⚡KitBattle Patch⚡ Fixes KitBattle Exploits icon

⚡KitBattle Patch⚡ Fixes KitBattle Exploits -----

Addresses well-known KitBattle exploits; Provides information to combat potential abuses!

Download Now
Via external site


Hello
World!
[​IMG]

This plugin is dedicated to addressing 2 well-known KitBattle exploits: Iron Fist Exploit and Smuggling Exploit. While the fixes are pretty straightforward, the exploits themselves are rather intricate. A really big shoutout to the dedicated players at BattleAsya, who consistently go above and beyond in their quest to unearth peculiar and amusing bugs.

Note that this plugin is specifically made for use with a KitBattle Advanced (Premium) instance. All exploits mentioned on this page can be replicated on a Spigot 1.8.8 instance with only KitBattle Advanced installed.


Iron Fist (Damage Bug)

Undoubtedly the most long-lasting KitBattle exploit, Iron Fist (a.k.a Damage Bug), has gained notoriety for allowing sword damage from a previously selected kit to persist even after a player logs out and back in.



To reproduce this bug, follow these steps:
  1. Choose a kit and hold the sword in slot 1.
  2. Re-enter the server and join KitBattle.
  3. Utilize your bare fist (without holding any items) to strike another player and observe the inflicted damage.
Surprisingly, your fist will inflict the same damage as the sword you used before relogging, hence the moniker "Iron Fist".

However, without selecting a kit, one has only a powerful fist but no armour. This may seem insignificant at first until another twist to this bug comes into play, which changes to whole story.

After rejoining the server, instead of immediately exploiting your bare fist, perform the following actions:
  1. Relocate the kit selector item to a different hot bar slot.
    To achieve this, press E, hover your cursor over a slot other than slot 1, and press 1.
  2. The kit selector will have moved to the slot under your cursor.
  3. Select a kit but avoid holding or clicking the sword in slot 1, to prevent damage from resetting.
  4. Now, utilize your fist (enhanced by soup) to strike another player and witness the damage.
Now, the issue becomes evident: while holding soup, your fist delivers excessively high damage. This disproportionate damage, with no doubt, originates from the previous sword.



There were instances where even the strength effect could be brought over, but this is more commonly seen on bungee networks. There also exists other slight variant versions of this exploit, but most just share similar mechanics in exploiting the defective damage register.

Imagine a scenario where your previous kit included a Sharpness V diamond sword but a subpar armour suit. Upon relogging, you select a different kit with a fully enchanted set of diamond armour but a suboptimal sword. This discrepancy seems not so problematic at first, not until you begin to exploit your iron fist which has the devastating damage brought over from the Sharpness V sword. And that becomes the very moment when the kit balance on your server is disrupted.

To effectively mitigate this problem, consider switching the kit selector to a sword item (from the default chest item).

Given the exploit relies on NOT clicking or holding the sword to inherit the previous damage, we enforce the use of a sword to select a kit to decisively eliminate the bug.

To implement this safeguard, navigate to KitBattle's config.yml and modify the kit selector item as illustrated below:
Code (Text):
Hotbar-Items:
  Kit-Selector:
    item: 'DIAMOND_SWORD : name:&7Kit Selector (&aRight click!&7)'
Other viable sword options include WOODEN_SWORD, STONE_SWORD, IRON_SWORD, and GOLD_SWORD.

Very unfortunately, this is still not sufficient to completely rule out this exploit. Please refer to the next section "Our Exclusive Solution" for a complete fix.

Apart from changing the kit selector, we do offer an alternative solution to mitigate this exploit.

Our patch effectively prevents any items in the inventory from being moved when the kit selector item is present. Consequently, players are compelled to exclusively click on the kit selector in slot 1 to select a kit, thereby eliminating the bug.

However, this is still not the end of the story.

Abusers who are very used to exploiting this bug can actually bypass the kit selector conveniently with the /kb selectkit command. Worst still, this command appears to be exploitable as it is not only made accessible to all players but there is no permission node available to negate its usage.

This is where this patch steps in to offer a quick fix!

