TLauncher Account Support (mostly to be able to see skins from TLauncher players)

[NiDzA-12]

Role

In multiplayer

Suggestion

To be able to see skins from players that use TLauncher

Benefit

It would allow for players that use a "default" cracked launcher (TLauncher) and people that prefer th multimc gui (people that use your launcher)

This suggestion is unique

• [X] I have searched the issue tracker and did not find an issue describing my suggestion, especially not one that has been rejected.

You may use the editor below to elaborate further.

Thanks in Advance

[zaafonin]

Wouldn't call this shitty on sight, but unfortunately it's not the top priority task right now. I've got to update the launcher to the newest MMC codebase and then work on newer features.

[NiDzA-12]

Yeah it is mostly because my friends that use TLauncher don't see my skin but personally i don't care about their perspective so thanks for the feedback

On Mon, Sep 6, 2021, 14:01 AndreVuillemot160 @.***> wrote:

From dev side, these guys didn't wrote any documentation about how to implement this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/AfoninZ/MultiMC5-Cracked/issues/67#issuecomment-913592287, or unsubscribe https://github.com/notifications/unsubscribe-auth/AVPYZDBWP3KYP2LT7SZOXATUASUSLANCNFSM5DO6KREQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[zaphod77]

pretty sure that tlauncher's skin system is actually ely.by

https://www.facebook.com/tlmclauncher/ the one that ely.by provides a download for.

So what you actually need to see those skins is the ely.by patch, or to use an ely.by account yourself. then you shoudl be able to play with the tlauncher friends and see their skins.

This whole two tlaunchers thing is really weird.

Okay. done moreinvestigation.

tlauncher.org uses it's own skin system. this is the one that should not be touched with a 10 foot pole. it uses your main minecraft idirectory. do not under any circumstances use it. I can fid no documentation on it's auth system or how to use it's skins. it apparently has premium hd skins and capes and stuff.

There are also mulitple tlauncher legacy builds. the one you can get at ely.by's site is one of them. these use a much cleaner interface. they support mojang, ms, ely.by, and local accounts (and don't ask for a password with local). these are well-behaved, and will ask for a new directory to store files in.

[MenacingPerson]

i think this guy wants the other tlauncher, not the one that provides elyby.

[zaphod77]

oh that one? yeah good luck supporting tlauncher skins withotu getting tlauncher. they do give you instructions on how to patch tlauncher skins into you rminecraft installs, but i have no idea if that works when you aren't using tlauncher.

In fact i'm 100% sure it doesn't. tlauncher.org will never make their skin module available, because they have their own premium hd skins and animated capes. Ely.by has a mod for official minecraft to let legit people see their skins, but tlauncher does not. It modifies minecraft files to do it's special skin tricks.

[lebestnoob]

While this comment isn't necessarily contributing to the project, I found a forge and fabric mod that allows you to view TLauncher skins. It could be used as a temporary solution to the problem while this feature, if it even is possible at all, gets added. The mod is called CustomSkinLoader. I tried it out on some cracked servers and it displayed their skins. I even doubled checked the skin that was shown to me by inputting their username on TLauncher's skins catalog and they matched.

Download link

One thing you may want to do is modify the mod's config file, which is located in .minecraft/CustomSkinLoader/CustomSkinLoader.json (Click Minecraft folder button on an instance in the launcher), so it will only display TLauncher skins. The loadlist in the json should look like this:

  "loadlist": [
    {
      "name": "TLauncher",
      "type": "ElyByAPI",
      "root": "https://auth.tlauncher.org/skin/profile/texture/login/"
    }
  ],

[zaphod77]

That's quite interesting.

It TLauncher really uses elyby api, then it's as simple as adding their auth servers to support?

and the mod seems to understand HD skins too? but i see notign in te tlauncher section about capes.

This is actually quite useful. it's got source too.

INTERESTING...

[MenacingPerson]

Keep in mind, DO NOT INSTALL TLAUNCHER. The tlaun.ch one is fine, but the one that pops up on google is spyware. Use it in a VM if you must.

[MenacingPerson]

they do give you instructions on how to patch tlauncher skins

where?

[zaphod77]

They have you edit a manifest file and then it will show the TL icon in the launcher for the installation, and the skins will work. also it used to be implemented through some sort of mod that can still be found on curseforge.

