovered by the Moles in March 2022 that abused a lack of validation in entity loot tables which caused affected servers to fail to remove entities with the exploit applied. When a server would attempt to remove the entities (whether it be by command or by the entity being in the void), the invalid loot table would cause an exception to be thrown and would either abort whatever was trying to remove it or outright crash the server. When the entity was put in the void at a world spawn, the server would effectively be sent into a crash loop because the Minecart would be loaded in as soon as it finished starting up.

This exploit in particular prompted the development team to begin work on a fork of the Paper server software called Scissors, which became the foundation for exploit patches as the year progressed and more exploits were patched.

Worldcom

Worldcom was an exploit discovered by videogamesm12 in August 2022 which allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.

Video created a fork of EpsilonBot to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive them.

New Columbus Grief Exploit

The New Columbus Grief Exploit is a modified version of the classic Columbus Grief exploit which involves a player flying at a high speed to load as many chunks as possible which puts stress on the server, lowering the TPS. This version is more discrete as players boost their speed primarily through a hacked client which makes it harder to detect whereas the classic version requires /speed 10, this version can be done with lower speeds because a player uses their hacked client that has a "timer" function (which allows for higher speeds) to add the required boost of speed to do the exploit. As with the classic Columbus Griefing exploit, you can detect its usage by looking for [PLAYER] moved too quickly! errors in the server console.

Unknown

Particle Crash Exploit

The Particle Crash Exploit was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the Akefu Raids. It worked by simply generating a large amount of particles via the /particle command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by Alco_Rs11 with often hilarious results while combating the raids.