Skip to content

Respect sign translation fallbacks for Meteor key spoofing#6187

Closed
Zitrone30 wants to merge 1 commit intoMeteorDevelopment:masterfrom
Zitrone30:master
Closed

Respect sign translation fallbacks for Meteor key spoofing#6187
Zitrone30 wants to merge 1 commit intoMeteorDevelopment:masterfrom
Zitrone30:master

Conversation

@Zitrone30
Copy link

@Zitrone30 Zitrone30 commented Feb 28, 2026

Type of change

  • [x ] Bug fix
  • New feature

AbstractSignEditScreenMixin was turning Meteor translation keys on signs into the raw key string every time. Which broke vanilla behavior for signs that include a fallback. Vanilla returns the fallback when the key can’t be resolved.

This change keeps the existing key protection. But if the sign text is translatable and includes a fallback, it uses that fallback instead. If there isn’t one, it still uses the raw key. This makes Meteor behave like vanilla for fallback-based sign checks and fixes the detection issue.

How Has This Been Tested?

Gone on a server with a detection and not detected

Checklist:

  • [ x] My code follows the style guidelines of this project.
  • [ Not Needed] I have added comments to my code in more complex areas.
  • [ x] I have tested the code in both development and production environments.

@Zitrone30
Respect sign translation fallbacks for Meteor key spoofing
8c934fb 
AbstractSignEditScreenMixin was turning Meteor translation keys on signs into the raw key string every time. That broke vanilla behavior for signs that include a fallback, since vanilla returns the fallback when the key can’t be resolved.

This keeps the existing key protection, but if the sign text is translatable and includes a fallback, it uses that fallback instead. If there isn’t one, it still uses the raw key. This makes Meteor behave like vanilla for fallback-based sign checks and fixes the detection issue.
@crosby-moe
Copy link
Collaborator

crosby-moe commented Mar 1, 2026

this hotfix is still flawed as it does not take server resource packs into account

in my opinion it is better to outright remove it at this time with #6186 to let dedicated mods such as exploit preventer handle it

@Zitrone30
Copy link
Author

Zitrone30 commented Mar 1, 2026

sure then pull the changes of yours please

@PedroMPagani
Copy link

PedroMPagani commented Mar 1, 2026

Honestly you should simply allow servers to be able to block this. If they are blocking it's because they don't want anyone to use it. :)

@NikOverflow
Copy link

NikOverflow commented Mar 2, 2026

This is not only flawed because server resource packs but also for the with thing with variable elements. The best way is removing the faulty protection and use ExploitPreventer.

If people really care about it now: Use my meteor-client fork. There is a release that removes that already and then you need to install a mod that protects against that properly.

@crosby-moe
Copy link
Collaborator

crosby-moe commented Mar 5, 2026

Honestly you should simply allow servers to be able to block this. If they are blocking it's because they don't want anyone to use it. :)

hi pedro yea that's the plan mostly we dont intend to push a full fix

though it is encouraged for donutsmp to start detecting meteor more heuristically instead of relying on client exploits as we will eventually (within the coming months) be switching to our own translation format separate from minecraft's

@Zitrone30 Zitrone30 closed this Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Zitrone30 @crosby-moe @PedroMPagani @NikOverflow