Check if player is prenium

Discussion in 'Spigot Plugin Development' started by T4R13N, Aug 10, 2018.

  1. Hello!

    I am looking to check if a player joins the server with a version crack or prenium.(on a server in online-mode: false or bungeecord)

    so that if it is prenium it does not need this / login
     
    • Like Like x 1
  2. I believe that the only thing you gotta do is getting his/her UUID, if it returns null is because is cracked, if it returns a normal UUID is because the player is premium.
     
  3. I believe that every player gets a unique ID. You can however use that UUID to check if an account is premium with Mojang's HTTP API. There are plenty of code examples out there, even full plugins.
     
    • Informative Informative x 1
  4. But on a server in online-mode: false, the uuid are generated according to their nickname so I can not go through the uuid :/
     
  5. Fair point. I guess you can't do that, then.
     
  6. It's possible by validating the session with Mojang, not sure how exactly, but I know it is.
     
  7. But if I do with uuid ect as you say I could only know if the player has to buy the game but not know if he connect it with a launcher prenium or crack
     
    • Like Like x 1
  8. 2008Choco

    Junior Mod

    A good way to determine whether a player is using a cracked account or not is to set your server as "online-mode: true". This way, premium users will be able to join, cracked players will not. Easy distinction. ;)
     
    • Agree Agree x 4
    • Funny Funny x 2
  9. Yes except that I want to allow both but facilitate the authentication of players prenium
     
  10. I would have taken the plugins there is already but it's plugin has no API: /
     
  11. ScarabCoder

    Resource Staff

    Then check the source? I'm gonna tell you now, it involves lots of packets and packet manipulation. It won't be easy.
     
  12. Why would you need to do this? Couldn't you just make it a config option? If not, then just...

    Code (Java):

    UUID uuid = <fetch uuid from mojang using the player name>
    if (player.getUniqueId().equals(uuid)) {
         // they are online mode
    } else {
         // they aren't
    }
     
    Or you could look up how to read .properties files and check for the online-mode manually which may be a better option than pinging mojang API everytime someone joins

    OR you could use some kind of web scraper to check the server status of mojang servers if you're wanting to check for when the authentication servers are down.

    EDIT: Nevermind. I don't know how you would accomplish this.
     
  13. Easier version: run two bungeecord instances, and check from which bungeecord the user is from (where one instance runs in online mode, and the other in offline mode)

    Alternative version is still using two hostnames, but point them at the same bungeecord. Then simply toggle online mode from there (InitialHandler used to have a field for this)
     
  14. It's a HTTP request to mojangs sessionserver.
    https://wiki.vg/Protocol_Encryption#Server
    https://wiki.vg/Authentication

    You just need to capture the shared secret key between client & server, it's in one of the first exchanged packets, even in offline mode (NMS required, not part of bukkit / spigot API).
    I got it working about a year ago, i think the things didn't change much, so it's definitely possible.
     
    • Like Like x 1
  15. I just found my code. It's from 12. Apr. 2017, for MC 1.10.
    There i sent a "net.minecraft.server.v1_10_R1.PacketLoginOutEncryptionBegin" (copied packet constructor from mojang class) and waited for a "net.minecraft.server.v1_10_R1.PacketLoginInEncryptionBegin".
    Then i again copied a part of mojang's logic to do some stuff:
    Code (Java):
        public String getServerId(PacketLoginInEncryptionBegin packet, MinecraftServer server) {
            SecretKey loginKey = ((PacketLoginInEncryptionBegin) packet).a(server.O().getPrivate());
            String serverId = new BigInteger(MinecraftEncryption.a("", server.O().getPublic(), loginKey)).toString(16);
            return serverId;
        }
    Then i did a HTTP request "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=" + playerName + "&serverId=" + serverId".
    This should guide you where to start in 1.13.
    However the tricky part is to catch the PacketLoginInEncryptionBegin, because this will (must) be received before any bukkit events (like PlayerJoin, blablabla…) is fired (at least it was before everything in 1.10).

    Either you hook into NMS network channels and stuff - or use protocollib, which does the dirty work.
     
  16. Actually, simply checking if their UUID matches their offline UUID should be sufficient.

    The offline mode UUID can be computed using the nameUUIDFromBytes and their username.
     
  17. Are you sure this works?
    As far as i know if the server is in offline mode, it won't check for online UUIDs and gives "online mode - premium" users also a offline UUID.
     
  18. Bungeecord UUIDs will be patched for online users. I assume you'd do the same in a local system if you had one.
     

Share This Page