Exploits

Revision as of 04:02, 18 August 2023 by Alco Rs11 (talk | contribs) (more exploits)

TotalFreedom has had a long history of exploits being used both maliciously and harmlessly.

2014

Invalid Flower

Invalid Flower was an exploit discovered in early 2014 for Minecraft 1.7.x that crashed players who attempted to render a nonexistent variant of a flower. This exploit was maliciously used to crash players' clients and prevent them from joining the server.

2022

Infinity Cart

The Infinity Cart exploit was a rather potent exploit that used a modified Minecart With Chest and an invalid loot table that exceeded the vanilla 256 character limit, making it immune to any command to remove it because the game cannot process the data. Any interaction with it would cause the server logs to spit errors with the chance of flooding them to the point it causes the server to cripple. The modified carts cannot be broken, opened or otherwise modified by the player, nor can they be destroyed by any commands designed to kill entities such as /kill or /rd. Putting a bunch of them on the ground would often break the chunk they occupied, putting the server logs in gridlock and causing the server to crash every time the chunk is loaded as well - making it a crash loop if a player happens to be stuck there. In addition to being made to crash the server, the minecart is given a long display name so it serves double-duty as a 'lag entity' so it freezes anyone who's near it by taking advantage of their long display names, trapping them and keeping the chunk it is in loaded. This exploit would, after causing dozens of crashes be successfully combated by running /data modify entity @e[type=minecraft:chest_minecart,limit=1] LootTable set value "air"


Worldcom

Worldcom was an exploit discovered in August 2022 that allowed players to obtain the player data of any entity in the same world as them. The exploit worked by abusing the lack of a distance check in the "Query Entity Tag" packet.

Video created a fork of EpsilonBot to use the exploit to collect consenting player's in-game coordinates every few seconds and store them in a PostgreSQL database, with the ultimate goal being to find builds to independently archive.


Unknown

Particle Crash Exploit

The Particle Crash Exploit was an exploit that was discovered at an unknown date but used throughout mid-2022 extensively, mainly from May to June 2022 as a reasonably effective way to combat the Akefu Raids. It worked by simply generating a large amount of particles via the /particle command which would cause anyone's client which was targeted by the command to instantly freeze unless they turned particles off or had them blocked. This exploit was used extensively by Alco_Rs11 with often hilarious results while combating the raids.