Session

From wiki.vg
Revision as of 06:15, 26 January 2012 by Barneygale (talk | contribs) (Undo revision 1739 by KlaypexHF (talk) Automating logins isn't an exploit.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The minecraft client and server communicate with minecraft.net to validate player sessions. This page describes some of the operations.

Login

To log the player in, the official launcher sends an HTTPS POST request to:

https://login.minecraft.net

with the postdata:

 user=<username>&password=<password>&version=<launcher version>

and a "application/x-www-form-urlencoded" Content-Type header.

The current launcher version is 12, sending a value lower than this will cause the server to return "Old Version", however you can send any large number and it will return as expected. If the login succeeded, it will return 4 ':' delimited values.

 1281688214000:deprecated:TkTech:8204407531530365141:
  1. current version of the game files (not the launcher itself). This is a unix timestamp which the launcher compares to the ~/.minecraft/bin/version file.
  2. Previously contained a download ticket for requesting new versions of minecraft.jar from the server. Now contains only "deprecated".
  3. case-correct username.
  4. sessionId - a unique ID for your current session.

Updating

To update, the client sends a request to

http://s3.amazonaws.com/MinecraftDownload/minecraft.jar?user=foo&ticket=deprecated

It converts the Last-modified header to a unix timestamp and stores in ~/.minecraft/bin/version

The client also downloads LWJGL jars from /MinecraftDownload, but doesn't pass any GET variables. Further resources are stored in /MinecraftResources.

Keep-alive

Every 6000 ticks, the client sends an HTTPS request to

https://login.minecraft.net/session?name=<username>&session=<session id>

The client discards the server's response.

Joining a Server

Client operation

  1. Client connects to server
  2. Client sends a 0x02 handshake containing the current player name
  3. Client receives a 0x02 handshake from the server containing a randomly generated hash, which is saves as serverId
  4. Client sends a HTTP request to
    http://session.minecraft.net/game/joinserver.jsp?user=<username>&sessionId=<session id>&serverId=<server hash>
    If the response is OK then continue, otherwise stop
  5. Client sends 0x01 login request
  6. Client receives a 0x01 login response
  7. ... receive map chunks, etc...

Server operation

  1. Server answers tcp connection request
  2. Server receives a 0x02 handshake containing the client's player name
  3. Server generates a hash for this client
  4. Server sends a 0x02 handshake to the client containing the hash
  5. Server receives a 0x01 login request from the client
  6. Server sends a HTTP request to
    http://session.minecraft.net/game/checkserver.jsp?user=<username>&serverId=<server hash>
    If it returns YES then the client is authenticated and allowed to join. Otherwise the client will/should be kicked with “Failed to verify username!”
  7. Server sends a 0x01 login response to the client
  8. ... send map chunks, etc...