As long as the software is saving my login information I will never use it.
Could someone confirm that its even doing this? Isn't it just like bypassing the login screen by using the stored information instantly without you having to click login? :/
I'm 95% sure that this is the same program that was spammed on the forum by someone (EVERY forum at that), with the exact same security concerns. Very similar concerns were expressed, guy was banned.
Based on that alone:
If you download and run this, you are probably making a grave mistake.
This need to be flagged for physhing, a mod usually does not send out information or does not require them to be stored anywhere.
the op say it does not send anything out of his firewall would block it. but if he allow minecraft to communicate with mojan server it ALSO allow with any other website.
the jar does NOT contain anything from the video neither, so please, don't be stupid and do not use this, unless you want to contact Notch to claim your account back.
Although it looks suspicious, the Updater is safe... I haven't gotten around to a thorough check of MCCheat itself. At the moment it connects to various parts of the site, but no data is being transmitted.
The Updater:
Horrid encryption, but easy enough to get around.
import java.io.InputStream;
import java.io.File;
import java.io.FileInputStream;
public class Decrypter {
static byte[] charBuf = new byte[256];
static String[] cache = new String[256];
static int[] cacheIdx = new int[256];
public static final synchronized String getString(int start) {
int i = start & 0xFF;
if (cacheIdx[i] != start) {
cacheIdx[i] = start;
if (start < 0)
start &= 65535;
String str = new String(charBuf, start, charBuf[(start - 1)] & 0xFF).intern();
cache[i] = str;
}
return cache[i];
}
static {
try {
InputStream is = new FileInputStream(new File("I.gif"));
if (is != null) {
int i = is.read() << 16 | is.read() << 8 | is.read();
charBuf = new byte[i];
int j = 0;
int k = (byte)i;
byte[] tempBuff = charBuf;
while (i != 0) {
int m = is.read(tempBuff, j, i);
if (m == -1)
break;
i -= m;
m += j;
while (j < m) {
int l = j;
byte[] b = tempBuff;
b[l] = (byte)(b[l] ^ k);
j++;
}
}
is.close();
}
} catch (Exception e) {
}
}
public static void main(String[] args) {
int[] toCheck = {
1, 129, 131, 86, 43, 13, 18, 27, 1, 38
};
for(int i = 0; i < toCheck.length; i++) {
System.out.println(toCheck[i] + " = " + getString(toCheck[i]));
}
}
}
Simple enough. It connects to the site and compares the MD5 of the local version to check for an update. Which is what an updater should do right? (You can verify the code from a few posts above)
And now a quick glance at the actual mod itself.
The first thing it does, is attempt to set the look and feel to match the system. Afterwards it looks for the minecraft directory, and if not found spits out saying that it must be ran at least once, blah blah blah. Next it sets up the launcher frame, which from a bytecode perspective looks taken directly from Notch. This involves checking the username/password with the server, and either continues or exits. No data is sent to an outside source here. If successful it continues to create the mod GUI and other various elements, and instantiates the heart beat thread, which connects to the mccheat website every 30 seconds(?) and this is what gives the players currently using count. No data is sent here. The tedious part is checking all of the GUI. If someone would like to give a quick look it would help out greatly. If you don't feel the need to decompile, JBE is a great bytecode viewer.
Well it seem that the download given is not the main jar itself but just an updater to download it. so mccheat.jar itself need to be checked, which i will.
And about the heartbeat, that is why the website is able to tell actually how many players are using it from the website.
Well it seem that the download given is not the main jar itself but just an updater to download it. so mccheat.jar itself need to be checked, which i will.
And about the heartbeat, that is why the website is able to tell actually how many players are using it from the website.
Yea, I looked a little through MCCheat, and didn't find any trace of it being sent. It could be hidden in a GUI action somewhere though. It's quite a job to do it at a bytecode level, and I'm not a fan of decompilers...
Quote from rolfdavid »
Quote from HcoJustin »
...
Hi and welcome to the forums!
I am always suspicious when it comes to mods which reads my login info. Even if it doesn't send it anywhere, why does it have to by pass the login screen?
