Board Thread:News and Announcements/@comment-4750818-20170408215750/@comment-25101690-20170411200227

Minecraftmage113 wrote: Sinthorion wrote: I assume this can easily be surpassed by opening the CheatingEssentials mod file and edit the mod ID in mcmod.info. Also this can't detect custom modifications to the LOTR mod, which is currently the technique used for some of the worst theoretical server hacks.

yeah....... how would one go about editing the mod itself though? the most i've ever gotten is directly editing the mods textures through winrar and gimp.

also, with you saying theoretical, does this mean that no ones ever tested it? I've never edited the code of a compiled mod file myself, but there are multiple ways. You could make out a single .class file and replace it by your own, which you had to compile in the environment of the whole mod, which is a bit complicated. Or you could directly edit JVM bytecode, as Mevans has described in his recent post. I heard of someone who claims that he used these kinds of vulnerabilities to gain unfair advantages, tested it on TOS, and was banned for it.

Since mod blacklists are no use (and have the disadvantage of limiting player choices in cosmetical mods), all we can do to prevent it is to detect the symptoms (such as a player turning and hitting faster than he is supposed to, having ridiculous amounts of valuables with no apparent source, or other noticable things). Also, Mevans should do his best to code the server-client interfaces secure enough to prevent these hacks for his own mod, and the mod team should test the mod for expectable vulnerabilities in the test phase.