A long time ago, the /seed command was disabled for non-operators of multiplayer servers, to prevent regular players from discovering the seed of the world (and with it, the locations of all ores, temples, etc).
However, it is in fact possible to discover any Minecraft world's seed with just a bit of exploration and about 8 hours on an average gaming graphics card.
This is not just a theoretical vulnerability -- I have written software which performs this brute-force analysis, and I have successfully obtained the world seed on a Minecraft server where I am not an operator and cannot use the /seed command. In fact I didn't even have to connect to the server, I only had to gather information that they (like many other major Minecraft servers) already made available to the public.
I have reported this issue to Mojang in a private ticket, but they closed my report in a matter of minutes because they say it is "not a bug" for players to be able to obtain world seeds even without using /seed. If you, the server operators and administrators in this forum, are concerned about your players being able to discover your world seeds, now is the time to make some noise to Mojang to address the issue. It is a very simple thing for them to fix (for newly generated worlds at least), they just don't think it matters enough to do so.
I have not yet decided whether to publish my source code; on the one hand I think it's quite interesting and could be educational for anyone else with an interest in GPU computing, but on the other hand, I have no wish to make trouble for server operators who don't want just anyone to be able to discover their world seeds. So, for the moment at least, this is just a public service announcement that multiplayer world seeds are vulnerable; I won't (yet) reveal the exact technical details of the vulnerability or publish my source code.
However, if anyone from Mojang, Bukkit, Spigot etc would like more information so that they can implement a defense against this attack, I would be happy to assist.
The Meaning of Life, the Universe, and Everything.
Join Date:
2/26/2012
Posts:
44
Minecraft:
quadrplax
Member Details
You should post the code. Mojang says it's not a bug, and if people wanted it to find diamonds and stuff, they could easily just use an X-Ray mod or World Downloader. Also people are saying on Reddit that they don't believe you did it since you won't post the code.
Just because Mojang doesn't seem to care much about supporting their community of server admins doesn't mean those admins would be pleased with their users performing this attack with no warning. This thread serves as that warning, and I'll be glad to prove my claims for anyone who volunteers their server's IP.
Do you only need the IP or do you also need to be whitelisted?
That depends on the server; if I am able to connect and explore the world, and the size of the world is not kept very small, then I will be able to gather enough information. But on some servers, the necessary information is made public without even having to log in.
I think it is likely Mojang ignored this issue because of the time taken to compute the seed and also that there is no foreseeable way of fixing it.
I don't know how many people would be willing to wait eight hours just to work out the seed for a world, when mods can be installed in minutes that can solve the issues many people would want the world for.
Also, based on what I can understand from you saying 'brute force operation', I am assuming you simply generate worlds based on random seeds and see if the generated world matches the world info you retrieved off of a server. If this is the case, how would it be possible for Mojang to fix this issue? The only real solution as far as I can see is to stop people from downloading the world which of course isn't possible.
There is actually a very simple fix, because it is not necessary to make the attack impossible, which as you rightly point out cannot be done -- it will always be possible to brute-force any algorithm, no matter what. The question is how long it takes; a minor change would make it take decades, which would be good enough. Right now it takes hours, which (I think) isn't good enough, especially since the hours are mostly computer time which can run while you sleep.
What would be your proposed change? I agree this is a problem even with hours of compute time but definitely wouldn't be with decades.
Are you suggesting an increase in seed length for world generation? This is something that would work but I hadn't thought of before.
I'm interested in your solution as well.
I don't see how you could prevent reverse engineering the terrain algorithm so easily with a small fix like you say.
What would be your proposed change? I agree this is a problem even with hours of compute time but definitely wouldn't be with decades.
Are you suggesting an increase in seed length for world generation? This is something that would work but I hadn't thought of before.
Increasing seed length would be somewhat difficult actually, since they're already 64 bits and data types larger than that are often much harder/slower to work with. But there is another easy fix which I'm trying to get Mojang/Bukkit/Spigot/somebody to implement, before I release my source code.
I don't see how you could prevent reverse engineering the terrain algorithm so easily with a small fix like you say.
The easy way to fix it (for newly generated worlds) would also be a big hint about where the problem is, which I'm trying to avoid publicizing until Mojang/Bukkit/Spigot have a chance to offer the fix to server admins. As soon as one of them does, or if they all refuse, then I'll release the details, including the easy fix.
With a 64 bit seed, that should be sufficient to protect the world. Is the problem that the seed is a 32 bit seed? IIRC, seeds are 32 bit if they come from a string seed (they use the hashCode() function to obtain the seed)
EDIT: removed a less obvious possible vulnerability. Will take a look later to see if that might be the case.
