The reason thespicemustflow is 16 chars might be that mojang saw the forum post saying the original password is 16 chars, and decided to make the decoy password 16 chars for fun.
ye this imo they might have gotten word either from one of their own on hackerforums or someone else on it let them know that hackerforums both had the file and was looking to decrypt it (maybe even because of the guy who tweeted at notch?). not everyone on a place like that is necessarily going to go in with simple curiosity and good intention. it seems to me that keeping the 16 chars (NONE of which are numbers, compared to the post about the original's being only numbers. the og pass being just numbers is only really mentioned on hackerforums that i've seen? hence why i think they were actually clued in to that specifically.), the password itself being something of a nerd meme, the random video it was replaced with to fill the space... I think all of these things are literally just to mess with hackers mojang knew were after something they had now been told was sensitive and potentially damaging. so beyond that point in their eyes, a fair few people would be then trying to access the file with the explicit intent of trying to do damage of some sort. so why not troll the people who tried once mojang realized what was up? intentionally messing with people deliberately trying to put their hands in the no-no jar that's locked for a reason. explains the inconsistency too imo, because it's possible that being too up front about what the file contains may fuel those actions further. and assuming it IS something to do for XBOX, that damage would have been wider spread than minecraft. so it's better to just be aggravating little schmucks about it. which is probably a valid response tbh
that's the most likely scenario. given that it's mathematically inconceivable that anyone ever has bruteforced the password, it makes far more sense that someone just lied about the password length to deter people, and mojang picked a 16 character password based on that forum
and changed to only letters to indirectly mark those people that said it's "important information that should not be in the wild" as liars taking with it the message of the important informations.
The fact that it's called "tominecon" just says to me that it was probably sent to someone setting up for minecon. As a dev, the easiest way I can think of to send a file (too large to be emailed) is to just upload it to the public servers encrypted. Especially considering they were smallish game dev company at the time. Someone probably did this and just forgot about it. The people on hackforums are full of sh*t and you should take everything they say with a huge grain of salt.
As a developer, it’s normal for test builds to be much larger than production builds because of extra debugging code, longer variable and function names that are human-readable, etc. The version that ships to general audiences usually goes through a minifier, which is software that shortens symbols (variable and function names) to one or two characters, and then the compilation process can have further optimizations that make the code smaller and faster
If the original file indeed contains the 1.0 code for Xbox edition, it’s probably the version that the testers are using that retains its human-readable debugging tools, not the minified, optimized version that will ship to customers
Minification only makes sense if you're distributing and directly running source code, like in JS. Java compiles to bytecode which is then run on the JVM. It makes no sense to minify Java code because it will compile to the same bytecode regardless. The bytecode will not store each variable as a string of dozens of bytes, it will enumerate the variables as integers.
@@amaryllis0 if it's a debug build it'd have symbols embedded in/alongside the main jar file i think, so it could just be a debug build. but also, if it's an actual 360 build of the game, it'd be written in c++, and i have no idea what black magic is used to store symbols in windows' PE files(the 360 is just a pc with a customized windows build on it afaik)
@@amaryllis0 That's not quite true. While Java is running bytecode, it doesn't use memory addresses to access its variables; it uses their names. Same for classes, packages and methods. So a compiled Java file will have a good amount of "minifiable" text in it. And yes, Minecraft distributables are minified/obfuscated. However, it wouldn't create a compressed archive that much bigger. The compression algorithm will do the same thing a minifier does, and do it even better. The archive would roughly be bigger by the combined length of each unique string.
@@amaryllis0fwiw Mojang is notorious for minifiying the heck out of their code. It's one of the things that makes mod development way more difficult than it need to be.
My personal theory is that it contains 1-2 builds of Minecraft 1.0 along with the source code. Having the Minecraft source code be leaked could be very devastating, especially in 2012 when it was still somewhat recent. This explains why Dinnerbone said it wouldn't be that useful all those years later. Edit: I did not mean exclusively game code! Additional internal systems as well, of course! :)
Not that the source getting leaked realy matters much anyway. Minecraft (at least the original version) is written in Java, which, due to it's status as an interpreted language, can be easily decompiled back to what's effectively the original source. It's why the game's code itself is obfuscated in all distributed .jar files to make it difficult to tell what anything's supposed to do (function, variable, and class names are turned into random series of letters). Not that this really stopped modders anyway, Forge has existed since release 1.0, and source mods to the .jar of the game itself along with other pre-Forge modloaders have existed since the beta/alpha days.
