Welcome back to your favorite minecraft youtuber I’m liveoverflow and this is PwnCraft a let’s play where we play minecraft who would have thought but it’s a special let’s play because somehow we end up in places that we didn’t expect it’s it’s like we are in the matrix or something Anyway last episode we created the foundation of our base and then went on our first adventure to explore a shipwreck and collect seeds and other useful materials for our base we also looked at the minecraft network protocol and were able to teleport around Anyway we have a full inventory and so we are on our way back to the base it should be right this way up the mountain why not take the convenient waterfall and swim up but during the nice swim i was also thinking i really would like to explore more of the Area around this way we can get a better idea what kind of biomes we have nearby and we can plan our next adventures so instead of going straight ahead towards the village and our base let’s actually take a little detour and go in a circle around the wider Area and so i started walking along the top of this mountain in the other direction over there is i think the jungle where we got our seeds and vines last episode but generally the whole area is just plains and some basic forests at least over there we have some sunflower fields Oh creepy and over there is a mountain with a very weird cave i just love minecraft i kept walking really not that much to see though i did come across some nice flowers in the forest my general direction was towards the village we saw at the horizon right when we spawned into the World and i kept orienting myself based on our house where we started to build on the mountain the sun was slowly setting but the village for safety was close i was planning to sleep there for the night and there it was finally reached the village oh my god turns out it’s An abandoned village great so much for safety did that rabbit just jump off the cliff and die all right then luckily i did find a yellow bed in one house so i felt comfortable to go to sleep there Well at least it’s day again i decided to climb the tower nearby to get an overview there are still cows here so i guess it was abandoned recently but the villagers must have fled in a hurry why would they not take the cows with them oh i hear a zombie villager Close by let’s make a quick escape look at my crazy movement real parkour awesome we escaped but oh that’s high up we need to cross lucky there’s water down there so let’s just jump dang that was close but i’m a master of movement i never had any doubts while i keep Exploring i wanted to tell you a bit more about what i learned from the project last video maybe you are wondering how exactly does looking at minecraft networking help me what does this have to do with hacking first of all hacking can mean lots of things and generally i define the Word hacking as playing around with technology in very creative ways so cheating or modding minecraft is for me hacking but of course this is a minecraft channel i mean i.t security channel and so i do lean a bit more towards the i.t security interpretation of the word hacking But even in the world of cyber security there are many different areas for example penetration testing versus application security i have a video about this topic which i recommend you to watch if you want to hear a few more thoughts but in that video i explained that some hackers basically use Tools and look for known vulnerabilities which means they base their work on the research from other people and i’m more interested in that other area the actual security research and in that field you really have to dig into how computers and software work so when i do professional work For clients performing security reviews on their applications i have to read their code to find new vulnerabilities stuff that no scanner could ever find because they are logic bugs and only makes sense for this particular application so reading code and really understanding how software Is built is extremely important for me and i want to practice that but how do you do that somehow you need some kind of motivation to read code and here we come back to this minecraft project for example taking the python project quarry we used last video i can practice reading their code I’m learning about their proxy implementation architecture for example how they use these dynamic methods based on the minecraft protocol versions defined in the csv file i also see what kind of technologies and dependencies they use like twisted over time doing many projects like This i gain a lot of insights into how people write software so i develop an intuition for how developers think and then i can use that to think about what kind of mistakes they could have made which gives me ideas for where to look for vulnerabilities so playing around with minecraft In this way is very valuable practice i like to compare this to for example a professional tennis player who has practice sessions every other day or generally every profession they all require practice you want to be a painter you will never draw a nice painting without drawing thousands of Shitty paintings before without understanding or a feeling for how colors blend and flow and the effects of the pressure on the brush there’s so much to it and i don’t believe this stuff can really be taught in some class or course or training you only can learn this when you actually Do it accumulate the hundreds and thousands of hours of practice oh my god a woodland mansion what a coincidence that it’s so close by anyway i was just saying researching minecraft like this is practice okay maybe it would be more useful if i play a good ctf or look into code for more Critical applications like some web framework but i have no motivation for that right now i’m addicted to minecraft so i read minecraft related code and in the end it’s still valuable practice at least that’s how i see it and so let’s dig deeper let’s break another layer why is it that There is even something like a paper