Code Review vs. Dynamic Testing explained with Minecraft

LiveOverflow · Intermediate ·📄 Research Papers Explained ·3y ago

Key Takeaways

The video explains the difference between code review and dynamic testing using Minecraft as an example, demonstrating how to find vulnerabilities in the game's code and test specific functionality.

Full Transcript

hello welcome back in this episode i want to build a few more things i want this spawn area to look very nice and i really like this hole behind me and so i wanted to make something with it so let's start off this video with a quick build sequence [Music] [Music] [Music] all right there we go a nice bridge walkway around the edge a small pond and a fountain as well as a road up to the market area also i'm alone noob is here again and while i was decorating a bit i suddenly started to hear music hopefully this doesn't get the video claimed but damn i'm jamming let's go uh-huh okay enough stop it while i decorate the base a bit and collect some materials i wanted to talk about code review versus dynamic testing so when you as a hacker try to find vulnerabilities you can try to do it blindly just test the application or maybe you have access to the source code and you read code instead and so the question might be which one is better i love code reviews and generally i think it's a waste of money and other resources when you don't have access to them it's one major reason why i don't like to do bugbounty because most of the targets are closed source but code review is not always the silver bullet i admit sometimes dynamic testing is a lot easier because maybe the code is just awful or there is just too much of it using the application and looking for functionality to then specifically test might be a lot more useful so for me in my day-to-day job doing this professionally i constantly flow between dynamic testing and code review and do whatever i feel like is the right choice at the moment that's why i think it's so important for hackers to learn coding or at least learn to read code because if you lack this tool you might be left with very inefficient dynamic testing now i wanted to briefly come back to something i did in a previous episode remember i did dynamic testing to figure out how far away creepers get scared by cats well let's see if we can find this in the code as well in net minecraft entity mob creeper entity we can find the creeper class it's very interesting to read the code here but we are mostly interested in the ai of the mob i'm looking at this code for the first time but it seems the code is very self-explanatory these goals seem to describe the goal of the mob the behavior the ai so for example with priority one the player is the active target so the creeper attacks us but there's also a visibility check for the player only if the creeper sees us it will target us and see this with a slight lower priority of 3 the creeper will flee it will flee from cats and ocelots and the distance this happens at 6 blocks this is a really cool example for code review versus dynamic testing testing for the distance a creeper will flee from a cat is easy in minecraft you have to create a small test setup but then it's easy to test and that takes maybe around the same time it takes me to open up intellij pulling up the code and finding the right class and read the value here however we never talked about finding out what a creeper is scared about in the first place is a creeper even scared of anything well maybe you would stumble over this behavior while playing maybe you observed this in the wild but if you didn't it would be quite a lot of effort to figure out what kind of other entity mob or item makes a creeper scared looking at the code here this is super simple scared of cats and ocelots but let me show you an example where i think dynamic testing is a lot more useful we know mobs can die when falling down a large distance but what's the limit how far can they fall before they die maybe we want to know that so we can build a farm where we damage them just enough for a single punch well this is of course answered in the code somewhere but it's probably calculated over time the falling speed is building up so that influences how much damage they take and then the next question how much health does a creeper have anyway here's a handle fall damage function it takes a fall distance damage multiplier and damage source it cause compute fall damage in the superclass which is fall distance minus 3 minus the status effect times the damage multiplier this means we have to figure out where handle fall damage is even called what is the damage multiplier and how much health does a creeper have you see it gets a bit convoluted why not just go in a creative world and test it build a small test platform and let creepers fall down it's a bit of a process too but you will definitely find the answer after some trial and error the height is 24 blocks now they got max damage and die with a single punch as you can see to figure this out the best strategy seems to be dynamic testing just because i know i will easily get the answer this way no need to struggle through the code cool now we saw an example for both cases i hope this shows you how important it is to choose the right strategy for whatever you want to figure out and now let's use our code review skills a bit more in hermitcraft season 9 episode 2 by doc m77 he revealed a prank let me show you a clip from his video so i actually pranked the whole server so yeah what happens if you put a turtle egg in any minecraft world exactly at 0 0 0 any zombie in the world not only you know around the player here standing globally so any zombie that is loaded by any other hermit will start trekking towards this egg globally oh here we go look at the zombies look at the congo line back there zombie tracking ain't not working