Jump to content

[Explanation] How does Minecraft UUID auth system works?


Recommended Posts

Hey, I made a quick explanation of Minecraft UUID auth system implemented in 1.7.

If you're interested in how it works, read further.




> Since 1.7 came out, there's a "GameProfile" assigned to every player now. You can get GameProfile of a player by using EntityPlayer.getGameProfile(). Yeah, with that said, you probably still wonder how does Minecraft UUID system work. Let me start explaining that.


>>>>>>>>>>>>>>>>>>>>>>>> DISCLAIMER! <<<<<<<<<<<<<<<<<<<<<<<<

>> 1. English is not my main language, I could make mistakes

>> 2. I could be wrong.


1. UUID in Java

> There's a concept of Universally Unique Identifier. If you're not familiar with it, try reading that*. If you have no time (too lazy) to read it, I'm going to cut a long story short here. UUID is an ID made out of 128 bits (16 bytes, 2 longs). It's called "unique" because the random number generator used when doing UUID.randomUUID() is very strong. According to wikipedia "only after generating 1 billion UUIDs every second for the next 100 years, the probability of creating just one duplicate would be about 50%", so yeah, pretty strong. UUIDs can be converted to hexadecimal string and backwards. They can also be generated from any amount of bytes as a random seed(UUID.nameUUIDFromBytes(byte[])), that's what Minecraft uses to get UUIDs from account / nickname.


2. Getting UUID from player's account

> There's a UUID assigned with every Minecraft account. When the player enters the game, session id, as well as account UUID, is provided in program arguments. Then it converts into a real UUID by using UUID.fromString(arg). This UUID will be sent to the server when the played connects to it, identificator is also used in constructor of a GameProfile (new GameProfile(UUID, username)).


3. Getting UUID from an offline player

> Remember, I mentioned UUID.nameUUIDFromBytes(byte[])? Minecraft generates an offline UUID from bytes of string "OfflinePlayer:<nickname>", in other words: "UUID.nameUUIDFromBytes(("OfflinePlayer:" + getName()).getBytes(Charsets.UTF_8)". That's why when you change "online-mode" in settings.properties, everyone loses their inventories and player infos. UUID is changed, so it leads to another file in "playerdata" folder of your world.


That's probably all the explanation of this whole UUID auth system.



> Me researching minecraft sources while I'm modding


* https://en.wikipedia.org/wiki/Universally_unique_identifier




Permanent link:


Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.