Eh pretty sure Minecraft has been fully decompiled at this point, that is why mods work so well they just patch that. I mean we would get the code comments though, not much useful there though maybe some funny strings like in the TF2, Windows XP and MSDOS source. But why would they need the source for Minecon? Makes zero sense to me
They literally publish the mappings to the original source themselves. They have for quite a while. (though I don't remember when they started doing that, exactly)
A potential reason to why the version was on AWS was to quickly publish it when Notch pulled the lever. There could have been some code in there that when run publishes the Minecraft version to accelerate the process and have it run smoothly with a potential plan B, this of course would mean that the AWS access tokens where stored in there giving them a reason to encrypt and later swap it. Potentially it also contained additional software used for Minecon demos (or for giving out capes maybe?). Things you definetly don't want public but when you had time changing everything also wouldn't be detrimental anymore.
This could hold some weight, as this isn't the first time they have done something like this. I used to be part of the "OG community" of Minecraft between 2015 and 2019, which was a group of then teen-losers who obsessed over cool names, such as Fox, or Evil, for example. There is a server named NameMC (Blockmania) that was a hub that a lot of "OGs" would join to flex Minecon capes or rare usernames. For example, I used to have a Minecraft account named "Foul" that had a 2015 and 2016 Minecon cape until the TID got pulled, and I lost access to the account (it was stolen by another user). Well, in terms of the server as I said, the NameMC/Blockmania server is a server where users would often brag about how they've traded for, bought, or stole these accounts where their value had weight in a cool name or exclusive capes tied to the account such as Minecon capes. Notch and Jeb themselves invaded two prominent things, which are the NameMC/Blockmania server and a website that used to be called "MCMarket" (MCM), but has now been renamed to BuiltByBit. The formerly known MCMarker server was mostly focused on users who had cracked accounts and sold them for their rare names and capes, same with the server it was associated with (NameMC/Blockmania). MCMarket was threatened with a C&D way-back-when, where they had removed the entire market section for all things Minecraft related, and all threads were used to gather information on users and the accounts they compromised where Minecraft accounts experienced a large ban-wave across the "OG community" where these stolen or for-sale accounts were banned to wash out this 3rd party market. Notch and Jeb recorded many logs within the NameMC/Blockmania server and archived the formerly known MCMarket threads to put a stop (mostly) to the secondary market. The community has mostly died off, but there are a few stragglers out there. I still own an MC account today with a 4-letter name and a 2011 cape... I have been offered an upwards of $1,500 for it, but I'm smart enough to avoid being scammed by little kids who want to flex pixels to their friends.
I think that it is extremely likely that the files are the Minecraft console demo. A security person or the person who ran the website at Mojang likely realized the existance of the file and that it was a piracy threat, so they decided to plant the information about the 16 characters, then change the file to a decoy because it would be fun. I think we need to take into account that Mojang really existed to just have fun at that time, and they were really clever.
Very possible. The swap 100% was to make the result more fun for the community. Meaning they know the contents of the original, and it's almost certainly boring for most people, if not everyone.
@@seandorama5932 Because hackers are the best at trolling. It isn't hard to figure out what is in the original file, aes-256 bit encryption has been broken for years now.
These early Minecraft mysteries fascinate me. There’s something about the freshness of the game at the time and the puzzles surrounding it that make me want to go back and experience it firsthand.
i started with minecraft in early 2010 and lemmie tell you it was pretty cool however, you can have a similar experience with any fandom ish game, undertale, hollowknight, inscryption, and outer wilds were similar experiences for me, just wait around for the next big thing. Obviously nothing lasts as long as minecraft (i just set up a modded server for friends :D i haven't played vanilla since before enchanting) but the whole herobrine phase and whatnot is close. if you are able to avoid spoilers i can HIGHLY recommend just playing outer wilds :D there is a cult on youtube going around and watching others lets-play it because you can only experience it as its meant to be experienced once.
@@jooot_6850 idk about craaazy stuff, like, don't overhype it, but its a great game if you like solving mysteries and exploring and piecing things together
The thing is, I think that when they said it was Minecraft 1.0, they weren't lying: they never explicitly specified _which_ 1.0 - they could have been referring to the console 1.0 (the first version of the game), for all we know.
console versions have never been referred to as 1.0, the first beta builds we know were called 1.66.0016.0, the first release TU0, and the release corresponding to java release 1.0 is called TU7
@@Archman155 ah, gotcha - it's possible that the exact version could have slipped their mind or they forgot the exact versioning scheme - after all, the tweets _did_ happen way after the file's creation (and subsequent replacement).
considering that it's called tominecon, I think it may have information about people who have minecon tickets, which could explain why it would cause shit to go down.
Oh, that could be something. Though I feel like Dinnerbone's statement about it not being useful anymore would be false in that case. Surely some of that info would still hold weight all these years later.
