Exploits: Difference between revisions
No edit summary |
|||
Line 8: | Line 8: | ||
== 2022 == | == 2022 == | ||
===Infinity Cart=== | ===Infinity Cart=== | ||
Infinity Cart was an exploit discovered by the Moles in March 2022 that abused a lack of validation in entity loot tables which caused affected servers to fail to remove entities with the exploit applied. When a server would attempt to remove the entities (whether it be by command or by the entity being in the void), the invalid loot table would cause an exception to be thrown and would either abort whatever was trying to remove it or outright crash the server. When the entity was put in the void at a world spawn, the server would effectively be sent into a crash loop because the Minecart would be loaded in as soon as it finished starting up. | |||
This exploit in particular prompted the development team to begin work on a fork of the Paper server software called Scissors, which became the foundation for exploit patches as the year progressed and more exploits were patched. | |||
=== Worldcom === | === Worldcom === | ||
Worldcom was an exploit discovered in August 2022 | Worldcom was an exploit discovered by [[Community:VideoGameSm12|videogamesm12]] in August 2022 which allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet. | ||
Video created a fork of [[Community:EpsilonBot|EpsilonBot]] to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive them. | |||
=== New Columbus Grief Exploit === | === New Columbus Grief Exploit === | ||
Line 20: | Line 21: | ||
== Unknown == | == Unknown == | ||
===Particle Crash Exploit=== | ===Particle Crash Exploit=== | ||
The '''Particle Crash Exploit''' was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the [[Akefu Raids]]. It worked by simply generating a large amount of particles via the <code>/particle</code> command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by [[Community:Alco Rs11|Alco_Rs11]] with often hilarious results while combating the raids. | The '''Particle Crash Exploit''' was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the [[Akefu Raids]]. It worked by simply generating a large amount of particles via the <code>/particle</code> command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by [[Community:Alco Rs11|Alco_Rs11]] with often hilarious results while combating the raids. |
Revision as of 04:14, 18 August 2023
TotalFreedom has had a long history of exploits being used both maliciously and harmlessly.
2014
Invalid Flower
Invalid Flower was an exploit discovered in early 2014 for Minecraft 1.7.x that crashed players who attempted to render a nonexistent variant of a flower. This exploit was maliciously used to crash players' clients and prevent them from joining the server.
2022
Infinity Cart
Infinity Cart was an exploit discovered by the Moles in March 2022 that abused a lack of validation in entity loot tables which caused affected servers to fail to remove entities with the exploit applied. When a server would attempt to remove the entities (whether it be by command or by the entity being in the void), the invalid loot table would cause an exception to be thrown and would either abort whatever was trying to remove it or outright crash the server. When the entity was put in the void at a world spawn, the server would effectively be sent into a crash loop because the Minecart would be loaded in as soon as it finished starting up.
This exploit in particular prompted the development team to begin work on a fork of the Paper server software called Scissors, which became the foundation for exploit patches as the year progressed and more exploits were patched.
Worldcom
Worldcom was an exploit discovered by videogamesm12 in August 2022 which allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.
Video created a fork of EpsilonBot to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive them.
New Columbus Grief Exploit
The New Columbus Grief Exploit is a modified version of the classic Columbus Grief exploit which involves a player flying at a high speed to load as many chunks as possible which puts stress on the server, lowering the TPS. This version is more discrete as players boost their speed primarily through a hacked client which makes it harder to detect whereas the classic version requires /speed 10, this version can be done with lower speeds because a player uses their hacked client that has a "timer" function (which allows for higher speeds) to add the required boost of speed to do the exploit. As with the classic Columbus Griefing exploit, you can detect its usage by looking for [PLAYER] moved too quickly!
errors in the server console.
Unknown
Particle Crash Exploit
The Particle Crash Exploit was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the Akefu Raids. It worked by simply generating a large amount of particles via the /particle
command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by Alco_Rs11 with often hilarious results while combating the raids.