server why not run the official minecraft server from mojang how is paper even implemented did they look at the protocol like we did last episode and then completely write their own custom minecraft server or how does it work i don’t know so let’s find out When you look at the paper repository on github you might be wondering where even is the server game code you won’t find it here what you will find is a folder called patches and this folder contains just a huge list of server patches which kind of makes sense paper description says it is A high performance bigoted fork that aims to fix gameplay and mechanics inconsistencies in the contributing helpful you can also find this explanation paper is mostly patches and extensions to spigot and so in the paper work folder you can find the git sub modules referencing other Repositories mainly of course spigot i tried to open the spigot repository but was presented with this dmca takedown after looking into it i realized that i just stumbled into old drama from a few years ago so let’s very carefully slowly walk backwards and run very far away from this Once we reach safety let’s have a look at the get modules file in the paper repository here you can find the actual reference server sources but where are the actual minecraft server sources well in that spigot repository when you look around in the files you will find several instances Where they talk about decompiled code you can also find the reference to the decompiler of fernflower and fernflower is the java decompiler used in the intellij ide to be honest it’s really difficult to understand how all these projects relate to each other’s bigger paper forge fabric Sponge so many dependencies so many competitors so much historical baggage has anybody ever drawn like a big mind map of how the projects relate that would be really awesome and helpful anyway as you can see with the dmca tag down some of the stuff is a bit complicated around minecraft due to Legal issues within the community but also with mojang of course they have the copyright on the source code minecraft is not open source and last episode when we ran the server to test around with teleporting cheats we had to accept the euler the end user license agreement it’s probably a good Idea to read it and for us what is most important is this paragraph you may not distribute any modded versions of our gamer software and we would appreciate if you didn’t use mods for griefing basically mods are okay to distribute hacked versions or modded versions of the game client or Server software are not okay to distribute so it’s not okay to distribute a minecraft client itself but it’s totally okay to distribute a mod a mod that is only modifying the game that is already installed and as you know now the paper or spigot github repositories didn’t actually include server Source code but they talked about decompiled code so these repositories basically are all just scripts build tools and patches to bootstrap a paper server after decompiling the official server and that’s why i wanted to look into the mojangula to my surprise there was no paragraph about Reverse engineering and decompilation every other game and software i know has a line about you may not reverse engineer or attempt to extract or otherwise use source code and mojang does not have that in the euler for minecraft actually crazy to me i don’t know what to say huge props to mojang This of course makes minecraft modding possible in the first place and thus helps with their financial success but we know how lawyers usually work so i think this is awesome that it still is not forbidden this means minecraft is actually software you can legally decompile and when you Build paper from the repository yourself you actually decompile the official source code you might just not realize it so let’s have a look at reverse engineering minecraft by hand here’s the official minecraft server download link and it’s a server.jar When i needed to look at compile java classes in the past i always use jd guy as a decompiler so let’s use that for now we can open the jar and look around but actually it turns out the Real server code is in the version 1.18.1 jar and look at that everything is obfuscated or rather minimized i mean the code flow itself looks like normal code flow so it’s not crazy code obfuscation but all class names are just some letters in any kind of organization Through java packages is also missing and there is a lot of this ugly code of course jd [ __ ] is not perfect sometimes it has trouble decompiling code for example this class here but earlier we came across fernflower so when we extract the jars by the way java files are Just basically zip files so you can just extract them so here we have the extracted class file we can just drag and drop that into intellij and intellij uses fernflower to decompile this code and this decompilation had no problem though to be fair it says here synthetic class so that’s Some kind of weird java stuff i don’t blame you jd you always served me well in the past anyway when we now really wanted to reverse engineer the game we would want to start finding useful names For these classes this is exactly the same as when you do reverse engineering of native c or c programs you start going through functions and variables and give them names that make sense to you and we have to start somewhere this class here caught my attention because It contains some readable strings here are a few static variables referencing various config files specifically about banned ips banned players or which players have admin privileges how could we call this class i don’t know maybe player permissions or player config though maybe If we understand better what the methods do we find a better name for what the class actually does we can also rename the variables clearly they just hold the reference to those files for example band ips and then we can go into the methods where these variables are used So this a variable should be now named band ips here is another tip for reverse