Here's some important links you might want to check out! My Discord: discord.gg/rY4unvn RetroGamingNow Discord: discord.gg/retrogamingnow Tominecon.7z Team Discord: discord.gg/Q2BU69AN3S Download tominecon.7z: buu.sh/u/tominecon.7z

I like how Doge just casually has a bunch of leaked Mojang passwords like its nothing

All community: we finally cracked a decoy for 10 years !! Doge: pull outs an all old mojang pass word and did it in 1 day.

Thank you so much for introducing me to this mystery! I had a blast learning about it and discussing it with everyone!

Please don't say "way back in 2020". It makes me feel old

10:15 your data will still be encrypted. It's just that you wouldn't know the key so the data will just be garbage and unusable

I can't believe you listed totally real passwords on screen like that. Anyway, gg!

i just finished watching a video talking about how it will never be cracked, WHAT THE

great video! the only thing missing here is a mention that the server files are in fact different builds from the final 1.0.0. while code-wise (and even content-wise) they're identical, the final 1.0.0 server was built 6 hours after the tominecon 1.0.0 server, making them have different file hashes.

10:15 No, parseInt would just throw an exception, which would then be caught by the try-catch blocks surrounding that code, which would then disconnect. I don't even think the serverid is used for encryption, but if it is, the encryption wouldn't be "broken", it'd just fail to decrypt/encrypt anything because the keys don't match up.

GGs to Doge who somehow decided to keep the old leaked passwords, then to Dinnerbone who helped have this spread further, and of course, the original user who had sent the real thing and not a decoy.

Alright but seriously, why wasn't "boxpig41" bruteforced sooner?

10:14 This is a very bold statement obviosuly made by someone who doesn't know how programming works. If encryption fails on a software, the device doesn't go "Oh well, guess I'm just gonna send everything unencrypted then!" for OBVIOUS reasons. At worse it may send junk data instead of actually readable encrypted data that may or may not be possible to reverse depending of the encryption scheme used assuming that incorrectly encrypting the data by ommiting the hex parts of the server ID makes the process reversible without further keying, but I HIGHLY doubt it. The most likely scenario is just that the server will go "wtf?" and reject the connection during the handshake step, and assuming it didn't, the client would just send irreversibly unreadable junk data. Also, not encrypting some data during an internet transfer doesn't mean that the average joe can see what you're sending. You still need to be on the same network as the person or have higher authority to spy on national or international internet transfers (like some countries do to catch torrent-ers)

7:09 "unless you have time travel and use it to connect to the office WiFi." Ok, another use of the password that we know now too.

This was solved because 2 people had random info lying around.

3:36 Oh my God, I just love seeing other KZbinrs I watch being mentioned in videos, this mystery would have gone in a very different direction if any of you didn't cover it! From the seeds of panoramas, to paintings, now passwords to files.

it was just 1.0 version of minecraft with minimal differences biggest differences being the extra files

That explanation about encryption is.... entirely wrong. The parts about hex and dec are correct, but everything else is completely off the mark. 1. The server only ever sends _encrypted_ data. Your client only ever sends _encrypted_ data. There is no way for the game to do anything else, _by design_ . It would be a massive security risk if the opposite were the case, not only for your account details, but both your computer _and_ the server machine. 2. There is no way for encryption to "break" and be left completely open while in transit. That's not how encryption works, unless someone very stupid implements a fallback to plaintext which defeats the point of encrypting that data in the first place, as you could just force one side or the other to fail, receiving all that data without needing to decrypt it. 3. The server ID being parsed in the wrong base wouldn't initially cause an issue. In fact, you'd be able to _try_ to connect just fine. You wouldn't be able to fully connect, but you could try. 4. The reason it appears that multiplayer is completely disabled is because of a related (but different) problem. The first time the server (or your client, on modern versions it's the client) would try to send a packet the other would receive, what appears to them as, a garbled mess of incorrectly encrypted data. As such, they'd immediately close the connection, since trying to proceed would be a waste of time. The decryption fails because the encryption keys (in this case, the server id) would be different on either end, like trying to log in with the wrong password.

