Difference between revisions of "Session"

From wiki.vg
Jump to navigation Jump to search
m (Double Redirection)
Tag: Redirect target changed
 
(17 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The minecraft client and server communicate with minecraft.net to validate player sessions. This page describes some of the operations.
+
#REDIRECT [[Legacy_Mojang_Authentication]]
 
 
== Login ==
 
 
 
To log the player in, the official launcher sends an HTTPS POST (GET appears to suffice as well) request to:
 
<pre>https://login.minecraft.net</pre>
 
with the postdata:
 
  ?user=<username>&password=<password>&version=<launcher version>
 
and a "application/x-www-form-urlencoded" Content-Type header.
 
 
 
The current launcher version is "13", sending a value lower "12" than this will cause the server to return "Old version", however you can send any large number and it will return as expected. If the login succeeded, it will return 5 ':' delimited values.
 
  1343825972000:deprecated:SirCmpwn:7ae9007b9909de05ea58e94199a33b30c310c69c:dba0c48e1c584963b9e93a038a66bb98
 
#'''current version''' of the game files (not the launcher itself). This is a unix timestamp which the launcher compares to the ~/.minecraft/bin/version file.
 
#Previously contained a '''download ticket''' for requesting new versions of minecraft.jar from the server. Now contains only "deprecated".
 
#'''case-correct username'''.
 
#'''sessionId''' - a unique ID for your current session.
 
#'''UID''' - currently unused, introduced near August 8th, 2012. Grum says this is the unique ID for the user, potentially for changing Minecraft names in future.
 
 
 
If the request is missing a parameter, the server will return "Bad response". If the login information is incorrect, the server will return "Bad login". If the login information is correct but the account isn't premium, the server will return "User not premium".
 
 
 
== Updating ==
 
 
 
To update, the launcher downloads files from
 
<pre>http://s3.amazonaws.com/MinecraftDownload/</pre>
 
It takes the unix timestamp from the login request and stores it in ~/.minecraft/bin/version<br />
 
The following files are downloaded from /MinecraftDownload/ in this exact order:<br />
 
*lwjgl.jar
 
*jinput.jar
 
*lwjgl_util.jar
 
*minecraft.jar
 
And then the natives.jar appropriate for the following operating systems: windows, linux, macosx, and solaris
 
*<os-from-list-above>_natives.jar.lzma
 
 
 
When downloading minecraft.jar, GET variables are set as follows: ?user=foo&ticket=deprecated, although they seem unnecessary to successfully downloading the file. <br />
 
Furthermore, the downloaded files are all verified via MD5 which is sent via ETag by the server on the page for each file.
 
 
 
Further resources are stored in /MinecraftResources. Loading /MinecraftResources provides an XML formatted list of resources, some of which are downloaded by Minecraft and not the launcher.
 
 
 
== Keep-alive ==
 
 
 
Every 6000 ticks, the client sends an HTTPS request to
 
<pre>https://login.minecraft.net/session?name=<username>&session=<session id></pre>
 
The client discards the server's response.
 
 
 
== Snoop ==
 
 
 
Every 10 minutes, the minecraft sends a HTTP POST request giving stats. Note that this information is anonymous, and isn't tied to account names or server addresses
 
 
 
=== Client ===
 
 
 
The client posts the following data to <code>http://snoop.minecraft.net/client</code>
 
 
 
*'''version''' e.g. "1.2.5"
 
*'''os_name''' via <code>System.getProperty("os.name");</code>
 
*'''os_version''' via <code>System.getProperty("os.version");</code>
 
*'''os_architecture''' via <code>System.getProperty("os.arch");</code>
 
*'''memory_total''' via <code>Runtime.getRuntime().totalMemory();</code>
 
*'''memory_max''' via <code>Runtime.getRuntime().maxMemory();</code>
 
*'''java_version''' via <code>System.getProperty("java.version");</code>
 
*'''opengl_version''' via <code>GL11.glGetString(GL_VERSION);</code>
 
*'''opengl_vendor''' via <code>GL11.glGetString(GL_VENDOR);</code>
 
 
 
=== Server ===
 
 
 
Uses <code>http://snoop.minecraft.net/server</code>
 
 
 
*'''version''' as above
 
*'''os_name''' as above
 
*'''os_version''' as above
 
*'''os_architecture''' as above
 
*'''memory_total''' as above
 
*'''memory_max''' as above
 
*'''memory_free''' via <code>Runtime.getRuntime().freeMemory();</code>
 
*'''java_version''' as above
 
*'''cpu_cores''' via <code>Runtime.getRuntime().availableProcessors();</code>
 
*'''players_current'''
 
*'''players_max'''
 
*'''players_seen''' simply counts the number of files in <code>world/players</code>
 
*'''uses_auth''' corresponds to the <code>online-mode</code> option in server.properties
 
*'''server_brand''': via <code>MinecraftServer.getServerModName();</code>. 'vanilla' by default; CraftBukkit et al overwrite this method.
 
 
 
== Joining a Server ==
 
 
 
#Client connects to server
 
#'''C->S''' 0x02 handshake
 
#'''S->C''' 0xFD encryption request - server sends its public key and 4 random bytes
 
#Client generates symmetric key (shared secret)
 
#Client authenticates via session.minecraft.net
 
#Client encrypts these 4 bytes with the servers public key.
 
#'''C->S''' 0xFC encryption response - client encrypts shared secret with server's public key and sends along with encrypted 4 bytes
 
#Server checks that the encrypted bytes match
 
#Server decrypts shared secret with its private key
 
#Server checks player authenticity via session.minecraft.net
 
#'''S->C''' 0xFC encryption response - empty payload meaning two zero length byte arrays and two zero shorts
 
#Server enables AES stream encryption
 
#Client enables AES stream encryption
 
#'''C->S''' 0xCD - Payload of 0 (byte)
 
#'''S->C''' 0x01 login
 
#see [[Protocol FAQ]] to get information about what happens next.
 
 
 
 
 
[[Category:Protocol Details]]
 
[[Category:Minecraft Modern]]
 

Latest revision as of 10:22, 15 November 2022