ok now im having my own sort of...special problem goin on here, im not a braniac when it comes to networking but i know my way around. now i have my own server and i can connect with a couple tries through local host with ease, maybe getting that invalid server key error 1 or 2 times. now my main problem. nobody can connect to my server and i cant even connect through my own IP, (no not my ipv4) i know for a fact i have my ip correct, it hasnt changed, and i know that the port forwarding is 100% correct yet my server keeps telling me that the connection has timed out when i try to log into my bew 1.0.0 server with my 1.0.0 client. anyone know whats going on? and no i dont have any firewalls, restarted everything, reinstalled the client and the servers multiple times, and installed the .class file in this post, still have not been able to fix it after 3 days of work.
edit: btw i can connect to other peoples servers with ease even without the .class file, and i have tried usin both the .exe and .jar from minecraft.net
First check netstat -abn (run in Command Prompt) and make sure your Minecraft server (probably running under java.exe) has "0.0.0.0:265whatever" next to it. It should by default.
Try my which I released last night on reddit before OP made this: http://redd.it/mis64
It is actually exactly the same approach to address this annoying little problem :smile.gif:
You need to quit minecraft before you can do this... If you've already quit it, and it is still saying that, there is probably a lingering Java process still holding the lock on the file. Reboot your computer and try again.
By the way, I noticed that your fix doesn't assign the variable correctly so it still sends the original (bad) key to the server. (It's sending hh1.a and not your s1 -- but if you did send your s1, then you'd get Bad Login on all servers.)
That means the login exploit works again, meaning people can login under your Minecraft account.
Okay, I've seen this said about a million times already.
I've updated to 1.0.0. How the HECK do you update, or where do you get the update for the server?
Simple as that. If there is not an update for the server, where can I find a re-download of 1.8.1 of Minecraft? I did not save prior to the update, as I didnt know all this BS would happen.
I downloaded the given class file an when opened up to an SMP server, this is what I'm given:
java.lang.SecurityException: SHA-256 digest error for abp.class
Any idea what I must've done wrong? Please keep in mind I'm a bit tired at the moment, so mistakes on my part may be the case.
Delete the signature files in META-INF/ (the two files besides MANIFEST.MF). They tell Java to verify that the game files aren't modified, which is exactly what we're doing!
It's Mr. Out-of-nowhere patch-for-Minecraft again. If someone hasn't posted it yet, here's a self-serve (you don't have to wait for servers to fix it) client-side fix for the "Invalid server key" error.
If you find the fix useful, please reply with a thanks or something to keep the thread available for others to see! Thanks.
Manual installation:
Replace this file: http://www.sk89q.com/content/2011/11/abp.class
(Don't forget to delete everything inside the META-INF folder of minecraft.jar, except for the MANIFEST.MF file.)
The bug is actually caused by (another attempt...) at fixing this exploit: http://www.minecraftforum.net/topic/636318-181-exploit-fix-login-under-someone-else’s-minecraft-account/
It attempts to check if the server key is valid by attempting to parse the server key as a long, but there's an error that makes this fail (attempt to parse an unsigned long, causing overflow). I've changed this to a simple check to make sure that the server key is a hexadecimal number.
A bunch of moderators told me last time that my last thread kept getting reported, so check out the post I linked above (which I posted). That was moderator-approved. Oh, I also make WorldEdit, WorldGuard, CraftBook, and a few other things.
FREQUENTLY ASKED QUESTIONS
I get "java.lang.SecurityException: SHA-256 digest error for abp.class".
Delete the signature files in META-INF/ (the two files besides MANIFEST.MF). They tell Java to verify that the game files aren't modified, which is exactly what we're doing!
I get "Outdated server" instead after installing this patch.
The server you are joining is still running 1.8.1! You can't do anything about that, except to revert back to 1.8.1 (you did save it, right?).
After installing, I still get this error.
