Ok, so I've been thinking about this for a while, and I'm wondering if its possible to write a mod that would find a seed on a multiplayer world.
Now I know what a lot of your responses will be; "That's not possible because the server doesn't send the seed to the client. You would need to be opped on the server so you could do /seed." But here are my thoughts (please feel free to correct me if I'm wrong anywhere):
A seed is a randomly generated number. That number is used to determine most of the blocks in a world.
If you generate two worlds, both with the same seed, they should give you pretty much the same world.
Assuming all blocks in a large enough area are natural, and your x, y, and z location, you should be able to figure out the seed.
Here are some issues though:
Minecraft servers don't always use default generators. This means that if a different generator is used, you would need to use a completely different set of code to figure out the seed.
The player would need to generate new chunks to figure out the seed, because if a different player places a block that would naturally generate (dirt, stone, etc) it would throw off the mod. I don't know if Minecraft servers tell the client what chunks are already generated, and which ones are new (and if the server does communicate that to the client, it would be too difficult to cancel that with a plugin I would assume).
Minecraft's code that generates a world is, as I understand it, pretty massive. It would be very difficult to reverse engineer the generator, although still possible to my knowledge.
It might be possible to use Minecraft's built in code for this.
I have seen other people asking this, but the answers that were given involved methods similar to brute force hacking. I'm not saying that you would have to generate all 18,446,744,073,709,551,616 possible seeds before you find a match. I'm suggesting you could somehow reverse engineer (I think that's the right term) the generator algorithm to figure out what seed a server is.
I understand this would be a pretty difficult project, so this is more of a hypothetical question more than a request.
This is possible - and much easier than you might think if you know the locations of at least several naturally generated structures (desert temples, villages, etc) or slime chunks, thanks to the fact that their locations are always the same regardless of the world type (they may or may not generate in a particular spot due to the biome being incorrect but e.g. a village that generates in chunk 5, 10 will always be in that exact location as long as the biome is valid; mineshafts will always be present unless an ocean overwrites them). In particular, there are only 2^48 or about 281 trillion possible combinations of generated structures and slime chunks thanks to the fact that only the biome generator uses the full 64 bit seed; everything else uses Java's Random, which is only 48 bits; this means that you can search for seeds with matching structure coordinates 65,536 times faster, then have only 65,536 seeds to check more throughly to see if world generation matches (less of an issue if you just want the locations of structures or slime chunks; veins of ore will also match as long as they did not change the settings); the actual algorithms are pretty simple and can be extracted from the MapGenxxx classes in MCP, the Wiki even lists the slime chunk formula on their Slime page.
However, as can be seen in that thread Spigot included an option to change the way structure locations are calculated to defeat this very exploit (note - I do not condone doing this to get an advantage on a server, such as finding structures or ores; the latter may get you accused of using x-ray hacks anyway if they see you digging straight to ores you found with e.g. Minutor on a recreated world) so this may not work. Also, you'd need to do GPU computing if you wanted results in a reasonable amount of time; they said it took 8 hours (which is still far less than the ~60 years it would take to scan all 2^64 seeds); so this would not be for a mod but a stand-alone utility, probably written in C++ (mainly to use GPU computing, I have no idea if Java supports it; you'd also have to replicate Java's Random in C++, not use C++'s RNG. You could still do it on a normal CPU but it could take a lot longer unless you hit the seed early on).
Still, you'd need a lot of "examples" (basically data of the slime chunks and structure generation of EVERY SEEED) to compare the server to, and then compare all of them to the server.
So while it's doable, it's as effective as finding passwords by typing every possible combination.
And in the end this is all to bypass the server ops' /seed permission... If they're not giving it to you then you shouldn't work around to get it yourself.
Still, you'd need a lot of "examples" (basically data of the slime chunks and structure generation of EVERY SEEED) to compare the server to, and then compare all of them to the server.
So while it's doable, it's as effective as finding passwords by typing every possible combination.
And in the end this is all to bypass the server ops' /seed permission... If they're not giving it to you then you shouldn't work around to get it yourself.
3 things:
1. I said in my original post that this was more of hypothetical question more than a request/proposition/etc.
2. I said that I was wondering if there was a way to do it other than methods similar to brute force hacking (trying every password until you get one right).
3. The point of me posting this was to see if there is a way to find a seed without using /seed.
This post was mainly for my curiosity. I hope you understand that
Still, you'd need a lot of "examples" (basically data of the slime chunks and structure generation of EVERY SEEED) to compare the server to, and then compare all of them to the server.
So while it's doable, it's as effective as finding passwords by typing every possible combination.
