Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TpAura bypass #336

Open
skbeh opened this issue Mar 4, 2024 · 1 comment
Open

TpAura bypass #336

skbeh opened this issue Mar 4, 2024 · 1 comment
Labels
(compat) Spigot-fork (compat) ViaVersion/PS Related to ViaVersion / ProtocolSupport compatibility (field) moving Related to moving checks (field) net Related to net checks / ProtocolLib (priority) high priority Major impact, should be prioritised over other tickets (status) need debug log (type) cheat/bypass/exploit Bypass / cheat not covered by existing checks

Comments

@skbeh
Copy link

skbeh commented Mar 4, 2024
edited

Complete output of the ncp version command (please prefer text here)

§c§l»Version information«§7
§6§lServer:§7
§7git-PandaSpigot ~MC: 1.8.8~
§7§eDetected: §71.8.8
§6§lNoCheatPlus:§7
§7§ePlugin: §73.17.1-SNAPSHOT-Updated
§7§eMCAccess: §71.5-1.12.2|? / CB-Reflect
§6§lFeatures:
§7§eblocks§7: BlocksMC1_4§f, §7BlocksMC1_5§f, §7BlocksMC1_6_1§f, §7BlocksMC1_7_2§f, §7BlocksMC1_8§f, §7MCAccessCBReflect
§7§echecks§7: FastConsume§f, §7Gutenberg§f, §7AttackFrequency§f, §7FlyingFrequency§f, §7KeepAliveFrequency
§7§edefaults§7: pvpKnockBackVelocity
§7§epacket-listeners§7: UseEntityAdapter§f, §7MovingFlying§f, §7OutgoingPosition§f, §7KeepAliveAdapter§f, §7Fight
§6§lHooks:
§7ViolationFrequency~NCP~ 1.0
§c§l»Related Plugins«§7
§7ProtocolLib v5.1.1-SNAPSHOT§f, §7ViaVersion v4.9.2

Short description of the issue and how to reproduce (is it random / always happens / side conditions ?)

When a player sends a specific packet sequence, he will be able to attack others from far away, like the so-called TpAura.

Assume the target player is T. The sequence is PacketPlayInPosition to teleport to T (packet A), PacketPlayInUseEntity to attack T, and another PacketPlayInPosition to teleport to the origin location (before packet A was sent). The same goal can be achieved by utilizing "Blink".

Have you made any (noteworthy) changes to the default configuration of NCP?

The issue can be reproduced on the default configuration.

Do you run any other special plugins that affect game mechanics next to NC+ (skills, machines, adding/changing blocks, other anti-cheating)?

No.

Provide additional information: for bypasses, vulnerabilities and reproducible issues, we request a debug log.

The packet log captured by EventsLogger:

[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.POSITION[class=PacketPlayInPosition, id=22]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=-2.9090383551410013
[19:11:29]     y=43.0
[19:11:29]     z=-3.6326836319666502
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=true
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.USE_ENTITY[class=PacketPlayInUseEntity, id=18]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     a=996
[19:11:29]     action=ATTACK
[19:11:29]     c=<null>
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.POSITION[class=PacketPlayInPosition, id=22]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=-12.826706300537984
[19:11:29]     y=43.0
[19:11:29]     z=-6.765628032153675
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=true
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
[19:11:29]  
[19:11:29] [PacketsLogger] Play.Client.FLYING[class=PacketPlayInFlying, id=254]
[19:11:29]   Player: CraftPlayer[name=player]
[19:11:29]   Fields:
[19:11:29]     x=0.0
[19:11:29]     y=0.0
[19:11:29]     z=0.0
[19:11:29]     yaw=0.0
[19:11:29]     pitch=0.0
[19:11:29]     f=false
[19:11:29]     hasPos=false
[19:11:29]     hasLook=false
@Regomy
Copy link

Regomy commented Mar 9, 2024

up

@Lysandr0 Lysandr0 added (field) moving Related to moving checks (field) net Related to net checks / ProtocolLib (type) cheat/bypass/exploit Bypass / cheat not covered by existing checks (compat) ViaVersion/PS Related to ViaVersion / ProtocolSupport compatibility (status) need debug log (compat) Spigot-fork (priority) high priority Major impact, should be prioritised over other tickets labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
(compat) Spigot-fork (compat) ViaVersion/PS Related to ViaVersion / ProtocolSupport compatibility (field) moving Related to moving checks (field) net Related to net checks / ProtocolLib (priority) high priority Major impact, should be prioritised over other tickets (status) need debug log (type) cheat/bypass/exploit Bypass / cheat not covered by existing checks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Lysandr0 @skbeh @Regomy