search

GrimAnticheat / Grim

Fully async, multithreaded, predictive, open source, 3.01 reach, 1.005 timer, 0.01% speed, 99.99% antikb, "bypassable" 1.8-1.20 anticheat.
GNU General Public License v3.0
1.11k stars 331 forks source link

0% Velocity #1133

Closed z7087 closed 4 months ago

z7087 commented 1 year ago

Describe the bypass and how to replicate it

After sending an finish-mining digging packet that coincides with the player's collision box and canceling the knockback packet sent by the server before the player's movement packet is sent, grim seems to ignore the player's knockback

Grim version

https://github.com/GrimAnticheat/Grim/commit/4dcdc784623ce9c1a45ac1f86617417bc8050eb3

Server version

Paper 1.8.8

Plugins

Grim, ViaVersion, idk

MWHunter commented 1 year ago

Caused by https://github.com/GrimAnticheat/Grim/issues/793

Caused by server sending player block changes for hitting blocks calling updateVelocityMovementSkipping of GrimPlayer class

I don't get paid enough for this constant bullshit but will look into it as soon as I feel like it

MWHunter commented 1 year ago

I will be incredibly specific in my pursuit to find someone to PR this as I hate maintaining grim and want to try to lead people to begin picking up these simple issues

https://github.com/GrimAnticheat/Grim/blob/4dcdc784623ce9c1a45ac1f86617417bc8050eb3/src/main/java/ac/grim/grimac/checks/impl/velocity/KnockbackHandler.java#L123C17-L123C30

is the problematic line of code, it modifies the list of pending knockbacks

https://github.com/GrimAnticheat/Grim/blob/4dcdc784623ce9c1a45ac1f86617417bc8050eb3/src/main/java/ac/grim/grimac/checks/impl/velocity/KnockbackHandler.java#L104

This is where the returned values gets cleared. If this were to not be cleared when looking at knockback for placed blocks in PointThreeEstimator, then this false and this bypass would both be fixed.

MWHunter commented 1 year ago

probably fixed by

https://github.com/GrimAnticheat/Grim/commit/6ca78631c6237d9e10ea423be4603bc94868c12b

I didn't test and I don't care enough to test

z7087 commented 1 year ago

Is it necessary to calculate knockback for movement packets without position, duplicate 1.17 packets, and packets that flagged crasher or timer checks? Seems 1.17+ clients can send duplicate 1.17 packets to clear lastKnockbackKnownTaken and after that send finish-mining digging packet to bypass.

MWHunter commented 1 year ago

Then just change https://github.com/GrimAnticheat/Grim/blob/2.0/src/main/java/ac/grim/grimac/predictionengine/PointThreeEstimator.java#L154

to look like

https://github.com/GrimAnticheat/Grim/blob/eed2a8268b2ea1249863cf7555c4bc4d4abba455/src/main/java/ac/grim/grimac/predictionengine/PointThreeEstimator.java#L153C3-L153C3

c0dingnoobi commented 1 year ago

Then just change https://github.com/GrimAnticheat/Grim/blob/2.0/src/main/java/ac/grim/grimac/predictionengine/PointThreeEstimator.java#L154

ig i could do that (would still be good if someone would test it using the bypass)

Souipi commented 1 year ago

Then just change https://github.com/GrimAnticheat/Grim/blob/2.0/src/main/java/ac/grim/grimac/predictionengine/PointThreeEstimator.java#L154

ig i could do that (would still be good if someone would test it using the bypass)

I don't really understand how the bypass work... Else i can try to test it with the bypass

ghost commented 10 months ago

Can confirm this bypass is still working on latest grim.