anymore country roads take me home to the place i belong zero zero that is so weird turtle egg in zero zero zero and zombies from everywhere start walking there but why and how could you figure something out like this well i'm 99.9 confident that this was not found accidentally in game who would come up with testing that but if you read the code around mob ai it could be obvious check this out here's the zombie entity class and it has an ai goal to destroy any egg specifically the turtle egg block this inherits from the step and destroy block goal so this seems to be generally ai code to take a step so walk towards and destroy a target block and here's that class in the tick method it always takes the mob position but only does something if the mob reaches the target block which means the ai to walk the egg is somewhere else probably in the other class it inherits from move to target goal in that tick function if we found a target and this tick goal is executed we would start moving towards that so how do we even get a target block to work towards where is target position set well look here at the find target position function here takes the current mob position and searches all blocks in an area around with some nested loops and if a particular position is in walking range and at this position we have the target block an egg then we remember this position as the target position but clearly an egg at 0 0 0 would not be in range for a mob very far away so this loop is probably not interesting for us so where else is the target position set and look at that in the constructor the target position is set to the origin block the block position which x y and z values are all zero sounds suspicious right i think we're on the right track obviously this is just meant as a temporary value but this means the ai goal is always initialized to 0 0 0 by default let's go back down to the step and destroy block goal class here's a function that determines if this ai goal can start to be executed and here we can see if the zombie has an available target this ai goal can be started when do we have an available target if we have a target position set which we have it's never null it's initialized with the origin and then it checks this position with is target pos this function takes the corresponding chunk of the world to check the target block and if the block is the target block so if it's a turtle egg this will return true so if a turtle egg happens to be at 0 0 0 then this check will always be true the zombie has an available target in the goal selector class this is the class deciding which goals to execute so basically decide the ai behavior of the zombie here it will now be able to start on the egg destroy goal which makes the zombie move towards the egg on every tick so yeah if you read minecraft code for fun because maybe you want to optimize a zombie form and you want to understand the zombie ai you could stumble over this bug maybe you notice the target pause can never be no so that makes the behavior weird and now understanding this code we can also check if this applies to other mobs is there any other mob with a step and destroy block goal turns out no the zombie is the only one that uses it but there's also the more general class move to target post goal that one is used by a few other ai goal classes while this class is kinda the root of the bug it's initializing the target position to the origin this can start method is safe it only returns true if find target pause is true and that searches blocks nearby so this ai generally doesn't trigger if the target block is not in range the zombie bug only happens because step and destroy block goal overwrites the can start method and changes that behavior so let's see if other ai classes overwrite the can start method as well and maybe they have a similar bug cat sit on block goal looks safe it does call into the superclass can start method and same for go to bed and sleep goal fox eating berries goal also calls the super class all of them call the parent class can start which will check with find target pause if the target block is within range looks like the bug only affects zombies by the way the server starts to see a bit more activity i try to afk sometimes to be able to record in case people join and yeah i was able to capture a few players spawning in my trap they only can get out if they have a fly hack though and turns out of course they do to record the spawn area i was also laying a bit further away behind the tree and of course players also found me there but where is everybody i was really hoping people would start expanding my base building their own houses or whatever up there but nothing i'm still alone maybe they don't play on here and just join or they go on their own adventure which is of course also cool maybe in the future i could try to find their bases i have access to the server so we could try to find where they are at some point anyway i want to build another farm as well maybe a small bee farm candles and honey blocks would be cool and i built it below the market but it kind of looked like so i decided to try to make like a flowery greenhouse kind of thing with lots of glass so i had to gather some more sand and smelt it and then just try to build one by the way this was not planned in creative before this is me actually trying to make something in survival but i don't know it looked kind of bad i also expanded the bee farm with a few more hives that i collected by the way the barrels on top are used to feed the farm with shears and bottles i thought it could be nice once we expand the market up here it looks very organic anyway after the first iteration i decided to change a few things remove the fence posts and replace it with strip wood logs and added a bit more supporting ceiling and cool be farm done so see you next episode [Music] you