If you didn't mess up, it's because my valid key check is still a bit restrictive. I'll have to look into that if Minecraft doesn't get a fix soon (which it may). For the technical people, the current regex is ^\-?[0-9a-fA-F]+$
Open up the minecraft.jar file with a ZIP program, because .jar files are secretly .zip (on Windows, type %APPDATA%\.minecraft\bin in Windows Explorer to find this file, on Linux, it is in ~/.minecraft/bin, on Mac OS X I have no clue)
Copy the downloaded abp.class file into minecraft.jar and replace the existing file.
Go to the META-INF folder and delete everything except for MANIFEST.MF. The files you delete tell Java to make sure that Minecraft's files have not been modified, but that's what we're doing!
If you don't understand these instructions, don't worry! They're pretty bad. (If someone has a link to a good tutorial, please post it.)
0
First check netstat -abn (run in Command Prompt) and make sure your Minecraft server (probably running under java.exe) has "0.0.0.0:265whatever" next to it. It should by default.
0
By the way, I noticed that your fix doesn't assign the variable correctly so it still sends the original (bad) key to the server. (It's sending hh1.a and not your s1 -- but if you did send your s1, then you'd get Bad Login on all servers.)
That means the login exploit works again, meaning people can login under your Minecraft account.
Exploit explained here:
http://www.sk89q.com/2011/09/minecraft-name-spoofing-exploit/
0
Nah, independent invention. I would have gotten to it earlier if I had played Minecraft 1.0 before last night.
0
https://s3.amazonaws.com/MinecraftDownload/launcher/minecraft_server.jar
0
0
http://www.sk89q.com/content/2011/11/invalid-server-key-fix-mc1.0.exe
0
Delete the signature files in META-INF/ (the two files besides MANIFEST.MF). They tell Java to verify that the game files aren't modified, which is exactly what we're doing!
1
Sounds like you have a different problem :tongue.gif:
87
If you find the fix useful, please reply with a thanks or something to keep the thread available for others to see! Thanks.
Manual installation:
Replace this file: http://www.sk89q.com/content/2011/11/abp.class
(Don't forget to delete everything inside the META-INF folder of minecraft.jar, except for the MANIFEST.MF file.)
If you really want to donate to me: http://www.sk89q.com/donate
EXPLANATION
The bug is actually caused by (another attempt...) at fixing this exploit:
http://www.minecraftforum.net/topic/636318-181-exploit-fix-login-under-someone-else’s-minecraft-account/
It attempts to check if the server key is valid by attempting to parse the server key as a long, but there's an error that makes this fail (attempt to parse an unsigned long, causing overflow). I've changed this to a simple check to make sure that the server key is a hexadecimal number.
A bunch of moderators told me last time that my last thread kept getting reported, so check out the post I linked above (which I posted). That was moderator-approved. Oh, I also make WorldEdit, WorldGuard, CraftBook, and a few other things.
FREQUENTLY ASKED QUESTIONS
I get "java.lang.SecurityException: SHA-256 digest error for abp.class".
Delete the signature files in META-INF/ (the two files besides MANIFEST.MF). They tell Java to verify that the game files aren't modified, which is exactly what we're doing!
I get "Outdated server" instead after installing this patch.
The server you are joining is still running 1.8.1! You can't do anything about that, except to revert back to 1.8.1 (you did save it, right?).
After installing, I still get this error.
If you didn't mess up, it's because my valid key check is still a bit restrictive. I'll have to look into that if Minecraft doesn't get a fix soon (which it may). For the technical people, the current regex is ^\-?[0-9a-fA-F]+$
How do I install?
First, if you use Windows, try this installer:
http://www.sk89q.com/content/2011/11/invalid-server-key-fix-mc1.0.exe
Basically, you install it like every other mod:
0
You appear to be banned via MCBans.com
0
0
@EmergedPVP I'm afraid the server is everything you don't want >.> Mostly build, limited PvP
0
0
0