node-minecraft-protocol icon indicating copy to clipboard operation
node-minecraft-protocol copied to clipboard

Published 20 hours ago verified publisher icon PrismarineJS

MCLeaks authentication not working

Open hriaksnv5678 opened this issue 4 years ago • 6 comments

[x] The FAQ doesn't contain a resolution to my issue

Versions

  • minecraft-protocol: 13.0.0
  • server: vanilla 1.15.2
  • node: 14.0.0

Detailed description of a problem

My question is how would I go about authenticating a user successfully with mcleaks?

my current attempt: When I use a session from mcleaks, the client partially connects to the server, but does not join, and the client nmp gets stuck after a promise rejection. If I end the node process, the server shows that the player was disconnected, and has the account name, but no id.

Current code

var mc = require('minecraft-protocol');

var client = mc.createClient({
    username: "McLeaks",
    version: "1.15.2",
    session: {
        accessToken: "<Token from response to requesting MCLeaks API to redeem a alt token>",
        selectedProfile: {
            name: "<Alt Username from response to requesting MCLeaks API to redeem a alt token>"
        }
    }
});

Expected behaviour

The client joins the server with the username and account provided from mcleaks

Additional context

the warning that is shown after the client tries to log on

(node:7356) UnhandledPromiseRejectionWarning: Error
    at /Users/vrishank/node_modules/yggdrasil/lib/utils.js:60:10
    at /Users/vrishank/node_modules/phin/lib/phin.min.js:1:1150
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:7356) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function wit
hout a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, us
e the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:7356) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will 
terminate the Node.js process with a non-zero exit code.

the message that is shown by the server after the client (failed to connect) terminates

[09:41:58] [Server thread/INFO]: com.mojang.authlib.GameProfile@4d47979[id=<null>,name=<alt username>,properties={},legacy=false] (/127.0.0.1:54121) lost connection: Disconnected```

hriaksnv5678 avatar Jul 01 '20 17:07 hriaksnv5678

Im pretty sure mcleaks has a custom auth server?

Beaness avatar Jul 01 '20 20:07 Beaness

no, you request to "redeem" the token, then you get some stuff. then basically mcleaks proxies the Mojang joinserver request, adding in the details of the actual account, they do this so they don't leak accounts credentials itself (point of authenticator). hmm, I have missed out the joinserver request, but I'm not fully sure how that works. I don't know how to calculate a "serverhash" as I don't handle the packets which receive the data required to calculate it, but its somewhere in Mojang's auth client.

hriaksnv5678 avatar Jul 01 '20 20:07 hriaksnv5678

I can write nodejs mcleaks library. Should I make the interface compatible with node-yggdrasil?

MrGeorgen avatar Oct 08 '20 17:10 MrGeorgen

related https://github.com/PrismarineJS/mineflayer/issues/790

rom1504 avatar Apr 16 '22 20:04 rom1504

https://github.com/PrismarineJS/mineflayer/discussions/2575 related

rom1504 avatar Apr 16 '22 20:04 rom1504

if someone wants to do a mcleaks plugin, do it that will avoid people using random insecure code

rom1504 avatar Apr 16 '22 20:04 rom1504