And in the end this is all to bypass the server ops' /seed permission... If they're not giving it to you then you shouldn't work around to get it yourself.
Actually, no you don't:
However, it is in fact possible to discover any Minecraft world's seed with just a bit of exploration and about 8 hours on an average gaming graphics card.
This is not just a theoretical vulnerability -- I have written software which performs this brute-force analysis, and I have successfully obtained the world seed on a Minecraft server where I am not an operator and cannot use the /seed command. In fact I didn't even have to connect to the server, I only had to gather information that they (like many other major Minecraft servers) already made available to the public.
Yes, you don't even need to actually join the server - just find villages and temples on their Dynmap. You also do not need to know where they are located in every single seed - you just need a few, possibly as few as 10, structure locations, then you can run the algorithms using various seeds until you find one that has structures in the same locations.
For example, here are the algorithms used to determine where mineshafts are located:
In MapGenBase; the world seed is used to get two random numbers which are multiplied by the chunk coordinates to make a chunk-specific seed; all structures use this base code:
this.worldObj = par2World;
this.rand.setSeed(par2World.getSeed());
long var7 = this.rand.nextLong();
long var9 = this.rand.nextLong();
long var13 = (long)chunkX * var7;
long var15 = (long)chunkZ * var9;
this.rand.setSeed(var13 ^ var15 ^ par2World.getSeed());
In MapGenMineshaft; you can easily adapt this to 1.7 or newer versions by changing the value of to 0.004:
Note that MapGenStructure calls rand.nextInt() once before calling canSpawnStructureAtCoords so this would have to be included.
All you need to do is scan the area in which you want to match structures; for example, let's say from -20 to +20 (chunk coordinates) and check to see if the structures in a list you provide match the ones that actually generated. For villages and temples this would be a bit trickier since the biome determines whether they actually generate, but still entirely feasible (you'd probably want to assign a "score" based on how well a seed matches the input pattern).
For example, here is the output from a simple command-line Java utility I made to assist with developing a mod; it scans a 128x128 block area centered around 0,0 and outputs the locations of certain types of caves and ravines:
C = Colossal cave systems
S = Special cave systems (C = circular room, R = ravine)
r = Regional cave area with long thin and relatively straight caves
g = Regional cave area with giant caves
L = Largest single caves
R = Largest ravines
@ = Largest cave+ravine in same chunk
. = Normal cave systems may generate here (blank areas have no caves)
This could be used, with modifications, to find a matching seed based on known coordinates; while it is possible that two different seeds (meaning that the lower 48 bits are different) may be the same over a limited area the chances are low and in any case you still need to perform a final check on the remaining 65536xN (N is number of seeds with matches) seeds to find the one with the same world generation.
It would take forever anyways... Ever seen a "brute force" password cracker? And this is not just text, you're asking to compare X structure in X place with all the possible seed combinations, at least 10 times. And this is all considering you'll only get one seed in return, and that players haven't touched the world enough.
It might be food for thought but it's just monkeys on keyboards...
It would take forever anyways... Ever seen a "brute force" password cracker? And this is not just text, you're asking to compare X structure in X place with all the possible seed combinations, at least 10 times. And this is all considering you'll only get one seed in return, and that players haven't touched the world enough.
It might be food for thought but it's just monkeys on keyboards...
Did you even read my posts, especially the parts about this actually being done? Here it is again:
However, it is in fact possible to discover any Minecraft world's seed with just a bit of exploration and about 8 hours on an average gaming graphics card.
This is not just a theoretical vulnerability -- I have written software which performs this brute-force analysis, and I have successfully obtained the world seed on a Minecraft server where I am not an operator and cannot use the /seed command. In fact I didn't even have to connect to the server, I only had to gather information that they (like many other major Minecraft servers) already made available to the public.
I presume that 8 hours is indeed "forever" to most Minecraft players, but you could just let it run overnight. And yes, they actually tested it - without even going on the server (since as I said many servers use software like Dynmap that lets you look at it from their Web site).
Why do you think Spigot took the trouble to add a countermeasure against this exploit?
Now that md_5 has added a basic countermeasure to a future version of Spigot, I am releasing a few more details about what makes seeds vulnerable and how to modify your server to protect them -- please see this new thread for that discussion.
it does not matter whether it is actual reverse engineering or a simply brute-force attack - given enough computational power almost anything becomes practical (unless you want to crack a 256 bit cipher or the like).
It would take forever anyways... Ever seen a "brute force" password cracker? And this is not just text, you're asking to compare X structure in X place with all the possible seed combinations, at least 10 times. And this is all considering you'll only get one seed in return, and that players haven't touched the world enough.
