Backdoors on 2b2t are one of the greatest
game-changing occurrences to ever happen on the server. It allows players to get beyond the server's
anti-cheat system and perform things that previously appeared impossible. In the entire history of 2b2t so far, there
have been three major backdoors, each of which played a significant influence in changing
the server. From accessing creative mode, placing signs
outside the world border, and being able to locate anyone on the server, this is the history
of backdoors on 2b2t and how they have forever transformed the server. The story begins around January of 2012. A server-side plugin was created to correct
a problem with players becoming “stuck” above the nether roof. This was seen as a problem since once you
became stuck, there was no way to get back down. The owner of 2b2t, Hausemaster, was repeatedly
involved with assisting players who were stuck and eventually got tired of it. A server-side plugin was provided to Hausemaster
by a player named popbob. The plugin was constructed as an automated
method to assist stuck players. By typing a server command “/stuck”, players
could be instantly teleported below their current position to the next available free
space below the nether roof. To the average player, this was seen as a
good method to help players that were stuck, and it was, however something much more interesting
was implemented into the code of this plugin. Unbeknownst to Hausemaster, this plugin granted
server-operator permissions to anyone that popbob permitted. In the plugin’s code, you can see a ROT13
cipher. This cipher works by replacing a letter with
the 13th letter after it in the alphabet. For example, let's use the 23rd line of code
in the plugin. “This.names.add(“cbcobo”);”, after
decoding “cbcobo” in ROT13, it turns out the code is saying, “this.names.add(“popbob”). Popbob would then go on to add his friends
from a base that has since become known as Plugin Town. While the group was at Plugin Town, popbob
came to tell them what he had achieved. Plugin Town members would create their builds
faster, fly around spawn while spawning ghast eggs, gain access to a player's current coordinates,
and could also allow popbob to set his gamemode into Creative. Several players had witnessed members of Plugin
Town flying near spawn and had posted their observations on a Facepunch thread. Hausemaster would eventually teleport to Plugin
Town and observe the group as they flew around and spawned in items. This would carry on for about a month until
popbob made a crucial mistake. While popbob was using the “/locate” feature
of the plugin to teleport to various coordinates and grief players’ bases, Hausemaster was
working with a couple of players to create a bait location. Once popbob was caught teleporting to the
bait location, Hausemaster found exactly what was allowing popbob to do this and removed
the plugin. It was never understood why action was not
done sooner and why Hausemaster didn’t check over the code. Hausemaster didn’t publicly acknowledge
what had occurred, but he did leave an ambiguous server message stating that he learned his
lesson and that he would no longer blindly trust players. A couple of months later, a backdoor attempt
would commence. Around the middle of 2012, popbob and a player
named x0XP came up with the idea of showing an exploit to Hausemaster involving minecarts
being able to travel infinitely with no rails and at high speed. This would cause both intense lag and world
generation to the server. With this exploit, they decided to create
a plugin to fix this issue and presented it to Hausemaster. However, along with the Nether Roof plugin
a few months back, this plugin also had code to gain backdoor access to the server. To make the plugin look less malicious, they
added the ability for the plugin to auto update so it could be uploaded to the official Bukkit
website, which is a website for server owners to access plugins to control their servers. Hausemaster decided to download the plugin,
but had one of his moderators remove the auto updater from the plugin that they had made. The moderator would then host the original
plugin on his own server to later find out that popbob and x0XP were in fact trying to
backdoor 2b2t once again, officially ending their backdoor attempt. A year would go by with no attempts to backdoor
2b2t, however, something major would occur during December of 2013. The beginning of the second backdoor of 2b2t
occurred during December of 2013. The backdoor involved the players iTristan
and Pyrobyte designing a plugin to block access to the nether roof. However, for it to work, they needed the plugin
to fix an issue on the server. They added a functionality that claimed to
fix a bug related to renaming items in anvils, but what it did in reality was make the item
stack size negative if they added “/0xA7” to the end of the name of an item, effectively
