DeathScreen Packet Not Enforced Server-side

A modified client or network setup ignoring a DeathScreen S2C packet is able to break blocks, attack entities, open inventories, and move around after death without sending a Respawn packet.

 

Sample Mixins designed to stub out the default DeathScreen handler are included as an attachment - this exploit does not require operator permissions or anything else, and could thus be seen as a serious issue for larger SMP servers.

 

Players in this glitched state cannot be damaged by any source and cannot be easily forced to respawn - additionally, if isDead() and isAlive() are stubbed out to always indicate that a player is alive, even on servers with a disabled death screen this exploit can be utilised.

 

Tested in 21w18a, although it appears this could also be used in earlier versions like 1.16.5. It so far seems unrelated to existing 1.10 / 1.8 bugs enabling players to be stuck in a death animation, as players using this exploit are actually dead.

 

I have been unable to find any active use of this on public servers and have not published the code anywhere, however due to the nature of this it seems that it is most likely already included in exploit toolkits.

 

If requested I can create a video demonstrating this in action and upload a full Fabric (or MCP) mod which demonstrates it.