For the love of GOD please bring this back.... One of the only series i enjoyed and there is NOTHING ELSE LIKE IT ON THIS PLATFORM!! PLEASE!!!!! Do i have to take out a loan from a bank to pay you to do it?
Hope you still do this kind of practical, hands on stuff where you use your knowledge to search for solutions. I personally don't much care for Minecraft all that much, but I watched all the episodes just to see how you would accomplish what you wanted to do. I hope this type of content continues somehow.
only server anti cheat matters, all client anti cheat are trash jokes that only prevent from script kiddy and backdoor for legit players, every skilled hacker will just disable anti cheat cause he has his own kernel module
10:30 small correction: isFallFlying checks if the player is using an elytra. makes sense in this context, since an elytra may go really fast, and the check expands the max movement for that to be allowed
Thank you so much for making this video! What sets it apart from the other videos in my opinion, is that it shows that nobody is perfect. There are countless times when I would spent hours and hours trying to figure something out, only to not exactly get anywhere. Often when we watch programming (or in this case, hacking but they are very similar) videos, the power of editing just makes it look like people get it so easily and somehow figure everything out, even if they do say they spent hours working on it. Just seeing somebody fail a project really makes me feel like I'm not the only one who tries really hard but doesn't have something work out. Thank you. Also, thank you for this whole series in general. As someone who enjoys both Minecraft and hacking, whilst I am not entirely good at hacking, it helps my understanding so, so much to see a practical application of a concept, rather than just the constant talking and information overload.
This was a next level educational series that I HOPE TO GOD someone else picks up since LiveOverflow is apparently done with it... Such a shame and bring me such sadness that its over... It honestly felt like it was only getting started... Only known and widely used exploits were covered and i truly feel like you could have done so much more.
Cool Video! Btw just wanted to mention that the showcase with me and Shrecknt was all Shreckent's idea. I didn't come up with the way and simple helped by recording and helping Shreckn't back out of the self-made prison. :D
so... hum.... Why was the "i" term added to the movement check ? What problem does it solve ? Is there a legit situation where the player would be sending multiple move packets in a single tick ? Maybe if the player is lagging ?
Was thinking the same, but my best guess is it's meant to avoid constantly teleporting the player when the server is lagging. No idea why it would be squared, though, and given that movement check teleportations do occur as a result of low TPS, it doesn't seem to be achieving this goal.
@@lassipulkkinen273 Ah, that's indeed a good point, if the server is lagging there might be more chances for multiple pos packets landing on the same tick 🤔
@@lassipulkkinen273 When there is lag and the server finally comes around to "resolving" the movement of the player the "i" term prevents the player from lagged back to their previously (by the server) known position. This is why during lag you might see other players teleport around. Hoped this cleared it up and my explanation was not too messy.
But then, I guess a better option would be to limit the number of packets sent in a specific duration, for example "no more than one packet every ~50ms" would limit to 1 packet per tick at 20tps and 50 packets per tick at 1tps
@@Sadiinso Yeah, even better would be not to limit the number of packets at all, and just use real time to check the movement speed. Some leeway would of course still be necessary, to compensate for TCP jank etc.
oh man. sad its already over. i just binge watched every episode. really entertaining :) reminds me of my arma 3 hacking days. creating a dedicated server for hacking challenges is such a cool idea. i wonder if it would be possible to do with other games aswell ^^ if you ever plan on doing something like this with another game again, i will sure to not miss it this time :)
This is probably to make the famous speed boat glitch possible. aka boat on ice = faster than the server can handle. If you remove it, you will get rubber banded back when using a boat.
I love watching this as a newb coder. so spamming a bunch of the same packets in a simple loop within that ms and then shifting it to a different packet is that does it? damn lol love it
I sat there staring at that code for at least a few hours trying to figure out how variables I control could let me clip into that cube. I still have a trick you haven't shown yet, and having revealed this you actually re-enabled another old trick I thought was patched, but this one specifically I didn't see. For me, I think I wasn't paying attention to it because it didn't seem like it was a variable I had control over. It is, every packet I send increments the counter, but it was a less direct side effect, so I didn't think much about it. Maybe that's part of why you missed it as well, something you can try to focus on in the future. It will be for me.
So some kind of anti-lag protection? If you have dropped/corrupted packets it still shouldn't ban or reject your position you when the client and server sync up with each other.
ah yes, squilly! For those not aware, squilly is the boat + bed respawn glitch, often used in mc prison escapes. It functions by having all potential spawnpoints obstructed except for one, and then having a boat obstructing the last location. I don't know the exact reason, but deems the spawnpoint invalid, but instead of saying so and dropping you at world spawn, it spawns you at the next highest unobstructed y level.
I guess UI creation isn't your forte either, as you were unable to make the number appear in a text field, to quickly change the number from 1 to 40 without clicking on the + button 40 times.
Watching you do this is very painful. I'm at 12 minutes and all I've noticed is that you failed to evaluate an if statement by not looking at all variables. :/ This isn't entertainment.
Oh god so many minecraft videos jesus christ. Please consider bringing back old school videos too. Like your binary exploitation, browser hacking, blockchain, hardware, lib internals. What happened to those man smh :(. Worst of all, NO CTFS 😭😭 Its like those are long gone and never coming back. Those were amazing videos and in my opinion PEAK liveoverflow. Now whole year went by and 90% its minecraft hacking :(. I dont have anything against minecraft, but I really feel this is just too many minecraft hacking, there are several interesting ideas possible as well
I checked to see what this code has in Vanilla. The movement packets per tick is used in the equation, but is a multiply instead of a power, which makes this possible on Vanilla, but harder.
Oh, okay... Thanks! But I don't understand why the amount of sent packets is part of the "Moved to quickly"-check. My thought was: The amount of sent packets has nothing to do with the content of the packets.
@@ostkreuz52 I believe its a form of lag compensation. If a legitimate player was running for say 5 ticks but due to lag the server received/processed their movement ticks all on the 5th tick they need to be able to move 5x further than normal that tick to avoid rubber banding
Really love your videos, it's incredible how you add things like self-reflection and situations where it makes you think. Please keep up the great videos, and hope you have a great day every day.
have you heard about Tarkov controversy about the game being plagued by cheaters? it blown up recently - it'd be nice to see a more technical video from you discussing anti cheat in general :D also Valorant's ring zero anti cheat caught these ones better than the actual game, that's interesting and maybe worth exploring
100% this code is designed this way to prevent false positives/kicks from laggy players. It's kind of genius, actually. The way it works, no matter what someone's ping is, the code can adjust to kick them only if they cheat, without false positives. Shame it's so exploitable.
If you are looking for another game for hacking I have created one that will be pretty easy on client side but on server side it should be quite challenging to fool server 🙃
The code that leads to this exploit is code readability. The check that fails should be made inside a variable and have added with comments with the details of this variable. If this should have made in the server then this process should have been straight forward for you to exploit this. Documenting is key to make your project safe!
well this is decompiled output and most of the modifications here are very old from before there was mappings like this so most of the code at one point was still half obfuscated
@@0x225 Ow sorry i didnt knew, i expected that the source code of the server side was open source for a while now with documentation. Thanks for highlighting!
