The public-facing side of Minecraft is the jolly, happy one. This is where we coo at people recreating the world of the Lord of the Rings, or admire the incredible visual tricks that can be pulled off with a little ingenuity. But then there’s the less well-known (though often no less popular) side, where things all get a little grimmer.
One of the most infamous ‘anarchy’ servers in existence is 2B2T, a long-running and no-holds-barred server which has not been reset since 2010. The name stands for ‘2 Builders 2 Tools’ and it is designed to be inhospitable, nasty, and has at times been named the ‘worst’ Minecraft server in existence. Naturally its players would disagree, and from another perspective 2B2T is an example of Minecraft’s enormously wide appeal and its ability to turn players into creators: it is a place with a real history, which is written on and defines the landscape. The community around 2B2T and the way it has developed over the years is why it was featured in the 2019 exhibition Videogames: Design / Play / Disrupt at London’s V&A Museum.
This story begins even before that. In 2018 a bunch of ne’er do wells found an exploit in a piece of Minecraft server software called Paper (thanks, WindowsCentral). This exploit essentially made the server think a player was clicking on every block in the map: instantly making it try to load countless block renders and crashing the server. It’s the kind of catastrophic bug that, with software like this, is fixed quickly as soon as it’s been used and noticed.
And ‘quickly’ was the problem.
One of the coders that came to work on NoCom, though only since 2020, is Leijurv, who wrote a long and detailed post explaining exactly what the group did after this point, and why it worked.
The beginning of the post points folk towards this youtube video by FitMC, which the perpetrators assisted in preparing and gives a more general overview.
The reason why NoCom flew under the radar for so long, in Leijurv’s words, “is that there is no actual ‘exploit’ or ‘backdoor’ in the sense that you might think. In other words, the server doesn’t ‘misbehave’ or do anything suspicious. It’s fully expected and intended behavior, the code doesn’t do anything sneaky or surreptitious, it’s actually perfectly simple.”
PaperMC, the developer of Paper, ‘fixed’ the original exploit, which was exactly what the hackers behind what would become known as NoCom were waiting for. One particular patch of PaperMC allowed the hackers to click on blocks and be told what its contents are, which is not unusual behaviour for Minecraft. What is unusual behaviour is applying this logic far beyond where the ‘player’ actually is: that is, being able to ‘click’ a block anywhere in this absolutely enormous landscape and know what it is.
“So this is known and desirable behavior on the part of 2b2t,” writes Leijurv. “It’s just that not many people thought of intentionally going outside one’s render distance to extract information. The realization is that you can click absolutely any block, anywhere on the server, even a million blocks away, and learn if it’s currently a loaded chunk, by if the server responds to you or remains silent.
Using common sense, the Paper developers intended for this patch to reply to the player only if the chunks were loaded by your player, as that would make logical sense (that’s all the blocks you could reasonably be digging in good faith). The problem is that the way the code was written, the server will reply to you if the chunk is loaded by any player on the server, which is clearly an unintended side effect.”
Why does this matter? Why do you think. Once this exploit was available, the people behind NoCom began check whether specific chunks of the map were loaded or unloaded. The former indicated the presence of other players, and so these locations were recorded, creating a master document of bases and other locations to hit. There’s a certain poetry to this, but over the past three years the NoCom exploit was used to grief the hell out of players playing on a griefing server.
Here is a heat map of 2B2T’s world showing where players and groups are concentrated. And here’s where the hack gets simply devilish.
When first discovered, the exploit had to be used manually. And obviously endlessly clicking blocks to find out what’s where is not the most efficient method of dastardly thieving. So the NoCom group began to automate it, introducing bots to the server on a shift system such that one was always online: and these bots watched the world’s main thoroughfares.
When one of these bots spotted a player it would trail their movements using the program, and take particular notice of how much time they spent in certain areas.
Here is a “kindergarten explanation” from Leijurv of what the bot called Elon_Musk would do.