Essentials /fly with speed 2 causes false positive while landing with Shift

GrimAnticheat / Grim

Fully async, multithreaded, predictive, open source, 3.01 reach, 1.005 timer, 0.01% speed, 99.99% antikb, "bypassable" 1.8-1.20 anticheat.

GNU General Public License v3.0

1.08k stars 317 forks source link

Essentials /fly with speed 2 causes false positive while landing with Shift #973

Open FatildaIV opened 1 year ago

FatildaIV commented 1 year ago

Describe the false positive and how to replicate it

Step 1: Apply speed 2 effect Step 2: Activate /essentials:fly Step 3: Activate flight mode Step 4: Immediately press Shift and land Step 5: Repeat

https://paste.grim.ac/HzJn4

Grim version

2.3.36

Server version

This server is running Paper version git-Paper-307 (MC: 1.19.2) (Implementing API version 1.19.2-R0.1-SNAPSHOT) (Git: 476ef25) You are running the latest version Previous version: git-Paper-18 (MC: 1.19)

Plugins

Plugins (16): ACUtils, AnimeBoard, AntiDisconnectSpam, ClearLag, Essentials, EssentialsChat, EssentialsSpawn, GrimAC, LightPerms, MyCommand, PlaceholderAPI, ViaBackwards, ViaRewind, ViaVersion, WorldEdit, WorldGuard

MachineBreaker commented 1 year ago

What's your client version?

FatildaIV commented 1 year ago

What's your client version?

Flags both on 1.19.1 and 1.19.4.

FatildaIV commented 1 year ago

Apparently works even without the speed effect: https://paste.grim.ac/2hyih

ProdByPengu commented 1 year ago

literally just flags with gamemode lol not even anything to do with essentials. just fly in gamemode and land or /fly

MachineBreaker commented 1 year ago

Don't expect this to be fixed soon, no one will fix the prediction engine, unless you want to pr or wait until i figure how to fix this (or if Define wants to fix this)

SamB440 commented 5 months ago

For reference, I will list all these issues with flying:

Clients such as Lunar have built-in flying cheats
Mojangs netcode is very broken with flying
The client will tick its movement, it then checks 1) The player is on the ground, 2) They are flying, 3) They are not in spectator. If this is the case, flying is set to false and an abilities update is sent
But this means we don't see the hidden flying movement, as we believe it to be false, because movement packets are sent after this new status. This is what causes this specific landing issue.
The player can hold jump under a block whilst flying and this will increase velocity, however this increase in velocity is invisible to the server
Spectator mode has a hidden feature where scrolling can change the client-side fly speed

ManInMyVan commented 5 months ago

Clients such as Lunar have built-in flying cheats

We could try to ask lunar to tell the server the fly speed, if it doesn't already. We could also implement the lunar api, and have a config for disabled lunar mods (we can do this with Badlion too).

Mojangs netcode is very broken with flying

I think all of their netcode is broken.

Spectator mode has a hidden feature where scrolling can change the client-side fly speed

2 things: It doesn't tell the server? Checking spectators for simulation is kinda useless, but:

could we check for invalid declaration after no input (ie the player stops instantly, like flying in bedrock)?
could we check for matching vertical and horizontal fly speeds? iirc it changes both of them, if not just don't check horizontal.
iirc there is a speed cap for this.
note: 1.7 does not have spectator mode

SamB440 commented 5 months ago

If we exclude Lunar in any way then you have a flying check disabler, making any flying checks useless. Maybe Lunar is limited to a specific speed as I didn't see a way to change it and so we could implement Lunar math there.

Nope, it doesn't tell the server, I don't believe any slot update packet is sent either.

Not sure what you are talking about in your points, are you suggesting some kind of basic non-simulation flying check?

FatildaIV commented 5 months ago

Clients such as Lunar have built-in flying cheats

We could try to ask lunar to tell the server the fly speed, if it doesn't already. We could also implement the lunar api, and have a config for disabled lunar mods (we can do this with Badlion too).

A client telling the server some information about itself doesn't appeal to me. This can be then used as a backdoor for modded clients that actually use cheats. If this implementation would pass into the code, make it disabled by default with an option in the config to enable it.

SamB440 commented 5 months ago

I just think excluding Lunar in any way is no-go. They are non-vanilla, Grim prevents non-vanilla movement, just try to fix the netcode issues and put flying checks behind a config option.

And maybe add a permission to bypass flying checks.

ManInMyVan commented 5 months ago

If we exclude Lunar in any way then you have a flying check disabler, making any flying checks useless. Maybe Lunar is limited to a specific speed as I didn't see a way to change it and so we could implement Lunar math there. A client telling the server some information about itself doesn't appeal to me. This can be then used as a backdoor for modded clients that actually use cheats. If this implementation would pass into the code, make it disabled by default with an option in the config to enable it. I just think excluding Lunar in any way is no-go. They are non-vanilla, Grim prevents non-vanilla movement, just try to fix the netcode issues and put flying checks behind a config option.

I just giving ideas/potential solutions, and after thinking about this for more than 10 seconds, I don't think it's a very good one.

ManInMyVan commented 5 months ago

Not sure what you are talking about in your points, are you suggesting some kind of basic non-simulation flying check?

flying

This would only be for spectator, since fly speed is unknown.

non-simulation

No, we just don't know fly speed, if we implemented this without simulation, we wouldn't be able to check for things like strafe.