Difference between revisions of "Session"

From wiki.vg
Jump to navigation Jump to search
(Undo revision 2613 by SirCmpwn (talk))
Line 82: Line 82:
 
== Joining a Server ==
 
== Joining a Server ==
  
#Client connects to server
+
=== Client operation ===
#'''C->S''' 0x02 handshake
+
 
#'''S->C''' 0xFD encryption request - server sends its public key and 4 random bytes
+
# Client connects to server
#Client generates symmetric key (shared secret)
+
# Client sends a [[Protocol#Handshake_.280x02.29|0x02 handshake]] containing the current player name
#Client authenticates via session.minecraft.net
+
# Client receives a 0x02 handshake from the server containing a random long expressed as hex, as a string, which it saves as serverId
#Client encrypts these 4 bytes with the servers public key.
+
# Client sends a HTTP request to
#'''C->S''' 0xFC encryption response - client encrypts shared secret with server's public key and sends along with encrypted 4 bytes
+
#:<pre>http://session.minecraft.net/game/joinserver.jsp?user=<username>&sessionId=<session id>&serverId=<server hash></pre>
#Server checks that the encrypted bytes match
+
#:If the response is '''OK''' then continue, otherwise stop
#Server decrypts shared secret with its private key
+
# Client sends [[Protocol#Login_Request_.280x01.29|0x01 login request]]
#Server checks player authenticity via session.minecraft.net
+
# Client receives a 0x01 login response
#'''S->C''' 0xFC encryption response - empty payload meaning two zero length byte arrays and two zero shorts
+
# ... receive map chunks, etc...
#Server enables AES stream encryption
+
 
#Client enables AES stream encryption
+
=== Server operation ===
#'''C->S''' 0xCD - Payload of 0 (byte)
+
 
#'''S->C''' 0x01 login
+
# Server answers tcp connection request
#see [[Protocol FAQ]] to get information about what happens next.
+
# Server receives a [[Protocol#Handshake_.280x02.29|0x02 handshake]] containing the client's player name
 +
# Server generates a hash for this client
 +
# Server sends a 0x02 handshake to the client containing a random long expressed as hex, as a string
 +
# Server receives a [[Protocol#Login_Request_.280x01.29|0x01 login request]] from the client
 +
# Server sends a HTTP request to
 +
#:<pre>http://session.minecraft.net/game/checkserver.jsp?user=<username>&serverId=<server hash></pre>
 +
#:If it returns '''YES''' then the client is authenticated and allowed to join. Otherwise the client will/should be [[Protocol#Disconnect.2FKick_.280xFF.29|kicked]] with “Failed to verify username!”
 +
# Server sends a 0x01 login response to the client
 +
# ... send map chunks, etc...
  
  
 
[[Category:Protocol Details]]
 
[[Category:Protocol Details]]
 
[[Category:Minecraft Modern]]
 
[[Category:Minecraft Modern]]

Revision as of 07:11, 13 August 2012

The minecraft client and server communicate with minecraft.net to validate player sessions. This page describes some of the operations.

Login

To log the player in, the official launcher sends an HTTPS POST (GET appears to suffice as well) request to:

https://login.minecraft.net

with the postdata:

 ?user=<username>&password=<password>&version=<launcher version>

and a "application/x-www-form-urlencoded" Content-Type header.

The current launcher version is "13", sending a value lower "12" than this will cause the server to return "Old version", however you can send any large number and it will return as expected. If the login succeeded, it will return 5 ':' delimited values.

 1343825972000:deprecated:SirCmpwn:7ae9007b9909de05ea58e94199a33b30c310c69c:dba0c48e1c584963b9e93a038a66bb98
  1. current version of the game files (not the launcher itself). This is a unix timestamp which the launcher compares to the ~/.minecraft/bin/version file.
  2. Previously contained a download ticket for requesting new versions of minecraft.jar from the server. Now contains only "deprecated".
  3. case-correct username.
  4. sessionId - a unique ID for your current session.
  5. UID - currently unused, introduced near August 8th, 2012. Grum says this is the unique ID for the user, potentially for changing Minecraft names in future.

