Server claim bypass with create deployer and CC turtle

Question

Server claim bypass with create deployer and CC turtle

dithpri opened this issue 2 years ago · 3 comments

dithpri commented 2 years ago

In both example cases, the turtle is placed in a wilderness chunk on the border of a server-claimed chunk:

A player-placed turtle cannot place or dig a block in a server claim:

lua> turtle.place()
false
"Cannot place block here"
lua> turtle.dig()
false
"Cannot break protected block"

However, this can be bypassed by placing the turtle with a deployer from the create mod. This is easy to do with just a deployer and a hand crank

lua> turtle.dig()
true
lua> turtle.place()
true

Mod List:

		client-1.18.2-20220404.173914-srg.jar             |Minecraft                     |minecraft                     |1.18.2              |DONE      |Manifest: a1:d4:5e:04:4f:d3:d6:e0:7b:37:97:cf:77:b0:de:ad:4a:47:ce:8c:96:49:5f:0a:cf:8c:ae:b2:6d:4b:8a:3f
		forge-1.18.2-40.2.0-universal.jar                 |Forge                         |forge                         |40.2.0              |DONE      |Manifest: 84:ce:76:e8:45:35:e4:0e:63:86:df:47:59:80:0f:67:6c:c1:5f:6e:5f:4d:b3:54:47:1a:9f:7f:ed:5e:f2:90
		open-parties-and-claims-forge-1.18.2-0.16.6.jar   |Open Parties and Claims       |openpartiesandclaims          |0.16.6              |DONE      |Manifest: NOSIGNATURE
		flywheel-forge-1.18.2-0.6.8.a.jar                 |Flywheel                      |flywheel                      |0.6.8.a             |DONE      |Manifest: NOSIGNATURE
		create-1.18.2-0.5.0.i.jar                         |Create                        |create                        |0.5.0.i             |DONE      |Manifest: NOSIGNATURE
		cc-tweaked-1.18.2-1.101.2.jar                     |CC: Tweaked                   |computercraft                 |1.101.2             |DONE      |Manifest: NOSIGNATURE

dithpri · Answer 1 · 2023-02-25T17:02:59.000Z

Thanks for reporting! You mean you can place the turtle outside the claim with a deployer and then it can go inside and bypass protection, right?

Yes, that's correct. It can both go inside and mine/place, as well as just hang out on the border and mine/place in the claimed chunk - in both cases bypassing the claim.

thexaero · Answer 2 · 2023-02-25T10:56:03.000Z

Thanks for reporting!
You mean you can place the turtle outside the claim with a deployer and then it can go inside and bypass protection, right?

thexaero · Answer 3 · 2023-02-25T11:01:14.000Z

I think this is because deployers are set to bypass the normal protection as they have their own custom checks. I assume the turtle is getting the UUID of a deployer, like with regular players, which gives it the bypass ability without any checks. Didn't think of this. I'm wondering if checking the fake player's name instead of the UUID would work.

Share to