The H4x: A Short History of Hacking in Minecraft

For the many years Minecraft multiplayer has been in existance since 2009, hacking has always been a problem. How has it changed as Minecraft aged? This "short" story will attempt to sum it up...

Inspired by http://www.jamesrustles.com/2016/12/2b2t-history-2010-2016.html

Here's a video inspired by this page: https://www.youtube.com/watch?v=QGU9wg91QNM

Prologue - The Creation
Minecraft was first started as "Cave Game" in March 2009 by Notch. As May went on, he added mobs and humans. On June 9, multiplayer was first released, but it wasn't like the multiplayer it was today. Over time, it slowly got more and more players, and slowly gained more and more popularity. A great game was rising up...

Chapter 1 - A New Beginning
In the beginning, it was just another sandbox game. A world where you could survive, and fight off monsters. Servers were around during this time, but they didn't have the minigames that you knew today. It was classical Minecraft, a world of creation. But progress doesn't stop. Indev came, then infdev, then alpha, then beta. Finally, on November 2011, Minecraft 1.0 was released. The constant release of new versions led to Minecraft to explode in popularity. Millions of copies were sold, leading to Minecraft becoming one of the most sold games ever.

Around this time, mods began appearing. With ModCoderPack coming out at the early alpha versions, users could now create mods. The first mods like BuildCraft or TooManyItems began to appear around this time. But with mods came hacks, modifications that allow for cheating in both multiplayer and singleplayer.

Onward...

Chapter 2 - The First Cheats
They were mostly just fun projects by people, but they didn't do anything fancy.

This is an example of a hack made in 2010. Looks pretty primitive doesn't it?

https://www.youtube.com/watch?v=c6y3QKsmYWA

In the first stages of multiplayer development, Mojang quietly moved the bulk of the calculations to the server side. This effectively nullified most inventory and godmode hacks.

It is not known when this happened, but there was probably never a moment where widespread destruction could be done using these hacks. I previously speculated that it was somewhere around 2011 because of this video (https://www.youtube.com/watch?v=5OKtAw5wszI), but a closer analysis reveals that only speed hacks were working at this point. A cheat engine post from mid-2010 suggests that inventory hacks were already patched by then (https://forum.cheatengine.org/viewtopic.php?t=515594).

The most infamous use of a cheat client during this time period would be by Team Avolition or Team Avo, starting only with an xray in their client in January 2011. The main purpose of this client, later named Reliant, would be to grief Minecraft servers which had poor protections back then. Krysk, a member of the team was the creator of this cheat.

https://www.youtube.com/watch?v=6dAe9ozAyLU

https://www.youtube.com/watch?v=I6nNo_usbNE

Not too long after, Avo would be seen using a sneak hack to avoid being detected while moving at full speed in order to grief servers.

https://www.youtube.com/watch?v=xSMUlXWLGxY (This video was reuploaded in 2015, but the original was uploaded in 2011. The video on the official channel is lost due to copyright music that could not be edited out.)

Krysk would continue to add features to the client throughout 2011, notably cheats such as Fullbright, Instant Break and Flying.

https://www.youtube.com/watch?v=OtvUr-EKoAs

The most feature Krysk would add is Nuker, used on creative servers to destroy large amounts of blocks in a short period of time.

https://www.youtube.com/watch?v=4_HCNeK15Bs

In 2012, Nodus was released. It was one of the most popular hacks back then, and it had many features that today's clients still have today.

https://www.youtube.com/watch?v=FJI-scuAsLw

Most servers then didn't really have an anticheat. But as the number of hackers increased, that soon changed.

Chapter 3 - The First AntiCheats - AntiCheat, NoCheat (and later AntiCheat+ and NoCheatPlus)
The first widely available plugin was probably NoCheat. AntiCheats are just as old as cheats, but during the release of Nodus anticheats would be widely used across small and big servers alike. NoCheat was later abandoned as AntiCheat and NoCheatPlus would be released.

NoCheatPlus was the big one. Before 2016, it was basically the only publicly available anticheat that could keep up with hackers, and blocked many movement hacks, restricting well known hacks like Forcefield, Speed, and Fly. In response to this, KillAura, a combat mod which would aim at a user before attacking, was born.

Here's a video advertising it:

https://www.youtube.com/watch?v=kVlbnR3Bzz4

Chapter 4 - Hacked Clients Gain Popularity, AntiCheats spread (MC 1.0)
But despite the rise of NoCheatPlus, hackers would still gain a significant advantage. KillAura and ESP would allow significant advantages in many servers, and it was up to admins to ban them.

