There's More To The Minecraft Code No One Has Solved
ฝัง
- เผยแพร่เมื่อ 15 พ.ค. 2024
- WATCH THE tominecon.7z SERIES HERE: • The tominecon.7z Saga
I covered the story of tominecon.7z in a previous video, but there were some things that I missed as well as some new information I discovered. Join me to learn even more about this captivating mystery.
Link to the RGN Discord: / discord
Music by RetroGamingNow
"Gemini" - • "Gemini" - Music by Re...
"The Depths" - • "The Depths" - Music b...
"Unknown Enigma" - • "Unknown Enigma" - Mus...
"Ethereal Screenscape - • "Ethereal Screenscape"... "
"A Secret Mission (Outro Theme)" - • "A Secret Mission (Out...
#minecraft #mystery #secret #mojang #tominecon
Errata:
The text at 10:28 should say "Minecraft@Home" - เกม
So uh...in the 19 hours since this video was released, there has been a HUGE update which makes this video at least partially obsolete. Watch Part 3 here: th-cam.com/video/veIy1pJJ4Ow/w-d-xo.html
Hope we get an update soon! Keep up with the good work man.
i'll be watching videos about minecraft misteries for three days in a row 😭 (they're good tho)
Already😂
bruh hahahahahahaha
Bro got smashed by the power of human will. 💀
"Hey, RetroGamingNow, this is Mojang. We saw your video about the 7z thing. It seems to be... Popular... How much money can we pay you to make another video telling people not to crack the password?"
LOL
Lol, it sounds like it for someone who loves mysteries he's really trying to get people to give up cracking it.
To be honest do I think it's anything big? probably not lol but it's stil funny.
This feels extremely out of place, and a weird follow up I just don't see the thought process for creating this video the way he did, if he was slightly less leaning on "don't solve it guys, not worth it" I'd find it less strange but it's like the sole purpose for this video was discouraging people from solving it. Maybe he really just thinks it's not worth it or too risky? Idk it's odd.
Hi mean he explains it in his video. It's most likely a crime. Big risk, small reward.
@@CrateSauce It being a crime only really matters if Mojang were to push back on it. And if it does get cracked and really is nothing valuable, it'd be a problem disaster for them to do so
The fact there was never concrete proof of anyone opening and proving the files is 1.0 will always perpetuate the mystery no matter how mundane it is.
True. But if the contents of the file are as mundane as they say, it makes me think there's a small chance that a former Mojang developer might come forward and publish the password somewhere. Since there isn't anything secret inside the file, there would be no reason to keep the mystery alive. Or perhaps that is exactly what they wanted from the beginning - a hoax. This whole mystery has brought a lot of attention to the game and united the community in the common goal of trying to crack the password and solve the darn mystery, which makes me think it might've been intentional.
when we put our minds together, humans have achieved many seemingly impossible accomplishments throughout history, and I think cracking this code is in some way, shape, or form as possible as erecting a mile tall skyscraper, but what do i know : /
@Reyes-zq9qv The devs has said repeat that they forgot the password. So even if it is as mundane, it's probably they just don't remember. Of course, they could be lying but I don't think they're trying to create a hoax assuming that is it just minecraft 1.0
@@Russellsauceyeah but this aint worth anybody's time
@@Reyes-zq9qv Like RGN said it’s very likely no one at Mojang remembers the password.
The decoy swap and that talk show video clip was the hoax and entertainment not the original. Someone at Mojang (most likely Tobias) saw the traction the topic was getting on the forums and had an idea to actually turn it into a game for the community. Which I think even further proves the OG file had nothing special.
The idea of someone suggesting "just break the AES-256 encryption" as a solution is up there with Q suggesting "just change the gravitational constant of the Universe" as insane overkill solutions
"I don't need your fantasy women!" Commander William T Riker
Queue the bill gates with an overly large pin pong racket meme
Yea, just completely destroy modern cryptography. NBD
Give it to the 2b2t community. They are the masterminds of overkill methods when it comes to minecraft. They'll break the encryption wide open in a week with the right incentive, regardless of the consequences.
Probably more likely to try and break the encryption implementation of 7zip
7:47 I am devastated that "admin" is not among the top 96 passwords.
by any chance, would your password happen to be admin?
The general userbase probably don't know what admin means honestly. You have to think, one of the only things people keep admin as the password for is their internet router because the ISP puts it there.
lol first things i saw were f###me and f### lol
@@snowrose124 probably not but since most standartpasswords are admin its probably likely. Just the amount of companies that probably never set up their passwords along should have made the list
@@applesource8261 Yeah. vendors now are randomizing passwords. newer routers and appliances do not use admin as logins anymore because people do not change passwords.
12:55 - For what it's worth, I just downloaded the original file and decrypted it no problem. Some of us remember the password. 😉
evil
WHAT!?!?!??!???
YO
If someone wanted proof RetroGamingNow was asked by Mojang to incentivise people to NOT decipher the password. There it is
you have the chance to do the funniest thing ever and tell people some clues
also hello Nathan!
Ok so this time I've actually figured it out. Tominecon is actually not the words "To MineCon," it is the words "Tom in Econ." The file contains the Economy Class notes of a student named Tom. His friend who worked at Mojang accidentally uploaded it to the Mojang servers and was unable to figure out how to remove it, so he encrypted it to prevent anyone from accessing Tom's Econ notes. Why are they so sensitive? Well, they actually contain a brand-new economic model distinct from any conceived before, where all money is given to Entity 303, who eats it and in exchange hacks the code of the simulation of reality to give people food and other basic necessities. Tom didn't want his idea getting out because he was not ready to reveal it himself and couldn't have anyone claiming the idea for themselves. I have to type quickly because Tom has Entity 303 himself going after anyone who knows the truth, but the key to open the file is-
lol
Wow
I thought it was a guy named Tomine, who was a con.
