Antiseedcracker
Seed Protection for Paper & Folia 1.21.4+
Most anti-seed plugins just block
/seed. But nobody who actually cracks seeds uses /seed.They grab the hashed seed from packets, triangulate strongholds with ender eyes, or reverse-engineer structure positions.
Antiseedcracker blocks all of that without affecting gameplay.
Fresh World or Existing World
Fresh world (best case)
If you're starting a new world anyway, you get the full package. Structure seeds get randomized before any chunks exist, so seedcrackers have literally nothing to work with.
Just install the plugin, start your server, run
/asc scramble-seeds, stop, delete the world folders and start again. That's it.Already have a world? Still worth it.
Let's be honest, most servers can't just delete their world. That's fine. Here's what you need to know:
Structures that already exist in explored chunks were placed with the old default seeds. A seedcracker could still use those to figure out the world seed. That's just how Minecraft works, no plugin can move structures that are already there.
But everything else kicks in immediately. Fake seeds in packets, fake stronghold coords for ender eyes, spoofed
/locate results, ore shifting, structure block obfuscation, command blocking, API spoofing. All of that works from the moment you install, no reset needed.And here's the thing: once you scramble the seeds, every new chunk that gets generated uses the random values. The more your players explore, the more useless data the seedcracker gets. Old structure positions point to one seed, new ones point to something completely different. Over time, cracking becomes practically impossible.
So yes, a fresh world gives you full protection. But even on an existing world, you're blocking most attack vectors and it only gets better over time. Either way, run
/asc scramble-seeds and restart.Does it affect gameplay?
No. Players won't notice anything. Ores still spawn, structures still generate, ender eyes still work, maps still point somewhere. Everything looks and plays like vanilla, but seedcrackers get nothing useful.
What it does
Structure seed scrambling
This is the big one. Seedcrackers find villages, temples or monuments and reverse the world seed from their positions.
/asc scramble-seeds randomizes all 19 structure seeds in spigot.yml so structures spawn at positions that have nothing to do with the actual world seed. It also enables Paper's generate-random-seeds-for-all. If your server is still running default seeds, the plugin warns you on startup and alerts admins when they join.Packet interception
Replaces the hashed seed in JoinGame and Respawn packets with a per-player fake. The fakes rotate on a timer so even long-running cracking attempts don't get anywhere.
Ore offsetting
Shifts ore veins during chunk generation using HMAC-SHA256 with a server-local secret key. Even if someone somehow gets the seed, they still can't predict where ores are.
Structure obfuscation
Randomizes End spike heights, End City glass patterns, desert temple chambers, mansion carpets, monument gold blocks and nether ceiling bedrock. Happens on chunk load and works on existing worlds too.
Eye of Ender
Ender eyes get redirected to a per-player fake stronghold with angular jitter. Triangulation just doesn't work anymore.
Command blocking
Blocks
/seed, intercepts /locate (including through /execute) and returns fake coords. Tab completion gets filtered too.Punishment system
Tracks strikes when players try blocked commands. After a configurable threshold you can warn, kick, ban or run a custom command for stuff like LiteBans.
API protection
Hooks
World#getSeed() so it returns fakes. Plugins like Dynmap, WorldEdit, BlueMap, CoreProtect and Chunky are whitelisted and still get the real seed.Commands
/asc status— shows runtime info and protection status/asc seed [world]— shows real and fake seed (admin only)/asc scramble-seeds— randomizes structure seeds in spigot.yml/asc reload— reloads the config/asc info— version info
Permissions
antiseedcracker.admin(default: OP) — access to admin commandsantiseedcracker.alerts(default: OP) — receive vulnerability alerts on joinantiseedcracker.bypass(default: false) — bypass all protection
Setup
- Drop the jar together with PacketEvents into your
plugins/folder - Start the server
- Run
/asc scramble-seeds - Reset your worlds for full protection, or just keep them if you can't
- Restart the server
Requirements
- Java 21+
- Paper, Folia, or Purpur 1.21.4+
- PacketEvents 2.9+
FAQ
Does it change gameplay?
Nope. Players see and play the same Minecraft as always. Ores spawn normally, structures generate normally, eyes of ender work. The only difference is that seedcrackers get wrong data.
Do I need to reset my world?
For full protection, yes, because structure seed scrambling only changes new chunks. But if that's not an option, don't worry. Packet spoofing, ender eye faking, command blocking, ore shifting, structure obfuscation and API protection all work immediately on any world. And as your players explore new terrain, the scrambled seeds make cracking increasingly unreliable.
I have a huge world already. Is it even worth it?
Absolutely. The only thing you miss without a reset is structure position protection in chunks that already exist. Everything else works right away. And every new chunk that generates after scrambling adds noise that makes the seedcracker's job harder.
Does it break other plugins?
No. Dynmap, BlueMap, WorldEdit, CoreProtect, Chunky and others are pre-whitelisted and always get the real seed.
Performance impact?
Basically nothing. Packet interception is lightweight, ore offsetting runs in the chunk generation thread, and structure modifications happen once per chunk and get cached.
Can clients still crack the seed?
With scrambled structure seeds and a fresh world, the main attack vector is gone. Decorator patterns like trees and flowers could theoretically still be used, but that's a Minecraft limitation, not something any plugin can fix. Even then, a cracked seed is useless because ores are shifted, structures are at different positions, strongholds are faked and
/locate returns spoofed coords.Works with LiteBans or AdvancedBan?
Yes, just set the punishment mode to command:
Code:
punishment:
mode: command
custom_command: "litebans:ban {player} -r Seedcracker usage detected -d 7d"
