Pilchard123

IIRC, it has said it was more designed to be a 'raid some dungeons with your friends on a private server and then shut it down' type of game, rather than a persistent world. I don't know Frizzil's position on that though.

I worked out a few days back that the probability of you getting your a key is about 9% each time you try. I'll post my working if anyone wants to have a look.

Has anyone tried contacting Mojang directly about this? I know Notch's personal Mojang email, but I don't know if an email from just me will get through. Is there a Mojang support email? Does anyone think that a mass effort to email them would work, if we got enough people to do so?

Something that a friend pointed out to me earlier - you can get the person's email address, and people also often use the same password for lots of different accounts. Given a username/password/email address combo, you can get into a lot of things.

Don't worry - I didn't take it that way. The weak link is the password box. If you can intercept the data in there before it is dealt with, then you can do whatever you want to it. Java has a JavaCompiler class that will take a .java file and output a .class file. I'm pretty certain it is also possible to unpack/repack.jar files at runtime. I'll leave the rest to your imagination.

You don't even need to work out how to decrypt it, just use the launcher's decrypter. I won't specify how to do it, but I've managed to get the launcher to tell me the password - in cleartext - from whatever lastlogin file is given to it. Hashing could help, although I can still think of a way to steal a username/password pair without raising any suspicion, even if lastlogin was hashed. I could even cover my tracks by making the mod edit itself to not have the malicious code in it while you were playing Minecraft. Of course, as with anything written in Java, it's easy enough to decompile, but that requires that you know to look for it. If you don't look at it until it's run once, there isn't anything there to find. Mind you, if this isn't a problem, then I'm sure they won't mind posting their lastlogin files. Since, you know, it's not a problem.

Suddenly, a skeleton popped out!

We do indeed. I haven't actually logged in yet, but I will in a day or two.

Dunno, sorry. I don't use power teleport pipes, so I can't really say.

I think you need to set it to 1, not 0. IIRC, 0 will lose 100% of the power per block, but I'm not certain.

I got a key! They accepted it too! I'm Pilchard123 on there as well.

EssentialsEco has a trade thing that will let you trade (money or items) for (money or items), and the stacks don't have to be the same size. Of course, it does require that you run Essentials.

I make two assumptions here: 1. The launcher will populate the password field of the login with your actual password, not some thing that looks like it. 2. You are gullible enough to install my lastlogin stealer. I can now, by modifying the launcher at my end slightly, steal all of your passwords. I'll explain how later, but it's really simple.

Call me a noob, but where would one get the source for the launcher? I want to look at a few things. EDIT: I also want to be be able to edit the launcher source easily without messing around with hex editors, but that's not the point of this edit.

You don't need to decrypt it, you only need to distribute it. Thinking about it, I reckon we should stop this line of discussion. Call me paranoid, but if any very-anti-technic modders were to come in here... EDIT: Hurr durr. Distributing it is a little pointless, because you can only log into the game with it. Still. EDIT AGAIN: Once you have the lastlogin file, mess with a launcher to show the password as a human-readable string, rather than a blanked-out array of characters. Does that sound doable?

Hoo boy, I forgot about the lastlogin thing. Account leeching is probably possible as well. Great.

Unfortunately, most of that's do-able. Stealing/selling accounts, not so much, but deleting/corruping saves and MC...yup. Just some fairly simple file I/O. EDIT: Well, thinking about it for a few seconds more, your MC is probably safe, as you need to run MC to run the mod. I can think of some ways around that too, though.

Keys expire 24 hours after they are sent. Key requests expire 3 hours after though, so I can see where you got that from. Regardless, I was on my computer at the time I got it (12:00 exactly) and had tried to use it within about half an hour.

I know. But perhaps Hellbrand doesn't want to do that. Perhaps the server owner doesn't want to include Forestry any more. Perhaps they do, but can't rely on everyone else doing it, and so decided to not bother. That said, a rain detector is the way I would have done it as well, had SirS not pulled Forestry.

I got a key, but due to some stupid bug it wasn't recognised. Seriously, how many people try to register each time to make it necessary to try for two weeks?

Because that's going to work so well when Forestry is gone, isn't it.

Ah, yea. Micro$haft.

What? A large games company doing something like this? Perish the thought!

Which pack version are you using? You've only given the launcher. To find the pack version, go into the options panel in the launcher.

Re: Could this remove the need for a Technic pack? http://forum.spore.com/jforum/posts/list/5132.page Ah, there's something that mentions the googly eyes and shoes. I knew it was around somewhere. As for its reliability, I'm not certain, but w/ever.