Minecraft’s ‘Worst’ Server Was Exploited So Hard Griefers Could See The Future

Minecraft’s ‘Worst’ Server Was Exploited So Hard Griefers Could See The Future

The tale of how hacker group Nerds Inc. took over 2b2t — Minecraft’s oldest so-called anarchy server — is convoluted and painstaking. It’s the story of how 300,000 players were constantly tracked, 15,000 bases discovered, and over 200 million items stolen. And it was all achieved exploiting not the software intended to keep the server functioning properly, but conditioning the people who maintain that software.

2b2t is infamous. Short for “2 builders 2 tools”, it is to Minecraft what 8chan is to forums: a den of unregulated freedom, with all the extraordinary creativity and the ugliest elements that invariably contains. Players who use the server will encounter racism, porn, gore, and most recently, some of the most intricate griefing ever seen. Perhaps the best coverage of this came from RPS’s Brendy Caldwall, in early 2016 before it had reached wider public attention — there he captured its deeply unwelcoming ways, how it spawns players in a barren location of utter horror, where survival is close to impossible.

Unmoderated, and all under the barely-watching eye of server admin ‘Hausmaster’, you’re as likely to stumble upon a mountain-high swastika or skyscraper-like cock as you are a town-sized towering statue of Jesus. With a chat that was primarily used to trick people into clicking on links to animal porn, and the only unofficial rule being to trust no one else ever, it attracted a certain type of player. Up until 2016, it rumbled along with a handful of trolling/griefing users, proud of its reputation as the “worst Minecraft server”. Then, as Kotaku reported at the time, it got noticed on YouTube.

Thanks to ‘The Camping Rusher’ and his million subscribers, 2b2t was flooded with new players, which inevitably led to war. The veterans wanted the server to remain theirs, the invading ‘Rushers’ responded to their hostility by destroying years-old structures. Veterans retaliated by making the server’s spawns utterly inhospitable, while bombarding players with images of porn that would make YouTubing their endeavours impossible. All the while, admin Hausmaster was reportedly cool with it all, telling Newsweek, “in my opinion it’s how it should be: absolutely chaotic.”

Throughout all of this, one fact remained: while it’s disputed if 2b2t is the longest-running Minecraft server, it’s certainly the longest continuously running, never having seen a reset in its eleven years. Which, of course to many in the nihilistic, anarchic playerbase, is a challenge.

It was in 2016 that player group Nerds Inc. first attempted to take over the server, as FitMC reports in his exhaustive video. (Before you get into my lengthy summarising of his account, I strongly suggest watching his video first.) They briefly achieved admin access, but were quickly booted, and then they went quiet — for two years. It was quickly forgotten.

Come 2018, two regulars on 2b2t, known only as 0x22 and Babbaj, found an interesting exploit. They discovered a way to trick the server into thinking they were clicking on blocks in chunks far out of viewing distance. Doing this caused the server to try to load these never-visited chunks, and the pair discovered that by having it do this for thousands of unexplored chunks all at once, they could crash it entirely. That’s not particularly interesting on its own, with limited opportunities for griefing — instead they believed it could be used for something much more specific.

Crashing the server was a means to an end. That end being, somehow, coordinates for the server’s players. So they hatched a plan: to repeatedly crash the server in this particular way, which would then alert Hausmaster to the issue, who would in turn report the exploit to a company called PaperMC. Paper is a tool that fixes bugs and blocks exploits on Minecraft servers, and the pair were seeking what they calculated Paper would have to do to address the issue. So if players are crashing the server by breaking blocks in chunks they were nowhere near, what’s the fix? To have the server only let players interact with chunks they’re currently in, right? And that’s precisely what the two — now teamed up with a member of Nerds Inc., Fr1ken — were after. Because if they could get that data, they’d have ways to find the locations of every player on the server.

This was July 12, 2018. By July 13, their plan had already worked. PaperMC had been successfully puppeteered, and implemented the precise fix the trio had hoped for, so they moved quickly.

What FitMC explains is that they created a system where they would attempt to hit every chunk on the server, in a spiral pattern, from spawn. Every time they were able to interact with a chunk, that meant a player was near it, and this information would be sent back to them via chat. Which is… I mean, that’s extraordinary.

