imported>Krenair |
imported>Oxodao |
| (109 intermediate revisions by 26 users not shown) |
| Line 1: |
Line 1: |
| Minecraft Beta uses an entirely new authentication scheme, both for improved security and to (at least try to) prevent people from copying the game. Take everything on this page [http://en.wikipedia.org/wiki/Grain_of_salt with a grain of salt], as the protocol can change at any time.
| | #REDIRECT [[Legacy Mojang Authentication]] |
| | |
| == The Old Launcher ==
| |
| The first step occurs as soon as you open the downloadable Minecraft launcher and attempt to login. The launcher will make a HTTP POST request to:
| |
| <pre>http://www.minecraft.net/game/getversion.jsp</pre>
| |
| with the postdata:
| |
| <pre>user=<username>&password=<password>&version=<launcher version></pre>
| |
| with a "application/x-www-form-urlencoded" Content-Type header.
| |
| The current launcher version is ''12'', sending a value lower than this will cause the server to return "Old Version" '''however''' you can send any large number and it will return as expected. If the login succeeded, it will return 4 ':' delimited values.
| |
| <pre>1281688214000:a348b469d915a40c9eebd2b9919c1a39:TkTech:8204407531530365141:</pre>
| |
| The first value is the <u>current version</u> of the game files (not the launcher itself). The second value is your <u>download ticket</u> and used to be required to fetch new versions of minecraft.jar from the server. The third value is your case-correct username. The fourth value is your <u>session id</u> and is required to connect to servers.
| |
| | |
| == The New Launcher ==
| |
| The new launcher uses the same basic protocol as the old one, but at a different host and base address, and using HTTPS.
| |
| The HTTPS query goes to the new address:
| |
| <pre>https://login.minecraft.net/</pre>
| |
| | |
| == Requesting New Game Files ==
| |
| A download ticket used to be required to download a new version of minecraft.jar by making another HTTP GET request.
| |
| <pre>http://minecraft.net/game/minecraft.jar?user=<username>&ticket=<download ticket></pre>
| |
| However, the new updates for the main program file do not require a download ticket and can be found at:
| |
| <pre>http://s3.amazonaws.com/MinecraftDownload/minecraft.jar</pre>
| |
| The other resource files for Minecraft are kept at:
| |
| <pre>http://s3.amazonaws.com/MinecraftResources/</pre>
| |
| | |
| == Connecting To A Server ==
| |
| When you first attempt to connect to the server, you begin by sending the [[Protocol#Handshake_.280x02.29 | Handshake]] containing your case-sensitive username. The server will return one of three values: '-' for no authentication (in which case you can just continue joining), '+' for password protected or a hash if the server requires name authentication. Name verification is achieved by sending a HTTP GET request to the minecraft.net server:
| |
| <pre>http://session.minecraft.net/game/joinserver.jsp?user=<username>&sessionId=<session id>&serverId=<server hash></pre>
| |
| If the server returns ''OK'' it's safe to continue joining the server, otherwise it'll disconnect you with an error message.
| |
| | |
| == Verifying Name Authentication ==
| |
| The server will verify name authentication by making yet another HTTP GET request to minecraft.net:
| |
| <pre>http://session.minecraft.net/game/checkserver.jsp?user=<username>&serverId=<server hash></pre>
| |
| The <u>server hash</u> is the same value that was sent to the client in the handshake. If the server returns ''YES'' then the client is authenticated and allowed to join. Otherwise the client will/should be kicked with “Failed to verify username!”.
| |
| | |
| == Sample Implementation ==
| |
| | |
| This is a simple implementation of the authentication (client&server part) in POSIX shell. It needs the curl command line client for HTTP requests.
| |
| | |
| <pre><nowiki>
| |
| #!/bin/sh
| |
| | |
| user=$1
| |
| pass=$2
| |
| | |
| echo "Login..."
| |
| oldIFS="$IFS"
| |
| IFS=':'
| |
| set -- `curl -d "user=$user&password=$pass&version=9999" https://login.minecraft.net/`
| |
| IFS="$oldIFS"
| |
| if [ $# -ne 4 ]
| |
| then
| |
| echo "ERR: $@"
| |
| exit 1
| |
| fi
| |
| sid=$4
| |
| user=$3
| |
| hash=$RANDOM
| |
| echo "Now I'm the client ($user)..."
| |
| curl -L "http://session.minecraft.net/game/joinserver.jsp?user=$user&sessionId=$sid&serverId=$hash"
| |
| echo
| |
| echo "Now I'm the server..."
| |
| curl -L "http://session.minecraft.net/game/checkserver.jsp?user=$user&serverId=$hash"
| |
| echo
| |
| </nowiki></pre>
| |
| | |
| This is an implementation of the authentication protocol in Perl, written by someone (i.e., myself) who has zero prior Perl experience. So I'm sure this is ugly code, but it did work for my purposes.
| |
| | |
| <pre><nowiki>
| |
| #!/usr/bin/perl -w
| |
| | |
| use strict;
| |
| use LWP::UserAgent;
| |
| | |
| my $client_version = 9999;
| |
| my $ua = new LWP::UserAgent; $ua->agent("someUA");
| |
| my %auth;#holds login creds
| |
| my @values;#holds the ':' delimited values returned from the POST
| |
| my $hash = int(rand());
| |
| $auth{username} = "usernameGoesHere"; #put the username here
| |
| $auth{password} = "passwordGoesHere"; #and the pass here
| |
| | |
| ##################################################
| |
| | |
| #Launcher (Makes the POST statement to https://login.minecraft.net)
| |
| | |
| ##################################################
| |
| | |
| my $req = HTTP::Request->new(POST => 'https://login.minecraft.net/');
| |
| $req->content_type('application/x-www-form-urlencoded');
| |
| $req->content('user='.$auth{username}.'&password='.$auth{password}.'&version='.$client_version);
| |
| | |
| my $res = $ua->request($req);
| |
| | |
| if ($res->is_success)
| |
| {
| |
| print $res->content, "\n";
| |
| @values = split(':', $res->content);
| |
| }
| |
| else
| |
| {
| |
| print $res->status_line, "\n";
| |
| }
| |
| | |
| | |
| | |
| ##################################################
| |
| | |
| #Client
| |
| | |
| ##################################################
| |
| | |
| my $req2 = HTTP::Request->new(GET => 'http://session.minecraft.net/game/joinserver.jsp?user='.$auth{username}.'&sessionId='.$values[3].'&serverId='.$hash.'');
| |
| my $res2 = $ua->request($req2);
| |
| | |
| if ($res2->is_success)
| |
| {
| |
| print $res2->content, "\n";
| |
| }
| |
| else
| |
| {
| |
| print $res2->status_line, "\n";
| |
| }
| |
| | |
| ##################################################
| |
| | |
| #server
| |
| | |
| ##################################################
| |
| | |
| my $req3 = HTTP::Request->new(GET => 'http://session.minecraft.net/game/checkserver.jsp?user='.$auth{username}.'&serverId='.$hash.'');
| |
| my $res3 = $ua->request($req3);
| |
| | |
| if ($res3->is_success)
| |
| {
| |
| print $res3->content, "\n";
| |
| }
| |
| else
| |
| {
| |
| print $res3->status_line, "\n";
| |
| }
| |
| </nowiki></pre>
| |
| | |
| [[Category:Protocol Details]]
| |
| [[Category:Minecraft Beta]]
| |