You had us in the first half ngl
bro wrote a whole paragraph about 'tom in econ'💀💀
I don't know why people haven't tried this yet but the password is most likely in Swedish. Mojang at the time was mostly comprised of a very small development team.
We've tried many Swedish wordlists.
@@Shock_Treatment really? srry if i sound a bit uneducated i havent been in the discord yet
Isn't it only numbers
@@user-cm5uk6ei6pthe video establishes that these claims were mostly trolls
Also most of Sweden speaks english
bros being held at gunpoint while recoding this video for sure
As a software developer I feel reasonably confident that someone who worked for mojang and was at minecon needed some files from the mojang private file server which couldnt be reached from outside the network. As a workaround someone in the office zipped the files with a password and slapped it on the public server so it could be downloaded, sent the password to the person who minecon who downloaded the file, got what they needed, and then deleted the password from their chat history to be safe and no one remembered to go back and delete the file from the public server.
That's what I thought of as well. After all it's called tominecon and not forminecon. To me, that sounds like sending some information to someone else.
nice
100% what I expected. Network restrictions, email attachment limits way to small, throw it on a public server with a password.
Dinnerbone said that he had to go through his old emails, but still had the password
I’m calling it now, somebody is going to comment “As someone named John S., I feel personally called out.”
As someone named John S., I feel personally called out.
He knows who he is
Well, that's technically my dad's name 😂 should I tell him to subscribe?
YOU KNOW WHO YOU ARE JOHN
@@ichangedmynamenow3478 Me, breathing a sigh of relief that I'm Jon
The actual responses in your server were so damn funny. Nobody knew what they were talking about LMAO.
i got a headache from that discord user talking about infiltrating the file with a virus
@@adansmith5299 AI deep learning is what does it for me
digital natives at work
@@adansmith5299same, I was like “and how, pray tell, would you do that?”
do people not realize half of them were being sarcastic
Guess we'll just have to wait until they get quantum computers to work.
The thing is, AES is a symmetric cipher.
AES is resistant against quantum computers
@@BlartttttFor now, soon (as in a maybe a couple decades) they will surpass AES 256 which is why people are working on new encryption algorithms that neither binary nor quantum computers can crack.
absolute zero to cool a quantum cpu has to be an enormous pain as it is
@@plankera Well the algorithms actually are already done and have been published in the new TLS 1.3 standard. It's now on the developers to update software so the encryption is quantum proof
imagine someone finally gets the password for the 7z after nearly 15 years, and realize that mojang wasnt lying when they said it was just 1.0
The things Dinnerbone said about the file are terrifying , if its true , means all the others were lying
Well sure, I think it's something mundane. But now it's become a challenge to crack it, less for the content and more for the act of cracking it:)
@@FAB1150 but still, that would be so dissapointing and underhwleming
@@Kibutsuji_Muzan7 Dinnerbone posted the content 😮
I usually don't comment anywhere but i really gotta say this. 1.0 was compiled on the 14th of November 2011. This means that even release 1.0 is older than this mysterious file. Everyone can find that out by just opening the 1.0 jar file with any kind of zip or rar program.
If it is not the 1.0 jar file, which i doubt that it isn't, then it is definitely just some presentation data from Minecon 2011. Whatever is in that file it is probably not that special but it probably has some historical value to some archivists.
I personally don't care about the contents but it is interesting to learn about passwords and how they work
I wonder how large a minecraft release is with all the debug headers and such kept in. It could both be "the minecraft 1.0 release" and also something exciting - it would be cool to get a slightly better glimpse into how miencraft devs named functions and variables at the time, or as the original video theorized, some kind of proprietary tooling
@@zane49er51 Wasn't Minecraft still written in Java at the time? If so there really isn't debug headers (or debugging symbols) in the traditional way, it's all just class files and there's no difference between release and debug builds. If there's anything sensitive in that archive, I think the most likely scenario is some signing certificates. That said unless Mojang were morons on a scale that boggles the mind, there's no way they would actually put signing certificates into an archive that was uploaded to the internet even IF it was password protected. Signing certificates are treated like nuclear launch codes, ideally air gapped and entirely offline.
@@orclevmojang obfuscates all the classes and functions in the released jar
they might’ve not done that during the 1.0 time, no idea anymore too long ago, but if they did and the archive contains one without the obfuscation that could be pretty cool for 3rd party devs
@@orclev Yeah it was. I still only play Java so hearing it like that sounds so off lol. You're right, I forgot the JVM worked that way. Still, they obfuscate as losfarmos said. They also don't resist deobfuscation in their EULA so it would be cool to use the official names in forge/fabric
Plus there are some bits that don't get as much deobfuscation work done on them like most of the minecart related code. It would help get a baseline everywhere that the old version included
Isnt it funny how the guy saying “thats illegal territory” is the same guy who said “brute force it”
7:46 The fact that passwords like "penis", "fuckme", "fuck", "fuckyou" and "asshole" are considered some of the most popular passwords is hilarious to me.
it's like a lootbox that you know sucks but are still willing to spend $20 on
you don't know it sucks, someone said it sucks maybe it does maybe it doesn't
As someone named John S., I feel personally called out.
the self report is crazy
somebody called this comment
Trying to teach minecraft kids Cybersecurity is a fruitless effort. Just crack the encryption, hur dur
Also Dinnerbones is just trying to scare you. A publicly uploaded file is perfectly legal to crack.