The overworld heatmap created by the NOCOM exploit over three years. (Image: Nerds Inc., Other) The overworld heatmap created by the NOCOM exploit over three years. (Image: Nerds Inc., Other)

They went on to graph that data, then identify points where it was obvious players were gathering, and visit them to discover item stashes. Which they would then rob.

Fr1ken suggested the exploit be given the anonymous name “NOCOM”, short for “no comment”, and of course told others from within Nerds Inc.

FitMC’s video then goes onto chronicle in more detail what happened over the next three years, once the Nerds had their exploit in place. First up was improving the way they could access the data, not least because it didn’t specifically identify bases, nor indeed who individual players were. This involved bringing in a machine learning expert, whereupon things just get crazy. The tools they develop start to be able to identify players by their log times and locations, and the AI starts predicting where they’ll go next. (The video shows a snippet of the maths involved in this, which is full on meme-level galaxy brain stuff.)

Some of the maths behind NOCOM's machine learning. (Image: FitMC) Some of the maths behind NOCOM’s machine learning. (Image: FitMC)

Things get even crazier as the tools Nerds Inc. and co developed started being able to identify particular blocks in locations, and from this work out what was likely a base. Then, in ways that boggle my mind, the program was able to reconstruct the location elsewhere, letting the hackers see exactly what an area looked like, what FitMC calls equivalent to a spectator mode. He goes on to narrate,

“They were visually tracking every single player movement on the entire server in real-time, at one second intervals. Every chunk trail, base location, and player log-out spot was now compromised.”

As time went on, their cautious use of the exploit was put aside for more aggressive tactics. A few of the players involved in the exploit were also members of another group, the SpawnMasons, who were prolific large-project builders on the server. Members of Nerd Inc. would leak stash locations to the SpawnMasons, who would then rob the stashes and destroy them, to aid their own builds. It was the SpawnMasons who were responsible for the grand larceny of 200,000,000 Minecraft items.

In order to cover their tracks, the group started inventing imaginary exploits on which they could blame their activity if it was ever noticed. Making claims about pet spawn exploits or what have you would throw people off the scene of the reality of NOCOM. But their cruellest method was just flat-out gaslighting a server populated by griefers, convincing them that they were being paranoid, imagining these issues.

However, their plan had one weakness. To achieve all of it required the use of AFK (away from keyboard) accounts, logged in but never moving, used essentially as radar on the server to scan for all those chunks. One bump in the road in 2019 saw some server changes mean they had to increase their AFK accounts from one to four, and it was eventually this that led to someone noticing.

A player called 0NEB saw that there were these four AFK accounts, always logged, never leaving, and given that keeping an AFK account logged on required some cheating in the first place, he grew suspicious. But poor old 0NEB found himself a bit of a Cassandra. He knew what was happening and what it was leading to, but no one would listen to him.

“Hi, I’ve been trying to tell the community this for over a year, please listen,” began his Reddit screed laying out exactly what he thought was going on, and completely accurately naming the individuals involved. But he was laughed at. To rub it in, Nerd Inc. programmed their AFK accounts to start spamming 0NEB with random strings of Morse code. And so it continued for the whole of 2020.

A portion of the code used running NOCOM. (Image: FitMC) A portion of the code used running NOCOM. (Image: FitMC)

Brilliantly, the whole thing fell apart because, well, it was a server full of hackers and griefers where all cheating was permitted, so of course eventually some others would have the same idea. Come 2021 those others were Infinity Incursion, who achieved their own hamfisted version of the same exploit, albeit much more crude, and unable to track multiple individuals. In fact, they could track just one individual at a time, and rather brilliantly the person they chose to track was FitMC.

Recognising that something was up from the frequency with which he was being attacked, Fit started digging into what was happening, and eventually was told by one of the people “stream sniping” him how they knew his location. Aware of this, Fit and companions started becoming much more cautious, as the depth of the issue became apparent.

By June this year, thanks to Infinity Incursion’s far less concealed use of the exploit, more groups started learning about it. So throughout the last couple of months, huge numbers of bases and stashes were being raided and destroyed. People stopped logging into their accounts, knowing doing so would see their bases destroyed. 15,000 bases had been discovered, and everything had gone crazy.

