[Exploit] On 1.8 you can go >720km/h

[Doogie13]

Complete output of the ncp version command

[17:49:22 INFO]: ╗Version information½
[17:49:22 INFO]: Server:
[17:49:22 INFO]: git-PaperSpigot-445 ~MC: 1.8.8~
[17:49:22 INFO]: Detected: 1.8.8
[17:49:22 INFO]: NoCheatPlus:
[17:49:22 INFO]: Plugin: 3.17.1-SNAPSHOT-Updated-b149
[17:49:22 INFO]: MCAccess: 1.8.4-1.8.8 / Spigot-CB-1.8_R3
[17:49:22 INFO]: Features:
[17:49:22 INFO]: blocks: BlocksMC1_4, BlocksMC1_5, BlocksMC1_6_1, BlocksMC1_7_2, BlocksMC1_8
[17:49:22 INFO]: checks: FastConsume, Gutenberg
[17:49:22 INFO]: defaults: pvpKnockBackVelocity
[17:49:22 INFO]: Hooks:
AllViolations~NCP~ 1.0, ViolationFrequency~NCP~ 1.0
[17:49:22 INFO]: ╗Related Plugins½
[17:49:22 INFO]: ViaVersion v4.4.2

Short description of the issue and how to reproduce (is it random / always happens / side conditions ?)

Go onto a long flat path (i.e. a nether highway) Gain the Speed II effect

Enable static flight or similar speed module (normal strafing fly, no special bypasses or anything) Set the flight speed such that you don't flag CreativeFly

Start walking forward whilst blocking your sword Enable flight after a second or so Video There is also a video of this on hypixel I did test this on eu.loyisa.cn prior to the recording and it did work for someone who was presumably on 1.8.x (ergo ViaVersion likely isn't the issue)

Have you made any (noteworthy) changes to the default configuration of NCP?

Nothing, default configuration

Do you run any other special plugins that affect game mechanics next to NC+ (skills, machines, adding/changing blocks, other anti-cheating)?

Only ViaVersion converting a 1.12.2 connection to 1.8.x

Provide additional information: for bypasses, vulnerabilities and reproducible issues, we request a debug log. Use GitHub gists or PasteBin or similar for errors and huge logs, or attach a (zip-) file here.

flagless, do ask if I am missing something here.

[Lysandr0]

A debug log would likely reveal what's going on here. Though I do find rather surprising that EXTREME_MOVE sanity check isn't triggering at all here. In the meantime, a few questions/notes:

• For full efficiency of NCP in general, it's advised that you also install ProtocolLib: net checks cannot run without it (which includes the extreme-packet-move check against PacketFly exploit(s)).

• Does the exploit actually require sword-blocking?

• Is the configuration pre build 149 or post? Older configs need to be updated manually, so there still could be the clear action after kick in the final interval of Fly checks.

[Doogie13]

2, yes definitely 3, its the latest download with fresh config

[Doogie13]

Debug log

ProtocolLib did nothing which I expected since this works on eu.loyisa.cn

[Lysandr0]

That would be the server log :) NCP prints debug info in its own file; in the NoCheatPlus folder.

In any case, the log does show violations actually, which hints at something going wrong with setbacks (could be related to #19, we'll have to see with the actual log).

[Doogie13]

the NoCheatPlus log is too long to paste even with pastebin.

I doubt it is to do with #19 specifically since that is 1.12 but it could be similar. The flags always caused a rubberband which means the exploit isn't setbacks being munted.

[MarkElf]

the NoCheatPlus log is too long to paste even with pastebin.

So delete it or clear the ncp log and repeat the bypass.

[Lysandr0]

the NoCheatPlus log is too long to paste even with pastebin.

I doubt it is to do with #19 specifically since that is 1.12 but it could be similar. The flags always caused a rubberband which means the exploit isn't setbacks being munted.

As Mark said. It's most likely because you have older info in it as well. NCP prints everything in the same file after all (perhaps it's time to make per-player/per-debug-session logs :p)

To make a clean log:


• Delete the previous one

• Run /ncp reload to generate a new log file

• /ncp debug player [playername] yes:ALL
• 
Reproduce the exploit

• End the debug session with the same command as above, but with “no”.



This will cut down the number of lines by the necessary amount.
 
(Or you can just attach the log file here, if it’s still too big)

[Lysandr0]

Is anyone able to reproduce this one with a clean log? The hSpeed branch does contain a minor fix for the set back technique logic, but that's rather aimed for non-legacy servers. (Might be able to test this myself later this month or so)

[aauth]

can confirm this works and works on hypixel

[teardrop-dev]

Alan wood was here and has discovered the exploit.