engineering this also applies to native programs the exception and error handlers often just straight tell you what the code around was supposed to do so here is an error could not load existing file so it’s pretty Obvious that we could call this method load band ips i know it’s a lot of work to go through all files like this but that’s how reverse engineering is done luckily in the case of minecraft others Have already done this for us so let’s have a look at fabric it is a modded tool chain for minecraft and there are two interesting repositories intermediate and yarn intermediary mappings this repository contains the match information between different versions of minecraft This repository has tons of these dot tiny files and here’s the one for our version 1.18.1 it basically contains a mapping of these obfuscated names to an intermediary name in our case the afx class is referring to the class class 3321 in the package net.minecraft if we now take This intermediary class name and go to the yarn repository this one contains mappings to actual reverse engineered names and here it is class 3221 is actually called server config handler and what we called banned ips was named band ips file that’s probably more correct java coding style But isn’t that crazy so when a new minecraft update is coming out people now just have to match the obfuscated names to the intermediary names and then they can completely de-obfuscate the code again of course when new features are added to minecraft with new classes they have to come up With new names but it gets even more fascinating turns out that mojang is even providing official mappings they do that to support the modding community so when you have minecraft installed you can go to the version folder and next to the version jar there is a json file Here it references various mapping files and of course we want the server mappings let’s download that file and look into it this looks very similar to the yarn mappings from fabric except that these are the official names so let’s check out what our class was actually called Huh interesting so in the real source code of minecraft this class is called old users convert and the file variables are also slightly named differently user’s converter i really didn’t expect that also old so seems to indicate it was replaced with a newer class This one but as you saw the minecraft modding community is still using their own mappings of course historically the modding community didn’t have the official names so they had to work with their own made-up names and now changing them would break a lot of mods and people are familiar With those names as well nevertheless it’s still a great resource and it’s a clear sign of support from mojang to support modding especially when new versions come out because you don’t actually have to reverse engineer and make up new names anyway this is so mind-blowing minecraft is maybe The largest community driven reverse engineering project in the world it’s crazy actually that statement made me tweet this do you know any large community driven reverse engineering projects and while almost nobody said minecraft immediately i got responses about other games like zelda ocarina Of time mario 64 gta final fantasy pokemon games there were a few non-gaming related projects but see how important reverse engineering is for games i hope you can start to see now how game modding is actually a lot about reverse engineering and hacking the game’s functionality These various minecraft servers and modding support only exists because of very experienced developers who understand how to reverse engineer java code de-obfuscate it and write crazy tooling around everything and so in the end you can download the official server decompile the sources Apply an intermediate mapping to then fully differentiate the source code into meaningful names so that you can then apply server patches to optimize it and fix issues and add features like modding support and then build the whole code again to produce a new server jar that you can Run what these minecraft servers and modding communities have achieved through all these years is absolutely incredible to me huge respect and it’s so clear we can learn a lot about hacking from this community anyway let’s head back to our base and plan our next adventure and You won’t believe what happened i was almost at the base was recording these nice shots of me running towards it and this happened i fell down a damn hole and it killed me god damn it At least we are close so we should be able to get back all the items that we collected ah respawn oh what the heck what happened to our house those are not the kind of walls i wanted this is bedrock these are indestructible blocks am i imprisoned who did that you Video Information
This video, titled ‘Minecraft, But It’s Reverse Engineered…’, was uploaded by LiveOverflow on 2022-04-10 15:00:13. It has garnered 131701 views and 7317 likes. The duration of the video is 00:18:02 or 1082 seconds.
In this episode we learn how Minecraft servers are implemented by looking at PaperMC and tracing the dependencies. Turns out the custom Minecraft servers rely on decompiling the server source code! It’s insane what this Minecraft community has created.
Paper Server: https://github.com/PaperMC/Paper Minecraft EULA: https://www.minecraft.net/en-us/eula Fabric Intermediary Mappings: https://github.com/FabricMC/intermediary Fabric Yarn Mappings: https://github.com/FabricMC/yarn/tree/1.18.2-pre3/mappings/net/minecraft
Grab the files: https://github.com/LiveOverflow/minecraft-hacked Minecraft:HACKED Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Episode 02: 00:00 – Let’s Play: Map Exploration 02:47 – How Does Minecraft Help With Hacking? 06:06 – Introduction to Minecraft Servers 09:13 – Minecraft Reverse Engineering 17:03 – Let’s Play: The Return to Base
Music: C418 – Minecraft Soundtrack
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/ → Instagram: https://instagram.com/LiveOverflow/ → Blog: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/