In USA law this is not true. Even if something is public, unless you are given specific permission it is still considered illegal. Otherwise they couldn't go after people who publicly accessible directories that some company left public, but contained sensitive info like passwords, one time passwords, personally identifiable information or just general sensitive information.
it is not. it can also be illegal to share a password of a uploaded file.
@@schwingedeshaehers it's not illegal if you're already a wanted fugitive
(jk it's still is, but you just end up with additional charges + you prob have the police or feds on your tail)
@@wedoalittletrolling723
(in the case i thought about, that wouldn't be a good decision) (i thought that a whistleblower uploads an encrypted file with evidence/secret information, and passes the password for security to another person, you don't want that they have any reason to jail them before they can release the password, if something happens)
Its legal to crack but the moment you give password out - you commited a crime. I doubt mojang will care but nonetheless
I like it how you kept talking about the odds of finding the password for the 7z file for a solid ~5 minutes
lmao, ikr
The most baffling thing to me is that if it's so mundane, why don't they just... tell us what's in there? Dinnerbone obviously knows something, and if it's as unexciting as he claims it is, what's the point in keeping it a secret? It's just weird and dodgy how secretive he's being about something so "uninteresting".
Edit: Huh. Alright.
They did tell us; minecraft 1.0
My bet is that it also contains the authentication server code for 1.0 which would have been top secret at the time, but has long since been replaced. Imagine they wanted to create a stand-alone, no Internet version of Minecraft that works like the real Minecraft to run at Minecon. That would be one way to do it.
@@martijnalblas1761 but if it's just that, why not just give up the password and let people see it for themselves?
Probably because he doesn't want the mystery to die, if dinnerbone told you exactly what's inside the file and gave you the password, and it indeed turns out to be as mundane as he says then the mystery would die pretty quickly, in fact, you wouldn't be watching this video because this video wouldn't exist.
The mystery is a mystery because we don't know what's inside, and the fact that IT IS A MYSTERY is the entertaining part, not what's inside, that's the boring part.
Some mysteries are better left unsolved, this one in particular is that case.
Edit: he apparently did want the mystery to die so people would stop nagging him about it lol.
@@darklex5150 Idk man, I'm more frustrated than amused at this point 😅 I personally find mysteries most interesting when they finally have a conclusion.
Hello Retro, I really enjoy watching your Minecraft lore videos, and the last two have especially caught my attention. I am a Computer Science student at UCO, and I just completed a Cybersecurity course for the Spring semester. I wanted to chime in regarding AES encryption while the information is still fresh in my brain.
AES is a block cipher, meaning it will encrypt an entire block of data at a single time. The block size is always 16 bytes, or 128 bits. The default mode of AES (ECB, or Electronic Code Book) has a specific weakness where identical plaintext blocks will produce identical ciphertext blocks. This is due to the same, unchanged, key being used to encrypt each block. This means that if the file is encrypted using ECB mode, the overall pattern in the data will be easily visible even without needing to decrypt.
There are a few other modes of operation used with AES, each of which require something called an Initialization Vector (IV). This is a random number that ensures blocks will produce different ciphertext regardless if they have identical plaintext. The IV has a fixed size of 128 bits (same as block size), which means it has 2^128 different possibilities. This means that if the file is encrypted using any mode other than ECB, you would need to guess not only the key, but the IV as well, leading to a calculation requirement of 2^128 * 2^256 (depending on the key size). If the IV generator is predictable, you can easily guess it but you would need multiple messages to see a pattern in the IV generation, and since this is a single file that is not an option. Overall the computation requirement would be around 2^384 to brute force an AES-256 encrypted file that was encrypted using a mode of operation including an initialization vector.
I hope I could provide something you didn't previously know and these past two videos have been super interesting to me! I love being able to share knowledge from school so it doesn't just go to waste!
P.S. If you use Linux and read the file in hexadecimal format, you could probably pick out a pattern pretty easily if encryption was done using AES-256-ECB!
u should get a hold of the file and read the file in hexadecimal format using linux then
@@MrBlueBonez here's the first bit of it in hex:
377abcaf271c0394c049adc0c570400003a00000003768fb1f708daf673562274e3b60a1d9368afd268838dbbcc947ab85195dea86f99f48a5d96f1e8a5aed3b4366cfd8744c7f51a52dcbddd7903cbbcd85293ecb1e8d4d2ac673929f6f8df96ca2f91935beec186b9d7d20b32c2df1e82df0d6a06f236ad0cf6efb62c79bbf15dc289bf3a74dfb7772594ed4b647ca54afc4328d63c382ec74ae5f97edc3a3ffe96b5ff2d865276d6ffce62ac842814dcdf45fb696d827b6ad1dc3828bcc92cef547152922e62ac5aa2f989563fe7fbfba7caabd317c111fb5141859776ea2672ee53ea743859df1f35def341ddb59d1268bd378aa4fa5a2a3123d6e2142752a79f221848413872c64359fc978b6b19bdbff44a7d7c9b6a28673729e56b3c40ab78b65c69f5c55985f452279bdd35d26e3dce81524cd2fbaca387d61b32eb125d517a1881f213172d8c206e409ce380f8cffb44859595e055271eacd8135a75f6a6559815afaaa5a7ad4b9d8fbbef4828514faec2b4775ec72fe9a112b8941612a3bbb6d24ad3247e8bf3a874d8e90a87a45228e99c1421de1ad5851b65ae1443614a9e02dbd43eec757b88391f20c1af2720f1f964e8c9dc713da28b41e50cf661220c2e9252a46acc5ebd88ac389fc0a62c9df9992a3da196f0157a2cf1
(way too huge to send the entire thing)
i don't really see any patterns tbh
Using ecb would be considered a fundamentally flawed implementation. 7zip uses aes-256-cbc. you also don't need to brute force the iv; iv is attached with the ciphertext (otherwise a user with the correct password would not be able to decrypt.)
