Skip to content

Instantly share code, notes, and snippets.

View Aizistral's full-sized avatar
🖤
We all die a little sometimes, it's alright

Aizistral

🖤
We all die a little sometimes, it's alright
View GitHub Profile
@Aizistral
Aizistral / lastreport_signed.json
Created June 23, 2022 16:14
Intercepted Minecraft Chat Reports
{
"id": "dd4b0fa03c5545c5baadc768b1fb5194",
"report": {
"type": "CHAT",
"opinionComments": "This man",
"reason": "HATE_SPEECH",
"evidence": {
"messages": [
{
"profileId": "bfa45411874a4ee0b3bd00c716059d95",
@Aizistral
Aizistral / MINECRAFT_BANS.md
Last active February 14, 2024 05:32
Research on Minecraft's global bans

Research on Minecraft's global bans

Date: 02.09.2022
Last Update: 24.12.2022
Author: Aizistral
In collaboration with: ejaussie, also known as British Empireball#3906

While I wish this could have been conducted sooner, this is the first verifiable ban case where I could contact the person banned. Some couple weeks ago I even purchased second Minecraft account with the sole intent of committing what would appear as bannable offense and being reported by one of my friends afterwards, which I sucessfully did; however, no action from moderation team followed. At the time this lead me to conclude that reports are not yet actioned on, which was perfectly explainable by unfixed exploits with chat reporting in 1.19.2. This case might indicate that reports are indeed actioned now, at least since the date of this research, but it is also possible that ban occured due to automated chat monitoring on Realms (see [Our Commitment to Player Safe

@Aizistral
Aizistral / MINECRAFT_UMA.md
Last active February 14, 2024 05:33
What can still be done with unmigrated Mojang accounts?

What can still be done with unmigrated Mojang accounts?

Date: 14.09.2022
Author: Aizistral
In collaboration with: LapisDemon, 0n#5210

It is already widely known that unmigrated accounts can no longer be used to log into official launcher, and there is almost nothing you can do with them on minecraft.net website, except migrate. However, some third-party launchers, such as PolyMC, still offer the option to log into the game from Mojang account, even though it is not possible to play multiplayer in such case. This raised the question in my mind: how much exactly can still be done with unmigrated account?

Precise data on this matter has proven hard to come by. Luckily - with the help of LapisDemon, who have kindly supplied one of her unmigrated accounts for testing, I was able to collect some myself. All data presented herein is published with her full permission.

This research sets the goal of answering the following questions:

@Aizistral
Aizistral / AbsoluteStateOfChatReporting.md
Last active July 9, 2024 12:44
The Absolute State of Chat Reporting

The Absolute State of Chat Reporting

Originally introduced in 1.19.1, chat reporting has undergone many changes in Mojang's attempts to eliminate the exploits and make the system functional. The purpose of this paper is to document the current technical state of chat reporting on an ongoing basis, and to provide a reference for the community to use when discussing the system. To that end I will try to keep it as unbiased as possible.

The Basics

Chat reporting heavily relies on cryptographic commitments and signatures to ensure that reported chat messages are not tampered with. The basic idea is that all players sign their chat messages with their private key, and then send the signature along with the message to the server.

Chat signing keypair is not generated by the client as one could expect; instead, it is issued by Mojang's services and is tied to the player's account. This means that the keypair is shared between all clients that the player uses, and the player can't change it. The keypair is f