[psa] Wynn Enhanced Not Safe

we didint steal any information.... again theres 0 proof we did...

not anymore

not anymore

not anymore

performance optimizations and quicker load times, it gets dynamically updated as soon as wynn releases a new RP

i have no clue what that is tbh, the only server connection issues i had so far was with custom main menu's direct connect, thats what may be causing it but im not sure how it works, ik that it broke our mod once because it couldnt detect the server correctly and i think same goes for better foliage mod.... thats the only connection things i was messing around with

but they do kick you, at least they will soon.

Look, that whole situation was a misunderstanding, I was threatening pretzule because of how badly he fucked me and kirdow over, we were promised something, worked so fucking hard on it, and as we were supposed to release it, he said, nope u cant do that i changed my mind. I went fucking nuts because of that, those threats weren't targetted at wynn but at him because even other wynn mods said I can do it but pretzule had controll over them and forced them to said no. Enhanced was THE ONLY MOD out of 4/5 which features were controlled by wynn, I mean when expansion or other mods released Item name display, the most controversial feature of them all which we were forced to nerf numerous times, displayed the name of the item BEFORE it was identified which was an exploit, but NOONE did ANYTHING about it until we mentioned it.... same for some minimap mod that had caves in it which isn't allowed.....

________________________________

dude, there isn't any in between, there either IS or ISNT any proof and so far I haven't received ANY even tho I asked for it numerous times!
there isn't something like hey if you download this under these circumstances you get a proxy in ur mod, but other than that u won't, there just isn't such thing!
better yet YOU HAVE the SOURCE and aren't sure if it's safe or not??????

 

In Forge modding, ClientProxy and ServerProxy are used when the same code acts differently on client and server, modding tutorials often make you create a "sided proxy" to automatically resolve these issues. There's nothing malicious here, and I REALLY hope this isn't what the staff meant by a malicious proxy.

 

From what I gather a lot happened in the heat of the moment which escalated to a much higher point than it should have and NEITHEIR side has lived it down or wants to admit they were wrong.
However I'm still curious what was the denied feature that set this all in motion?

Also that was a genuine interest about the poll. It's a very divided matter and I'm curious how others that arent commenting feel

 

hmmmMMMMM

________________________________

If you don't detect Twitch anymore, then what is this code doing in the TwitchDetect class?

 

1. Since we made a modpack aimed at one specific server there's always the case where some features could result in an unfair advantage. So we thought in case such thing would happen, having an ability to lock down outdated versions felt like a good idea since it would stop people from using these advantages if such thing would occur. For example, when developing the item display for ground items I asked someone on wynn how the range of levels is displayed. The answer was kind of unclear, making me feel noone actually knows so I made it in groups of 5 (1-5, 5-10, 10-15 etc). Few versions later we get a message from Pretzule, who explains that the ground items could give an unfair advantage since it shows the item level in groups of 5 instead of groups of 4. I told him I could fix that, which I did, and then the feature could stay in the pack. And so since we have the version checking, we could ensure people wouldn't use this "exploit" after it was fixed.
2. Actually you're partially right. I reinstalled Twitch and Curse multiple times to find how and where the client installs and couldn't find a way to change the .exe destination (Windows) from %appdata% anywhere during installation. So that folder is a good entry point it obviously seems. However you are correct about how you can change the location of the minecraft part of Curse/Twitch. This is why I need the %appdata% folder. In that file is a LocalStorage.json, which just FYI doesn't store any passwords or any vulnerable data. But close at the bottom there is a variable called "minecraftRoot". this is the one I need, and after that I just check if the game is launched in the subfolders of that directory. Note however that all the problems that occurred was mostly because people had Unicode characters in their username causing the accessing of LocalStorage.json crash because the way you load files in the initial versions didn't support Unicode in the paths. This is why I myself for a long time wanted to remove it.
3. This was Unknown's idea of blocking users who exploit features in the modpack either against us or against wynn. I later found out that he filled this list with people he doesn't like, so I actually removed it from the current source which didn't get released.
4. If I don't call super it's because the methods does things that I don't want to happen, it has its reason and is not done by accident or by mistake. Note that soon after 2017 had started MinecraftForge updated their Policy stating that coremods, which adds the ability to change the methods themselves without overriding them, aren't allowed to be packed with the rest of the mod anymore, if I understood it correctly, thus why I had to override the method and discard super calls.
5. This has 2 parts I would say, the first part is overriding specific models, we did this because the book suddenly became tilted forward after one of their resourcepack updates, so we decided to fix that by overriding that said model with the old one which we still had. This is also why we asked the staff for permission to use their resources back in 2016 in a conversation which from the looks of the reponse was granted.
The second part is overriding the loading of resource packs. Remember when you switched worlds, or for some low end PCs, even entering the world, your game would freeze for a longer period of time, ending up with you getting timed out since Minecraft downloads and load resources on the main thread. So we decided to make our own loading, so if you join for the first time, we remember the ID of the resource pack. So next time you launch the game, you would load the resourcepack during launch up. And then when the server asks you to download the resource pack, we just discard it and fake "download successful" to make entering a world way faster. Note that we did take resourcepack updates into account so if you would have an updated pack to download it would do that even if it's already downloaded.
6. Now this is where the reason this shut down came in. I'm gonna go in depth of this one.

