From 289a18a0036789f2e408bd4ea578e555d9fbfe2c Mon Sep 17 00:00:00 2001
From: moo <48740106+moom0o@users.noreply.github.com>
Date: Sun, 12 Dec 2021 22:43:27 -0500
Subject: [PATCH] 1.21.1 - Remove client side rce exploit fix
---
README.md | 11 +++++++----
pom.xml | 2 +-
.../patches/ProtocolLib.java | 17 -----------------
src/main/resources/config.yml | 1 -
4 files changed, 8 insertions(+), 23 deletions(-)
diff --git a/README.md b/README.md
index 42c07763d..101bfbe92 100644
--- a/README.md
+++ b/README.md
@@ -65,9 +65,13 @@ alongside AEF to patch the majority of exploits.
**All features listed here can be disabled or enabled in the config.**
* Prevent NoCom exploit. - Prevent the 'NoCom' coordinate exploit
-* Prevent log4j RCE (remote code execution) exploit for client side users. All messages sent to players are checked like
- death messages, not just player made messages. **MAKE SURE TO USE [Papaya](https://github.com/moom0o/Papaya) FOR
- SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!**
+ [//]: # (* Prevent log4j RCE (remote code execution) exploit for client side users. All messages sent to
+ players are checked like)
+
+[//]: # ( death messages, not just player made messages. **MAKE SURE TO USE [Papaya](https://github.com/moom0o/Papaya) FOR)
+
+[//]: # ( SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!**)
+
* Prevent BowBomb exploit. - Prevent an exploit where bows can instantly kill a player.
* Prevent burrow hack - Where you step inside a block so crystals can't do any damage.
* Prevent boatfly exploit - Prevent the futureclient/rusherhack boatfly exploit.
@@ -157,7 +161,6 @@ LookForIllegalsInShulkers: false # WARNING: DO NOT ENABLE IF YOU DON'T WANT A DU
# Bugfixes
PreventNoComCoordinateExploit: true
NoComMaxDistance: 64 # Recommended not to increase
-PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.
PreventEndGatewayCrashExploit: true
PreventDispenserCrashExploit: true
PreventSnowBallExploit: true
diff --git a/pom.xml b/pom.xml
index e22224c01..ca1d91ba6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
me.moomoo
anarchyexploitfixes
- 1.21.0
+ 1.21.1
jar
AnarchyExploitFixes
diff --git a/src/main/java/me/moomoo/anarchyexploitfixes/patches/ProtocolLib.java b/src/main/java/me/moomoo/anarchyexploitfixes/patches/ProtocolLib.java
index 7c0dbb167..ffcf4f81f 100644
--- a/src/main/java/me/moomoo/anarchyexploitfixes/patches/ProtocolLib.java
+++ b/src/main/java/me/moomoo/anarchyexploitfixes/patches/ProtocolLib.java
@@ -47,23 +47,6 @@ public void onPacketReceiving(PacketEvent event) {
});
}
- if (plugin.getConfig().getBoolean("PreventRCEClientSideExploit")) {
- protocolManager.addPacketListener(
- new PacketAdapter(plugin, ListenerPriority.NORMAL, PacketType.Play.Server.CHAT) {
- @Override
- public void onPacketSending(PacketEvent event) {
- if (event.getPacketType() == PacketType.Play.Server.CHAT) {
- String message = event.getPacket().getChatComponents().read(0).getJson();
- if (message.toLowerCase().contains("${")) {
- plugin.getLogger().info(message);
- plugin.getLogger().warning("Blocked RCE vulnerability attempt!");
- event.setCancelled(true);
- }
- }
- }
- });
- }
-
if (plugin.getConfig().getBoolean("PreventPacketFly")) {
protocolManager.addPacketListener(
new PacketAdapter(plugin, ListenerPriority.HIGHEST, PacketType.Play.Client.TELEPORT_ACCEPT) {
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
index 5efefcb63..5a2a46fd5 100644
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@@ -28,7 +28,6 @@ LookForIllegalsInShulkers: false # WARNING: DO NOT ENABLE IF YOU DON'T WANT A DU
# Bugfixes
PreventNoComCoordinateExploit: true
NoComMaxDistance: 64 # Recommended not to increase
-PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.
PreventEndGatewayCrashExploit: true
PreventDispenserCrashExploit: true
PreventSnowBallExploit: true