Mojira Archive
MC-79079

Hacked Clients can force a server to "Hang" (No PosLook packet checking)

With many hacked clients and custom mods, it is able to send false Movement packets. Cyanit (a hacked client) is the most popular for this.

I Currently own the #1 vanilla server in the world, lately I have noticed many players saying that they are going to "DDos the server if I don’t give them OP", I have very good DDos protection and I wouldn't think the average player would be able to DDos a server of my size and protection.

After many hours of playing around, gathering information and looking at the code of both the client and the server. I have Found the issue, how its done and what we might be able to do to fix it.

Below is some Pseudocode from the Hacked client:

public void crashServer() {

  if (isButtonDown()) {
      double posX = this.player.posX;
      double posY = this.player.posY;
      double posZ = this.player.posZ;
      this.network.write(new C06MoveLookPacket(posX + 9999.0D, posY + 9999.0D, posZ + 9999.0D, this.headX, this.headY, this.rotating));
      this.network.write(new C06MoveLookPacket(posX, posY, posZ, this.headX, this.headY, this.rotating));
    }
  }

In this client (Cyanit) there is a button that says “VanillaCrash” upon pressing this button it will run this code 20 times pre second. The issue lyes in the way packets are processed on the server side. There is little to no direct packet checking which allows hacked clients like this to send any location they want.

Now time for some server code, this code is direct from MCP and will probably need modification to work with newer versions of minecraft.

if (packetIn.func_149466_j())
  {
  var9 = var11 * var11 + var13 * var13 + var15 * var15;
                
  if((var9 > 150.0D) && !(this.playerEntity.capabilities.isCreativeMode || this.playerEntity.capabilities.isFlying) ) {
    this.setPlayerLocation(this.lastPosX, this.lastPosY, this.lastPosZ, this.playerEntity.rotationYaw, this.playerEntity.rotationPitch);
                	
    if(System.currentTimeMillis() - lastUpdate > 10000) {
      logger.warn(this.playerEntity.getName()+" Moved too fast! ("+String.valueOf((int)var9)+")");
    }
      return;
    }
    if(!this.hasMoved && var9 < 0.25D) {
      this.hasMoved = true;
    }
  }

This code is located at “net.minecraft.network.NetHandlerPlayServer” around line 250. Its messy but I will try to explain what it dose. var9 is a double used for determining if the player has moved at all, if they have moved greater than a certain threshold, it will not process and just return. It is important to do this at a packet level as the rest of the code is relying on ticks to determine if they have crossed the threshold.

Thanks for looking at my report and I hope we can do something about this ASAP.

CraftyMyner of CraftyMynes Vanilla server

Fixed

Alex

[Mojang] Nathan Adams

2015-03-27, 10:57 PM

2015-08-04, 06:19 PM

2015-04-17, 01:05 PM

0

2

Plausible

Minecraft 1.8.3

Minecraft 1.8.4