Mod

SHA-1 Redemption

Quick rating

SHA-1 Redemption

No reviews yet

A hack workaround for signature errors in legacy Minecraft versions

Minecraft

Community voices

Reviews

Versions
Loading versions…
Match includes

Click once to include, again to exclude, again to clear

Rating Any
Any 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0
Min
Max
Play Status
Reviews
Time Played
hrs+
Verified developers only
Has developer response
List view
Grid view
Compact view
Sort by
Date
Rating
Helpful
Unhelpful
Edited
Sort ascending
Delete this review?

This removes your review from the project. You can write a new review after.

Review submitted for moderation

Your review has been sent to moderators, who will check that it meets our guidelines before it appears publicly.

No reviews yet. Be the first to review this project!

Get it on

Available Platforms

Compatibility

Supported Environments

Dev Environment
Client Optional
Server Optional

About

Project Details

Type
Mod
License
MIT License
Latest Version
1.0+slim
Authors

For authors

Embed Badge

If you're the author of this project, you can embed a live badge anywhere that supports HTML or Markdown. It updates automatically whenever ratings change.

Custom banner text
ModDex rating badge preview

Use HTML for any page that supports it, or Markdown for README files and Markdown-based descriptions.

Identifiers

Platform IDs

Modrinth ID

Resources

External Links

About

Description

Has this ever happened to you?

[SEVERE] [ForgeModLoader] The minecraft jar file:/home/una/.local/share/PrismLauncher/libraries/com/mojang/minecraft/1.6.4/minecraft-1.6.4-client.jar!/net/minecraft/client/ClientBrandRetriever.class appears to be corrupt! There has been CRITICAL TAMPERING WITH MINECRAFT, it is highly unlikely minecraft will work! STOP NOW, get a clean copy and try again!

[SEVERE] [ForgeModLoader] For your safety, FML will not launch minecraft. You will need to fetch a clean version of the minecraft jar file

[SEVERE] [ForgeModLoader] Technical information: The class net.minecraft.client.ClientBrandRetriever should have been associated with the minecraft jar file, and should have returned us a valid, intact minecraft jar location. This did not work. Either you have modified the minecraft jar file (if so run the forge installer again), or you are using a base editing jar that is changing this class (and likely others too). If you REALLY want to run minecraft in this configuration, add the flag -Dfml.ignoreInvalidMinecraftCertificates=true to the 'JVM settings' in your launcher profile.

No? How about this:

[SEVERE] [Forestry] railcraft.common.core.Railcraft failed validation. Halting runtime for security reasons. Please replace your mods with untampered versions from the official download sites.

Process exited with code 1.

This is caused by newer Java 8 releases dropping support for SHA-1 signatures, and these older versions rely on those for ill-considered and poorly implemented "tamper detection". (FML's reasoning is benign, at least — it wants to warn people who have installed jar mods that it won't work correctly.)

Rather than attempt to remove this detection and trigger god-knows-what kind of "anti-piracy" checks (Forestry for 1.2 is particularly well known for this — remember the original Technic Pack?), SHA-1 Redemption hacks into Java's guts to re-enable SHA-1 signature trust.

This will work on any version of Minecraft, or indeed any Java program. I've tagged support for the versions where this problem is most frequently seen.

Warning

SHA-1 is a broken algorithm that can no longer be trusted — this is why support was removed. Adding this nilmod to a Java program now means the signing infrastructure also cannot be trusted. This is fine in the context of Minecraft modpacks, where the systems we're bypassing are already horribly broken due to implementation mistakes.

However, in another context, where the signing is actually meaningful, this really should not be used. Consider editing your Java security policy to add a more targeted exception instead, or re-signing the affected jars if you can.

Screenshots

Gallery

  • But it is untampered...
    But it is untampered...
  • You *could* just add the JVM argument...
    You *could* just add the JVM argument... ...but then you risk making a mod angry later.

Versions

Files

Relations

Project Relations

More like this

Similar Mods

Suggestions use data such as tags, dependencies, dependents, descriptions, titles, and more to rank how much they overlap with this mod.

On ModDex

Community snapshot

0
Ratings
0
Followers
0
In stacks

By the numbers

Statistics

<1,000
Downloads
Last Updated
CurseForge
Created
Last synced
When ModDex last fetched and imported data for this project from CurseForge or Modrinth. High-traffic and active projects are checked more often.
Next pipeline sync