Do you want me to remove the above bit about seeds being 32 bit if they come from strings?
my server's IP is 37.59.252.113:25789 and it is running 14w21b
You're free to go get the seed, I'm interested to hear back. Or you can log on to 2b2t (IP is 2b2t.org), which has a MASSIVE map that is 3 and a half years old, running 1.7.9
With a 64 bit seed, that should be sufficient to protect the world. Is the problem that the seed is a 32 bit seed? IIRC, seeds are 32 bit if they come from a string seed (they use the hashCode() function to obtain the seed)
EDIT: removed a less obvious possible vulnerability. Will take a look later to see if that might be the case.
Do you want me to remove the above bit about seeds being 32 bit if they come from strings?
No, the 32 bit string seeds are common knowledge, that's not the issue. And you're right that a 64 bit seed *should* be big enough, but Minecraft uses it in a way that makes it much easier to discover than it should be.
my server's IP is 37.59.252.113:25789 and it is running 14w21b
You're free to go get the seed, I'm interested to hear back. Or you can log on to 2b2t (IP is 2b2t.org), which has a MASSIVE map that is 3 and a half years old, running 1.7.9
2b2t says it's run by Housemaster, is that you? Or can you have him send me his approval? I don't want to do this to somebody else's server without their permission.
My code is currently written to work with 1.7.9 so that will be much easier to demonstrate; I could modify it to work with a 1.8 snapshot but that would take some time.
So, if I may ask, does it have to do with the fact that time is used? It appears that if no seed is given, the seed used is based on a random number generated from the current time. There aren't that many bits of information in the time, so you can reduce the search space to less than 2^31 bits if you assume the server did not specify a seed.
One way or another, will you be releasing the source code? I'd be interested to see what the attack was. Also, I haven't done any GPU programming, so that's something I'd be interested in taking a look at.
So, if I may ask, does it have to do with the fact that time is used? It appears that if no seed is given, the seed used is based on a random number generated from the current time. There aren't that many bits of information in the time, so you can reduce the search space to around 2^31 bits if you assume the server did not specify a seed.
One way or another, will you be releasing the source code? I'd be interested to see what the attack was. Also, I haven't done any GPU programming, so that's something I'd be interested in taking a look at.
No, it's not based on time; in fact the server I tested it on had a seed that would be a future date if it were the time.
I would like to release the code because I also think it's interesting (I'd never done GPU programming before this), I just don't want to publish it until I give the server software developers a chance to protect against it. If they don't want to, then I'll probably end up posting it, or at least the interesting parts of it.
No, the 32 bit string seeds are common knowledge, that's not the issue. And you're right that a 64 bit seed *should* be big enough, but Minecraft uses it in a way that makes it much easier to discover than it should be.
2b2t says it's run by Housemaster, is that you? Or can you have him send me his approval? I don't want to do this to somebody else's server without their permission.
My code is currently written to work with 1.7.9 so that will be much easier to demonstrate; I could modify it to work with a 1.8 snapshot but that would take some time.
Nope, I'm not Hause. But that server has no rules. I guarantee you he won't care. (Plus, the seed is public)
Well, I'll leave you on the whitelist if you want to try it out on 1.8 anytime soon.
Simple fix: whenever the seed is used by the worldgen, apply a filther to it, sorta like enigma machines. After 8 hours, your software will find the encrypted seed, but finding the original will require a lot more time.
Simple fix: whenever the seed is used by the worldgen, apply a filther to it, sorta like enigma machines. After 8 hours, your software will find the encrypted seed, but finding the original will require a lot more time.
Seeds are designed to always generate the same world when same seed is used.
Changing the seed does not solve the problem. As long as the seed is used to generate the world, obtaining the seed allows you to generate the same world and find anything that generates in it.
I don't think you guys get what he's saying
lets say your seed is "123" You hash that and get something like 202cb962ac59075b964b07152d234b70. You then use this to generate the world
Now the program will find 202cb962ac59075b964b07152d234b70, but entering 202cb962ac59075b964b07152d234b70 as your seed will just make a world with d9b1d7db4cd6e70935368a1efb10e377 as its used seed
However, it is in fact possible to discover any Minecraft world's seed with just a bit of exploration and about 8 hours on an average gaming graphics card.
This is not just a theoretical vulnerability -- I have written software which performs this brute-force analysis, and I have successfully obtained the world seed on a Minecraft server where I am not an operator and cannot use the /seed command. In fact I didn't even have to connect to the server, I only had to gather information that they (like many other major Minecraft servers) already made available to the public.