The game has 3 web requests done on game launch. First 2 is the version files, just a request where you just fetch the version of the pack and compare it to the local one. The 3rd is the playerlist.php, this only sends your UUID which by the way is fully open to the public. Just search your username on https://namemc.com/ and you should see your own UUID show up. It's just Mojang's way of identifying the account even if you change your username, nothing special, nor is it dangerous to send to webpages.
Salted's statement suggests that my modpack would redirect traffic into a proxy before connecting to wynncraft. The only one I've seen being stated is how I have an interface called "CommonProxy" and 2 classes "ClientProxy" and "ServerProxy". This is not a network related proxy, but a forge mod related proxy. Forge as you may know, allows to have both server sided mods and client sided mods in the same jar file. In such Forge requires you to specify where your client proxy and server proxy is located, thus when you load it on the client it would automatically instanciate the client proxy for you and vice versa. This is nothing special, nor is it malicious. It's how every mod made with Forge is supposed to be constructed at its core.
I do however have a second part of the Jar which I haven't seen mentioned anywhere but I think it's worth mentioning, since I feel it's the part people have found redirecting all network traffic. Basically when I first made the item locks, I needed a way to stop the the window click packet from being sent to the server. My first try was to override the Network handler for the client and override all methods, redirecting them to a proxy method filtering these. This method didn't send any of these packets anywhere third party related. Only thing it did, was to check if a packet block had been requested for a specific packet, it would simply not send it through the pipeline. This method of blocking item lock clicks was really hard to work with so I scrapped that code, and tried doing the override part seen in #4 up above. Note that this was before the initial release back in 2016 if I'm not mistaken.
I do also have other classes or methods named proxy, but these are not network related, since I use the word "proxy" to be a man in the middle or a hub for data passing through.

This is actually not true, I mean the code you found is true, but the rest is just a misunderstanding. The thing we don't do anymore is to force the platform. Nowdays the reason we check for it is to store that in a variable displayed on the crash log so we could see how the user installed the modpack without having to ask them directly.

 

in the crash log we print that the person wasnt using curse in small text so when they send us the crash report its easier for us to find the issue

 

What do you propose they do in search of an evidence?
When you represent Wynncraft, you don't get to freeball it and see what happens. You take things way more seriously when you are responsible for the users that use your content. Quite frankly, I'm still amazed it took this long for the actions to be taken. If it was up to me, I would have banned him and removed all of his work the second he made the threat.
Bottom line is this. You don't get to threat people. Simple as that.
Staff just wants to protect users and have a safe gaming environment. Taking chances, on this level, isn't responsible.

Unknown, whether it was a misunderstanding or no, you made a huge threat staff can't take easily. To this day it's the largest threat Wynn has received by a huge margin, and I am quite sure you, just like many others, don't understand the magnitude of it.
Taking your behaviour into account, it's hard to believe you or take things you say seriously. That's what happens when you act the way you did.
I'm sorry this has escalated up to this point, but it's too late now, the ship has sank.

 

After running through the code (stupid compiler converted everything to bytes, not fun) I found this was the case. Good improvement.

I also looked through nearly all of the code, I could not find anything malicious except for the player blacklist. I could not find any proxy sending off your session id. It is entirely possible the staff thought the ServerProxy class was malicious, even if it isn't. If the staff have any proof there were other malicious things going on, I would appreciate it if they showed us.

Still, threatening staff members is never a good idea, and if they had a misunderstanding, it's not hard to see why considering ThaUnknown_'s behavior.

EDIT: Fixed quote formatting

 

so was there anything malicious in the mod at all? Apart from the blacklist of players. Because it would appear that this is really just about personal gripes and there is no actual evidence to the malicious code. However,

Could not agree more.

 

go away u unprofessional

To clarify: Why does this mod have a ServerProxy? Why is it there, having no actual use, as this is a client-sided mod?

 

Because that is how all forge mods are recommended to be constructed. I believe it's in the JavaDoc

 

If my understanding is correct, Forge uses an internal server, not connected to any server outside your network. I remember sometimes seeing a "Shutting down internal server" message when quitting the world in singleplayer.

 

This was actually my first forge mod, so I just added both classes when taking a quick guide to forge modding, since the guide assumes you're creating a mod that goes on both sides. I assumed it would be good practice according to Forge to leave it there since they state there should be a ClientProxy and ServerProxy in the code to separate the 2 parts, just so if someone accidentally put it on the server the server wouldn't crash because there's a missing server proxy. I haven't touched that class since like the first day of coding the mod. The methods in the class are even empty so idk why it would be a threat to anyone anyway.

Edit: Here's a snippet of the source from when I first added it to bitbucket soon after last update, methods are empty:

 

again... it wasnt a threat to wynn.... it happened because pretzule acted relative to me and not the mod, he didint agree because he didint like me, not because it was bad which was a [not nice] move from his part

 

I edited your message, watch your language.
And I don't see how the fact that he did a choice that you don't like makes your threat not pointed towards Wynncraft?
You did threaten of ddosing the server, so why : "it wasnt a threat to wynn"

 

Well Unknown aside is the mod still banned even after the proxy has been found to not be malicious?

Edit: like you guys didn't even ask Unknown or Kirdow about it, and literally a few posts they clarified what the proxy was and how it isn't malicious. Flying rumors and stuff could have been clarified with a quick contact ya know

 

Or, Unknown could have been nice from the start and nothing would have happened.

 

Or you realize that from that the Wynn staff just targeted down the mod to remove it because of that.

Both sides are in the wrong here, let's stop arguing about what happened before and fix whats broken now.

 

Sure, go ahead and fix it.
Why would staff want to waste their time doing something they aren't obligated to do.

 

again i didint....