Enabling the "block-kb-selectkit" option entirely disables this command and all its associated aliases. It is advised to always have this option enabled as this command is largely unnecessary, given that the kit selector can efficiently fulfil its role most of the time.


Smuggling (Teleport Bug)

Smuggling (a.k.a. Teleport Bug) enables players to conveniently transport kit items between arenas upon teleportation, resulting in the possession of items or effects from multiple kits, thereby disrupting the game balance.

There are multiple occasions in which smuggling can come into play, within which FFA⇔Challenges Smuggling: Kit-Lock Bypass Variant and FFA⇔Spawn Smuggling: Potion Variant are among the most abused ones.

In a Kit-Lock Bypass scenario, players illegally transport kit items from a normal free-for-all arena, where all kits are accessible, into a kit-locked challenge arena (e.g., 1v1, 2v2, 3v3, etc.).

In a Return-To-Spawn Transport scenario, players take advantage of the /kb spawn delay to illegally transport an item back and forth in the main arena. This variant, however, has been addressed in recent versions but may still exist in older iterations of KitBattle.

To replicate this bug, follow these steps:
  1. Join the challenge queue by utilizing the rod item.
  2. While waiting for a match, select a kit and place some of the kit items in your 4-slot crafting inventory.
  3. Use your cursor to hold the 5th item (if you have that many to transport).
  4. When a match begins, you get teleported to the challenge arena, carrying over the items on your cursor and within your crafting inventory.
  5. At this point, you just need to reorganize the items before the start-of-game countdown concludes.
As everyone else is using the default kit while you possess non-default kit items, you've successfully gained an unfair advantage.

[​IMG]

To replicate this bug, follow these steps:
  1. Select a kit.
  2. Use the command "/kb spawn".
  3. While waiting for the teleport countdown, use your cursor to hold an item that you wish to transport, preferably a potion.
  4. When the countdown ends, you get teleported to the spawn point, carrying over the item on your cursor.
  5. At this point, you just need to reorganize the items in your inventory.
As everyone else is using items from 1 kit while you possess abilities from 2 kits, you've successfully gained an unfair advantage.



Other Possible Solution
Just don't give your players permission to use /kb spawn.

Our patch effectively resolves this issue by removing all items from your cursor and crafting inventory upon teleportation.

Once again, the fix is pretty straightforward but highly effective.


Other Possible Exploits that are not covered by this plugin

Bugs that you could not have imagined... but can be fixed easily without this plugin.

Abusers persistently abuse the bow and create thousands of laggy arrows at spawn to crash the server. Very often, this is done skillfully as these arrows have to get stuck somewhere and not get cleaned up. Invisible armour stands, for example, are frequent targets especially when holograms exist on your server. Together with the arrow effects and trails that come with KitBattle, this can easily destroy your server TPS and crash players with suboptimal PCs.

Possible Solution
Consider using a scheduler to execute arrow removal periodically. If you have EssentialsX installed on your server, running "killall arrows {world}" every once in a while will completely eliminate this exploit. Setting "arrow-despawn-rate" to 300 or lower in spigot.yml also helps, but just not sufficient.


Commands & Permissions

/kbpatch reload - (kbpatch.reload) - Reload config.
• (kbpatch.bypass) - Bypass all the patch options.

kbpatch.* is by default granted to OPs.
It is advised to grant your admins the "kbpatch.bypass" permission.


Configuration

https://github.com/denniemok/kitbattle-patch/blob/master/src/config.yml


Runtime Requirements

• Java 8 or above
• Spigot 1.8 or above, or equivalent forks
• Permission plugin (Optional)
KitBattle Advanced (Premium)


Disclaimer

Please be aware that this plugin is not officially affiliated with KitBattle Advanced. We are simply enthusiastic KitBattle fans committed to resolving some of the issues.


Don't forget to rate this resource! Have fun!
View on SpigotMC
Resource Information
Author:
----------
Total Downloads: 195
First Release: Sep 5, 2023
Last Update: Sep 6, 2023
Category: ---------------
All-Time Rating:
0 ratings
Version -----
Released: --------------------
Downloads: ------
Version Rating:
----------------------
-- ratings