Minecraft Mod, Follow up, and Java Reflection

Ongoing Credit Card Data Leak [Continues]
May 14, 2019
AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
June 17, 2019

Minecraft Mod, Follow up, and Java Reflection

After yesterday’s post, I received a ton of interesting and creative responses regarding how to get around the mod’s restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggestions as well with regards to hijacking DNS and pretending to be the site (Pastebin).

However, my FAVORITE suggestion came from a co-worker of mine (and all around super cool/talented hacker) Matt Langlois. He had an idea for a better workaround. One that didn’t require proxying web traffic or for you to even be connected to the internet. He decided to override the code that checks the list of allowed users and inject our UUID into that list. It works beautifully but rather than try to explain the details in this blog post, I suggest you visit his blog post to check out the details.

The gist is that Java reflection allows you to override methods in memory and this is exactly what Matt did. So – go check out the blog post!

News Reporter
News Reporter
Head of Operations (Banking), Director IT Governance, Teamlead Microsoft, Service Delivery Manager. Interested in Office 365, LAMP, IT Security and much more!