Server Duplication Exploit Fix (1.7 - 1.14.1)

Discussion in 'Server & Community Management' started by jsxl, May 17, 2019.

  1. I have made a plugin which stops duplication of items using the chunk exploit with books. You can download this plugin here.

    Edit: There is no known workaround I'm pretty sure I've covered all bases it is impossible for a player to get a book and quill and keep it, and it is especially impossible to be used due to my listeners.

    I am also expanding the plugin to cover all exploits of duping and potentially other exploits that don't involve duping.
    #1 jsxl, May 17, 2019
    Last edited: May 17, 2019
  2. While we appreciate new plugins, isn't the book exploit only relevant to 1.7 - 1.8, instead of the title stating 1.7 - 1.14?
  3. Actually, the dupe can be performed from 1.7 - 1.14. Those versions are vulnerable from this dupe. That's minecraft spaghetti code for ya. Most big servers already have patched this by disabling books altogether or preventing the books from having too much characters in it. The next part is just more in depth about how it all works. If you already know how this all works, ignore this. This is specially for people who don't understand what the dupe does. For those that are reading this and interested at how this works, the chunk happens because the books contains a lot of characters and minecraft won't be able to process all of that. There's a certain limit on that. This is also known as the "chunk savestate dupe" where the chunk won't be able to save correctly. When that happens, the items in those chests are automatically regenerated and that's how the dupe occurs. Can get infinite amount of literally whatever are in those chests. However, paperspigot 1.12.2/1.13.2 fixes the dupe. (Paper not just regular spigot)
    #3 ExtremeSpirit, May 17, 2019
    Last edited: May 17, 2019
    • Informative Informative x 1
  4. I see. I thought that was fixed. I guess that was a different book exploit. I knew that indeed Paper did fix that. Thanks for the update.
  5. I'm pretty sure Spigot fixed it as well (in 1.12.2 + 1.13.2) by allowing oversized chunk saves.
  6. Yes I read that somewhere on stash. Saving part of the data elsewhere when size is greater the savable max size. And including ital again when it will fall below this maximal savable size.
  7. Thats paper that does that.
    If im not mistaken, Spigot just allows saving of oversized chunks. It was controversial for some people because a chunk could potentially get REALLY REALLY big (highly unlikely, but it could happen)
    • Informative Informative x 1
  8. Players on some of our servers love to use books for various reasons, from simple todo lists, to adventure stories and mini game rules, etc.
    This would completely block them from using it?

    Why punish those who actually play, just to prevent an abusive user once in a while.
  9. This fixes the sign dupe and the book dupe
  10. All books are still usable, you just cannot write a book unless you have the permissions to do so.
    All players can access all books as normal.

    You could add the permission to bypass the protection to trusted users, that is always a possibility, then those users are able to write books just like normal.
    • Informative Informative x 1
  11. Phoenix616

    Resource Staff

    • Agree Agree x 1