It is strange to me that people obsess on programming in-game with "red stone" etc. That said I am dayjob programmer so the last thing I want to do on my free time and is to program stuff.
I made a game that uses the Luanti "voxel" engine (MC-likes games of course, but also transposition of other genres), and even programming that is bit of a chore but that's the price to pay to play the game you want to play (there's much more to that than just programming/modding; game design is a rabbit hole).
But I think that it would be more rewarding for those who are curious about programming to start modding, especially in Luanti because it is relatively well documented and it's Lua. In a way, making it rain with the programmable particle spawner the engine provides is a loot box locked by an API, with hints on how to open it in the docs ;-)
Game design is the ultimate lockbox - you're unlocking an entire imaginary world which has some platonic existance in your mind.
And since you mentioned Luanti, it deserves to be much better known as a credible open alternative to Minecraft. You could do a lot worse then designing/prototyping your game with Luanti as the game engine.
I think it is the fun of working towards simple goals, in a restricticed visual environment, in a gamified way.
The challenge is the restriction. Starting with and and or gates while at work you would be writing CRUD
Tl:dr; It was a release file for their Minecon event. It was never meant to be public. Obsessing over a password protected in a company's S3 bucket is weird and crosses many limits.
> Telling people they should not try and crack something is kind of like the Streisand effect.
More like a reverse-streisand effect. They were honest about the contents of the file, it was Minecraft 1.0 and not interesting, but the community didn't accept the explanation.
I see you haven’t stumbled across the Minecraft community much, because this weirdness is just every day for them.
Take for example, the infamous 2B2T Minecraft server.
Exploits and game breaking mechanics by virtually impossible to discover bugs, and the no rule against hacking and cheating, have led to things people didn’t think were even possible in Minecraft over the servers ~15 year history.
I disagree with this and what Dinnerbone says about locks. It doesn’t matter who file was intended for, it’s on the internet, if people want to use their silicon to do some mathematics to turn some numbers into some other numbers that’s their choice. It’s not equivalent to breaking into a house.
I agree it's not the equivalent, but the file could've contained things like Minecon attendees. That would still mean it's badly secured of course, but putting a huge community effort behind it and youtubers making 'Biggest Secret in Minecraft' videos about it would suddenly turn into very bad taste.
I personally don't see downloadability as a significant factor in the morality of breaching security. If it's bad to hack a login screen to gain access to private information, why wouldn't it be bad to hack encryption to do the same thing? What moral dimension does downloadability alter?
I think the house analogy fails because you cannot duplicate a house, take it somewhere else, and attempt to break into it there. If you could, that would undoubtedly be seen as a violation.
It is rather common in gaming to communities to find people completely obessed over ultra specific details of their favorite game. It isn't even the first time for Minecraft, see the "pack.png" case.
Weird. The file was cracked in May 2024, while the password had appeared in a database leak which was added in HIBP (and thus pretty much public) back in October 2017.
Unsure why it took the community so long to crack the file.
>He mentioned that he does not want people to nag him about it and that “It's brought up every single year, I'm hoping this is the last ”. Finally putting an end to a 13 year old mystery.
I guess only boxpig41 knows what else was protected that caused them to replace the file just to avoid the chance that the real password might get out and those might be unlocked, though at this point I’m assuming those encrypted files are gone or are no longer important.
It's similar in format to communities that obssess over "lost media." The inability to pirate or get access to something becomes an obsession. Even if the piece of media exists in an archive somewhere, that doesn't matter to them because it's about the fact that they themselves don't have access to it that has become the obsession.
There's also the piracy communities where a majority of users believe they have some sort of inherent right to watch something merely because it exists. I don't understand where that sentiment comes from.
Interest in lost media is a harmless hobby, which occasionally yields positive fruit. Reddit looked for the identity of the song "Subways of your Mind" for 17 years before it was found, and I'm sure the band was pleased to learn their music had found such interest so many years later. Where's the harm? Calling it "obsession" to make it sound bad can be done to any hobby.
Both of them were eventually decrypted. The decoy was a misdirection attempt to get people to shut up about the whole thing, since the original contained a passphrase that had been reused multiple times for Mojang's internal operations. But it only caused more people to go digging as they noticed the hash changed, along with an employee acting highly defensive about it.
They used "boxpig41" for the original and "thespicemustflow" for the decoy. Both of them contain the jar and assets for Minecraft 1.0, but the original also contained an ordinary copy of the Minecraft launcher, so that the files could used to run it during a live event even if internet access goes down, hence the larger file size.
Minecraft (java edition) has been decompiled, modded with different launchers and recompiled since ages. The reason you need a "launcher" is because for some reason Minecraft's jar file doesn't have a way of downloading all the assets Minecraft needs in order to run.
Internet denizens love opening a locked box. This phenomenon has been weaponized by the gaming industry in the form of loot boxes.
It is strange to me that people obsess on programming in-game with "red stone" etc. That said I am dayjob programmer so the last thing I want to do on my free time and is to program stuff.
I made a game that uses the Luanti "voxel" engine (MC-likes games of course, but also transposition of other genres), and even programming that is bit of a chore but that's the price to pay to play the game you want to play (there's much more to that than just programming/modding; game design is a rabbit hole).
