Resource Cheat your server an x amount of slots, without paying any extra money

Discussion in 'Spigot Plugin Development' started by GravelCZLP, May 2, 2017.

?

Is this Usefull ?

  1. Yeah, i like cheating :)

    31.8%
  2. No, i like to pay for stuff

    54.5%
  3. I don't know man

    13.6%
  1. Hi, i have discovered a way to cheat slots to your server without paying any extra money(if your server provider charges you money for that)
    Its this simple code right here
    Code (Text):
    private void cheatSlots(int amount) {
                    MinecraftServer ms = ((CraftServer) getServer()).getServer();
                    try {
                            Field playerListField = ms.getClass().getField("v");
                            playerListField.setAccessible(true);
                            Field playerCount = playerListField.getClass().getField("maxPlayers");
                            playerCount.setAccessible(true);
                            playerCount.set(playerCount, amount);
                    } catch (Exception e ) {
                            getLogger().log(Level.WARNING, "Failed to cheat Minecraft server slots", e);
                            e.printStackTrace();
                    }
            }
     
    So lets break it down.
    First we get the Minecraft Server instance
    Then we get field "v", that refers to PlayerList class
    we need to set it accessible because it is private, not public
    How do i know that ? if you use BuildTool and you go to work/decompile-<some number here>/net/minecraft/server/ there is the source code for vanilla* minecraft server
    So we have Field "v", what next ?
    we get the class of Field "v" and we get field "maxPlayers"
    and we need to set it accessible again, because it is protected not public
    and then we set that to like a 100
    and here we go, we now have 100 slots on our server without paying any extra money :p

    DISCLAIMER:
    I DO NOT take any responsibility for the damage you can cause
    I DO NOT take any responsibility if your server provider discovers you are doing this, and removes your server or something.
    I DID NOT test this code yet, i don't know if this works, in theory it should, if it does not, tell me in comments :)

    WARNING:
    You WILL get into trouble if you use this code on your own


    * = probably not full vanilla, there might be some modifications
     
    #1 GravelCZLP, May 2, 2017
    Last edited: May 2, 2017
    • Funny Funny x 1
  2. This will definitely get some problem is some issues with their host.
     
    • Agree Agree x 1
  3. Choco

    Moderator

    If your hosting company has limitations on your player cap, there's a reason for it. I see no reason to intentionally circumvent restrictions made by a company, especially considering it could get you into some serious trouble. We consider this malicious code (evidently not as serious as a force-op resource, but malicious none-the-less). It would probably just warrant a warning and resource removal if it were published on the resources section - At least as far as I've been informed. Maybe another resource staff could confirm that for me, but eh...

    EDIT: I feel like it's also worth noting that most of us here are rather experienced developers and either 1. Do not run a server, or 2. Would have figured out how to do this on our own :p
    Also... ServerListPingEvent#setMaxPlayers() - Nah this is client bound packet manipulation
     
    #3 Choco, May 2, 2017
    Last edited: May 2, 2017
  4. I agree, however mild the malicious code is, it still is. I don't see the point in cheating out a hosting company. You get what you pay for, it's as simple as that.
     
  5. That is why there is a disclaimer :)
     
  6. That doesn't mean they won't get in any trouble. That just prevents you from getting into trouble.
     
    • Agree Agree x 1
  7. They will use it if they want to use it, i dont force anyone to use this code crafted in 5 mins :)
     
  8. Whilst the method that @2008Choco mentioned to the javadoc is MORE efficient.
     
  9. That sets what what will player see in their client, not how many clients can connect to server the the same time
     
  10. Choco

    Moderator

    Just looked at the source code and realized that is in fact what it does :p My bad. Either way, my first reply still applies :)
     
  11. see :D that is why i posted this here, but i will probalby remove this, i dont want to get banned :D
     
  12. But you know what is funny, it is that easy to bypass the slot limit, can't they just make an plugin that will get that variable and report it to the backend and that will check if stuff matches ? is it that hard ? If you want to host servers, make it so it is not that easy to break, more ppl use your hosting, more ppl will think "How can i break this ?" because ppl will try to break it. Like me :D
     
  13. Why even bother with slots, if they can just limit you through hardware (which is also the reason there is a slot limit, like @2008Choco suggested).

    Also, you can just uncancel the PlayerLoginEvent if the reason is KICK_FULL
     
    • Like Like x 1
    • Agree Agree x 1
  14. Even better idea: Buy more slots. How expensive can it be?
     
    • Agree Agree x 1
  15. Get a VPS, lol.
     
    • Agree Agree x 1
  16. hey, 16GB ram probably isnt going to limit me, and 4x Intel Xeon also not :) BUT Hicoria allows you to set only some amnout of players, they dont allow you to use like 100 slots for 2GB ram (Hicoria is just an example)
     
  17. Hicoria charges you like a dolar per 5 slots, and they limit slots by the number of ram you have, like WTF ? if i want 10 slots i need 4 GB ram.
     
    • Funny Funny x 1
  18. That is true, but it has some disadvantiges, like no FTP, no Web administation, etc
     
  19. And most ppl dont even know what a VPS is :(
     
  20. All the VPS i bought have FTP, and a web panel isn't a big deal you can do most stuff with putty easily, i had no idea what a VPS was some months ago, you just have to learn and put some effort into it. What i think is a big deal is security, way easier to get hacked.
     
    • Agree Agree x 2