turning that item into an infinite. It also allowed them to bypass the nether
roof blockade if they were riding an entity. They eventually made the plugin more sophisticated
over time and added an auto updater that would allow them to push updates to the plugin and
add more functionality without Hausemaster knowing. With this, they would add commands to give
items, teleporting capabilities, access to change their game mode, and much more. This is how iTristan and Pyrobyte added the
infamous signs at the +X world border, how player heads are a thing, and how 32k’s
were implemented to the server. Eventually, Hausemaster would ask them to
remove the auto updater. They would try to hide the auto updater in
a third party library, but something messed up and the plugin kept auto updating, making
Hausemaster suspicious and removing the plugin. However, iTristan's attempt to backdoor the
server did not end there, and one of the most infamous events on 2b2t occurred as a result. The third backdoor, which began in the end
of 2015, was the most severe backdoor to date. However, before proceeding with the story,
you must first understand the events that led to the backdoor. Hausemaster gave up management of the server
on July 32nd, 2014, and handed it over to his long-time friend georgebush420. While Hausmaster had dealt with exploits and
backdoors before, georgebush420 had almost no experience, and this was a disaster waiting
to happen. The official 2b2t website was one of the first
things to slowly deteriorate. The website was no longer able to stay online
due to a lack of financing. The 2b2t website was the primary way for the
player base to contact Hausemaster and track the monthly payment goal to keep the server
running at the time. The only way for the player base to connect
was through Skype groups, but this was inefficient, therefore most players would inform Georgebush420
that they wanted the website to come back. However, Georgebush420 would argue that if
the website was to come back, the player base would have to pay $250. No one anticipated anyone to finance the website
because the server's donation goal barely kept the server running. But in less than six months, the website was
paid for. The website's cost was paid for by a select
few players: ImperatorTerrae and xcc2 being one of the main players to contribute. The player base was ecstatic, but the website
still wasn’t revived after the donation goal was met. Many players assumed that the donation goal
money was used to keep the server running because it was so close to being shut down
most of the time. After a year and half, the website still hadn’t
appeared. ImperatorTerrae wouldn’t let it go as he
was one of the main players to donate for the website’s revival. So ImperatorTerrae and iTristan would create
a website and hand it over to Georgebush420, and this is where the backdoor begins. Georgebush420 made a crucial mistake by running
the web box on the same server host as 2b2t. While Georgebush420 was installing software
for the website, iTristan was able to backdoor the login form and phished Georgebush420’s
password as he typed it in to install the software. From then on, iTristan gained total root access
to the server. With complete root access to 2b2t, they could
upload and download region files, player files, manipulate players by moving their inventory
or location, and much more. With iTristan, taylo112, and jared2013, they
formed "The Tyranny," also known as "Nerds Inc." The backdoor's primary purpose was to make
a backup of Imp’s base as well as stashes of illegal stuff scattered over the server. After a few months, the backdoor was functional,
and The Tyranny had established a new base at taylo112's 2012 island, complete with a
massive, world-edited bedrock sphere known as "The Archive." They had a week where they griefed a major
base every single day, earning the nickname "Week of Destruction." Bases like Space Valkyria, The Lands, Space
Valkyria 2, KinoGrad Base, and others were included. Because Georgebush420 was friends with some
Nerds Inc. members, he assisted in the production of illegal items at The Archive. Illegal items such as 32ks, barrier blocks,
and even end portals were found at this base. Around April of 2016, Georgebush420 discovered
the backdoor and patched it. No one really knows how, but a possibility
was by looking through the server logs. In recent years, there hasn't been a backdoor. With the rise of game-changing exploits and
2b2t eventually updating to a new Minecraft version, another backdoor will almost certainly
emerge in the future. If there's one thing you can take away from
this video, it's that you should always double-check something if you're not sure. None of the chaos in this video would have
occurred if Hausemaster and Georgebush420 had double-checked the code and had moderators
review it. With that being said, Stay Fast, and see you
guys next time.
