PacketFly exploit: flying by not firing PlayerMoveEvents

Updated-NoCheatPlus / NoCheatPlus

Anti-cheating plugin for Minecraft (1.5-1.20, Bukkit/Spigot)

https://ci.codemc.io/job/Updated-NoCheatPlus/job/Updated-NoCheatPlus/

GNU General Public License v3.0

479 stars 99 forks source link

PacketFly exploit: flying by not firing PlayerMoveEvents #231

Open ghost opened 2 years ago

ghost commented 2 years ago

Full output of /ncp version 00:09:45 INFO: »Version information«

00:09:45 INFO: git-Dionysus-"c783ea8" MC: 1.12.2 00:09:45 INFO: Detected: 1.12.2

00:09:45 INFO: Plugin: 3.17.1-SNAPSHOT-Updated-b146 00:09:45 INFO: MCAccess: 1.12-1.12.2 / Spigot-CB-1.12_R1

00:09:45 INFO: blocks: BlocksMC1_4, BlocksMC1_5, BlocksMC1_6_1, BlocksMC1_7_2, BlocksMC1_8, BlocksMC1_9, BlocksMC1_10, BlocksMC1_11, BlocksMC1_12 00:09:45 INFO: checks: FastConsume, Gutenberg, HotFixFallingBlockPortalEnter, AttackFrequency, FlyingFrequency, KeepAliveFrequency 00:09:45 INFO: defaults: pvpKnockBackVelocity 00:09:45 INFO: packet-listeners: UseEntityAdapter, MovingFlying, OutgoingPosition, KeepAliveAdapter, SoundDistance, Fight

ViolationFrequencyNCP 1.0 00:09:45 INFO: »Related Plugins« 00:09:45 INFO: ProtocolLib v5.0.0-SNAPSHOT-b587, ViaVersion v4.4.2-SNAPSHOT

Describe the issue Fly works on using the pyro 2.0 client

Any possible config options changed or plugins that may cause interference? No

Lysandr0 commented 2 years ago

Will need a debug log to see what the client is doing on that account.

Lysandr0 commented 2 years ago

Following issue #233 Like I've said in the comment above, we need a clean debug log to understand what the client is doing. For all we know, the player could be exempted from checks or something similar.

Edit: to make things more interesting, it would be nice to see what/if NCP is logging anything at all. At the beginning of the configuration file (logging.allviolations.backend) set backend.trace, backend.notify and backend.debug to true. This will let NCP log ALL violations to the console and in-game chat, provided you have the notify permission at all. Screenshot1

ghost commented 2 years ago

Following issue #233 Like I've said in the comment above, we need a clean debug log to understand what the client is doing. For all we know, the player could be exempted from checks or something similar.

Edit: to make things more interesting, it would be nice to see what/if NCP is logging anything at all. At the beginning of the configuration file (logging.allviolations.backend) set backend.trace, backend.notify and backend.debug to true. This will let NCP log ALL violations to the console and in-game chat, provided you have the notify permission at all.

0 message

Lysandr0 commented 2 years ago

Ensure you have the nocheatplus.admin.debug, nocheatplus.notify, nocheatplus.command.debug permissions. And remember to reload the configuration with /ncp reloadafter modifying it.

ghost commented 2 years ago

Ensure you have the nocheatplus.admin.debug, nocheatplus.notify, nocheatplus.command.debug permissions. And remember to reload the configuration with /ncp reloadafter modifying it.

i have all permission with * lp

Lysandr0 commented 2 years ago

That will also give you permission to bypass NoCheatPlus' checks.

ghost commented 2 years ago

That will also give you permission to bypass NoCheatPlus' checks.

no, deoped player other(not me)

Lysandr0 commented 2 years ago

Confirmed by @xaw3ep

Lysandr0 commented 2 years ago

Once again, we need a debug log to see exactly what the client is doing:

Delete the previous nocheatplus.log file;
/ncp reload to generate a clean one;
/ncp debug player [playername] yes:ALL
(Reproduce the issue)
/ncp debug player [playername] no:ALL

This will (should) speed things up quite a bit in patching this particular exploit. A server log would be quite useful as well, if possible.

ghost commented 2 years ago

Once again, we need a debug log to see exactly what the client is doing:

Delete the previous nocheatplus.log file;

/ncp reload to generate a clean one;

/ncp debug player [playername] yes:ALL

(Reproduce the issue)

/ncp debug player [playername] no:ALL

This will (should) speed things up quite a bit in patching this particular exploit. A server log would be quite useful as well, if possible.

install free client lambda and test, speed + packetfly bypassed (speed settings 25) client: github free not cracked https://github.com/lambda-client/lambda fork kami bluet

Lysandr0 commented 2 years ago

Unable to reproduce. https://streamable.com/l2wzkp

ghost commented 2 years ago

Unable to reproduce. https://streamable.com/l2wzkp

default: moving: active: default actions: cancel vl>16 cancel log:moving:10:15:i

changed: vl>10 cmdc:kickfly = fixed bypass packetfly(i dont know what settings used my player), + test speed 25 speed, mode strafe(not)

ghost commented 2 years ago

maybe packetlimiter issue, turn off. but anti-cheat complains when you fly for net_moving and vl >10 as well as cmdc:kick helped

ghost commented 2 years ago

or antipacketkick issues

Lysandr0 commented 2 years ago

Can't reproduce, still. Even with the reported settings.

ghost commented 2 years ago

this is bug 'when cancel i can move but slow'