Skip to content

Archives

“Randar” exploit for Minecraft

  • “Randar” exploit for Minecraft

    This is great — I love a good pRNG state-leakage exploit:

    Every time a block is broken in Minecraft versions Beta 1.8 through 1.12.2, the precise coordinates of the dropped item can reveal another player’s location. “Randar” is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to locate other players currently loaded into the world.
    Don’t reuse those java.util.Randoms! (via Dan Hon)

    (tags: exploits security infosec minecraft prngs rngs random coding via:danhon)