Difference between revisions of "Lastlogin"
(update with detailed information on the encryption used) |
(Added PHP code) |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 7: | Line 7: | ||
The c++ code is loosely based on the python code in sadimusi's mc3p found here: [https://github.com/sadimusi/mc3p/tree/master/mc3p python code] | The c++ code is loosely based on the python code in sadimusi's mc3p found here: [https://github.com/sadimusi/mc3p/tree/master/mc3p python code] | ||
+ | [https://gist.github.com/834093b909d92de5b392 C# code] | ||
+ | |||
+ | [https://github.com/shoghicp/Minecraft-PHP-Client-2/blob/master/plugin/LastLogin.plugin.php Pure-PHP code] | ||
== Encryption == | == Encryption == | ||
− | The last login file is encrypted with some not so secure random data. First a Java Random is created with an initial seed of 43287234. Then the next 8 bytes produced by this random are used as a salt. These bytes correspond to: ' | + | The last login file is encrypted with some not so secure random data. First a Java Random is created with an initial seed of 43287234. Then the next 8 bytes produced by this random are used as a salt. These bytes correspond to: '0x0c, 0x9d, 0x4a, 0xe4, 0x1e, 0x83, 0x15, 0xfc' |
Next a secret key based on PBEWithMD5AndDES is generated based on the secret password. Again this password is not very secret and takes the form of the string "password" | Next a secret key based on PBEWithMD5AndDES is generated based on the secret password. Again this password is not very secret and takes the form of the string "password" | ||
Line 20: | Line 23: | ||
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 5); | PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 5); | ||
− | SecretKey pbeKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(password.toCharArray())); | + | SecretKey pbeKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec("password".toCharArray())); |
Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES"); | Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES"); | ||
cipher.init(mode, pbeKey, pbeParamSpec); | cipher.init(mode, pbeKey, pbeParamSpec); | ||
</code> | </code> |
Latest revision as of 09:12, 2 August 2012
Introduction
The lastlogin file sits in the root directory (.minecraft) and contains the encrypted username and password from the last user who logged in on your machine.
A c++ code snippet to decrypt the file using the crypto++ library can be found here: c++ code
The c++ code is loosely based on the python code in sadimusi's mc3p found here: python code
Encryption
The last login file is encrypted with some not so secure random data. First a Java Random is created with an initial seed of 43287234. Then the next 8 bytes produced by this random are used as a salt. These bytes correspond to: '0x0c, 0x9d, 0x4a, 0xe4, 0x1e, 0x83, 0x15, 0xfc' Next a secret key based on PBEWithMD5AndDES is generated based on the secret password. Again this password is not very secret and takes the form of the string "password"
After this Cipher has been constructed, two UTF-8 strings can be read from the lastlogin file and decrypted with the above mentioned cipher.
The code to get the cipher from the launcher takes the form of:
Random random = new Random(43287234L);
byte[] salt = new byte[8];
random.nextBytes(salt);
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 5);
SecretKey pbeKey = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec("password".toCharArray()));
Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
cipher.init(mode, pbeKey, pbeParamSpec);