Kinda strange all the mobs in the sounds folder had names in singular (blaze, ghast, magmacube, etc.) but endermen are listed there as "endermen"…

The fact that it was broken in such a simple way without some expert cia level shit like that methods, along with the only difference of it between the offical 1.0 being 4 characters in the code feels so anticlimactically funny

haha I have been waiting for this video since the password got cracked lmao

I feel like Minecraft’s greatest mystery get solved every week now…

I'm so disappointed nobody cracked an 8 character long password of printable ascii.

this is so absolutely roaring.. GOOD EPIC MOMENT!

10:16 no, the data would be encrypted, the encrypted data just wouldn't be able to be read by the server since it didn't have the right decryption key. this would cause the client to be disconnected. also, passwords aren't sent to the server, your Mojang session ID was sent to the server. sending your password unhashed to an unofficial server is a huge no-no.

damn 13 years ggs guys

>Cracks a file >"16" That's... That's it?

13 years ago with this video being 13 hours ago

would personally never have guessed the password to be 6 letters and 2 numbers, one would think that would’ve shown up in people’s dictionary attacks by now

9:37 : it's not a "server id", it's an encryption key. the code literally says right there that if it fails to parse the "server id" it will stop and say "The server responded with an invalid server key". 10:09 : no, it couldn't. of course it couldn't. where in the world did you get that idea from? right in the oracle docs: Throws: NumberFormatException - if the String does not contain a parsable long. 10:13 : wrong again, the code says right there that if it fails to parse the "server id" it will stop and say "The server responded with an invalid server key". even if it *did* try to communicate without the right key, all of the data between the server and client would be garbled and a connection would never be established. did you run this section by someone who knows anything?

The video starts at 8:48

It's crazy that someone named Doge did this considering the dog we all know as Doge (Kabosu) just passed away.

Chances are this is just an old Minecraft version. Blue eyed folks like Mojang can't really come up with something really deep

TLDR: Dinnerbone said the pw was used for other thing in Mojang years ago and Doge just happen to have a list of old passwords used by Mojang

Pls stop the clickbait, it's not a "great mystery" or "some mystical code", is just Minecraft 1.0 in password-protected archive with a lame password. A great mystery would be if someone reverse-engeneered the Minecraft binaries and found some advanced and complicated code that send encrypted data to Mojang servers for example. That would 100x more interesting than this nonsense.

just boxpig41? that'd be literally the 41st thing I would've tried

0:05 Is that ren-diggidy-dog on the right?

Yeah… I can see why no one wanted the password out there in the early days of the hunt (Even the people who claimed to have cracked the password said they probably shouldn’t have done it) if it was the making email password

The fact we not only cracked the password but learned TONS of stuff about the files is nuts. First, the contents of the file, and the fact it IS different from an actual release of 1.0 Minecraft- albeit very, VERY slightly. And yet that slight change was such a massive problem... quite interesting, honestly. Second, the password, which is amusingly only 8 characters long... go figure. No wonder they were so worried about the password... in fact, using the password strength checker shown earlier in the video, the password for the original file is WEAKER than the password for the decoy! Third, the two things the password was used for. Since it was originally for their email account, it makes sense why it was so worrying. But with that changed, it's a lot safer now. Dinnerbone wasn't kidding when he said that. And fourth, the fact that when many people are curious, nothing can stop them. This was probably the craziest thing that could have happened... but I'm glad that there's finally a concrete end to this saga. (Let's not go trying to crack any more files unless given advance knowledge that it's for an ARG or something.)

This episode of MCBYT was brought to you by the number 16.

If you dont know the inf dimension update for minecraft has a lil secret Lore In a dimension theres a chance you find a Book titled "orders"

I like how minecraft players can do just anything when they get together

Finally! Always suprised what a community can do if everyone shows enough interest :)

hey thanks for this video this is super cool! im part of the RGN community and thought it was cool that you were the one who kinda was behind it popping up again!

whats shader are you using

That ending could have been SUCH a good transition into a VPN ad

this channel is just consistently good like seriously the amount of stuff that minecraft has undiscovered that you somehow find about and make thousands also be interested in is crazy

Jeez. I too would've want to encrypt this version if it was that troublesome.

Dude this is AWESOME! I heard about the update from Dinnerbone, but I had no idea the password itself was actually cracked shortly after!

It's kind of fitting that the only difference between tominecon and minecraft 1.0 was the number 16 considering how the number 16 factors into coding and minecrafts mechanics and all that. Thematic, for how insignificant it is

0:24 Good music choice ! A bit nostalgic.