It might be food for thought but it's just monkeys on keyboards...
Ive said this twice now but ill say it again: im not proposing using brute force hacking methods...also you seem to have a hard time understanding what hypothetical means
The Meaning of Life, the Universe, and Everything.
Join Date:
6/8/2012
Posts:
109
Minecraft:
44trent3
Member Details
Your density amazes me: He said the seed, with several generated structures, as few as 10, using GPU calculations, could infact, in as little as 8 hours, determine the seed of a multiplayer server. If that is forever, then the start of the universe would seem impossible.
On an unrelated note, does anyone know if taleden ever published the source code to the seed thing? Or does anyone happen to have some functional code that'll do exactly what taleden discovered?
Ok, so I've been thinking about this for a while, and I'm wondering if its possible to write a mod that would find a seed on a multiplayer world.
Now I know what a lot of your responses will be; "That's not possible because the server doesn't send the seed to the client. You would need to be opped on the server so you could do /seed." But here are my thoughts (please feel free to correct me if I'm wrong anywhere):
Here are some issues though:
I have seen other people asking this, but the answers that were given involved methods similar to brute force hacking. I'm not saying that you would have to generate all 18,446,744,073,709,551,616 possible seeds before you find a match. I'm suggesting you could somehow reverse engineer (I think that's the right term) the generator algorithm to figure out what seed a server is.
I understand this would be a pretty difficult project, so this is more of a hypothetical question more than a request.
Just ask an OP to check using the /seed command.
WARNING:
My output of snark depends on your output of stupidity.
My patience wears thin on strawmen and lies.
I'm not trying to find out a specific server seed, I'm wondering if my idea is possible.
I guess it is possible but it'd be overly complicated for the outcome. Aka unuseful.
Also if the server doesn't want you to have the seed then you shouldn't get it.
This is possible - and much easier than you might think if you know the locations of at least several naturally generated structures (desert temples, villages, etc) or slime chunks, thanks to the fact that their locations are always the same regardless of the world type (they may or may not generate in a particular spot due to the biome being incorrect but e.g. a village that generates in chunk 5, 10 will always be in that exact location as long as the biome is valid; mineshafts will always be present unless an ocean overwrites them). In particular, there are only 2^48 or about 281 trillion possible combinations of generated structures and slime chunks thanks to the fact that only the biome generator uses the full 64 bit seed; everything else uses Java's Random, which is only 48 bits; this means that you can search for seeds with matching structure coordinates 65,536 times faster, then have only 65,536 seeds to check more throughly to see if world generation matches (less of an issue if you just want the locations of structures or slime chunks; veins of ore will also match as long as they did not change the settings); the actual algorithms are pretty simple and can be extracted from the MapGenxxx classes in MCP, the Wiki even lists the slime chunk formula on their Slime page.
See also: http://www.minecraftforum.net/forums/support/server-support/server-administration/2133175-server-ops-anyone-can-discover-your-world-seeds
However, as can be seen in that thread Spigot included an option to change the way structure locations are calculated to defeat this very exploit (note - I do not condone doing this to get an advantage on a server, such as finding structures or ores; the latter may get you accused of using x-ray hacks anyway if they see you digging straight to ores you found with e.g. Minutor on a recreated world) so this may not work. Also, you'd need to do GPU computing if you wanted results in a reasonable amount of time; they said it took 8 hours (which is still far less than the ~60 years it would take to scan all 2^64 seeds); so this would not be for a mod but a stand-alone utility, probably written in C++ (mainly to use GPU computing, I have no idea if Java supports it; you'd also have to replicate Java's Random in C++, not use C++'s RNG. You could still do it on a normal CPU but it could take a lot longer unless you hit the seed early on).
TheMasterCaver's First World - possibly the most caved-out world in Minecraft history - includes world download.
TheMasterCaver's World - my own version of Minecraft largely based on my views of how the game should have evolved since 1.6.4.
Why do I still play in 1.6.4?
Still, you'd need a lot of "examples" (basically data of the slime chunks and structure generation of EVERY SEEED) to compare the server to, and then compare all of them to the server.
So while it's doable, it's as effective as finding passwords by typing every possible combination.
And in the end this is all to bypass the server ops' /seed permission... If they're not giving it to you then you shouldn't work around to get it yourself.
3 things:
1. I said in my original post that this was more of hypothetical question more than a request/proposition/etc.
2. I said that I was wondering if there was a way to do it other than methods similar to brute force hacking (trying every password until you get one right).
