The Minecraft Code No One Has Solved

[Music] on February 23rd 2012 a username MrRo Royo makes a post on the Minecraft forums it is entitled exclusive secret file in assets. minecraft. net according to the post Mroroo was poking around on a certain section of the Minecraft website when he stumbled Upon A mysterious file named two MineCon 7z this file is a 7zip archive designed to compress and store multiple documents in a single container but this particular archive is password protected the contents are encrypted and thus inaccessible with no way to open the file himself Mror Royo turns to the community for assistance hoping someone could unlock this file no one knows it right now but this post is the entrance to a rabbit hole the world's introduction to a Minecraft mystery that will last over a decade this seemingly simple Discovery will prove to be far more mysterious than it initially seems let's dive deeper into Mra royo's post he accesses a section of the Minecraft website called assets.

minecraft. net originally this is the place where Minecraft's updates were stored although it's now inaccessible to the public an archived version is available let's explore it a bit the homepage is incoherent and confusing it's difficult to pull anything useful from it however Examining The Source Code reveals a link to a file called saved resource it is an XML file and it's much easier to navigate the file indicates that assets. minecraft.

net is connected to an Amazon Amon web services simple storage service bucket essentially this is just a place to store files the saved resources text provides a comprehensive list of all the files and folders in the bucket complete with useful attributes for each item for instance the key attribute describes the file's name and retrieval path to access say rc2 minecraft. jar we just have to go to assets. minecraft.

net rc2 minecraft. jar the size attribute shows how big the file is in bytes and the owner tag says who uploaded the file in this case we can see that this Minecraft version was uploaded by Yin bergensten also known as Jeb another critical detail is the last modified attribute which indicates the date and time when the file was uploaded to the bucket the time stamps end with the Z character this represents a time zone of plus or minus 0 also known as coordinated universal time for the duration of this video all time Stamps will be in this time zone while this bucket primarily contains versions of Minecraft there are some extra things such as fonts and website assets remember soapa it also contains promotional material icons XML files and uh whatever this is but out of all these files none are quite as strange as two Minecon 7z tucked away at the very end of the list it's the largest file in the bucket and it's the only one that's encrypted curiously there is no owner attribute we have no idea who created this file the name suggests that this is well to Minecon November 8th 2011 was the first day of Minecon 2011 a Minecraft Convention held in Las Vegas it included speakers panels merchandise game demos and the official release of Minecraft 1. 0 the time stamp of two Minecon is November 15th 2011 at 10:23 a.

m. 3 days before the convention but if this file actually was some asset for the show then why was it uploaded on a publicly accessible website the multitude of audities surrounding this file is what prompts MrRo Royo to make his Forum post despite some interest there's not much traction towards solving the mystery after a few months months of scattered responses the investigation goes cold however on June 2nd 2012 exactly 100 days after Mrroyo's post the mystery pops up again on a different website called hack forums a new user has started the thread asking the community for help with cracking the file as hack forms is a computer Enthusiast website there are no shortage of people willing to make an attempt and it is here that the two mcon 7z investigation is revitalized most attempts to open the file involved Brute Force this is a method that tries as many password combinations as possible with the hopes of finding one that works unfortunately for the hackers however the 7z file format is specifically designed to be resistant to Brute Force attacks let me explain why a szip file is encrypted using a scheme called aes256 I'll spare you the details but essentially to open an encrypted file a 256bit key is required however not all passwords are 256 bits so what happens if the password is a different length L to solve this issue the 7zip archiver uses something called a hash function this is a special type of algorithm that takes an arbitrary amount of input data and results in a fixed output for example if I enter the password sub to RGN the hash is the following string but if I enter a longer password say sub to RGN and like the video the hash output is the same length this is how the archiver converts a password into the encryption key it doesn't matter how long your password is the hash function gets it down to the right length but there's a Twist instead of hashing the password once it hashes it over 500,000 times if you know the password to an encrypted file these half a million hashes are no big deal going by quickly but if you don't know the password each password you check has to go through the 500,000 hashes every single time this means that a Brute Force attack of attempting millions of passwords is slowed substantially making it extremely challenging to find the password using this method this was the Dilemma that the users on hack for faced as they attempted to open the file yet they attempted anyways with several people cranking out possibilities on their computers there's even mention of a Twitter user named Simba one who started Brute Force attempts 2 days earlier but the original tweets have been lost to time in an unfortunate development the same fate befell a portion of the hack forum's responses from June 4th at 6:00 a. m.

to June 5th at 7:44 a. m. there are no saved pages on archive.