Meanwhile, the market began to spread. As Minecraft soared in popularity, more and more hackers would create cheats, and Nodus was no longer the only hack.

With blatant hacks like fly restricted, cheat developers began to innovate. Clients like Weepcraft included a lot of features from blocking soul sand slowness to a slight speed hack. As minuscule these hacks sound, they provided a lot of advantages in certain situations. Hacks for specific gamemodes (like an gun aimbot for Cops and Crims) were created, and those remain hard to patch.

Chapter 5A - Exploits and Bypasses
Exploits have always existed. From the lightning exploit (2b2t anyone?) to the "session stealer" exploit (NOT the one which you look for "session id is token", the 2012 one), hackers have always used special exploits to leverage special attacks. But 2015 saw a wave of exploits and bypasses.

First, during Christmas 2014 and early 2015, there was a command block exploit (Kneesnap), where it was possible to use command blocks on creative servers to get OP. Then, there was the sign and book exploits, which forced Mojang to release emergency patches.

Private clients (will be discussed later) had a bunch of nice exploits as well. CrashHead anyone?

2015 was a bad year for NCP too. A fly bypass that appeared as far back as 2014 (https://www.youtube.com/watch?v=juv_9o_wkGo) suddenly appeared in public clients like Wurst, and that took a long time to patch. There was also a speedhack bypass, and some other movement bypasses (like Jesus) as well.

In specific servers it was also possible to use godmode, but that was patched quickly. But the main combat advantage was BlockHit. Very few clients had it perfect in 2016. And oh boy, it was good. By continuously toggling and untoggling the sword, a player was able to only take 50% damage his enemies delivered to him. Clients that had this feature would simply demolish everyone, including other hackers.

As this stage a clear divide would be created between public and private clients. Next chapter...

Chapter 5B - The Cheating Market
If you used hacks, you would most likely be using "public" clients like Wurst. Wurst was probably the best public client for a long time, as it was one of the first clients to publicly release bypasses like fly or Jesus. But its achievements were minuscule compared to what private clients had. Remember BlockHit? It's patched now (by anticheats and by 1.9), but until 2016 it wasn't well known.

Despite this divide, large changes were about to happen. The old order was about to be thrown in jeopardy...

Chapter 6 - Fall of the Monopoly
The year is 2016. NoCheatPlus is the best public anticheat, and Wurst is the best public hacked client. By the end of the year, large events would happen that would shake the balance of power forever.

The first major anticheats that were released were AAC and AntiAura. Both were developed to combat the growing annoyance of KillAura, which was mostly undetectable if implemented properly. Both were designed to ban, rather than just block.

These anticheats first used NPCs to detect auras, and later they would exploit patterns that many killauras share. Hacked clients, in response, fought back, mainly by reducing the advantage of killaura. Today, there are many servers have patched the "blatant" killauras that existed back then,

In 2016, Spartan and Reflex would also come into play. But all these anticheats were young, and with some servers removing NCP entirely, the second bypass rush began. Youtubers began advertising bypasses on AAC servers, showing fly, speed, step, and at one point, even teleport. It was the internet's version of whack-a-mole. They just kept coming.

Wurst's domination was being challenged as well. As clients with bypasses suddenly became popular and free, anticheats would need to patch often to prevent servers from being rekt.

Chapter 7 - Progress on All Fronts
As anticheats became more developed, so did the number of hacks they blocked. For the first time, developers were looking at ways to block ESP and other "client side" anticheats, something that had never happened before. Even though client-side anticheats are limited to specific servers (like competitive PvP ones), anticheats have advanced to the point where it is possible to block players from gaining a significant advantage).

As we approach 2018 and 2019, we see things like "machine learning anticheats" being more and more common. And it is not like "hacks" haven't advanced as well. Just look at Baritone: https://github.com/cabaletta/baritone

Chapter 8 - Epilogue
Well, it has been a long ride. So much has changed since I first started Minecraft, and much of it was unpredictable. I expected Minecraft to die out as games like Fortnite grew exponentially, but now it appears not to. It seems like every single hack and anticheat check you can think of has already been created at least once by someone in the world, so most of the progress will probably be improving on previous ideas (for example Baritone still receives lots of updates).

But no matter what happens, we'll always look back to Minecraft, as a nostalgic reminder of what we used to be.