If the request is missing a parameter, the server will return "Bad response". If the login information is incorrect, the server will return "Bad login". If the login information is correct but the account isn't premium, the server will return "User not premium".

Updating

To update, the launcher downloads files from

http://s3.amazonaws.com/MinecraftDownload/

It takes the unix timestamp from the login request and stores it in ~/.minecraft/bin/version
The following files are downloaded from /MinecraftDownload/ in this exact order:

  • lwjgl.jar
  • jinput.jar
  • lwjgl_util.jar
  • minecraft.jar

And then the natives.jar appropriate for the following operating systems: windows, linux, macosx, and solaris

  • <os-from-list-above>_natives.jar.lzma

When downloading minecraft.jar, GET variables are set as follows: ?user=foo&ticket=deprecated, although they seem unnecessary to successfully downloading the file.
Furthermore, the downloaded files are all verified via MD5 which is sent via ETag by the server on the page for each file.

Further resources are stored in /MinecraftResources. Loading /MinecraftResources provides an XML formatted list of resources, some of which are downloaded by Minecraft and not the launcher.

Keep-alive

Every 6000 ticks, the client sends an HTTPS request to

https://login.minecraft.net/session?name=<username>&session=<session id>

The client discards the server's response.

Snoop

Every 10 minutes, the minecraft sends a HTTP POST request giving stats. Note that this information is anonymous, and isn't tied to account names or server addresses

Client

The client posts the following data to http://snoop.minecraft.net/client

  • version e.g. "1.2.5"
  • os_name via System.getProperty("os.name");
  • os_version via System.getProperty("os.version");
  • os_architecture via System.getProperty("os.arch");
  • memory_total via Runtime.getRuntime().totalMemory();
  • memory_max via Runtime.getRuntime().maxMemory();
  • java_version via System.getProperty("java.version");
  • opengl_version via GL11.glGetString(GL_VERSION);
  • opengl_vendor via GL11.glGetString(GL_VENDOR);

Server

Uses http://snoop.minecraft.net/server

  • version as above
  • os_name as above
  • os_version as above
  • os_architecture as above
  • memory_total as above
  • memory_max as above
  • memory_free via Runtime.getRuntime().freeMemory();
  • java_version as above
  • cpu_cores via Runtime.getRuntime().availableProcessors();
  • players_current
  • players_max
  • players_seen simply counts the number of files in world/players
  • uses_auth corresponds to the online-mode option in server.properties
  • server_brand: via MinecraftServer.getServerModName();. 'vanilla' by default; CraftBukkit et al overwrite this method.

Joining a Server

Client operation

  1. Client connects to server
  2. Client sends a 0x02 handshake containing the current player name
  3. Client receives a 0x02 handshake from the server containing a random long expressed as hex, as a string, which it saves as serverId
  4. Client sends a HTTP request to
    http://session.minecraft.net/game/joinserver.jsp?user=<username>&sessionId=<session id>&serverId=<server hash>
    If the response is OK then continue, otherwise stop
  5. Client sends 0x01 login request
  6. Client receives a 0x01 login response
  7. ... receive map chunks, etc...

Server operation

  1. Server answers tcp connection request
  2. Server receives a 0x02 handshake containing the client's player name
  3. Server generates a hash for this client
  4. Server sends a 0x02 handshake to the client containing a random long expressed as hex, as a string
  5. Server receives a 0x01 login request from the client
  6. Server sends a HTTP request to
    http://session.minecraft.net/game/checkserver.jsp?user=<username>&serverId=<server hash>
    If it returns YES then the client is authenticated and allowed to join. Otherwise the client will/should be kicked with “Failed to verify username!”
  7. Server sends a 0x01 login response to the client
  8. ... send map chunks, etc...