org this represents 60 messages from that time frame that are no longer accessible however we can use cont text clues in the remaining messages to glean some information apparently during this 26-hour Gap a user named Arcus managed to crack the password it's mentioned by a user named flippy bits on June 5th at 2:11 p. m. Arcus cracked it I can vouch she showed me some stuff over team viewer but it does have serious Vital Information that would be very bad if it was leaked this needs to be removed immediately it's probably too late considering there's probably others with a password by now but if the wrong people get a hold of this information we literally go down this is quite the for boing message apparently whatever is in this archive is a big deal it's so important that flippy bit says it needs to be removed immediately a few responses later we find another nugget of information he made a big mistake by telling you guys it's only numbers for the password I suggest if anyone gets the password to just look and leave it alone don't tell anyone just keep it to yourself this tells us that although Arcus did not reveal the password outright he nonetheless provided some information about it namely that it only contains numbers we can discover more clues about the missing messages by returning to the Minecraft forum post which has started to see an increase in activity a user named palao corroborates flippy bits claim that the file contains Vital Information then a few messages later another detail about the password build master says that it is 16 characters long this is the only place that I can find this piece of information which suggests that buildmaster took it from the missing hack forms pages and with that we now know two key elements of of the password that it's 16 digits and that it is only numbers however despite this information there is still not yet been any concrete proof that two Minecon has been opened Arcus insists that he's done it but offers no verification on June 8th a different user posts a WinRAR image showing a text file called players with capes but once again there's no proof given after about 10 days the discussion begins to dwindle on hack forums however it continues intermittently on the Minecraft forum but just a few weeks later a new development occurs on August 8th 2012 a user named Ryan Tech posts a link to a tweet that he sent Notch I have a team of evil people ready to break the 7z file this was sent at 11:37 a.

m. a mere 3 minutes later Notch himself has posted a response Ryan Tech it's just the 1. 0 release of Minecraft concluding with a smiley face of modicon well case Clos right Notch the creator of Minecraft says it's just the 1.

0 release of the game but as it turns out something really interesting just happened and it's something you would only know about if you happen to check assets. minecraft. net when we do that we once again see the XML file with a list of objects scrolling down to the bottom we still see two Minecon 7z but something has changed the last modified attribute should be November 15th 2011 instead it says August 8th 2012 at 10:56 a.

m. this is even more notable when we take a look at the E tag attribute which stands for entity tag remember the hash function which takes arbitrary data and produces a fixed output well that data doesn't have to be a password it could be a file as well and that's what the E tag is an md5 hash of the given file thus each bucket object has a unique identifier if the file were to change the md5 hash and ET tag would also change comparing the E tag here with the one we saw previously we'll see that they are different the August 8th version of two Minecon 7z is not the same as the original it's been swapped out for a decoy they've subtly replaced it with a complete completely different file the timing of this is beyond Bizarre by this point discussion on two Minecon had pretty much died down there were no more hack Forum posts and only occasional Minecraft forum posts for reasons unclear someone at moyang suddenly decided to swap two mine con. 7z with a different version not even 2 hours later Notch responds to a question on Twitter confirming the existence of the file the fact that Notch even knows what this tweet is about is notable without proper context the 7z file is vague not to mention that Minecon 2011 was over 9 months ago why would Notch immediately recognize what this tweet is referencing and yet he does providing a virtually instantaneous explanation perhaps this suggests that it was Notch who made the swap with a file on his mind he'd be able to respond quickly but the reason for the initial swap remained shrouded if two Minecon really did just contain Minecraft 1.

0 then why bother swapping it all and if it contains something else why would Notch publicly comment on the existence of of the file instead of letting it Fade Into Obscurity and it's still super weird that the swap occurred just 2 hours before the first public acknowledgement of the file by a moang employee is it possible that there was a third event one which caused both moyang to swap the file and Ryan Tech to make the Tweet the entire sequence is mystifying so now there are two versions of two Minecon 7z the original version and the swapped version and with the subtle way that the swap was executed how would anyone even know what happened 1 month later on September 8th a user actually does notice that there's a change in the XML file saying that it has been updated but no one acknowledges this discovery the investigators fail to understand just how big of a deal it is that this file is changed the Minecraft forum post sees limited engagement through early 2013 but by mid April the conversation has ceased and the investigation on two Minecon 7z enters a Dark Age [Music] the trail goes cold for nearly 5 years interrupted once in 2016 by another notch tweet saying that the file contains a Minecraft build for the most part the mystery of two Minecon 7z has been forgotten the investigative Community didn't even get a chance to appreciate the fact that the files had been swapped but within a certain Community a glimmer of hope remained Omni archive. is a website with the stated goal of preserving all official Minecraft content discussion of two Minecon would pop up occasionally on their Discord server on February 5th 2018 a user named Napster dude briefly mentioned that there may be two versions of the file an indication that this key fact has not been completely forgotten over a year later a user named a is exploring old archives of assets. minecraft.