8:18 number 5 💀

i remember watching the original video on this,its good to see it come to completion

I was hoping it would have some secret art that would be used in minecon

I love content like this about mysteries or old minecraft there all just really fun to watch ty MCBYT

if only someone brought this to my attention way earlier...

bros unlocked the time capsule 💀

I was wondering about it just now

IMO Minecraft's greatest mystery that has already been solved will forever be the seed for the pack.png image

Another classic MCBYT banger .

lol its just minecraft 1.0 but with an authenication bug

10:15 that’s a ridiculous statement to make. If you’re correct and the server ID is “used” to encrypt data (which is probably a stupid and insecure idea anyway), that would mean it’s the encryption key. Worst case scenario your game / server crashes from failing to encrypt data to send or failing to decrypt data that was received. Either you pulled that last part out of your ass, or old Minecraft servers use some really weird non standard method of encryption you’re somehow aware of

such chill folks at mojang. and the interesting part is that, while the skills and methods may have malicious applications, by publically stating and engaging with the process they effectively give permission for users to try. as if its a challenge to them. ergo, while the tools may potentially be questionable, the act is not considered in violation of the law than if you added a randomised password to an empty file and then tried to get into it. it goes from an illegal act to one of grey legality.

I love how the first password was a Dune reference

Everyone involved in the search: This file will take years to be cracked, due to its- Doge: I solve this in 1 day

Well, Mojang must be pissed

Good video, I'm glad youtube just randomly recommended this

I thought it was weird how RGN tried to imply that it was impossible to crack in his follow up videos after the first video blew up. I mean, weirder and more difficult things have been achieved before. It seemed like a matter of time and boy that was fast

Well done , everyone. I wasnt expecting this to be solved yet it was.

But there are a few other questions, for example when you are in .minecraft/bin, there is a file that contains all the md5 hashes of the .jar files First, this file mentions a file called windows_natives.jar.lzma, which I couldn't find Second, all hashes match the hash of the file, except for minecraft.jar

Danny Dorito and Lim Jahey is hilarious

HOLY SPLAUGENSPLUGEN

4:10 Tonight, RGN (and his followers) join the hunt

we could see whats inside even faster if someone used android unpack feature😭

what shaders????

Where do you get Minecraft Edo? Please tell me in a comment

They son of a birch, they did it

this is so absolutely insane, EPIK!

LMAO imagine the whole dedicated discord server... all it took was a old password list and one second.

8:44 we cracked **continues to add the lock sound**

mans with that JSRF tune

How did you download Minecraft Edo please?

I guess that some things need 13 years to be solved lol

to be honest the devs literally said to not crack it, along with some other people, the fact that no one even bothered to listen to them just shows that they won't listen to the community when they do something wrong, we didn't listen, why should they?

Me thinking this had to do with Herobrine. 💀

I wouldn't call a few digits of code the "Minecraft Greatest Mystery"...

so i remember being on a trying be on a server back in right after minecraft got it's 1.0 release, some friends and i was trying to get in to a server, kept giving us errors trying to join but invalid server key kept popping up, I believe somebody got it fixed during that time, sk89q released a class file, are you saying we actually might've had this issue right after the 1.0 release? it was quickly fixed, but still that was annoying trying to join a server.

wow, I didn't expect it to be cracked!

Shit like this makes me wonder what other mysteries could be solved if the right person stumbled across it.

We got random dude joined our private Minecraft server, he just flying in creative mode, destroying everything and we can't ban him. Thankfully he joined only hour after we started new season, but still he messed up everything, and somehow he also found our discord channel. How get rid of him?

Thank goodness that version of the game was never released. Our multiplayer data could have been in so much danger!

Cool, a great file for my endless data hoarding base

wait, so it was all a Dune reference? Always was.

I wonder what Mojang's / developer's / Dinnerbone's responses are to this

Doge: "so i just happen to have a list of mojang passwords that *might* work, dont ask how or where i got it tho" 😭😭

Always a great day when MCBYT posts

As a programmer, seeing a variable called "var3" is haunting.

i like the way your minecraft looks

what shader are you using in your footage?

in rgb first episode, he said that there was someone who cracked it on the hacker forums, and that guy also said that if it went to wrong hands, it would cause a catastrophe. With this video it now supports his claim, he most definitely investigated the file and found the decimal format you talked about.