Skip to content

Jyrycek/Resource-pack-exploit-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Cheat Detector (Resource Pack Exploit)

A simple proof-of-concept Minecraft plugin that uses a known resource pack exploit (working only on 1.8.x clients) to check whether a specific file exists on the player's computer

This only works on Minecraft 1.8.x. The exploit was patched in newer versions.

What does it do?

When you run a command (e.g., /checkclient <player> <path>), the plugin sends a fake resource pack request to the player using a level:// path that points to a file outside the minecraft folder – such as:

level://../../../Downloads/AutoClicker.exe

If the player’s client tries to load the file, we know it exists on their machine. If not, the file likely doesn’t exist.

How it works

  1. The server sends a fake resource pack using a relative path (via PacketPlayOutResourcePackSend).
  2. The client replies with a RESOURCE_PACK_STATUS.
  3. The client can respond with one of several statuses:
    • ACCEPTED: The client confirmed the resource pack was loaded successfully — the file exists.
    • DECLINED: The client declined the resource pack (e.g., user refused) — existence of the file is uncertain.
    • FAILED_DOWNLOAD: The client failed to load the resource pack — the file likely does not exist.
    • Or the client may not respond at all (timeout), which is treated as failure to confirm existence.
  4. The plugin interprets the response (or timeout) and prints the result.

Usage

Command

/checkclient <player> [path]
  • player — the name of the online player to test.
  • path — optional file path relative to .minecraft folder.
  • Example:
/checkclient Player ../../../Downloads/AutoClicker.exe

The path is interpreted relative to the .minecraft folder, which is assumed to be in the default location (e.g., C:\Users\<username>\AppData\Roaming\.minecraft on Windows). If the client uses a custom launcher or a non-default location, the detection may fail.

Disclaimer

This plugin is not intended for production use. It is meant for testing, research, or private server use only.

Due to its reliance on an outdated client exploit, it should not be used as a reliable anti-cheat measure.

Requirements

Created as a proof-of-concept in 2022 for educational and research purposes.

About

A simple Minecraft plugin for detecting files in computer on 1.8.x clients via resource pack exploit

Resources

Readme

License

Unlicense license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages