sdomi
commented
2 years ago Hey, thanks for the heads up. I'm gonna be on the lookout to see if the key stops working - if it does (and I don't notice :p), feel free to ping me here.
I was planning to implement a proper way to exfiltrate the current key, but I couldn't be bothered to finish my attempt from a few months back. Sometime in the near future may be a good time to attempt reversing their launcher again.
I'm leaving this issue open for future comments. Thanks again!
Aresiel
Hey,
First off, I really appreciate this!
Second, the API key on that post now started to be used by PolyMC (you probs know about the recent scandal, if not, PCGamer article (yes, it's bad enough PCGamer wrote about it).
Only remaining dev's "solution" to curseforge revoking their api key was to now use a rather sketchy api to get a working key, that api happens to return the one exfiltrated from the curseforge launcher.
Since curseforge already revoked their api key once, once they spot this, it's not improbably that they'll regenerate their own once they discover this bit of tomfoolery.
Once again, thanks for writing this, 'twas really helpful for you can guess what!
Cheers