Lastlogin And UUIDs

I know that ever since 1.6 they stopped using the lastlogin to store account information like the user and password, but again, in 1.6 they have changed that. From what I have heard they use session IDs to handle this, but wouldn't a physical file be stored on the PC? I might have an idea where they would be stored, in the launcher profiles.json [.minecraft].I have no idea how to decrypt UUIDs, which are present in the files.

It would go
},
"1.7": {
"name": "***",
"lastVersionId": "****",
"javaArgs": "***",
"playerUUID": "********************************"
(*= the text inside [ex. the UUID could be QeDhjgYA5ZZ0m3QKmkQrbNulpGRkiCfg])
I want to know if there is a possible way of decrypting these, or is it impossible/impractical to do anything with these.
Thank you

If its encrypted with SHA-3.. Good luck finding or making a working de-crypter which isnt a rat. I know that the session ID is used for the Minecraft realms. Also I dont think it would be stored as a "physical" file. It would be more of a test which creates an instance to check whether or not the account is premium which is stored in a database. But what you said might be valid just not sure

For the physical file thing, I am most confident in there being one, all the UUIDs are the same for the instances, except for the profiles which my alt is logged into

they wouldnt use the "physical file" as the decryption would be seen in the code... Im pretty sure they grab it off a database..

I will try my friend's UUID's and see if it works, if not, you are probably correct.
The only thing I don't understand is how it would grab the data, if you have you password remembered, I will also try decrypting them, and see where that goes...

Originally Posted by stephenrpollard

You cant really decrypt it if you dont know:
i) The encryption method
ii) The public key
iii) The private key

I found out that the UUIDS for this are different for everyone. If the same person has the exact same password, their UUID will change to avoid collisions etc. Looking at ATLaunchers source code, the Minecraft launcher uses TOKENS. Theres a method which sends your entered username and password to an authentication URL. If it is a legit premium account, it sends back a token with random key. It lets you in depending on the token.

Lastlogin And UUIDs

Post a Reply

Similar Threads

Tags for this Thread