Difference between revisions of "Talk:Legacy Mojang Authentication"
Barneygale (talk | contribs) |
(→Signature in textures: new section) |
||
(One intermediate revision by the same user not shown) | |||
Line 17: | Line 17: | ||
:So the URL I was really interested in was the checkserver one, i.e /game/checkserver.jsp?user=XXXX&serverId=XXXX - for which the response is quite similar: "3\r\nYES\r\n0\r\n\r\n" --[[User:Huin|Huin]] 12:46, 21 November 2011 (MST) | :So the URL I was really interested in was the checkserver one, i.e /game/checkserver.jsp?user=XXXX&serverId=XXXX - for which the response is quite similar: "3\r\nYES\r\n0\r\n\r\n" --[[User:Huin|Huin]] 12:46, 21 November 2011 (MST) | ||
::So this is actually HTTP chunking. See how you've got a <code>Transfer-Encoding: chunked</code> header? [http://en.wikipedia.org/wiki/Chunked_transfer_encoding] [[User:Barneygale|Barneygale]] 09:08, 22 November 2011 (MST) | ::So this is actually HTTP chunking. See how you've got a <code>Transfer-Encoding: chunked</code> header? [http://en.wikipedia.org/wiki/Chunked_transfer_encoding] [[User:Barneygale|Barneygale]] 09:08, 22 November 2011 (MST) | ||
+ | :::Facepalm. Yep. That'll be it. --[[User:Huin|Huin]] 12:12, 22 November 2011 (MST) | ||
+ | |||
+ | == Signature in textures == | ||
+ | |||
+ | The base64 in the "signature" section of "textures" is base64; it's just data signed with Yggdrasil's private key and is verified with a SHA1withRSA public key. | ||
+ | |||
+ | Source: | ||
+ | Signature signature = Signature.getInstance("SHA1withRSA"); | ||
+ | signature.initVerify(publicKey); | ||
+ | signature.update(this.value.getBytes()); | ||
+ | return signature.verify(Base64.decodeBase64(this.signature)); | ||
+ | |||
+ | Comes from Property.java in the Yggdrasil Authlib. |
Revision as of 05:50, 22 May 2014
New Base URL
Since the new base url used for authentication is https://login.minecraft.net/ does that mean it would use https://login.minecraft.net/getversion.jsp or https://login.minecraft.net/game/getversion.jsp ?
- The URL is just "https://login.minecraft.net/". Post straight there with the content "user=...&password=...&version=..." (without quotes). ~ Ribose · 19:29, 20 October 2011 (MST)
New auth response?
I'm now seeing the auth server respond with (in the HTTP body) the following: "2\r\nOK\r\n0\r\n\r\n" (interpret that as a C string). Anyone seen different, or have any insights?
--Huin 15:19, 20 November 2011 (MST)
- What URL specifically? Barneygale 05:44, 21 November 2011 (MST)
- Sorry - should have said: http://session.minecraft.net/game/joinserver.jsp?user=XXXX&sessionId=XXXX&serverId=XXXX I was having trouble with my implementation of the minecraft server (ChunkyMonkey), and decided to sniff the traffic that the official server was sending, and got the above. --Huin 12:19, 21 November 2011 (MST)
- Just realised that that was probably the client. I'm gonna run another packet sniff. --Huin 12:21, 21 November 2011 (MST)
- So the URL I was really interested in was the checkserver one, i.e /game/checkserver.jsp?user=XXXX&serverId=XXXX - for which the response is quite similar: "3\r\nYES\r\n0\r\n\r\n" --Huin 12:46, 21 November 2011 (MST)
- So this is actually HTTP chunking. See how you've got a
Transfer-Encoding: chunked
header? [1] Barneygale 09:08, 22 November 2011 (MST)- Facepalm. Yep. That'll be it. --Huin 12:12, 22 November 2011 (MST)
- So this is actually HTTP chunking. See how you've got a
Signature in textures
The base64 in the "signature" section of "textures" is base64; it's just data signed with Yggdrasil's private key and is verified with a SHA1withRSA public key.
Source: Signature signature = Signature.getInstance("SHA1withRSA"); signature.initVerify(publicKey); signature.update(this.value.getBytes()); return signature.verify(Base64.decodeBase64(this.signature));
Comes from Property.java in the Yggdrasil Authlib.