Original Description

Maybe you are wondering how people can figure out crazy stuff in Minecraft. Generally there are two techniques: dynamic testing or reading code. So which method is better? 2No2Name (original finder) Zombie AI: https://www.youtube.com/watch?v=0HvXMFwaYss docm77: https://www.youtube.com/watch?v=BoVMWNeVLf4&t=2148s Episode 10: 00:00 - Let's Play: Building Timelapse 01:16 - Code Review vs. Dynamic Testing 02:29 - Example #1: Creeper Farm Code Review 04:10 - Example #2: Fall Damage Dynamic Testing 05:45 - docm77 Zombie Prank on Hermitcraft 06:55 - How to Find The Zombie AI Bug 10:03 - Does it Affect Other Mobs? 11:16 - Other Players on the Server 12:00 - Let's Play: Bee Farm Timelapse -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Instagram: https://instagram.com/LiveOverflow/ → Blog: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from LiveOverflow · LiveOverflow · 0 of 60

← Previous Next →
1 LiveOverflow - Trailer
LiveOverflow - Trailer
LiveOverflow
2 Introduction to Linux - Installation and the Terminal - bin 0x01
Introduction to Linux - Installation and the Terminal - bin 0x01
LiveOverflow
3 Writing a simple Program in C
Writing a simple Program in C
LiveOverflow
4 Writing a simple Program in Python - bin 0x03
Writing a simple Program in Python - bin 0x03
LiveOverflow
5 Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
LiveOverflow
6 Reversing and Cracking first simple Program - bin 0x05
Reversing and Cracking first simple Program - bin 0x05
LiveOverflow
7 Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
LiveOverflow
8 ROP with a very small stack - 32C3CTF teufel (pwnable 200)
ROP with a very small stack - 32C3CTF teufel (pwnable 200)
LiveOverflow
9 Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
LiveOverflow
10 Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
LiveOverflow
11 Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
LiveOverflow
12 Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
LiveOverflow
13 Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
LiveOverflow
14 First Stack Buffer Overflow to modify Variable - bin 0x0C
First Stack Buffer Overflow to modify Variable - bin 0x0C
LiveOverflow
15 First Exploit! Buffer Overflow with Shellcode - bin 0x0E
First Exploit! Buffer Overflow with Shellcode - bin 0x0E
LiveOverflow
16 Buffer Overflows can Redirect Program Execution - bin 0x0D
Buffer Overflows can Redirect Program Execution - bin 0x0D
LiveOverflow
17 Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
LiveOverflow
18 Reverse engineering C programs (64bit vs 32bit) - bin 0x10
Reverse engineering C programs (64bit vs 32bit) - bin 0x10
LiveOverflow
19 pwnable.kr - Levels: fd, collision, bof, flag
pwnable.kr - Levels: fd, collision, bof, flag
LiveOverflow
20 Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
LiveOverflow
21 Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
LiveOverflow
22 Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
LiveOverflow
23 Live Hacking - Internetwache CTF 2016 - web50, web60, web80
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow
24 Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
LiveOverflow
25 A simple Format String exploit example - bin 0x11
A simple Format String exploit example - bin 0x11
LiveOverflow
26 NEW VIDEOS ARE COMING - loopback 0x00
NEW VIDEOS ARE COMING - loopback 0x00
LiveOverflow
27 HTML + CSS + JavaScript introduction - web 0x00
HTML + CSS + JavaScript introduction - web 0x00
LiveOverflow
28 The HTTP Protocol: GET /test.html - web 0x01
The HTTP Protocol: GET /test.html - web 0x01
LiveOverflow
29 Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
LiveOverflow
30 What is PHP and why is XSS so common there? - web 0x02
What is PHP and why is XSS so common there? - web 0x02
LiveOverflow
31 Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
LiveOverflow
32 Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
LiveOverflow
33 Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
LiveOverflow
34 XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
LiveOverflow
35 Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
LiveOverflow
36 New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
LiveOverflow
37 The Heap: what does malloc() do? - bin 0x14
The Heap: what does malloc() do? - bin 0x14
LiveOverflow
38 The Heap: How to exploit a Heap Overflow - bin 0x15
The Heap: How to exploit a Heap Overflow - bin 0x15
LiveOverflow
39 Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
LiveOverflow
40 Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
LiveOverflow
41 Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
LiveOverflow
42 Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
LiveOverflow
43 Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
LiveOverflow
44 Explaining Dirty COW local root exploit - CVE-2016-5195
Explaining Dirty COW local root exploit - CVE-2016-5195
LiveOverflow
45 What is CTF? An introduction to security Capture The Flag competitions
What is CTF? An introduction to security Capture The Flag competitions
LiveOverflow
46 The Heap: How do use-after-free exploits work? - bin 0x16
The Heap: How do use-after-free exploits work? - bin 0x16
LiveOverflow
47 The Browser is a very Confused Deputy - web 0x05
The Browser is a very Confused Deputy - web 0x05
LiveOverflow
48 The Heap: Once upon a free() - bin 0x17
The Heap: Once upon a free() - bin 0x17
LiveOverflow
49 Simple reversing challenge and gaming the system - BruCON CTF part 1
Simple reversing challenge and gaming the system - BruCON CTF part 1
LiveOverflow
50 int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
LiveOverflow
51 The Heap: dlmalloc unlink() exploit - bin 0x18
The Heap: dlmalloc unlink() exploit - bin 0x18
LiveOverflow
52 MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
LiveOverflow
53 TCP Protocol introduction - bin 0x1A
TCP Protocol introduction - bin 0x1A
LiveOverflow
54 Socket programming in python and Integer Overflow - bin 0x1B
Socket programming in python and Integer Overflow - bin 0x1B
LiveOverflow
55 Linux signals and core dumps - bin 0x1C
Linux signals and core dumps - bin 0x1C
LiveOverflow
56 [Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
LiveOverflow
57 Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
LiveOverflow
58 Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
LiveOverflow
59 How to learn hacking? ft. Rubber Ducky
How to learn hacking? ft. Rubber Ducky
LiveOverflow
60 Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
LiveOverflow