net when they suddenly noticed the encrypted to Minecon file they mentioned that they sure people have gotten into the file already but someone responds saying that they haven't amine decides to investigate further they tweet Tobias mom a developer who was with moing from 2010 to 2014 Tobias actually responds although it's not exactly helpful BR force it aine doesn't give up though they send an email to Jeb of all people and assuming this screenshot is legit Jeb responds he says Hello Alex I did some digging and I found this quote from Tobias the file itself contains the 1. 0 version of Minecraft so nothing sensitive albeit nostalgic the file has been replaced with a bogus one with a bogus password to entertain the world so there you have it hope you were entertained this is Meaningful because it serves as an official confirmation that the files had been swapped with the apparent purpose of entertaining the world but unfortunately not much came of it the trail went cold once again on March 18th 2019 a user named Lackey asks dinnerbone if he knows the password for two Minecon dinnerbone is the user name of Nathan Adams an ex moing developer they're actually in the Omni archive Discord server and they respond with it does not contain anything useful to you Lackey what do you think it contains Nathan Adams was not hired by moing until February 28 2012 this means that he would not have been present for the creation of the original file however he would have been at moang during the swap which occurred during his first year the investigation once again grinds to a halt but suddenly on May 3rd 2022 a breakthrough a Discord user named Danny Dorito posts a message saying they've cracked the password Denny doesn't reveal what the password is but he does show what was in the file at long last we'll get to see what exist in this mysterious archive join me for a cinematic viewing kids get the best of it with wdca Channel 20 in Washington DC think twice before you answer than tce than tce before you say yes think twice before you answer think twice before you say yes huh what are we looking at well this is a comedy sketch by a man named pety green who was a talk show host in Washington DC his story is actually pretty fascinating he joined the US Army at the age of 16 serving for about 6 years several years after being discharged he was convicted of armed robbery and sentenced to a decade in prison while he was there he began became the prison disc jockey his social skills were so good that he even saved the life of an inmate by convincing him not to jump to his death once py was released in 1966 he was hired at the AM radio station wam 1450 putting his DJ skills to use by 1976 he had his own television show py greens Washington he used this as a platform to discuss difficult issues such as poverty racism domestic violence and income inequality the video in to Minecon 7z is a segment from the show entitled be yourself but while all of this is interesting it has nothing to do with Minecraft and that's because as you've probably already guessed by now this is the decoy file not the original we're seeing the archive that was swapped out in August of 2012 this is what was intended to entertain the world in the words of Tobias malstrom about a year later a YouTuber named mcbyt releases a video covering the topic it's a great piece of content that gave me a solid starting place for my research seriously go subscribe to the channel right now the video describes the overall story of two Minecon bringing more attention to what had otherwise been a fairly obscure topic a Reddit user named no background 5031 watches the video and attempts to decode the file 8 Days Later they've done it publicly revealing for the first time the password the spice must flow this is a quote from the Dune movie no not that one no not that one either it's actually the 1984 David Lynch version using this password we can finally decrypt the arch ourselves this reveals the video called secret. mpp4 and another file called Data with no extension it's not clear what type of file this is supposed to be I used a tool called TRD to see if I could identify it but nothing came up it's probably just garbage data designed to increase the file size although we don't know for sure but the story is about to take yet another twist a couple of days later a different user comments on the Reddit post with an intriguing message I think I may have the original copy of this file I recently saw mcb's video about this and I decided on a whim to look through my backups to see if I had a copy and sure enough I did it's certainly different than the version shown in the video the decoy version I did confirm that this the spice must flow password does not open it also tried against the same word list with no luck the link to my file is here below is a link to a file called ton.

7z could this be the long lost original archive how do we know if this was real or just a troll well let's think back to the very first Minecraft forum post where the user looked at data in the assets. minecraft. net XML file the user copied some of the metadata corresponding to the file which is corroborated by the archive version critically this includes the E tag remember the entity tag is unique to the specific file if the file changes then the E tag also changes so if we can find a way to determine the E tag of the redditor's file we can check it against the archived eag to see if it's the same I pulled up the terminal and wrote the command to calculate the md5 5 hash of the redditor's [Music] file oh it's different so maybe this actually is a fake file but before giving up I decided to do a little bit more research into how the eag works and I discovered that the tag is not always the md5 hash of the file in certain situations such as a multi-part upload the eag is calculated using a different Formula One which concatenates multiple hashes together a redditor on a different subreddit had a similar process to mine a commenter named arvar 1200 knew of a bash script called S3 md5 that could be used to reverse engineer the E tag of a local file I downloaded the script and with baited breath typed out the command to find the E tag of the redditors 2 MineCon 7z this is it this is the original 2ine con.

