Mod
SHA-1 Redemption
No reviews yet
A hack workaround for signature errors in legacy Minecraft versions
Community voices
Reviews
Click once to include, again to exclude, again to clear
No reviews yet. Be the first to review this project!
Get it on
Available Platforms
Compatibility
Supported Environments
About
Project Details
For authors
Embed Badge
If you're the author of this project, you can embed a live badge anywhere that supports HTML or Markdown. It updates automatically whenever ratings change.
Use HTML for any page that supports it, or Markdown for README files and Markdown-based descriptions.
Identifiers
Platform IDs
About
Description
Has this ever happened to you?
[SEVERE] [ForgeModLoader] The minecraft jar file:/home/una/.local/share/PrismLauncher/libraries/com/mojang/minecraft/1.6.4/minecraft-1.6.4-client.jar!/net/minecraft/client/ClientBrandRetriever.class appears to be corrupt! There has been CRITICAL TAMPERING WITH MINECRAFT, it is highly unlikely minecraft will work! STOP NOW, get a clean copy and try again!
[SEVERE] [ForgeModLoader] For your safety, FML will not launch minecraft. You will need to fetch a clean version of the minecraft jar file
[SEVERE] [ForgeModLoader] Technical information: The class net.minecraft.client.ClientBrandRetriever should have been associated with the minecraft jar file, and should have returned us a valid, intact minecraft jar location. This did not work. Either you have modified the minecraft jar file (if so run the forge installer again), or you are using a base editing jar that is changing this class (and likely others too). If you REALLY want to run minecraft in this configuration, add the flag -Dfml.ignoreInvalidMinecraftCertificates=true to the 'JVM settings' in your launcher profile.
No? How about this:
[SEVERE] [Forestry] railcraft.common.core.Railcraft failed validation. Halting runtime for security reasons. Please replace your mods with untampered versions from the official download sites.
Process exited with code 1.
This is caused by newer Java 8 releases dropping support for SHA-1 signatures, and these older versions rely on those for ill-considered and poorly implemented "tamper detection". (FML's reasoning is benign, at least — it wants to warn people who have installed jar mods that it won't work correctly.)
Rather than attempt to remove this detection and trigger god-knows-what kind of "anti-piracy" checks (Forestry for 1.2 is particularly well known for this — remember the original Technic Pack?), SHA-1 Redemption hacks into Java's guts to re-enable SHA-1 signature trust.
This will work on any version of Minecraft, or indeed any Java program. I've tagged support for the versions where this problem is most frequently seen.
Warning
SHA-1 is a broken algorithm that can no longer be trusted — this is why support was removed. Adding this nilmod to a Java program now means the signing infrastructure also cannot be trusted. This is fine in the context of Minecraft modpacks, where the systems we're bypassing are already horribly broken due to implementation mistakes.
However, in another context, where the signing is actually meaningful, this really should not be used. Consider editing your Java security policy to add a more targeted exception instead, or re-signing the affected jars if you can.
Versions
Files
Relations
Project Relations
More like this
Similar Mods
Suggestions use data such as tags, dependencies, dependents, descriptions, titles, and more to rank how much they overlap with this mod.
On ModDex
Community snapshot
By the numbers
Statistics
Want to reach Minecraft players?
We're looking for a server hosting partner to feature here and other parts of the site. Interested? Send us a message!
Get in touchGet it on
Available Platforms
On ModDex
Community snapshot
By the numbers