I have reported this issue to Mojang in a private ticket, but they closed my report in a matter of minutes because they say it is "not a bug" for players to be able to obtain world seeds even without using /seed. If you, the server operators and administrators in this forum, are concerned about your players being able to discover your world seeds, now is the time to make some noise to Mojang to address the issue. It is a very simple thing for them to fix (for newly generated worlds at least), they just don't think it matters enough to do so.
I have not yet decided whether to publish my source code; on the one hand I think it's quite interesting and could be educational for anyone else with an interest in GPU computing, but on the other hand, I have no wish to make trouble for server operators who don't want just anyone to be able to discover their world seeds. So, for the moment at least, this is just a public service announcement that multiplayer world seeds are vulnerable; I won't (yet) reveal the exact technical details of the vulnerability or publish my source code.
However, if anyone from Mojang, Bukkit, Spigot etc would like more information so that they can implement a defense against this attack, I would be happy to assist.
Creator of Timings - Open Source Enthusiast - Mentor - Discord: Code With Aikar, PaperMC
Server Owners: Proven Optimized Server Startup Flags
http://www.youtube.com/quadrplax My channel
That depends on the server; if I am able to connect and explore the world, and the size of the world is not kept very small, then I will be able to gather enough information. But on some servers, the necessary information is made public without even having to log in.
There is actually a very simple fix, because it is not necessary to make the attack impossible, which as you rightly point out cannot be done -- it will always be possible to brute-force any algorithm, no matter what. The question is how long it takes; a minor change would make it take decades, which would be good enough. Right now it takes hours, which (I think) isn't good enough, especially since the hours are mostly computer time which can run while you sleep.
I'm interested in your solution as well.
I don't see how you could prevent reverse engineering the terrain algorithm so easily with a small fix like you say.
Increasing seed length would be somewhat difficult actually, since they're already 64 bits and data types larger than that are often much harder/slower to work with. But there is another easy fix which I'm trying to get Mojang/Bukkit/Spigot/somebody to implement, before I release my source code.
The easy way to fix it (for newly generated worlds) would also be a big hint about where the problem is, which I'm trying to avoid publicizing until Mojang/Bukkit/Spigot have a chance to offer the fix to server admins. As soon as one of them does, or if they all refuse, then I'll release the details, including the easy fix.
EDIT: removed a less obvious possible vulnerability. Will take a look later to see if that might be the case.
Do you want me to remove the above bit about seeds being 32 bit if they come from strings?
my server's IP is 37.59.252.113:25789 and it is running 14w21b
You're free to go get the seed, I'm interested to hear back. Or you can log on to 2b2t (IP is 2b2t.org), which has a MASSIVE map that is 3 and a half years old, running 1.7.9
No, the 32 bit string seeds are common knowledge, that's not the issue. And you're right that a 64 bit seed *should* be big enough, but Minecraft uses it in a way that makes it much easier to discover than it should be.
2b2t says it's run by Housemaster, is that you? Or can you have him send me his approval? I don't want to do this to somebody else's server without their permission.
My code is currently written to work with 1.7.9 so that will be much easier to demonstrate; I could modify it to work with a 1.8 snapshot but that would take some time.
One way or another, will you be releasing the source code? I'd be interested to see what the attack was. Also, I haven't done any GPU programming, so that's something I'd be interested in taking a look at.
No, it's not based on time; in fact the server I tested it on had a seed that would be a future date if it were the time.
I would like to release the code because I also think it's interesting (I'd never done GPU programming before this), I just don't want to publish it until I give the server software developers a chance to protect against it. If they don't want to, then I'll probably end up posting it, or at least the interesting parts of it.
Nope, I'm not Hause. But that server has no rules. I guarantee you he won't care. (Plus, the seed is public)
Well, I'll leave you on the whitelist if you want to try it out on 1.8 anytime soon.
Creator of Timings - Open Source Enthusiast - Mentor - Discord: Code With Aikar, PaperMC
Server Owners: Proven Optimized Server Startup Flags
Generate Minecraft Tellraw Commands, Books, and Signs!
Thanks, let me know if you need any further information from me.
I don't think you guys get what he's saying
lets say your seed is "123" You hash that and get something like 202cb962ac59075b964b07152d234b70. You then use this to generate the world
Now the program will find 202cb962ac59075b964b07152d234b70, but entering 202cb962ac59075b964b07152d234b70 as your seed will just make a world with d9b1d7db4cd6e70935368a1efb10e377 as its used seed
Generate Minecraft Tellraw Commands, Books, and Signs!