7z Beyond a reasonable doubt it was stored on some random person computer hidden for a decade only just now seeing the light of day it's the critical piece of an unsolved Minecraft mystery that has endured for over 10 years the two Minecon 7z file has been Unearthed but even now the mystery still isn't really solved instead we've crawled just a little bit deeper into what has turned out to be a fascinating rabbit hole and now that we've explored the story of up to this point there are some inconsistencies we need to discuss one question that's been bothering me this whole time is who swapped the files and why I find it interesting that Notch discussed this 7z file on Twitter mere hours after the swap had occurred why did he choose to comment on it at that point was it just a coincidence or was there something else going on the Twitter exchange from 2016 may prove useful a user named lucaon sent the Tweet Notch what's that file to Minecon 7z on the assets. minecraft. net server from August 8th 2012 how do we open it lucaon it's a build of Minecraft that we were showing at Minecon it's a password compressed file I don't remember the password but there's actually something rather strange here lucaon is asking about the file from August 8 2012 which is the decoy file however Notch responds by saying that it was a build of Minecraft for the decoy file this is objectively false we now know that it contains a video so if Notch did in fact swap the file this would be a lie but the there's really no reason for Notch to be dishonest especially not in response to a random question on Twitter this suggests an alternative explanation that the file had been swapped without Notch's [Music] knowledge I'm not going to claim to understand the deeper implications of this and maybe there are none maybe it's as simple as Tobias replacing the file and forgetting to tell Notch but the fact that the swap occurred mere hours before Notch's first public acknowledgement of the file's existence is something that feels just a bit I don't know too coincidental I'm not trying to make up some crazy Theory but this is a part of the story that lives like a thorn in my mind I can't shake the feeling that maybe they're related let's switch gears for a bit and think about what actually could be in the original archive there are five known instances of current or former moing employees discussing to Minecon we have Notch's 2012 tweet stating that it's the 1.

0 release of Minecraft as well as his 2016 tweet that we just discussed then there are the interactions with amine when Tobias says to brute force it and Jeb quotes Tobias who said that it contained the w0 version of Minecraft which was swapped finally there's dinner bones Discord message saying that it does not contain anything useful consistently the current and former moing employees say that this was the 1. 0 version of Minecraft none have mentioned anything suggesting otherwise but there is evidence that calls this into some doubt when fully uncompressed Minecraft version 1. 0.

0 takes about 50 megab of space compressing this using 7zip gets it down to around 44 megabytes that leaves about 30 megab of difference between the Minecraft 1. 0 files and the size of two Minecon 7z there would probably be extra things like a sample world but that would be unlikely to take up the remaining difference so despite the comments by the moing employees the file size suggests that it may contain information Beyond just Minecraft 1. 0 so let's Broad in our search a little bit I went through and watched a bunch of Minecon 2011 footage looking for anything that might match the file there are several moments where a short video clip is played for the the audience but they're all too long to reasonably fit into a 70 megab file then I looked at what games were demoed at the convention there was a live demo of Scrolls remember that as well as Cobalt unfortunately though I was unable to find an old enough version of these games to compare the file sizes but for what was shown in the demos 70 megabytes naively seems like it could match one demo it is unlikely to be is Minecraft Pocket Edition the game was so Bare Bones that the apk at the time was a mere 1.

6 megabytes far too small as I continued watching Minecon videos a thought crossed my mind what if this contains the demo for the Xbox 360 version the game shown at Minecon was version 1. 66 one60 but there's no available Archive of it the first unmodified version available is version 35 the files are about 65 MB compressed and 68 mbes uncompressed this is much closer to the two Minecon 7z size and this leads me to believe that perhaps this is what is contained in the archive at this early stage of development a couple of megabytes of variation between versions wouldn't be strange this interpretation also provides a potential explanation as to why moing would want to swap out the file this was an incomplete game running on a demo console not a full release the build very well could have had proprietary Xbox 360 development tools on it software which would need to be licensed from Microsoft in order to use it could have included sensitive information such as a license key or even the source code itself if this was the case there would be good reason for moyang to want to keep it away from from the public a violation could potentially have legal ramifications this Theory would explain the encryption and the swap but it wouldn't explain why it was uploaded in the first place if it actually is proprietary data why would moang even take the risk of putting it on a publicly accessible site was it just a hasty backup plan to be honest I'm not sure I have a great explanation another issue with this theory is that it does conflict with a mooing employees insistence that this file is Minecraft 1.