The public-facing side of Minecraft is the jolly, happy one. This is where we coo at people recreating the world of the Lord of the Rings, or admire the incredible visual tricks that can be pulled off with a little ingenuity. But then there's the less well-known (though often no less popular) side, where things all get a little grimmer.
One of the most infamous 'anarchy' servers in existence is 2B2T, a long-running and no-holds-barred server which has not been reset since 2010. The name stands for '2 Builders 2 Tools' and it is designed to be inhospitable, nasty, and has at times been named the 'worst' Minecraft server in existence. Naturally its players would disagree, and from another perspective 2B2T is an example of Minecraft's enormously wide appeal and its ability to turn players into creators: it is a place with a real history, which is written on and defines the landscape. The community around 2B2T and the way it has developed over the years is why it was featured in the 2019 exhibition Videogames: Design / Play / Disrupt at London's V&A Museum.
This story begins even before that. In 2018 a bunch of ne'er do wells found an exploit in a piece of Minecraft server software called Paper (thanks, WindowsCentral). This exploit essentially made the server think a player was clicking on every block in the map: instantly making it try to load countless block renders and crashing the server. It's the kind of catastrophic bug that, with software like this, is fixed quickly as soon as it's been used and noticed.
And 'quickly' was the problem.
One of the coders that came to work on NoCom, though only since 2020, is Leijurv, who wrote a long and detailed post explaining exactly what the group did after this point, and why it worked.
The beginning of the post points folk towards this youtube video by FitMC, which the perpetrators assisted in preparing and gives a more general overview.
The reason why NoCom flew under the radar for so long, in Leijurv's words, "is that there is no actual 'exploit' or 'backdoor' in the sense that you might think. In other words, the server doesn't 'misbehave' or do anything suspicious. It's fully expected and intended behavior, the code doesn't do anything sneaky or surreptitious, it's actually perfectly simple."
PaperMC, the developer of Paper, 'fixed' the original exploit, which was exactly what the hackers behind what would become known as NoCom were waiting for. One particular patch of PaperMC allowed the hackers to click on blocks and be told what its contents are, which is not unusual behaviour for Minecraft. What is unusual behaviour is applying this logic far beyond where the 'player' actually is: that is, being able to 'click' a block anywhere in this absolutely enormous landscape and know what it is.
"So this is known and desirable behavior on the part of 2b2t," writes Leijurv. "It's just that not many people thought of intentionally going outside one's render distance to extract information. The realization is that you can click absolutely any block, anywhere on the server, even a million blocks away, and learn if it's currently a loaded chunk, by if the server responds to you or remains silent.
Using common sense, the Paper developers intended for this patch to reply to the player only if the chunks were loaded by your player, as that would make logical sense (that's all the blocks you could reasonably be digging in good faith). The problem is that the way the code was written, the server will reply to you if the chunk is loaded by any player on the server, which is clearly an unintended side effect."
Why does this matter? Why do you think. Once this exploit was available, the people behind NoCom began check whether specific chunks of the map were loaded or unloaded. The former indicated the presence of other players, and so these locations were recorded, creating a master document of bases and other locations to hit. There's a certain poetry to this, but over the past three years the NoCom exploit was used to grief the hell out of players playing on a griefing server.
Here is a heat map of 2B2T's world showing where players and groups are concentrated. And here's where the hack gets simply devilish.
When first discovered, the exploit had to be used manually. And obviously endlessly clicking blocks to find out what's where is not the most efficient method of dastardly thieving. So the NoCom group began to automate it, introducing bots to the server on a shift system such that one was always online: and these bots watched the world's main thoroughfares.
When one of these bots spotted a player it would trail their movements using the program, and take particular notice of how much time they spent in certain areas.
Here is a "kindergarten explanation" from Leijurv of what the bot called Elon_Musk would do.
Minecraft update: What's new?
Minecraft skins: New looks
Minecraft mods: Beyond vanilla
Minecraft shaders: Spotlight
Minecraft seeds: Fresh new worlds
Minecraft texture packs: Pixelated
Minecraft servers: Online worlds
Minecraft commands: All cheats
"They scan the nether highways (really, punch one block per every 9 chunks, expanding outwards on every highway and diagonal, sort of like radar). When we get a hit, we've found a player traveling. Perhaps traveling to a base?
"So... we just keep up with them. We devised a system, using a monte carlo particle filter to simulate and track movement, that uses about 2 checks per second to keep up with a player as they travel at arbitrary speed. Elytra, boat, entity speed, sprinting, walking, anything. Even pig god mode! Even spectator mode! All we care about is if chunks are loading, that's what we can see.
"Basically, we built a machine that plays this game of battleship against 2b2t, really well, using up all the hundred some checks a second we get, and uses it to follow the battleships as they move around the board.
"And when a battleship disappears from the nether board, we look over at the overworld board and keep going (the bots coordinate with each other of course).
"In this way, we simply, just, follow people to their bases by keeping up with them as they load chunks. From our observation posts we can check chunks all over the map, at any distance."
By the end the NoCom crew had amassed 1.7 terabytes and 13.5 billion rows of data on the world of 2B2T. Data which would mostly be used in the following way: "print out bases with the most chests, travel to them ingame, steal all the items."
NoCom activity began to peak in 2020, as the hackers' knowledge of the game world became ever-more complete and the temptations were simply irresistible. Countless bases were destroyed, endless valuables looted, and the community descending into full-blown panic to the extent many refused to log in.
Members of the 2B2T community had noticed something funny going on over the years building up to this, but the group behind NoCom had also organised a disinformation campaign across forums and Discord groups ("Memes to cover up the exploit, and other miscellaneous related gaslighting"), dismissing those with concerns as paranoid.
As NoCom's momentum built and its presence on the server became impossible to hide, the crew behind it knew that the end was nigh. It went on a murderous rampage over June and July, trying to wring every last drop out of the data it had, before the server admin finally managed to fix the exploit by limiting the number of packets accounts could send per server tick.
NoCom may be gone, but its legacy will long hang over 2B2T. That data is all still out there, and it's all still accurate until players and groups relocate their bases: not exactly a small undertaking on something of this scale. Many fantastic builds are now just hostages to fortune. 2B2T is still around, but this is probably the most impactful event in its history.
