TheUnrealMegashark TheUnrealMegashark - 1 month ago 10
C# Question

Minecraft 1.6.2 Custom Launcher

I am making a launcher for Minecraft. 1.6.2 changed a lot, so the way you login is different. If any of you have any knowledge of logging into minecraft using C#, I would appreciate it.

wClient.DownloadString("" + strUsername + "&password=" + strPassword + "&version=13");

I believe this used to be a valid way of doing it, but I am not quite sure anymore. Help is appreciated, thanks.


In reply to TheUnrealMegashark's comments to Rhys Towey's Answer. I have been working really hard to get it to launch, but. Its throwing me off a bit. The very next update will include a 1.6 fix. Just got to figure it out.

The proper answer to your question is that the web link that fetches the Session is still currently in use. Nothing new there.

Beware! You must know that your

"" + strUsername + "&password=" + strPassword + "&version=13"

Is unsafe. It sends the password of the user through the internet in plain text. it can be subject to "Man in the Middle" attacks.

One of the proper ways to encrypt the connection is to use HTTPS with POST. Using POST, I avoid sending all of the data in the request URL and send the data through POST. Using HTTPS, I encrypt any data sent after the request URL returns. HTTPS makes POST encrypted, thus removing "Man in the Middle" attacks.

You can use GET with HTTPS and it still be secure (from what i have read). But, it is considered an unsafe practice. Although it is safe in all accounts between your computer and the connected device, anywhere else it might be seen and be subject to "Man behind you Attack". What I mean is that when you send this URL, it is possible for your computer to record the URL in some sort of history, or, display it in an address bar in plain text. Although, sense your not making a web browser and the URL is not displayed, this could possibly all be forgotten.

But, If it were me, I would still play it safe and just use the safer strategy.

To use HTTPS with POST.
Here is a sample of code i use in my "AtomLauncher." This code will send the POST data to the URL and return a string. Goto to get more info on the string that is returned.

string mcURLData = "Error";
using (WebClient client = new WebClient()) // Get Data from Minecraft with username and password
    //  This a Text control for my Program, ignore this commented line if you wish.
    //  this.Invoke(new MethodInvoker(delegate { homeLabelTop.Text = "Connecting to"; }));
        System.Collections.Specialized.NameValueCollection urlData = new System.Collections.Specialized.NameValueCollection();
        urlData.Add("user", "UserName");
        urlData.Add("password", "MYPa22w0rd");
        urlData.Add("version", "13");
        byte[] responsebytes = client.UploadValues("", "POST", urlData);
        mcURLData = Encoding.UTF8.GetString(responsebytes);
        if (!System.Net.NetworkInformation.NetworkInterface.GetIsNetworkAvailable())
            mcURLData = "Internet Disconnected.";
            mcURLData = "Can't connect to";

To use HTTPS with GET
just simply change the


in your code to


In other news.

I have fixed my code. Feel free (when its uploaded) to use it. For your information, you need to know that when 1.6.X launches it creates a natives folder of which it starts using immediately. What I have done to fix this was to run 1.6.2 and copy the natives folder it created and removed the number.

Created "version/1.6.2/1.6.2-natives-###"
Copied it to "version/1.6.2/1.6.2.natives"
Point my program to "natives" folder I created.

What I'll end up doing in the future is automatically checking for the natives folder and if it doesn't exist, I'll have it download natives from the internet. (I would love to know where minecraft is getting its current natives so i can essentially do the same thing. Unless, what it does is download it from the internet every time it launches. If true, that's kind of ugly. Seeing as I have bandwidth usage limits.)