Fit and some friends (using alt-accounts) were still playing, and decided to launch a grief attack on a base belonging to a player called Beardly. This involved the large-scale laying of TNT across the huge area, a couple of days in the execution. All the while they were doing this, Nerds Inc. were watching. Their far more sophisticated tools meant they were watching the plot unfolding live in their reconstruction of the base, with the players’ movements tracked, via their “remote viewing.” And 0x22 made the interesting move of getting in touch with Fit to tell him this, to tell him they knew exactly what they were about to do. I was fascinated to know why the Nerds would have done this, finally showing their hand, and to someone with two million followers on YouTube to tell about it. So I got in touch with him via Twitter DMs, and he explained it was all about recognition.

“I was only told about it by the Nerds so that no-one could steal credit for all of their hard work,” he explained. “It’s common for groups on the server to falsely claim they discovered an exploit first, which is why the Nerds were willing to give so much information for the video. They wanted to make sure it was described as accurately as possible.”

All this widespread attention meant people were contacting 2b2t admin Hausmaster to tell him about the core Paper exploit that allowed it all to happen, meaning it was inevitably coming to an end. So, as FitMC chronicles, the SpawnMasons decided to have one last hurrah, griefing and looting as much as they could before the good times were over. Then, precisely three years after it started, on July 15th, Hausmaster implemented server changes that ended everything.

Of course, not being able to use the exploit any more didn’t mean Nerds Inc. were powerless. Over three years they’d gathered over 2 terabytes of data, and had those 15,000 bases mapped and located on their own server. Which is to say, their reign of terror has not come to an end. It’s just that from now on players can build elsewhere and not be tracked or mirrored. So 2b2t can, in some sense, rebuild from the carnage that’s ruled for the last three years. Or, at least until someone discovers something else that breaks everything.

I wondered, having watched the video, how Fit feels about the last three years. He seems to convey as much admiration as frustration. However, he certainly leans toward the former. “When I found out this had been happening for 3 years, I was highly impressed,” he told me. “I feel the rest of the player-base feels the same way. To create an exploit that massive, and keep it secret for so long shows an incredible amount of restraint on their part. They could have abused it from day 1, but they chose to be discreet and collect as much data as possible.”

I implore you to watch the original video by FitMC (above), which explains all of the above in far better detail. He has many other videos chronicling previous major events on the server, as well as YouTube live-streams that must be like playing Russian roulette with YT’s content rules. So, at the same time, be forewarned about what you might end up seeing and hearing. Meanwhile, if you want to learn more about NOCOM, it has its own github page with vast amounts of detail.

The error message that began it all in 2016. (Image: FitMC) The error message that began it all in 2016. (Image: FitMC)

I want to add a post-script. It’s stories like these where I always feel conflicted. I’ve long been fascinated by the imaginations of griefers, of how they think in such unique ways, and go to such amazing lengths to achieve such petty/frivolous goals. But also, I feel such dismay at the way it’s so often expressed through racist and antisemitic memes, or cruel and spiteful abuse. While free speech protects all of us, I wish they strived for better, finding ways to achieve their incredible goals without resorting to the grotesquery that inevitably accompanies it. I entirely recognise that many will respond to this with derision, with mocking laughter that of course griefing requires the use of the most offensive and the most extreme measures, because it’s all part of the desired goal. I get that. But, like I say, it doesn’t stop me wishing for better.

FitMC has an optimistic view on this. “It’s inevitable that it will attract players who are only interested in griefing and destruction,” he tells me. But, he adds, “despite the toxicity, this type of environment can offer a challenge to regular players who have become bored of just regular old Minecraft, or are tired of over-bearing admins on other servers… I think the concept is fascinating.”

Comments

  • I have this weird sort of “Author blindness” when it comes to big blogging sites such as Kotaku. I can never keep straight who’s who and barely ever care who’s in the byline.
    But John Walker has such a unique voice here (and passion for the topic) that I can tell it’s him and that I’ll enjoy what I’m reading after the first sentence or two.

    I don’t even think he’ll see this comment (being Kotaku AU) but I still feel the need to express how much I like his content and want to see more like this in the future.

Log in to comment on this story!