3. The point of me posting this was to see if there is a way to find a seed without using /seed.
This post was mainly for my curiosity. I hope you understand that
Actually, no you don't:
Yes, you don't even need to actually join the server - just find villages and temples on their Dynmap. You also do not need to know where they are located in every single seed - you just need a few, possibly as few as 10, structure locations, then you can run the algorithms using various seeds until you find one that has structures in the same locations.
For example, here are the algorithms used to determine where mineshafts are located:
In MapGenMineshaft; you can easily adapt this to 1.7 or newer versions by changing the value of to 0.004:
Note that MapGenStructure calls rand.nextInt() once before calling canSpawnStructureAtCoords so this would have to be included.
All you need to do is scan the area in which you want to match structures; for example, let's say from -20 to +20 (chunk coordinates) and check to see if the structures in a list you provide match the ones that actually generated. For villages and temples this would be a bit trickier since the biome determines whether they actually generate, but still entirely feasible (you'd probably want to assign a "score" based on how well a seed matches the input pattern).
For example, here is the output from a simple command-line Java utility I made to assist with developing a mod; it scans a 128x128 block area centered around 0,0 and outputs the locations of certain types of caves and ravines:
Locations of colossal cave systems:
1: -88, -1016
2: 936, -216
3: 72, 824
Locations of special cave systems:
1: -792, -872 (ravine)
2: 488, -616 (circular room)
3: -152, -488 (ravine)
4: 1000, -488 (ravine)
5: -408, -360 (circular room)
6: 744, 152 (circular room)
7: -792, 536 (circular room)
8: -536, 792 (ravine)
9: 360, 792 (ravine)
10: -920, 920 (circular room)
Locations of largest single caves:
1: 552, -552
2: -856, 88
3: -984, 984
4: -728, 984
Locations of largest ravines:
1: 40, -872
2: -920, -552
3: -760, -392
4: 680, 88
5: -760, 248
6: 520, 248
7: -120, 568
C = Colossal cave systems
S = Special cave systems (C = circular room, R = ravine)
r = Regional cave area with long thin and relatively straight caves
g = Regional cave area with giant caves
L = Largest single caves
R = Largest ravines
@ = Largest cave+ravine in same chunk
. = Normal cave systems may generate here (blank areas have no caves)
This could be used, with modifications, to find a matching seed based on known coordinates; while it is possible that two different seeds (meaning that the lower 48 bits are different) may be the same over a limited area the chances are low and in any case you still need to perform a final check on the remaining 65536xN (N is number of seeds with matches) seeds to find the one with the same world generation.
TheMasterCaver's First World - possibly the most caved-out world in Minecraft history - includes world download.
TheMasterCaver's World - my own version of Minecraft largely based on my views of how the game should have evolved since 1.6.4.
Why do I still play in 1.6.4?
It would take forever anyways... Ever seen a "brute force" password cracker? And this is not just text, you're asking to compare X structure in X place with all the possible seed combinations, at least 10 times. And this is all considering you'll only get one seed in return, and that players haven't touched the world enough.
It might be food for thought but it's just monkeys on keyboards...
Did you even read my posts, especially the parts about this actually being done? Here it is again:
I presume that 8 hours is indeed "forever" to most Minecraft players, but you could just let it run overnight. And yes, they actually tested it - without even going on the server (since as I said many servers use software like Dynmap that lets you look at it from their Web site).
Why do you think Spigot took the trouble to add a countermeasure against this exploit?
it does not matter whether it is actual reverse engineering or a simply brute-force attack - given enough computational power almost anything becomes practical (unless you want to crack a 256 bit cipher or the like).
TheMasterCaver's First World - possibly the most caved-out world in Minecraft history - includes world download.
TheMasterCaver's World - my own version of Minecraft largely based on my views of how the game should have evolved since 1.6.4.
Why do I still play in 1.6.4?
Ive said this twice now but ill say it again: im not proposing using brute force hacking methods...also you seem to have a hard time understanding what hypothetical means
I'm not gonna read a wall of text, and I already guessed this was discussion for the sake of discussion.
But still, given the huge amount of seeds, there's no efficient way to find a seed based on data like structures and such...
Your density amazes me: He said the seed, with several generated structures, as few as 10, using GPU calculations, could infact, in as little as 8 hours, determine the seed of a multiplayer server. If that is forever, then the start of the universe would seem impossible.
On an unrelated note, does anyone know if taleden ever published the source code to the seed thing? Or does anyone happen to have some functional code that'll do exactly what taleden discovered?
http://www.minecraftforum.net/topic/817769-did-the-terrain-become-boring-1000-supporters/