-3

I am looking for a way to check the integrity of a client's Minecraft.jar file using MD5. I am using the Bukkit tools.

I want to check a list on the server for allowed MD5 hashes. If the hash is correct, the client will be connected to the server, otherwise they will be rejected.

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
Dice Blood
  • 1
  • 1
  • 1
    Way too many capitals. At least stick to the camel-case. – Niemand Sep 29 '12 at 19:09
  • Please can you edit your question to include a specific programming question. Currently it is very vague and we cannot tell if you need help just performing an MD5 hash, or connecting to a server, or using Bukkit, or... – Duncan Jones Sep 29 '12 at 19:15
  • 1
    You could have read of http://stackoverflow.com/questions/304268/getting-a-files-md5-checksum-in-java or http://stackoverflow.com/questions/415953/generate-md5-hash-in-java or http://www.javalobby.org/java/forums/t84420.html or http://www.mkyong.com/java/java-md5-hashing-example/ to get started... – MadProgrammer Sep 29 '12 at 19:23
  • 1
    You can't, for everything can be easily spoofed. – LanguagesNamedAfterCofee Sep 29 '12 at 19:30
  • it sounds like you are basically trying to implement DRM. if you are worried about cheaters, and you are running your code on the client machine, then there's ultimately nothing you can do. if the person is a cheater then they can easily modify _your_ code to remove the md5 check. – jtahlborn Sep 29 '12 at 19:40

1 Answers1

3

You are trying to implement a client side check that will not be possible without installation of some client side mod. If you are going to require all of your users to have to install a mod to get on your server, you will drastically reduce the number of possible players are many will not want to install the mod, or not want to take the time to do so.

Also since all client side mods are 100% subject to being manipulated this is a completely insecure way to confirm any "validation". I would highly suggest that you try to better define what your real target blocks are and then consider implementing server side mods that help to prevent the problems you are targeting. For example plugins like, Grief Prevention, or LogBlock will help prevent/undo griefing. As plugins like NoCheatPlus or AntiCheat will help to prevent/counter issues such as fast dig, flying, clipping, etc.

Bradley A. Tetreault
  • 464
  • 1
  • 5
  • 19
  • I think it's important to reiterate: anything sent from the client cannot be assumed to be true or valid. it would be very easy to modify the md5 hash that is being sent to your server. – Alex Lynch Sep 29 '12 at 23:01