Learning Hacking via MinecraftEdu

by KingV

Preface:  Remember all those times when people said "I started learning to hack at age 12" or something like that?  Looking at the world today versus when I was young(er), systems no longer boot up to command prompt and prompt you to program them.  So you need other ways to get kids into it.  MinecraftEdu is a system where kids can learn programming through various levels of abstraction in a game.  I thought it would only allow very simple experiments using blocks.  So when my 12-year-old told me how he had hacked others', and finally his teachers', systems in MinecraftEdu, I found the story fascinating.  This includes building a program for others to use, backdooring it (with plausible deniability of course), finding ways to use the information to elevate your access from the virtual world, and thinking outside the box to hack a system built by someone else.  It seems the curious mind still has plenty of chances to find places to learn and hack.  So when he had a "work for a day" day at school, I had him write this up as an article.  This is what follows next, in his own writing with only minor editing by me.

Story:  You might have heard of the popular game Minecraft.  If you haven't heard of it, it is basically a Java game where you play (and build things) in a world of blocks (minecraftnet).  It has a wide modding base consisting of many interesting mods like "ComputerCraft" (CC), which adds in virtual computers to the game.  The CC computers use Lua as their programming language and anyone can make programs for it.  There are also programs that others have made and published at www.computercraft.info.  But you can also hack other people's programs on the computers.

At school, I am in a club where we have a server that we can play on.  I also have made some of my own programs on the server.  There are many ways you can exploit the CC API to hack password systems, etc.  Some of the ways you can exploit the API is by terminating the program by pressing Ctrl+T for three seconds and then typing edit in the console to edit the program to get the password.  Most people will block this because of how simple it is to block it.  There are also many other ways you can hack the virtual computers.

Here are some examples of how I hacked some other people's CC computers on the school club server.  The first example was simple, as I had given others in the club my own password system to provide access control for their doors in the Minecraft world.  This worked by having a CC computer next to their door and having it open the door if they typed the right password.  The version I made available had a back door in not disabling Ctrl+T, which opens the CC console.  This is a normal CC bug that people forget to disable Ctrl+T, providing plausible deniability.  After terminating the program with Ctrl+T, it was easy for me to get the password for the door by editing the program and writing it down.  And because many people aren't that security-aware, it means that (in theory, of course), they often use the same password for their accounts for other games and also their own Windows account, providing further access.

The second case was harder.  There was a teacher on the server who had made a hidden room with a password protected door.  First, I found the hidden room by looking around the server for things that were out of place.  Because he had made the password program himself, I didn't know what exploit would work on the computer.  He had blocked terminating the program with Ctrl+T, so I couldn't use that.  Then I tried restarting the CC computer, but the password program ran on startup.  After that, I made a CC floppy disk (you can do this in the game) with a startup file, which did not have a password system on it.  The CC computer would boot off the floppy because the mod always prioritizes booting from floppies.  It is possible to disable floppy booting, but he had not done it.  However, this requires placing a floppy drive object in front of the CC computer object in the game.  The way the CC (door control) computer was placed, I could no longer interact with it (which required clicking on it) if I put the floppy drive in front of it.

Because of this, I got someone else from the server to come and help me by placing the drive for me after I had clicked the computer.  This allowed me to stay logged in to the computer even after it was blocked by the floppy drive.  With this, I could circumvent the fact that the computer would be blocked by the drive.  After they placed the drive and the floppy inside of it, I restarted the computer so it would boot from the floppy.  My startup program simply printed a dot on screen letting me know the startup was successfully changed.  After booting from the floppy, I could go into the console and edit the teacher's password program.  After getting the password (which was not encrypted), I also added my own password into the program so I could log on with my own password.  After doing this, I would exit the console and run the password program and get rid of the drive, and then use my own password to login to the teacher's own CC computer.