@@etaoinwu You are correct! The IV can be sent in clear text in the case of CBC (Cipher Block Chaining) mode. This is because the IV is only used as an input to AES for the first block of data. The resulting ciphertext / plaintext block is then "chained" to the input of AES for the next block, along with the symmetric key.
It is cool to know that the file was encrypted using CBC! Thank you for pointing that out.
It's CBC, so its a lot more preferable to check passwords. The IV is not a secret -- and often isn't. Unfortunately, 7zip uses 2^19-times (~500k) iterated SHA256 on the password.
"why dont we try breaking the encryption" LMAO
@@QUBIQUBED Every single nation state actor in the world has been trying to do that, and they failed... You can't crack AES like that.
Start: Minecraft
Middle: Vsause
End: Minecraft
I’m outside your home. Or am I?
@@gregoryturk1275 This is a funeral for michael's unfortunate passing, or is it?
@@kianchristopher7704 I’m dead. Or am I?
Oh yes, Michael here
Hey Michael, vsauce here. What are fingers?
One should remember Dinnerbone is not a Mojang spokesperson nor were they even there at the creation of the original file so they really have no authority to tell people what they should do around this manner.
Also, while it is true no one has given explicit permission to try and open the file, the fact that in 13 years no one with authority over the matter has said /not/ to is all the confirmation one needs to know it's fine. If this ever changes then yeah it'll be different, but it is plainly obvious that this is something the creators of the file are fine with and have been fine with ever since the initial community interest in the file in 2012, because as the "decoy" file indicates probably all of Mojang has been aware of this at one point or another back when it was actually relevant.
This is exactly what I was trying to say. Dinnerbone has absolutely no authority on the file. I think he’s only concerned about people getting arrested
Telling people not to would be make it far more compelling to do so.
Crazy idea, maybe the content is illegal, and they can't rely on legal matters to protect the file, their only chance of keeping it hidden is to make people uninterested or afraid.
Just because the original tominecon.7z is uncrackable doesn't mean that's the end of the mystery: there's still the supposedly "junk data" binary blob in the decoy, which may turn out to be more meaningful upon closer examination (if no one has looked at it more closely yet).
If you somehow crack it, i think you have the NSA after you because you'd be a risk to national security so the file would be the least of your concern as now you are a wanted fugitive.
So don't bother, there is nothing interesting in it anyway. No source code or anything, just 1.0 release
ok
As a security expert, even long "secure" passwords are easy to crack if you combine the kaonashi wordlist (uses human phsycholagy) and the unicorn ruleset. You can probly crack it in 2 weeks with a RTX 4090 and hashcat.
the file is encrypted.
we can't make sense of anything in the zip until its cracked.
@@RarismaThey're talking about the "junk" data in the decoy version which has been successfully cracked, with it's password being "thespicemustflow" (I think)
Bro really filled half the video with a summary of the last one
He's in love with his own voice. I hope other videos on this channel are better.
If it's so boring why don't they just *actually* tell us what's inside? As RGN pointed out in the last video, Minecraft 1.0 is too small by itself. So just tell us what else is in there
Cracking the file's password is worthless as the time bruteforcing the password is simply not possible at the time. There are 3 ways to approach this:
1) A weakness in SHA256 that reduces the entropy of the encryption key generation (even if broken that is just the key generation, not the encryption broken)
2) A weakness in AES256 that makes it easier to break. 7zip seems to use the CBC cipher mode and a 64 bit or 128bit long random IV (very unlikely atm)
3) If parts of the plaintext are known that helps in a known-plaintext attack on the encryption. We don't know what's inside, so that's not applicable
We can only wait until we have the computational power for trying to bruteforce it or the encryption algorithm itself is broken. As long as we don't have it even trying to break it is not worth it
Could we really not throw quantum compute at this? The version of AES-256 used here was built way before quantum conputing was something people realistically had to worry about in 2011-2012. IBM also has publicly accessible albeit not free (most likely) access to qcompute. Perchance ?
Has anyone done any kind of frequency analysis of the data? As I understand the CBC mode of operation is susceptible to this (just some textbook knowledge, so no idea on the practical side). Perhaps we can convince a state sponsored entity to care...
@@lnro4494no, for multiple reasons.
(keep in mind that I don't know that much about it, so all the information below is what I've been able to piece together from quick Google searches - take it with a grain of salt!)
One is that with the best currently known theoretical attack (Grover's quantum search), it would still take 2^128 operations (much less than 2^256, but enough to still be considered secure).
The other is that this algorithm would require 256 qubits, if I understand it correctly. While machines with more than that exist (although I'm not sure how many qubits can be involved in any single operation), using just a single physical qubit would lead to unusably high error rates.
Therefore, you need to represent one "logical" qubit with multiple physical ones, which also makes your operations much more complex. The highest I've been able to find with a quick search is 48 logical qubits. The highest for a successful Grover search seems to be much lower still.
It will be interesting to see how fast these numbers will grow in the next few years.
Finally, a comment: when people currently worry about post-quantum security, it's not because anyone is worried that it's currently possible to crack encryption with quantum computers, but because it's at least plausible that it might be possible within 20-30 years. Therefore, the risk is that encrypted communication that is still secure right now could be stored to be cracked as soon as it is possible, so we should be switching to post-quantum secure encryption as soon as possible.
@@ScarredToons The file is also compressed so there's probably very little non unique data
@@lnro4494 there is no such thing as a new version of AES. New implementations of an algorithm exist, and new algorithms exist as well, but there is no such thing as an "older version of AES"
Besides, quantum computers are not some ultra powerful computing device that can do whatever you want it to. They can solve _specific_ problems extremely fast compared to conventional computers, and others very slowly. From what I know there is no known algorithm that can make cracking even AES-128 viable, much less AES-256. And besides, how would you get access to a quantum computer?
Funnily enough, after you mentioned the number of cells in the human body, my immediate guess was that the number of atoms in the observable universe was close to the number of possible passwords
well technically him and you were completely off the mark because they aren't the same number of zeros i'm pretty sure the number of atoms in the observable universe was about 100 times larger
@@xxGreenRoblox yeah but it was still the closest thing he did as a comparison
@xxGreenRoblox
He never said it was the same number of zeros. His exact wording was actually along the lines of "This is the closest we've gotten" as far as the number of combinations. The comparisons were less to find the exact number in something else and more to give viewers a direct idea of how insanely huge that number is. Humans have a limited ability to internalize large numbers like this, so it's difficult for most everyday humans to truly grasp how large that amount is.
I always find it baffling how people like you, who thrive on pointing out peoples' "errors" don't ever take context and truly listen to what a person says into consideration. He made it incredibly clear the entire time that getting the same immense number would be very difficult, so he got the closest he could to establish the difficulty in getting to that amount.
Same
@@ElysetheEevee context doesn't matter when there's an opportunity to correct someone on the internet
Perhaps in the furture the encryption system is broken down. And then, instead of looking at what governments were hiding, we can look at what some long lost cave game had hidden in it.
I feel like this is just a microcosm of the human condition. You tell a human something's impossible they're like "bet, lemme try I'm built different." We want to overcome impossible odds just to say we can, and we continue to try ad infinitum because that's the only way it *could* happen. And I think there's something beautiful in that. But it can also get very silly sometimes
Yea. Same shit that lead the US to land a man on the moon just to prove we were cooler.
Known as the Faustian spirit
Well this Is possible to crack you just need a lot of time on your hand, Its easier to just find different way at that point, i seen many talented people make something impossible to possible, though IT was much smaller deal than this.
i love humanity 🥹
@@GoGicz you would literally need more time than is available to you. this is just functionally impossible with current means and knowledge.
If they removed the file, people would definetly notice, and people with the file would continue to share it, making it easier to access.
This is what I said in my comment on the first video. Totally agree, if they had just deleted the file it would have drawn way more attention to it from parties outside the Minecraft community. To imply otherwise seems like willful ignorance or deception.
3:12 You don't need to guess the 256-bit key, though, just the password that was used to generate it. In the last video you said we knew the length and that it only has numbers. That's fairly easy to brute-force by trying every combination, and that's not even considering the possibility of a key collision.
It was already discussed in the video that most of those comments were just trolls, so the password could be anything longer, shorter, with and without letters. It's been tracked down to literally anything
@@therealwisemysticaltree Yes, but who is going to use a 256 character password on a file they would decrypt manually? It is much more likely to be short, even if it is not simply 16 characters and numbers you can go through few character passwords in a microscopic fraction of the time it takes to go through all 256 character combinations
@@Izerion mcdonlads mcchiken bunger
I wanted to go to sleep just now, there goes my sleep schedule
same here dude
dawg its 15 mins long
dawg its 15 mins long
dawg its 15 mins long
@@shanefrantz wow you copied the other guy how imaginative
i swear if this file gets opened billions of years in the future to just be a rick roll or something similar, my atoms will come back from the dead and i'll detonate the sun out of rage
Does anyone else think it's weird how RGN is suddenly acting as if we shouldn't try to crack it? He seemed really interested in it and by making the video, wanted someone else that may know more about it solve it. (Reminds me of the pvplegacy mystery vid by arcn, if I can remember correctly, a while back). Suddenly all was silent. I wonder if RGN was approached by someone that wanted him to make a video that tries to discourage people from attempting to crack the file...
AES is one of the most secure encryption standards today, because it is symetric it is also quantum computer resistent.
good luck 'cracking' the unknown length and unknown pattern password on this one.
@@JustPlayerDE The security of AES has nothing to do with the ability to crack it in this instance. The question is how easy the password is to crack not the encryption itself, and since the password was created by a human that is a much more reasonable possibility.
@@presentfactory guess how long a good to remember password based on 8 words (a passphrase) takes to crack
just 8 words, spaces in between
you also dont know if they used a password generator or not, if you really think its that easy why not try it yourself then
It's moreso that it's impossible to crack. God himself couldn't do it. All the computers in the world combined for 100 billion years couldn't do it.
@@JustPlayerDE People do not use 8 words in a password frequently, especially not in 2011 and especially for something which was likely not thought to be a high security file.
I do think it is odd that dinnerbone will not explicitly say what the file contains. he always refers to it vaguely.
Given the odd amount of War Thunder stories about leaking US documentation, I can’t say I’d be surprised if AES-256 encoding would somehow be broken over a Minecraft mystery
Well it kind of is, because as RGN says there's technological methods in the way making it mathematically unviable to try to crack the password. The reason US documents keep getting leaked to War Thunder forums is because of human error, and unless someone at Mojang accidentally leaks the password it's unlikely that human error will overcome those technological methods. Remember: Humans are the weakest point in any security system, because humans make mistakes and humans are nice. Computers don't care.
Not remotely similar
@@Crawldragon It is mathematically unviable to crack the password, but this might not be the case to reverse engineer it if they broke the encryption method itself and managed to get the key.
@@VixYW nobody's broken AES
@@VixYW If every group of/individual mathematician(s) and computer scientist(s) who has tried to crack AES failed a bunch of minecraft kids aren't going to achieve it
"90% of gamblers quit right before they hit big".
Now that's motivation
my theory for the extra file size is that it is minecraft 1.0 but possibly with revision history, showing what changes where made when and dead branches off the main code that where bugged, didn't work, or where simply chosen to be completed later.
Was thinking it was the 1.0 compiled .jar and the source code. Java uses a VM so it shouldn't matter but it's industry standard to include the source and a script to compile the game on the presentation machine in case the exe fails to run.
That or it could have a mod or program to script the demo and avoid the inherent RNG of the game with perfect inputs.
My bet is that its not only the 1.0 build but a load of dependencies such as the jre that would have been needed to get a basic machine working from scratch. I suspect that it was likely placed in the public assets so that it could easily be pulled down by staff members at the con to setup any machine they needed.
Precisely what I've been thinking. Idk shit about game dev but it's probably dependencies and source codes. Did git exist back in 2012? Maybe it's also some kind of version control?
Its crazy how deep minecraft versions are and how much lore they have
Just a heads up, it is not a crime to crack it if the file was publicly available.
Also, I disagree that taking down the file would be a better approach to keep people away from it. By taking it down, people that had it would feel an instant urge to preserve and look further into it. But replacing it is a whole different story. Not everyone will notice it was replaced, and even if they do, they might not have it downloaded, and the ones that do might not be aware that the file can no longer be obtainable and might not preserve it. The fact that one guy happened to have it lying around is almost a miracle after all those years. If not for that, Mojang would have successfully erased the file from history forever, which seemed to be the goal.
i just realized the file was uploaded on 11/11/11
Something to mention that I think makes it most likely the 1.0 build of Minecraft is the fact that it was likely used to showcase the 1.0 build at Minecon in 2011.
- First, it's just about twice the size of a compressed build of 1.0 Minecraft. This makes sense even if the file doesn't contain any sample content as it's common practice to include the source code, SDKs, and editors in internal builds of any piece of software as well as ALL licenses.
- This makes sense even though the file isn't exactly twice the size of the 1.0 build. The 7-Zip software, as well as any other compression software, has various different options when compressing stuff. We don't know the exact settings they used to compress the original, so it's not hard to imagine the compression settings you used in your last video were just not the same as the settings used for the oringal file. Hell, maybe they didn't compress it at all. 7-Zip does in fact have the option to zip files but not compress them afterall.
All in all, it's likely only really interesting to developers, and mostly for historical education on game development. There's almost certainly nothing in it of any more use to developers today, especially not when we have much more modern tools to help us actually make games. This was programmed in Java of all languages, which I would NOT want to use personally to make a game. lol
best feeling ever, i just watched the first video of this and checked to see if there was another video not expecting to see anything and then i see this video posted 35 minutes ago
(havent watched it yet but im sure its awesome since i really enjoyed the first)
Kind of a nothing sandwich :(
As a security expert, even long "secure" passwords are easy to crack if you combine the kaonashi wordlist (uses human phsycholagy) and the unicorn ruleset. You can probly crack it in 2 weeks with a RTX 4090 and hashcat.
And if the password doesn't use any words?
@@Rustmilian A wordlist isnt a list of words anymore. You can tell the security of a password you might use (not a real one obviusly) by sending the md5 of it and ill try and crack it
@@CuteistFox I don't use words... Good luck.
2a663a021f59ecc46ca3ae9942e0c2c5
@@CuteistFox I'll be genuinely surprised if you manage to get it.
If you do manage it, I'll challenge you with a much much harder password.
two videos in less than a week?! blink twice if you need help
👀 👀 👀
Three times 💀
This is my favorite mystery, especially the fact that it’s a real thing and not an arg (or at least it’s one by mojang themselves)
So glad you’re making a follow up
imagine more stuff being unfolded in a part 2 of the hit video about tominecon.
I think that the contents of the file are interesting, even if on their own they are boring, the fact that they are the contents of this mysterious file is what makes it interesting, at least to me anyway
The content of the archive might be the friends we made along the way
Mojang is unintentionally giving people ideas for Minecraft horror TH-cam series
yall remember the Minecraft@Home project?
perhaps it's time for Tominecon@Home
THERES A CONTINUATION. YEAAAAAAAAAAH!
Edit: Imagine the original file gets cracked, and it’s just a fucking Rick Roll and they planned this entire thing lmao
This is what I call advanced trolling
The bee movie script. Nothing else. THE BEE MOVIE SCRIPT.
My theory is that there's customer info in there and the decoy was meant to be a red herring. They had hoped that, once cracked, people wouldn't realize it wasn't the original and would file it away under "solved" and move on.
Except someone noticed that it's not the same file.
I'm emotionally a big fan of finding lost media, archiving, and documenting things - especially digital things - and I think mysteries like this are a great example of why. If tominecon were a physical item, locked in a safe in some developer's basement, even if the key were lost and the developer forgot about it entirely, it's still relatively simple to find the contents again assuming there's proof of it existing somewhere (yes, things can be destroyed physically, but if its being protected/guarded like this, its less likely lol). But with digital things like this, if its lost... its lost. Like you said, there's just no reasonable way to crack the safe. We will likely never know what's in there, and if the developers forget how to access it too, then there's an entire piece of minecraft's history lost forever, even if its a mundane and functionally worthless piece, its still a piece of history that will forever be undocumented. Idk. I think far too much about stuff like this. Hopefully I've explained the parallels or differences I'm seeing, Maybe this comment isn't even coherent at all, who knows lmao. Great video either way.
Actually, quantum computers are getting closer and closer to breaking AES-256 because quantum computers can reduce the possibilities to 2^128≈3.4*10^38, which is much much less the 1.15*10^77
that's still too much possibilities
Not to mention realistically we can cut lot of IT Down cause Chance of IT having to go through every single password And the last possible number being the password we needed Is nearly impossible just As the password being Brute forced in seconds.
i still don't think that your guess is correct. there is AES 128, which still counts as practical secure, (with 126,1 buts security) (but it needs a bit of storage, over 9000 tb of storage to be exact)
so if aes 128 is secure against current attacks, aes 258 should just fall to aes 128 with quantum computers.
yes, it will make it much easier, but it is still out of reach until something is found, that helps a bit
@@GoGiczin average it is half the time, so it doesn't help in that case. does ut make a difference if it is 100000 years or 50000?
@@schwingedeshaehersWhere do you get half from?
I don’t even think a NASA supercomputer could go through each and every single key in a persons lifetime
Hold on hold on brother just hear me out, TWO nasa supercomputers.
The likelihood that the very last attempt would give you the password is extremely small. You don't have to try every combination. You just have to try combinations until you find the correct one.
Without knowing the length, this is pretty much impossible.
If I'm not mistaken, all the computing power in the world put together working until the heat death of the universe wouldn't be enough to break it
Two RGN videos released so shortly after one another! What an absolute treat. Thanks RGN
Why are your videos so eerie? I love them to death, and I binge your channel for hours on end, but I can’t watch in the dark, or with my doors open. I’m really not an easily scared person, and I consider myself desensitized to most horror, but for some reason, your videos just kind of give me chills. I get the creepy music in the background, and I’m usually not sensitive to that, but you’re an exception. If you end up seeing this, I’d really love to know what your strategy is, and what you do to achieve this, or even if this effect is intentional at all, because it’s really incredible. Keep it up, dude!
Why can’t we just do a Minecraft@Home-type effort narrowed down to characters available on the Swedish Windows keyboard layout? It’s unlikely the password uses anything else
Minecraft@Home said they wont do that for legal reasons
the length is still infinite, brute forcing would be similiarly hard. Also, how is it unlikely for the password to not use characters in the swedish keyboard layout? It's still very likely to be using english characters
@@mega_gamer93 The layout still contains the Latin alphabet
2:20 If I got a Penny for every time some big Security risk happened because of someone in the Minecraft Community tryed something, I had a couple of Pennys. I happens more often than you think. Most Botfarm are just there because some Trolls wanted to DDOS Minecraft Servers and Log4J was only found because of someone how tryed to Hack a Minecraft Server. If anyone can find a security flaw in AES-256, than it would be someone from the Minecraft community.
6:06 in other words, guessing one undecillion keys a second. That would be a lot, but it would STILL take ages!
There is more to cracking passwords you could use, like rainbow tables. 7Z is actually not that secure because it does not use salt in their hashes. However, it is difficult to crack because it does not actually use password verification. It just decrypts and tries to extract the file and if the data is bullshit, then the password was wrong. This makes the process way longer than usual approach.
Imagine the end is a Rick Roll 😂
I think people underestimate how sloooooooow the 7Zip encryption algorithm is. it's not MD5, it takes FOREVER to brute force (mostly on purpose). until quantum computers reach the point of cracking AES-256, there is no way we'll ever see the contents of this file if the password is even remotely secure
Thats what im saying
But it's not like it is 100% impossible as could be made seem by the video, thought. Just not possible today.
It actually isn't. It uses 1000 PKBDF iterations of sha256, which is not a cryptographically secure/slow algorithm, in fact, dedicated hardware acceleration for it exists on consumer computers
not really
@@mega_gamer93 this is interesting. do you have more info on that?
really love that you made this video. it intersects with a major issue I have in regards to the entire concept of digging into things that others did not intend or want people to really look into. especially with lost media; people can get very caught up in the mystery aspect and forget that boundaries exist. humans are curious creatures, after all. I respect that. but some things are best left alone and moreso best left alone when the people behind the "mysteries" really didn't want their stuff dug through to begin with. at what point does solving a "mystery" become blatant disrespect for the wishes and intentions of others? that's a rhetorical question, of course. the decoy was placed to placate the curiosity of those who were adamant on breaking into something they really had no business seeing regardless of how mundane the files are contained within. I highly respect that they made that decoy file instead of becoming irate or deleting the original file fully (which would have only made people more interested in the 7zip, thus worsening the issue). and I respect you even more for acknowledging that some things are best left to stay mysteries. great video!
"In todays marketing class, we would like to show you how to create conversation and interest in your brand with this one simple trick..."
imagine it gets found and then its another password protected 7z
dam perfect timing just finished the first video, hope this mystery is solved
RetroGaminNow thank you soo much for making me remember about my nostalgic 5th and 6th grades. You have gotten me back to mc. Thanks
As a mojang developer, i can confirm we are hiding obamas last name in that file
Ladies and gentlemen we got 'em
It’s here! The update video!
I’m currently participating in something similar to the Minecraft@home project for cracking the file, it’s pretty cool.
Wait what? I thought cactus and DannyDorito said that they wouldn't do it anymore in mc@home.
@@Cheato64 ITs something similar to it, not mc@home
@@hatyyy oh I see. Yeah I might be familiar with that.
Cracking the file is literally impossible, you're wasting energy
what's the project? i'd like to contribute, too
I love these types of videos, Minecraft and cold case mysteries are some of my favorite videos!
This video (including the previous one) reminds me so much of the time when everyone was trying to decode the FNaF lore, this video genuinely gave me a lot of nostalgia
So, you're telling me that @RetroGamingNow is in on the conspiracy?
I think its some old defunct arg honestly. Why would they make a decoy otherwise? But even then, it was probably just teasing some new update from 10 years ago or something.
Am I the only one that jumped up when I saw “joshua” in the most popular passwords list?
War games was such a good movie.
I mean, just because the file is 7z doesn’t mean you can’t just create a 7z process and then forget about it and move onto the next one
And there’s always the option of pulling a minecraft@home if the interest increases enough and enough people are willing to contribute their processing power
3:10 JEEZ THAT'S CRAZY
Babe wake up, RetroGamingNow uploaded a sequel
I like that you’re honest about things that don’t bother me. Good honesty!
It’s probably a developer preview of Minecraft XBLA. Which was presented at Minecon 2011.
It seems to me that the information stored in this archive may be legitimately confidential (for example, personal data of Minecon visitors). Decoy and disinformation can provide cover for it so it is not going to become a temptation for actual malicious hackers seeking for personal data. This is why Dinnerbone mentioned that attempts of cracking may be considered illegal.
I appreciate your concern, but that's not likely to take up 80 megabytes of data unless they have a bunch of scans of peoples' drivers licenses or something. Besides, if it were something that serious then it's likely that Mojang would have used some kind of legal means to take down public archives like the one on Reddit to try and mitigate the liability risk to them.
@@Crawldragon it still can be something like txt file of people's full names and age. Not that much but still legally confidential.
@@MishaGold That would be a few kilobytes at most as millions of people don't visit minecon
its nothing its literally a 1.0 minecraft build and a waste of time
@@MishaGold it's very likely that anyone serious enough to crack it won't go crazy and start spreading sensitive information around like this.
The main thing that keeps running through my head is that most passwords are made to be both memorable and secure. This is often done by replacing letters with other characters that represent the letters. Why not create a brute-force algorithm that prioritizes real words with multiple different character variations? It would start with English, then Swedish, and go down the list of languages. I'm certain that just aimlessly brute-forcing is ridiculous, but educated guesses can be surprisingly useful.
There already exist programs that do that, they slightly modify a password. This itself is a beast on its own, because to create a program like that you need a lot of data from already existing passwords, possible machine learning, string matching algorithms, and knowledge about human psychology.
If the password is secure, such a program won't help at all. And if the program fails, it might be that it wasn't good enough to find all variations of a password. Again, this is incredibly difficult. If the password was insecure, it would have already been found to be honest. It's more likely the password is secure.
I think you would have much better chance if you start looking at "side channels". For example, metadata information about the file. Its compressed size is an indicator of what might be inside. Other metadata like time created, if present, might also be helpful.
Other ways are to convince Mojang to release the content of the archive without leaking the password. Or to somehow obtain the password through other means. But trying to break the encryption algorithm or brute force the password is imho the worst way to get to the content inside at this point.
subsistuting characters in a password for recognizable similar characters is terrible at adding entropy to a password. I don't know if "most" passwords are written this way, but writing them this way gives you none/minimal additional security to not doing that
This should be added in the Minecraft iceberg
I liked how this video turned into Vsauce kind of video
The fact that the encription method is used by the NSA is not such a good benchmark
Government often has not secured computers, they oftentimes even use windows xp, their security mostly comes from closed networks
AES-256 does sound good to me, somebody that doesn't know anything about encryption and maybe it is strong but the fact that the NSA uses it is not a good indicator lol
True. And quantum computers are getting closer to cracking AES-256, they have narrowed down the possibilities to 2^128.
They use it because it’s the best encryption on the planet… there is no better options lmao
@@andrewpinedo1883with quantum computers there will be quantum encryption
its not only the NSA but the entire internet is depending on this algorithm. It's really well studied and can be trusted.
@@andrewpinedo1883Could you cite your sources?
Also, a quantum computer cannot reduce the number of possible keys, those too things are completely unrelated. Perhaps you are talking about time complexity of cracking a key?
Last time I was this early, Minecraft 1.7 was the shit, and the Covenant still had their raggedy-ass fleet!
This has got to be my favorite kind of video you make! Keep it going!
RGN: "I have scattered 500 special atoms throughout the universe"
Me, an immortal: "Bet"
But what is the second weird file that was in the decoy version. you passed on it very fast on the last episode but we still don't know, and it was intended to be found
let’s goooo new video
W
An explanation about AES key:
What RGN said is that the key is not calculated from existing human readable key but a random bit sequence generated and interpreted directly as and AES key that can be a possibility but as it’s said on the video is astronomically long and it’s still an euphemism lol. But what bruteforcing programs does are that they generates an human readable key and transform it to an AES key. That permit to control what is generated because the first technic can potentially generate a 32 characters password even if it’s not 32 char while with the other way to proceed we can apply to the generating process a mask that is specification that has to meet the password that is generated. Thanks for reading 😊
A 16 digit password only using numbers must be tried.
hello i didnt like my own comment