[Question] How can I determine whether the authserver I connected is Mojang or 3rd-party

yushijinhun / authlib-injector

Build your own Minecraft authentication system.

https://authlib-injector.yushi.moe

GNU Affero General Public License v3.0

751 stars 68 forks source link

[Question] How can I determine whether the authserver I connected is Mojang or 3rd-party #170

Open teddyxlandlee opened 2 years ago

teddyxlandlee commented 2 years ago

As 1.19.1 releases, many players are concerning that they're possibly reported by others if their keypair are signed by Mojang, and they signed their chats.
However, keypairs signed by 3rd party yggdrasil servers can't be recognized by Mojang's report system.

What I'm planning to do is to develop a mod warning players who are connecting a Mojang-auth server which enforces secure profile.

How can I determine whether the player is connecting Mojang-auth or 3rd-party authserver?

Thank you.

Lama3L9R commented 2 years ago

@teddyxlandlee 起夜级方案：Class.forName一个ai的类

teddyxlandlee commented 2 years ago

@teddyxlandlee 起夜级方案：Class.forName一个ai的类

这样有一个问题你没办法保证用authlib-injector的不会原地tp到moj-auth

yushijinhun commented 2 years ago

With the release of authlib-injector v1.2.0, clients with authlib-injector will use a randomly-generated profile key, and an empty signature (\0). Both the server and the client will accept any profile key, regardless of whether the signature is valid or not.