Item Duplication #492
Comments
There are a lot of things that go wrong when you have a lot TPS. Try solving that first. |
|
this is a duplicate of #481 and is already fixed |
|
I was able to duplicate this using no plugins with a vanilla client at 10 TPS. TPS reading: http://nerd.guru/screenshots/javaw_2016-11-20_17-53-28.png @LeafHacker - If it's a duplicate what version was it patched in. I was up to date until like 15 minutes ago and I'm on 924 :P |
|
Is this an issue on Spigot, or was this caused by paperspigot in the first place? Would like to know. |
|
If you're having a hard time reproducing this can I get pointed to the section of code that handles disconnects and player file saving please? |
|
Resolving this issue has been proven to be quite a hassle, the provided fix by spigot that would resolve this issue appears to only make it easier. |
|
Interesting. Can you point me toward the section of code you're referencing? I know nothing about the paper project, but I do program for a living. |
|
Dupe still works with paper 933 Same video: How to reproduce:
On client N1 prepare the item you wish to duplicate. |
|
Sounds like this may be related to GH-488 |
|
Zbob750 what makes you think it's related? This doesn't have anything to do with chests. I'd think it'd have more to do with the fact that player save files aren't registering the drop before being loaded up by client #2. |
|
Looks like it's been reported here: https://bugs.mojang.com/browse/MC-63 and someone has made a temp patch plugin (untested, use at your own peril): https://github.com/ataranlen/NoDroppingOffline/releases |
|
I said it may be related, not that it is. If someone can verify the linked plugin fixes the issue, that's a pretty simple thing to add as a mitigating step, until someone fixes the root issue. |
|
Integrating said plugin into paper is a really hacky solution IMO |
|
I'm not thrilled about it either, if you're aware of a better solution feel free to submit a PR @chnkr |
|
Can do 👍 will look into something tomorrow. |
|
Update your servers, Paper now follows most every other game server software out there by not processing packets from players who already disconnected, which should resolve the issue. |
|
Unfortunately it does not appear patched on version 959. The plugin does not seem to work either. Same exact reproduction procedures. |
|
Not re-opening this issue without multiple confirmations from multiple parties. |
|
I am unable to replicate |
|
Confirmed working on 2b2t.net |
|
At this point, PRs welcome. I don't have time to look into this any further right now. |
|
I wrote a plugin to temporarily stop this until someone comes up with a better way. https://github.com/NerdGuruDevelopers/NoDupe Confirmed working on 9b9t. |
|
@NerdGuruDevelopers that is a terrible way to stop it, because it'll still work with that plugin, the entire dupe relies on the fact that your inventory is serialized too late / too early. |
|
It also relies on users being able to disconnect by users knowing when exactly they'll be kicked. Like I said temporary patch until someone figures out a better way to stop it. |
|
No, it does not. There are so much more ways you can execute this duplication glitch, none of the provided patches or plugins resolve the issue, and as of right now it still works in Vanilla, Spigot & Paperspigot. Mojang knows about it, but it's highly unlikely that this will be patched anytime soon. |
|
I can confirm this issue still persists in 1.11.2 using Paper 992, NoCheatPlus 1046 and ProtocolLib 345. Do we have any progress on a fix? An entire server is duping and I cannot find a way to stop it. |
|
Wurst clients cause an "Interacted with Self" disconnect message that can be caught on a bungeecord level, You can use a ServerKickEvent listener to deal with the offending players, I haven't seen that disconnect message by vanilla means yet. Its not a fool proof solution, but it should at least catch the bad dupers. |
|
This doesn't have anything to do with hacked clients @NachtRaben as it is being done on Vanilla clients by simply following the OPs method. That kick dupe you mention is still fixed AFAIK. |
|
Another "bandaid" for the issue is to simply return on interacting with self instead of kicking, teleport the player to the correct location instead of kicking for flying, and such until players cannot reliably get themselves kicked. |
|
I've pulled @AlfieC 's PR. See if this is still possible with build 997+ |
|
Both @prplz and I have tested this extensively and have so far been unable to replicate with my PR - but when we revert to the one without the PR, we can get it usually 50% of the time (when we run the server at 1-2tps). |
|
going to mark this closed then. Please reopen a new ticket if it can be done again. |
|
Can confirm patch seems to solve it. |
Upstream has released updates that appears to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: da9ef3c5 #496: Add methods to get/set ItemStacks in EquipmentSlots 3abebc9f #492: Let Tameable extend Animals rather than Entity 941111a0 #495: Expose ItemStack and hand used in PlayerShearEntityEvent 4fe19cae #494: InventoryView - Add missing Brewing FUEL_TIME CraftBukkit Changes: 933e909 #664: Add methods to get/set ItemStacks in EquipmentSlots 1872231 #662: Expose ItemStack and hand used in PlayerShearEntityEvent
Description of issue:
This duplication method requires 2 logged in copies of minecraft and preferably an autoreconnect plugin.
Notes:
Example Video: https://www.youtube.com/watch?v=zJYmMkhbbGY
You'll note I have 2 items in my hand to begin with, then after disconnect end up with 3.
Plugin list:
DeathMessagesPrime, OldschoolKill, RedstoneClockPreventer, noMe, SimpleAutoBroadcast, NoNetherRoof, DisableJoinMessage, BukkitHiddenSyntaxBlocker, TeaLimit, ChatCo, Random_Spawn, ItemRestrict, ProtocolLib, NoCheatPlus
bukkit.yml, spigot.yml, paper.yml, server.properties
bukkit.yml => http://pastie.org/private/irb2ze7temqydfd1rblkaw
spigot.yml => http://pastie.org/private/rhw1mngrr83azoqyiewaq
paper.yml => http://pastie.org/private/2qpblul1zv94sxx27hqe9g
server.properties => http://pastie.org/private/jryuenrcv30tw0vawmw5q
Paper build number:
924
The text was updated successfully, but these errors were encountered: