Hiya! I'm Aidan, or MCB. I make videos about Minecraft history; from rare usernames and capes, to large and interesting servers, to popular and influential KZreadrs, I try to cover everything to the best of my ability, sometimes bringing on a few friends and fellow creators to help me out. Enjoy!
Business contact: [email protected]
Пікірлер
Woah
This was solved because 2 people had random info lying around.
I remember when you used to live stream hive on bedrock, been here since 355 subs
I can barely see a difference between 30 fps and the record
Doge: "so i just happen to have a list of mojang passwords that *might* work, dont ask how or where i got it tho" 😭😭
wait, so it was all a Dune reference? Always was.
One single mistake in code can cost millions of people their personal data. The number "16", in this case. Time 8:49
Password is - boxpig41
lol its just minecraft 1.0 but with an authenication bug
boxpig41
Visited it today, it now sadly redirects to the Herobrine page of the Minecraft Fandom
You just earned a sub
whoever the person who unlocked it is a legend
Thank you so much for introducing me to this mystery! I had a blast learning about it and discussing it with everyone!
Of course! And thank you for introducing so many people to the mystery - wouldn't have been cracked without you
so glad this story has gotten so much attention!! you both did a huge part in publicizing it, good stuff yall!
So long...
@@nakoogotten lmao
What if you play on the minecraft.exe on tominecon?
That explanation about encryption is.... entirely wrong. The parts about hex and dec are correct, but everything else is completely off the mark. 1. The server only ever sends _encrypted_ data. Your client only ever sends _encrypted_ data. There is no way for the game to do anything else, _by design_ . It would be a massive security risk if the opposite were the case, not only for your account details, but both your computer _and_ the server machine. 2. There is no way for encryption to "break" and be left completely open while in transit. That's not how encryption works, unless someone very stupid implements a fallback to plaintext which defeats the point of encrypting that data in the first place, as you could just force one side or the other to fail, receiving all that data without needing to decrypt it. 3. The server ID being parsed in the wrong base wouldn't initially cause an issue. In fact, you'd be able to _try_ to connect just fine. You wouldn't be able to fully connect, but you could try. 4. The reason it appears that multiplayer is completely disabled is because of a related (but different) problem. The first time the server (or your client, on modern versions it's the client) would try to send a packet the other would receive, what appears to them as, a garbled mess of incorrectly encrypted data. As such, they'd immediately close the connection, since trying to proceed would be a waste of time. The decryption fails because the encryption keys (in this case, the server id) would be different on either end, like trying to log in with the wrong password.
1. Yes, that's what I'm saying. I said it would be a huge security risk if it let you send the data unencrypted, so instead, it fails to encrypt your data and multiplayer doesn't function. 2. I didn't mean it would unencrypt the data and send it, just that, well, it breaks the encryption, it makes the whole "sending encrypted data" process not function properly. The visual does make it seem more like it actually sends unencrypted data though, I admit. I wasn't really sure how else to visualize that for someone who's not familiar with encryption, which includes most people that have watched this video so far. 3. Also what I tried to say in the video, though maybe I explained it poorly. Connecting to any servers on 1.0 immediately fails. You can enter the IP and press enter, yes, but it never will connect you. 4. Possibly, yeah. I don't know the process for this super well - I was mostly focused on the process of discovering the file, and just wanted to briefly touch on why the difference between 1.0 and tominecon is so important.
@@mcbyt Sorry if that sounded harsh, I did enjoy the video - I'm a CS nerd at heart so the inaccuracy rubbed me the wrong way lol Just about everything to do with encryption is hard to explain, so kudos for giving it a shot :)
😂
Lim jayhe is a fire name😭😭😭😫
Bureaucracy within the system likely prevent whatever event they planned
Yeah it got solved in five years Y'all didn't believe it and kept acting like Matpat But that's JUST A THEORY
how come it wont show me anything to claim on TikTok?
Huh, doge dies and a video that has someone who shares the name and face as a large part of it happens a few days later? Interesting.....
how did people tried harshly to crack the password without any results if it was only 8 characters??
they didn’t know that.
Jet Set Radio music
would you stop playing with that radio? i'm trying to get to sleep!
10:15 No, parseInt would just throw an exception, which would then be caught by the try-catch blocks surrounding that code, which would then disconnect. I don't even think the serverid is used for encryption, but if it is, the encryption wouldn't be "broken", it'd just fail to decrypt/encrypt anything because the keys don't match up.
Yeah, which on the client-side means multiplayer doesn't function at all since you're disconnected before you ever get into the server. Server ID is used during the encryption process, but not to actually encrypt anything itself, just as data that gets encrypted sent to the client to allow the client to start decrypting the info and play the server
What a crazy story, gg!!
Doge: "I heard there was some minecraft file password breaking. Can I join" The community: "Sure. It's this file called 'tominecon.7z' and we have been trying to get in for a long time" Doge: "Oh have you tried 'boxpig41' it's mojang's old email password" The community: "The box what now?"
8:44 we cracked **continues to add the lock sound**
10:14 This is a very bold statement obviosuly made by someone who doesn't know how programming works. If encryption fails on a software, the device doesn't go "Oh well, guess I'm just gonna send everything unencrypted then!" for OBVIOUS reasons. At worse it may send junk data instead of actually readable encrypted data that may or may not be possible to reverse depending of the encryption scheme used assuming that incorrectly encrypting the data by ommiting the hex parts of the server ID makes the process reversible without further keying, but I HIGHLY doubt it. The most likely scenario is just that the server will go "wtf?" and reject the connection during the handshake step, and assuming it didn't, the client would just send irreversibly unreadable junk data. Also, not encrypting some data during an internet transfer doesn't mean that the average joe can see what you're sending. You still need to be on the same network as the person or have higher authority to spy on national or international internet transfers (like some countries do to catch torrent-ers)
"If encryption fails on a software, the device doesn't go "Oh well, guess I'm just gonna send everything unencrypted then!" for OBVIOUS reasons." - Yeah, that's the whole point. Like I said in the video, that would be a huge security problem, so instead, it just fails and disables multiplayer since joining any multiplayer server doesn't work. 99% of people that watch this video don't know anything about encryption, so I do have to oversimplify it a bit. And the average joe could potentially see that data, since you'd be joining a public server. I mean, if it's a small, whitelisted server with a few friends you're fine, but joining Hypixel without your data being encrypted, for example, would be bad.
@@mcbyt Minecraft fails to connect to the server likely during the handshake process that sets up the connection and encryption, you make it sound like it's some failsafe your client triggers to avoid problems but it's really not like that. Also no, if you were to connect to hypixel without encryption, no one on the server would be able to see your data still. You send your encrypted packets to the Hypixel server, which acts as a central node and redistribute information such as your position and actions to other nearby players, but not things like private messages and stuff. To have someone intercept the packet, you would need to perform a "man-in-the-middle" attack which would require you either to be on the same network as your target or have higher authority to access the country's whole internet traffic (which under normal circumstances only governments do). So no, even if you were to connect without encryption by some obscure impossible method that the very core of the minecraft server packet protocol doesn't make possible, your data would still be safe from most people, besides your government and people on your home network. And it just makes sense: when you send a packet to Hypixel, it goes to Hypixel, not to every person on the public internet. At worst it might go though routers that are on the way that'll forward the data to its destination if needed but that's it.
So the file was just Minecraft but a version without multiplier? That's... seriously disappointing. At LEAST hide a world inside it or something.
The fact that it was broken in such a simple way without some expert cia level shit like that methods, along with the only difference of it between the offical 1.0 being 4 characters in the code feels so anticlimactically funny
Finally! Always suprised what a community can do if everyone shows enough interest :)
I feel like Minecraft’s greatest mystery get solved every week now…
Are you doing a fit-mc impression?
... no? i just make history videos too
hey thanks for this video this is super cool! im part of the RGN community and thought it was cool that you were the one who kinda was behind it popping up again!
BRO THIS IS OLD NEWS. WE HEARD THIS BFORE
Huh
LimJahey is a secret spy sent by the IRS to hide the ultimate way to commit tax evasion by sharing a fake file. Source: Trust me bro
Here in less than 50k views, 261st comment.
Clickbait moment
no way
well that was anticlimactic
that was... abit dissapointing to be real, oh well, now we know they lied to us because it wasnt just 1.0, but it was a tiny bit older version of 1.0
dinnerbone said it was dissapointing
@@bazookabrooze1925 i meant the password cracking way, just usin an leaked password
holy yapper
/\_/\ ( 0.0 ) >-<
Chris in the outro 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
everyone: omg!!! It’s so hard to crack [:< doge: random pastebin 📈📈📈
The
10:30 What do you mean by saying that "Minecraft completaly disables multiplayer"? I guess not this minecraft version because then it won't be only that one line of code difference, but If not that then what is disabled and where? Or is it just the fact that Minecraft servers or client have already had (in both versions) code responsible for security that recognizes not valid connections ant rejects them or something like that? Or maybe it just crashes because data is not in desired format?
The second one, yeah. You can like, click the multiplayer button and enter a server IP, but you can't actually connect to a single server on this version
I wouldn't call a few digits of code the "Minecraft Greatest Mystery"...
The mystery is not about what was in the file. It was about the process and the excitement of finally answering one of Minecraft most asked questions. You witnessed history. Be proud.
Less so the content of the file, moreso the hunt to crack it like albert said. I mean, there's been millions of eyes on this random file for over a decade now!