"graduating" from developing plugins to developing inside CraftBukkit?

Discussion in 'BukkitDev Information and Feedback' started by halley, Dec 9, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    halley

    Okay, I've written a few plugins and try to help other plugin developers via threads in the Plugin Development forum area.

    I've been digging into the net.minecraft.server and craftbukkit classes a bit more lately. I'm curious how people make the transition from "being interested in craftbukkit guts" to "helping de-obfuscate minecraft" or "fix craftbukkit bugs" or "work around minecraft bugs in craftbukkit" or other craftbukkit development roles.
     
  2. Offline

    shadrxninga

    With a lot of work... working with code that is obfuscated and un-commented is really a nightmare come true (In my opinion anyway)
    I have a lot of respect for the main bukkit developers as it is a lot of work.

    If you really serious about helping out though - jump onto IRC and ask some of the developer there. Such as DinnerBone and Grum. They'll be able to tell you exactly what it's like and how to get there - as they've done it themselves.

    Just saw @Grum online... he might be able to get you a better answer :) - I suspect he'd rather talk in IRC though.
     
  3. Offline

    ChrizC

    The Bukkit team has deobfuscation tools that they use every update.

    Fixing bugs is simple. Identify them and report them via leaky.bukkit.org or simply fork the CraftBukkit code on GitHub and submit a pull request with the fixed code.

    Again, find the bugs, think of the workaround, fork the code, and pull request.

    Anyone can "develop for craftbukkit" but I think the core team of CraftBukkit developers is full, or would require you to (somehow) rewrite CraftBukkit/Bukkit to be better.
     
  4. Offline

    halley

    Thanks for that, ChrizC.

    The tools record the deobfuscation and assist the reapplication on new releases. People do the deobfuscation. That's all I'm getting at. : )
     
  5. Offline

    Daniel Heppner

    Actually, I've seen a tool that can take a Minecraft jar it's never seen before and deobf almost everything correctly.
    Also, doesn't Bukkit have access to the source code from Mojang?
     
  6. Offline

    halley

    I'm not trying to push hard on this topic, but the process of deobfuscation involves the target jar file and a database of unobfuscated names. You can't hand an arbitrary jar to any program and convert terse mechanical names like a into meaningful friendly names like onUpdate. It just can't happen without sentience. People looked at the code, decided the design intentions from the pattern of logic and Java API calls, even potentially cribbed their notes with a peek at a never-obfuscated leaked copy if available, and made the database of friendly names. The tools carry the water when it comes to doing all the mechanical correlation and search-and-replace required to get another public release of Minecraft back up to the current state of known code, but people still do the deobfuscation for every new symbol encountered.
     
  7. Offline

    ChrizC

    They do, but because it's so incompatible with their current system, they don't utilise it much. Also, I don't know if Mojang has stopped handing it out.
     
  8. Offline

    Daniel Heppner

    But if they're just decompiling and de-obfuscating the original source, what's the difference?

    I don't know how it works. I know how MCP works. But this program did not have a database. Within a few minutes of a new release of Minecraft, it had correctly renamed all the classes. It didn't do methods.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 22, 2016
  9. Offline

    halley

    The MCP includes a text file of known Minecraft symbols. That's the database of which I speak.
     
  10. Offline

    ChrizC

    It could possibly guess the names based on what it links to, when it's called, etc. etc.
     
  11. Offline

    Daniel Heppner

    I'm aware, but this program I saw had no database to speak of. It determined the class names on its own, even with a version of Minecraft that had just been released.

    It was made by a member of aVo. They use it to make their hacks.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 22, 2016
  12. Offline

    cyberdude

    AFAIK Bukkit team only got the source for 1.7.3 (Or maybe it was 1.6?) but haven't been handed the source since then.
     
  13. Offline

    ZNickq

    And there we go, somebody else giving avo fake publicity... First of all, such a tool never existed, and never will exist. It is not possible, and if you claim it is, you have either been fooled, or are simply lying...
    Then, the avo hacks plain suck, just like all the other smp hacks...because the server can never be completely fooled to do cool stuff, like opping people. So whatever developer avo has, he is definitely underage (since he does stuff like that), and doesn't have half as much skill as the mcp,bukkit, or spout devs, so i doubt he could do the impossible... And third, avo is full of retards, who do not have anything better to do...yes, i could dos attack a server, which would crash it, and i could make a sjitty client to go and grief like an idiot (which, btw, is funny, simce any dwcwnt server has hawkeye or logblock), but that won't give me any sense pf accomplishment, necause i am MATURE
    Sorry for the rant, now, ontopic, @halley just look through the cb code, you will figure it out, after you fix/add something, just make a PR ;)
     
  14. Offline

    Daniel Heppner

    Actually, that's not true. And I have seen it decompile Minecraft. I don't know how it works. But it does, and it spits out a file you give to MCP to work with.

    You're underestimating the power of some people. I'm not saying that Avo is better than Bukkit, but their developer IS better than many plugin developers, and Zidonuke (a white-hat hacker who used to be very active on HackForums) was the one that coded the hack that exploited GroupManager to get themselves admin rights on any server running it.

