GN⁺: Randar: LLL 격자 축소를 활용해 서버 RNG를 크래킹하는 Minecraft 취약점
(github.com/spawnmason)Here are the key points from the Randar explanation and information, summarized in Markdown format:
Randar exploit overview
- Randar is an exploit for Minecraft versions Beta 1.8 through 1.12.2 that can reveal other players' locations by cracking the incorrectly reused
java.util.Random
in the Minecraft server - It works by using LLL lattice reduction to determine the internal state of the RNG based on the precise coordinates of dropped items when a block is broken
- The exploit was discovered by n0pf0x (pcm1k) on October 7, 2022
How the Randar exploit works
- Minecraft's code mistakenly reuses the RNG between generating terrain (like Woodland Mansions) and in-game actions (like mining blocks)
- When a chunk is loaded, it checks for structures like Woodland Mansions, resetting the RNG seed based on the chunk coordinates
- When a player mines a block soon after, the dropped item's coordinates are determined by the RNG state
- Using lattice reduction, the exact internal state of the RNG can be determined from the dropped item coordinates
- Stepping the RNG state backwards reveals the most recently loaded chunk coordinates, exposing a player's location
Protecting stashes from Randar
- Building stashes in specific "decoy" Woodland regions where another region is within 4 RNG steps can fool exploiters
- Ensuring the entire stash is within the region and stationing an AFK account at the decoy provides extra protection
Complete exploit code and patching
- The full Java code for cracking the RNG state from item drop coordinates and stepping backwards to find player locations is provided
- For Minecraft servers still on vulnerable versions, the patch involves changing the
World.setRandomSeed()
function to use a separate RNG instance for world generation
Additional notes from n0pf0x
- n0pf0x used a caching system for faster seed to coordinate lookups vs the Mason's GPU hashmap approach
- Techniques are described for tracking hits in The End dimension which is trickier since chunks only affect RNG on first generation
- An "End Occupancy Tracker" estimates which players are in The End based on RNG calls per tick to help identify who caused certain hits
GN⁺의 의견
- Randar는 시드(seed)를 알아내 월드 전역에 걸쳐 플레이어의 위치를 유출시킬 수 있다는 점에서 심각한 익스플로잇임. 1.13으로 업데이트 하거나 패치를 적용하지 않은 서버라면 심각한 위협으로 작용할 수 있음
- 특히 해킹을 허용하는 anarchy 서버의 경우, 치트 툴로 악용될 소지가 크므로 이에 대한 대책 마련이 시급해보임
- 월드 전역에 적용되는 단일 RNG 사용은 편의를 위한 것이었겠지만, 취약점이 발견되면 게임 전체에 영향을 줄 수 있는 구조적 결함으로 보임. 예측 가능하고 반복적인 시드가 필요한 부분은 별도의 RNG로 관리하는 것이 바람직
- 다만 1.12 이전 버전의 PoC 리플레이에서도 유추 가능하므로, 지난 리플레이 중 중요 거점이 노출된 건 아닌지 되돌아볼 필요 있음
- 마이크래프트 뿐만 아니라 다른 게임에서도 시드 재사용에 따른 취약점이 발견된 사례가 있음. 게임의 핵심 시스템에 쓰이는 시드나 RNG는 세심한 주의가 필요. 의사난수의 주기, 시드의 랜덤성, 시드의 재사용 등을 점검해야 함
Hacker News 의견
Here are the key points summarized from the Hacker News comments:
-
In the 1999-2000 "International RoShamBo Programming Competition", a bot called "Nostradamus" won by reversing the state of the random number generator to predict the plays of a random baseline bot with 100% accuracy.
-
LLL lattice reduction, the same algorithm used in the "Nostradamus" bot, can also be used for cracking PuTTY keys from biased nonces as explained in a recent Hacker News comment by 'tptacek.
-
The SciCraft Minecraft server used a sophisticated setup to deterministically manipulate the game's RNG state to trigger "random" lightning strikes every frame for better item drops, as demonstrated in a YouTube video.
-
Some commenters find this exploit both fascinating and cautionary, as it highlights the risks of having random sources interact in code. It's considered one of the most sophisticated exploits for the least payout.
-
The idea of a "free for all bug abusing server" in Minecraft is compared to what actual fighting might look like in a hypothetical metaverse.
-
The Minecraft modding/hacking community is praised for its sophistication, with some impressive in-game RNG cracking demonstrated in another YouTube video.
-
The RNG manipulation is compared to phase space plots of weak TCP ISN RNG.
-
Some players enjoy the "anarchy" servers in Minecraft like 2b2t, considering it the way the game is meant to be played, despite the servers sometimes getting too popular.
-
One commenter is curious about the professional background of a prominent Minecraft game hacker named Leijurv, guessing they might work in infosec or algorithmic trading given their impressive skills.