I want to make this Thread a List of all ways to help fixing that new Log4j zero day exploit that Minecraft seems to have now. Testing can be done by just typing ${jndi:ldap://127.0.0.1:1389/a} in Chat, but all I get is Forges Chat Formatter fucking up with IllegalArgumentException and MC crashing instantly without any trace of trying to connect (I replaced that IP with an IP/Port on my local network, to see if that Computer receives any connection attempt, but nope).
The first way, which does NOT seem to work from my testing in 1.7.10 is adding -Dlog4j2.formatMsgNoLookups=true to the JVM arguments.
The second way is just using an up to date MultiMC, which downloads the updated Version of that Library.
Update Java, apparently Oracle fixed this Issue on the Java end in 2018, and OpenJDK fixed it a few months later too… This ALSO explains why i was not able to reproduce this Issue on my Computer, because my Version of Java 8 was too up to date…This one does NOT work fully and only shields against the some of the simplest attacks.
Add one of the dedicated Fixer Mods.
I would like to see more ways, including dedicated Mods, so anyone have suggestions?
Yeah I did not post the ones we talked on IRC about, in order to encourage more people to post something here.
Yep, that one is on my List of things to look at, because it actually shows how it is done. I may or may not be planning to somehow integrate a mixture of all those fixes into GT6, which was one of the reasons I started this Thread, in case there is a good Solution. ^^
[17:43:17] [Server thread/WARN]: Failed to handle packet for /10.66.69.201:65082
java.lang.IllegalArgumentException: Illegal character in path at index 18: ldap://127.0.
0.1/a}
at java.net.URI.create(URI.java:852) ~[?:1.8.0_265]
at net.minecraftforge.common.ForgeHooks.newChatWithLinks(ForgeHooks.java:417) ~[
ForgeHooks.class:?]
at net.minecraft.network.NetHandlerPlayServer.func_147354_a(NetHandlerPlayServer
.java:722) ~[nh.class:?]
at net.minecraft.network.play.client.C01PacketChatMessage.func_148833_a(SourceFi
le:37) ~[ir.class:?]
at net.minecraft.network.play.client.C01PacketChatMessage.func_148833_a(SourceFi
le:9) ~[ir.class:?]
at net.minecraft.network.NetworkManager.func_74428_b(NetworkManager.java:212) ~[
ej.class:?]
at net.minecraft.network.NetworkSystem.func_151269_c(NetworkSystem.java:165) [nc
.class:?]
at net.minecraft.server.MinecraftServer.func_71190_q(MinecraftServer.java:659) [
MinecraftServer.class:?]
at net.minecraft.server.dedicated.DedicatedServer.func_71190_q(DedicatedServer.j
ava:334) [lt.class:?]
at net.minecraft.server.MinecraftServer.func_71217_p(MinecraftServer.java:547) [
MinecraftServer.class:?]
at fastcraft.u.a(F:289) [FastCraft.jar:?]
at fastcraft.H.aq(F:36) [FastCraft.jar:?]
at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:396) [Minecraft
Server.class:?]
at net.minecraft.server.MinecraftServer$2.run(MinecraftServer.java:685) [li.clas
s:?]
Caused by: java.net.URISyntaxException: Illegal character in path at index 18: ldap://12
7.0.0.1/a}
at java.net.URI$Parser.fail(URI.java:2848) ~[?:1.8.0_265]
at java.net.URI$Parser.checkChars(URI.java:3021) ~[?:1.8.0_265]
at java.net.URI$Parser.parseHierarchical(URI.java:3105) ~[?:1.8.0_265]
at java.net.URI$Parser.parse(URI.java:3053) ~[?:1.8.0_265]
at java.net.URI.(URI.java:588) ~[?:1.8.0_265]
at java.net.URI.create(URI.java:850) ~[?:1.8.0_265]
… 13 more
does that mean successfully patched and not vulnerable?
Quick note. I removed the XML and the startup parameters and tested. I received the same invalid character message. I added them back, and again got the same invalid character message.
At this point I can’t tell if my server is vulnerable or fixed because it’s the same message either way.
Update Java, apparently Oracle fixed this Issue on the Java end in 2018, and OpenJDK fixed it a few months later too… This ALSO explains why i was not able to reproduce this Issue on my Computer, because my Version of Java 8 was too up to date…
I couldnt get an outdated enough Java Version to run on my Computer, I finally found one that was not javascript-locked behind a malfunctioning Oracle EULA Wall, but that one was incompatible with 2018 Debian…
I even tried my old Win 8 Install until I realized I nuked Minecraft from it, when I installed Linux on the second Partition for Dual Booting, and I dont wanna connect that thing to the Internet at all to install MC again…
Can someone who is still vulnerable and didnt update Java 8 in at least 4 years use the current Secret Version of GT6 to see if it successfully detects that you are vulnerable to the exploit?
I tried to boot the game with the 1.8.0_60 version, and this is the output I found in the log.
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: Checking if the log4j Exploit has been fixed.
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: If the Game Crashes from this following check there are a few ways to fix it:
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: 1. Update Java to one of the following Versions or later: Java 7 – 7u202+, Java 8 – 8u192+, or whichever Java equivalent you use that has the log4j exploit fixed. Yes, Oracle fixed this exploit back in 2018 already.
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: 2. Use a Minecraft Launcher that automatically updates log4j for you to a patched Version, such as the official Launcher or MultiMC
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: 3. Install one of the many Patcher Mods that fix this Issue in one way or another.
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: Now performing the actual check! Don't worry, these are IPs which loop back to your own Computer, and dont go to your Network!
[01:30:26] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: ${jndi:ldap://127.0.0.1:8000/test}
[01:30:32] [Client thread/INFO] [log4j-vulnerability-detector/gregapi]: ${jndi:rmi://localhost:8000/test}
[01:30:39] [Client thread/DEBUG] [FML/gregapi]: Bar Finished: log4j exploit check took 12.239s
It looks like the detection didn’t work, I entered the detection in the game and crashed.
Maybe it’s better to test it yourself. https://drive.google.com/file/d/1zR6bTh8Fyce3Oiy0zLpCiBkJCHVYJgAl ( do note that this is a java exe file before clicking this link)
Dude I use Linux, that’s why I cant just use my old Java 8 Installer for WIndows either, because all my Windows Devices are not connected to the Internet whatsoever (something something Microsoft is malware something something), so I cant reinstall Minecraft on them. XD
And the Game Crash happens because Forge tries to parse the IP in Chat inside the exploit, so it will ALWAYS crash no matter if it is fixed or not. The exploit is supposed to Freeze and not Crash the Game.
So, finally found out one thing about this exploit, you actually HAVE to run a Web Server on that IP and Port, or else it will literally not do anything. Kinda makes it hard to check for, soI will not do that in GT6.
I will probably just nuke the lookup function with ASM or something, like most of the Fixer Mods do.
No. You have to run something that takes unfiltered network traffic of any protocol that may log portions of that packet that has string data. Logging of malformed URLs is one item, but chat in Minecraft was another.