    Avo is not full of retards, they're very smart people who are immature and have nothing better to do with their lives than destroy other people's work. This is one of the things that really bugs me about them, they destroy other's work because the owner is "bad at running the server" or something. This is stupid because the owner is paying for the server and has full rights to do whatever he wants on the server. It's the players' choice to play on it.
    DDoSing a Minecraft server won't work unless you have some insane power because of the way such things work (I don't really get it, but I understand that it won't work)
    Finally, you act like logging plugins are invincible and you cannot exploit or find ways around them, which is not try. (hint: plant trees)

    As a final word, I'd like to say that I do not endorse griefing or avo (and I do not do this myself), but it bugs me when people start saying things to try to sound smart, when they really have no clue what they're talking about.
     
  15. Offline

    Zaros


    If I am correct, it would have to have something to draw from. It would need something to compare the obfuscation with a something preset to determine what it should be after deobfuscation. Unless ofcourse Mojang had a set way that they obfuscate the .jar. I have absolutely no knowledge of how obfuscation works, but I really do think SOME kind of database would be required for a task like that.

    Also, you said that it determines the class names even when they have never been used before. To do that, (I THINK) you would need the exact pattern/method of obfuscation that Mojang uses. Regardless, you said it determines the class names on its own. Nothing about deobfuscation of the full source:

    __________________________________________________________________________
    If you've seen it in action like you claim you have, you must still have something to do with it. Why not hand it over to the bukkit team for good use if you have it.

    You said you don't know how it works, but you can specifically tell us that it does not utilize a database, some how determines classnames on its own before they have ever been seen, and then spits out a file? I understand that you may not know the code used, but you seem to know a good bit about what it does. Again, you should hand it anything you have left of it to the Bukkit team. Atleast some good could come out of the program then.

    Edit:
    I'm no java genius, but I don't think that would work with classes that have never been used before. If they've never seen a class before, they have no idea what it is or does until they deobfuscate it. However, I think this is the most likely idea for how it works. A magical deobfuscation tool that predicts future classes and methods is unlikely unless the obfuscation method used by Mojang is the exact one that the tool uses.
     
  16. Offline

    Daniel Heppner

    I saw it right after a new update for Minecraft was released (within a few hours). Everyone was frantic for MCP to be released, and this guy from avo was showing off his deobfuscated classes, and he released the file for others to use. I never said that I got my hands on it nor did I say that it doesn't use a database (I don't know if it does or it doesn't). If I did, I apologize (I may have misspoken, which I do a lot).

    PS: This was on the move from 1.7 to 1.8.
     
  17. Offline

    Evenprime

    Writing such a tool is very possible and not that hard. You can get all needed components to do it for free on the internet. First you need a program/algorithm that can compare java source structure, which means it will be able to recognize that

    Code:
    int a = 0, b = 1;
    int c = a + b;
    System.out.println(c);
    
    and
    Code:
    int x = 0, y = 1;
    int z = x + y;
    System.out.println(z);
    
    are the same thing, despite not being exactly the same text (EDIT: I've written such a thing for C code once, it is really simple to do - every compiler needs to be able to do that). As long as only variable/method/class names are different, this is very simple to do, as this is just a syntax comparison, no need for the comparator to actually know what the code means. Minecrafts obfuscation and MCPs deobfuscation only change variable/method/class name, so that fits perfectly.

    Then you need a copy of unobfuscated source code of an existing MC version, against which you'll compare the obfuscated classes. Just compare every class against every other class. If you get a single (almost-)perfect match with the above method, you can safely unobfuscate that class or big parts of it with the information from the unobfuscated older version. Repeat this process until you run out of good matches. I'd estimate that you can map 90% of classes and methods this way.

    Then you can either do the rest by hand or maybe try other matching methods. But I'd guess that the remaining classes either can't be matched (because they didn't exist in the previous MC version at all) or are not interesting enough to bother with them right now.
     
    Daniel Heppner likes this.
  18. Offline

    ZNickq

    Exactly my point!
    Yes, the other part is true, i thought of it, but you also need to keep in mind that things change (notch can move code around), so it might not always work :p
    But i was talking about the new classes too, there's no way for the program to know what a piston is for example, having never seen it before, and that is the case for all minecraft releases, so it will never work completely from the first time, like daniel said...as such, again, he's either been fooled, or is lying....

    LE: he also claims the program didn't have a database whatsoever, so again, your theory, while possible, wouldn't work...
     
    Daniel Heppner likes this.
  19. Offline

    Daniel Heppner

     
  20. Offline

    Waterflames

    Just saying...
     
  21. Offline

    Daniel Heppner

  22. Offline

    Zaros

    @Waterflames
    I always proof read what I say for issues like that. The "I don't know anything about obfuscation" was the last thing I entered.
     
  23. Offline

    Daniel Heppner

    I should start doing that. Sometimes I only have five minutes or something though because I need to go to school.
     
  24. Offline

    NuclearW

    ZNickq, Technius and Daniel Heppner like this.
  25. Offline

    efashiongucci

    It could possibly guess the names based on what it links to, when it's called, etc. etc.

    I agree with this person said
     
Thread Status:
Not open for further replies.

Share This Page