[MenacingPerson]

They have you edit a manifest file and then it will show the TL icon in the launcher for the installation, and the skins will work. also it used to be implemented through some sort of mod that can still be found on curseforge.

Then it's only on tlauncher. I found the mod, here, but it's closed source. Anyone know where the auth server is?

[zaphod77]

Hopefully adding in spyware-free tlauncher.org support won't piss them off too much. :) There's a couple other alternate skinning apis, but i don't know if they do auth as well.

[MenacingPerson]

If they do, ask them to cope

You can't copyright an API, pretty sure that's in the law

[zaphod77]

it won't bypass their premium, just their launcher ads.

which if they are aware of they might object to.

Not my problem, though. :)

[MenacingPerson]

What're they gonna do about it? Cry to the pirate government or whatever? lol

[zaphod77]

anyone figure this out? I'm not exactly up for testing it, but it would make some peopel happy.

[MenacingPerson]

If I can figure out their auth URL, probably possible.

[zaphod77]

GOT iT.

skin.authentication.authenticate=https://auth.tlauncher.org/skin/authentication/authenticate skin.authentication.refresh=https://auth.tlauncher.org/skin/authentication/refresh

[MenacingPerson]

soooo... not self-hosted elyby. sad

[zaphod77]

it's Yggdrasil at https://auth.tlauncher.org/skin/authentication/

complete with /authenticate and /refresh endpoints. so should be no trouble to implement.

[MenacingPerson]

ohh, I thought it was like ely.by

[max8rr8]

We use yggdrasil emulation in ely.by, so tlauncher authentic wil be easy to implement

[MenacingPerson]

When I try to do it, I get Authentication server attempted to change the client token. This isn't supported.

[zaphod77]

that's what i thought. from what i gather most alternative launchers use yggdrasil as well since it's an open auth api or at least documented. you just need to extract their jar file with winzip and get their auth URLs, get their skin url, identify their actual skin api, and poof.

That mod supports a few more skin APIs.

You can also run suspicious launchers sandboxed to fetch their libraries so you can decompile them, if a text scan isn't enough to get the auth and skin urls.

It seems that their impelmentation doesn't accept the random token that the normal launcher generates for a first login, and insists on picking it's own regardless. So tlauncher auth needs it's own token from their server and won't take yours.

According to the yggdrasil spec, client token is optional, and you can make the authenticate request without one, and the server will fill it. This seems like an intentional change to try and stop people from interoperating with them.

[MenacingPerson]

This seems like an intentional change to try and stop people from interoperating with them.

So how hard will it be to get it to work?

[zaphod77]

as i said, i think you just have to change the client to not provide a token that hasn't been sent from the server yet, and to track it separately for each account. If i had a working build environment on my computer i'd try myself.

did some investigating of other launchers but not sure it's worth the trouble. crystal launcher doesn't seem to do the sketchy stuff that tlauncher.org does, but they claim to have their own api.

decompilation and investigation seems to back up this claim. auth is here https://auth.crystal-launcher.pl/api/authenticate.php and i can't figure out a darn thing. the skinapi had different uls for cape, skin, modeltesting, and head grabbing. way too much trouble.

i see no evidence of Yggdrasil being used, except for mojang acounts. the fact that there is no java only download for windows is scary, but the launcher itself has clean code that is easily traced. and all the stuff prsent in tlauncher.org seems absent.

launcherfenix is.. strange, and weirdly obfuscated, and hard to parse file names are very strange for the class files, and it grabs a lzma blob file where i think most of the real code is in. and the exe versions seem very suspicious. crystal launcher seems less suspicious, though i can't give it a clean bill of health for sure.

[MenacingPerson]

Any luck here?

[zaphod77]

did anyone who actually has a tlauncher.org account figure this out?

[KindaNeatdoe]

Any updates?

[pokcreator]

Hi, maybe someone knows where TL checks the user's UUID

[Neptune650]

I'll see the possibility of implementing this by reverse engineering TLauncher, nothing confirmed by now though, needless to say we already have ely.by support so the one tlaun.ch uses should work just fine right now.

[Neptune650]

In order to properly implement this feature it's important to know from which URL TLauncher gets the profile (UUID) of an account, any idea?