And HcoJustin, either you are a very nice guy who had to make an input in this thread since you are very well informed on the subject. OR you are that well informed since you build the MOD, uaehuaeh?!
No but seriusly. I am always against mods that uses my log in info for anything at all.
I don't see a reason to not be suspicious! Anything that has access to any personal information should be treated carefully. I've been browsing the forums quite a lot, but this is something I thought I'd be able to help shed some knowledge on
Yea, I looked a little through MCCheat, and didn't find any trace of it being sent. It could be hidden in a GUI action somewhere though. It's quite a job to do it at a bytecode level, and I'm not a fan of decompilers...
You seem like quite the expert haha. Do you code java yourself?
I guess to avoid all this confusion it would be better for the original coder to just let you log in manually. Even though it doesn't send your passwords it would just make people get that sense of security. I've been using it for around 2 days now. Havn't lost my account.
Could someone confirm that its even doing this? Isn't it just like bypassing the login screen by using the stored information instantly without you having to click login? :/
What's the source for I.I? That appears to be the key to most of what's going on there.
Better dungeon loot, bones in dirt, Witch hut loot, ect
Based on that alone:
If you download and run this, you are probably making a grave mistake.
the op say it does not send anything out of his firewall would block it. but if he allow minecraft to communicate with mojan server it ALSO allow with any other website.
the jar does NOT contain anything from the video neither, so please, don't be stupid and do not use this, unless you want to contact Notch to claim your account back.
Although it looks suspicious, the Updater is safe... I haven't gotten around to a thorough check of MCCheat itself. At the moment it connects to various parts of the site, but no data is being transmitted.
The Updater:
Horrid encryption, but easy enough to get around.
Using what indices the updater calls, we get:
Simple enough. It connects to the site and compares the MD5 of the local version to check for an update. Which is what an updater should do right? (You can verify the code from a few posts above)
And now a quick glance at the actual mod itself.
The first thing it does, is attempt to set the look and feel to match the system. Afterwards it looks for the minecraft directory, and if not found spits out saying that it must be ran at least once, blah blah blah. Next it sets up the launcher frame, which from a bytecode perspective looks taken directly from Notch. This involves checking the username/password with the server, and either continues or exits. No data is sent to an outside source here. If successful it continues to create the mod GUI and other various elements, and instantiates the heart beat thread, which connects to the mccheat website every 30 seconds(?) and this is what gives the players currently using count. No data is sent here. The tedious part is checking all of the GUI. If someone would like to give a quick look it would help out greatly. If you don't feel the need to decompile, JBE is a great bytecode viewer.
Well it seem that the download given is not the main jar itself but just an updater to download it. so mccheat.jar itself need to be checked, which i will.
And about the heartbeat, that is why the website is able to tell actually how many players are using it from the website.
I downloaded manually the jar at http://www.mccheat.net/mccheat/MCCheat.jar
gonna check for the sources now.
Yea, I looked a little through MCCheat, and didn't find any trace of it being sent. It could be hidden in a GUI action somewhere though. It's quite a job to do it at a bytecode level, and I'm not a fan of decompilers...
I don't see a reason to not be suspicious! Anything that has access to any personal information should be treated carefully. I've been browsing the forums quite a lot, but this is something I thought I'd be able to help shed some knowledge on
You seem like quite the expert haha. Do you code java yourself?
I guess to avoid all this confusion it would be better for the original coder to just let you log in manually. Even though it doesn't send your passwords it would just make people get that sense of security. I've been using it for around 2 days now. Havn't lost my account.
OP also seems pretty concerned and frantic that someone else doesn't want to use the hack, which OP claims he didn't make.
Either way, I would stay away from this and just use a normal mod, I've seen about 3 other mods that allow you to noclip/fly earlier.
Why would you tell them? They're griefers who don't deserve an account
Its not even made by him just go to http://mccheat.net/download.php for it with out survays
Edit. Oh i see what you mean, he edited it then uploaded the "Fake" one. just to the link above for the real one.
I'm pretty sure its the same file. I tested the one from mccheat.net and it has the same features.
Don't be noobs.