This video teaches how to use code review and dynamic testing to find vulnerabilities and understand game mechanics in Minecraft, demonstrating the importance of reading code and testing specific functionality.

Key Takeaways
  1. Read the code for the creeper's AI
  2. Test the distance a creeper will flee from a cat
  3. Build a small test platform to test the creeper's fall damage
  4. Read the code around mob AI to understand how the zombie AI works
  5. Check the zombie entity class and its AI goal to destroy any egg
💡 Code review and dynamic testing are both essential skills for finding vulnerabilities and understanding game mechanics, and the choice of method depends on the complexity of the code and the specific functionality being tested.

Related Reads

📰
Follow-up: The ArxivLens Protocol: Transforming Research Nois
Learn how to apply the ArxivLens Protocol to create dynamic grant-allocation pools that rebalance based on citation-impact signals, transforming research noise into actionable insights
Dev.to AI
📰
On July 1, 2026, arXiv will spin out from Cornell University, its home for the past 25 years, to become an independent nonprofit organization. Major funding support from Simons Foundation and Schmidt Sciences. Ditching the red for their website. [N]
arXiv is becoming an independent nonprofit organization after 25 years at Cornell University, backed by major funding, which will impact the future of research and academia
Reddit r/MachineLearning
📰
CS-NRRM™ Official Publications: Paper 1 and Paper 2 Are Now Available
Learn about the CS-NRRM's official publications on a 12-year longitudinal human observation archive and its significance in research and development
Medium · Data Science
📰
Found a potential mistake in an ICLR 2026 blogpost [D]
Verify a potential mistake in an ICLR 2026 blog post and learn how to effectively report errors in academic publications
Reddit r/MachineLearning

Chapters (9)

Let's Play: Building Timelapse
1:16 Code Review vs. Dynamic Testing
2:29 Example #1: Creeper Farm Code Review
4:10 Example #2: Fall Damage Dynamic Testing
5:45 docm77 Zombie Prank on Hermitcraft
6:55 How to Find The Zombie AI Bug
10:03 Does it Affect Other Mobs?
11:16 Other Players on the Server
12:00 Let's Play: Bee Farm Timelapse
Up next
Executive Coaching Ethics Part 2: Ethical Lapses, Breaches & the ICF Review Process
Bay Area Executive Coach
Watch →