But I think that it would be more rewarding for those who are curious about programming to start modding, especially in Luanti because it is relatively well documented and it's Lua. In a way, making it rain with the programmable particle spawner the engine provides is a loot box locked by an API, with hints on how to open it in the docs ;-)
> game design is a rabbit hole
Game engine design is a rabbit hole :)
Game design is the ultimate lockbox - you're unlocking an entire imaginary world which has some platonic existance in your mind.
And since you mentioned Luanti, it deserves to be much better known as a credible open alternative to Minecraft. You could do a lot worse then designing/prototyping your game with Luanti as the game engine.
https://www.luanti.org/
https://i.redd.it/zj0csp06b4sd1.png
I think it is the fun of working towards simple goals, in a restricticed visual environment, in a gamified way. The challenge is the restriction. Starting with and and or gates while at work you would be writing CRUD
Yeah i thought similar.
I like watching videos about these contraptions people build. Wouldn't dream of making on myself.
[dead]
It's solved, full write-up here: https://www.reddit.com/r/MinecraftUnlimited/comments/1cvo5py...
Tl:dr; It was a release file for their Minecon event. It was never meant to be public. Obsessing over a password protected in a company's S3 bucket is weird and crosses many limits.
Telling people they should not try and crack something is kind of like the Streisand effect.
> Telling people they should not try and crack something is kind of like the Streisand effect.
More like a reverse-streisand effect. They were honest about the contents of the file, it was Minecraft 1.0 and not interesting, but the community didn't accept the explanation.
I see you haven’t stumbled across the Minecraft community much, because this weirdness is just every day for them.
Take for example, the infamous 2B2T Minecraft server.
Exploits and game breaking mechanics by virtually impossible to discover bugs, and the no rule against hacking and cheating, have led to things people didn’t think were even possible in Minecraft over the servers ~15 year history.
I disagree with this and what Dinnerbone says about locks. It doesn’t matter who file was intended for, it’s on the internet, if people want to use their silicon to do some mathematics to turn some numbers into some other numbers that’s their choice. It’s not equivalent to breaking into a house.
I agree it's not the equivalent, but the file could've contained things like Minecon attendees. That would still mean it's badly secured of course, but putting a huge community effort behind it and youtubers making 'Biggest Secret in Minecraft' videos about it would suddenly turn into very bad taste.
I personally don't see downloadability as a significant factor in the morality of breaching security. If it's bad to hack a login screen to gain access to private information, why wouldn't it be bad to hack encryption to do the same thing? What moral dimension does downloadability alter?
I think the house analogy fails because you cannot duplicate a house, take it somewhere else, and attempt to break into it there. If you could, that would undoubtedly be seen as a violation.
[dead]
It is rather common in gaming to communities to find people completely obessed over ultra specific details of their favorite game. It isn't even the first time for Minecraft, see the "pack.png" case.
Weird. The file was cracked in May 2024, while the password had appeared in a database leak which was added in HIBP (and thus pretty much public) back in October 2017.
Unsure why it took the community so long to crack the file.
the salt for the passwords in the bitly breach isn't known, and the few plaintexts available were lost to time
The cracking basically started the moment youtubers presented it as 'a mystery'.
>He mentioned that he does not want people to nag him about it and that “It's brought up every single year, I'm hoping this is the last ”. Finally putting an end to a 13 year old mystery.
Ouch
so weird. many limits.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Thanks for posting that AACS key. It's been awhile since I've seen it running around the internet and we need more of that kind of thing, these days.
I guess only boxpig41 knows what else was protected that caused them to replace the file just to avoid the chance that the real password might get out and those might be unlocked, though at this point I’m assuming those encrypted files are gone or are no longer important.
This is true.
>is weird and crosses many limits.
It's similar in format to communities that obssess over "lost media." The inability to pirate or get access to something becomes an obsession. Even if the piece of media exists in an archive somewhere, that doesn't matter to them because it's about the fact that they themselves don't have access to it that has become the obsession.
There's also the piracy communities where a majority of users believe they have some sort of inherent right to watch something merely because it exists. I don't understand where that sentiment comes from.
37 replies →
Interest in lost media is a harmless hobby, which occasionally yields positive fruit. Reddit looked for the identity of the song "Subways of your Mind" for 17 years before it was found, and I'm sure the band was pleased to learn their music had found such interest so many years later. Where's the harm? Calling it "obsession" to make it sound bad can be done to any hobby.
Maybe add to title: “but is solved now”. Would have saved me some time thinking they might go somewhere.
Hmm that was a tricky one. I, er, solved it by truncation - a surprisingly effective trick for titles.
Thanks for the heads-up!
It was solved? They never decrypted the original file, only the decoy.
Both of them were eventually decrypted. The decoy was a misdirection attempt to get people to shut up about the whole thing, since the original contained a passphrase that had been reused multiple times for Mojang's internal operations. But it only caused more people to go digging as they noticed the hash changed, along with an employee acting highly defensive about it.
They used "boxpig41" for the original and "thespicemustflow" for the decoy. Both of them contain the jar and assets for Minecraft 1.0, but the original also contained an ordinary copy of the Minecraft launcher, so that the files could used to run it during a live event even if internet access goes down, hence the larger file size.
Ah, the video is a year old. There is another link to a reddit post in the thread. Supposedly it is solved now! Read more there
See comments below.
Minecraft (java edition) has been decompiled, modded with different launchers and recompiled since ages. The reason you need a "launcher" is because for some reason Minecraft's jar file doesn't have a way of downloading all the assets Minecraft needs in order to run.
[dead]
[dead]