It was put on a public server because, at that time, VPXs and the like were not as common and easy to use, and nobody had FTP servers anymore because of the security risks. When you were doing stuff for a trade show, you were doing it last minute, so the fastest way to get a last-minute build to the people at the show was to dump it in the S3 bucket. I’ve done the exact same thing in the past. There is no mystery there, IMO.
people *still* put sensitive data on public facing servers despite the security risks just because it's convenient and easy. you can easily find public facing security cameras or webcams that people have either forgotten or just neglected to secure properly, or go on Shodan to easily find other items.
There were secure alternatives to ftp at that point like sftp but the problem is always making it easy enough for non tech inclined workers to access it on their windows office computers. HTTP file transfer is still the most sensible way to do that sometimes in today's messed up world.
It could have been uploaded by mistake. People make mistakes, like probably every day a mistake is made. To be honest, mistakes are more common than conspiracy theorists would like to admit...
@@totheknee true, just one thing - it's certainly not "one mistake". If you work anywhere, you know how many rules you break per day, because it's not possible to don't do them. In fact in place where I work, there's one accident per 1-2 days (a big company; accident as one being hospitalized or otherwise incapacitated). And we aren't talking here about single mistakes, but clusters of them leading to such accidents. As it's very interesting topic, let me write my view on that. Nothing happens with most mistakes, but as they are so common from time to time they interfere to create big catastrophe or something that goes public. When we make mistakes and nothing happens, we stop caring about that. Speeding cars? "Eh, nothing ever happened to me, nothing will ever happen". Security is diminishing with each day, because "eh, nothing happened, why bother with additional steps". And then conspiracy theorists yell - how is it possible that x and y happened at once, all while z was in place? Must be conspiracy! Well, for that reason that when x happens you don't hear about it, nor when x with y happens. Big stuff needs a lot of mistakes at once, so it's not happening often. Poland has lost almost entire gov with a chain of mistakes, putting all important people on one plane, being one of them. But we are not the only one, Eschede train disaster would be another example to Polish plane crash. At last, but not least, we don't see most of the things that happens around us, only when they become big, so we might have falsified view that nothing happens or when it does, it's so big, it's unbelievable. My life was repeatedly destroyed and fixed by a bunch of seemingly random things and yet I'm real, so why catastrophe can't be catastrophe just by mistakes, not by some conspiracy?
The reason the file is called tominecon doesn't actually have anything to do with Minecon 2011. It actually contains RubyDung demos for Minecon 2008, as mentioned in the first Iceberg Video on this channel. It was encrypted to hide the fact that Alphaver is real and they had a RubyDung convention in 2008 and called it Minecon for some reason and Herobrine's feet are hidden in the game files at 3am and-
It's just Minecraft 1.0 where the build wasn't obfuscated. I was around at the time as a modder, and that was the consensus between what we believed in the modding and forge IRC channel.
This is probably my favourite ARG-style video on this channel. Others are fun and all, but at the end of the day, they are just orchestrated pieces of internet art. This, however, seems very real. Would be cool to actually see the contents of the file
Assuming that the hack forums attempt at cracking it was real and successful, why cant it be repeated if we have the original file. It was 12 years ago, hardware power has increased very significantly.
It absolutely can be cracked, the problem's just that cracking a 7zip password takes a lot of GPU power. The person on the hacker forum was likely lying about finding the passcode to troll or deter skids from cluttering the forum with questions about how to crack an encryption that would take millions of years to brute force (given the tech of the era) Even now, assuming you can dedicate a couple 4090s or A100s to cracking AES-256, you're gonna be waiting a while to get the results. And that's when you're using the strongest GPUs on the market. The big question you need to ask is, given the technical hurdles, how much money are you willing to invest into a curiosity that will not offer any meaningful payoff?
@@CaptainBeebi i mean that whole minecraft@home thing happened to find pack.png and etc, i could see the community utilising that or something similar for this
@@CaptainBeebi I'm inclined to agree. I tested the 16-character numbers-only thing on my RX 5700. Does about 144 H/s and estimated time to crack is 220 754 years and 183 days. If someone cracked it, it being 16 characters is bollocks.
Time obscures details. Maybe the password was so obvious back in 2011 because it was related to something fresh at the time? e.g. a then-recent tweet by a dev like Notch with a notable phrase. It would be on people's minds and theoretically someone could have tried it and opened the 7zip. Or it could have been related to someone from 2011 pop culture, who is forgotten now (e.g. Justin Bieber). Or maybe its something so simple that people overlooked it, like an epoch
Well, I took a look at the plaintext parts of the 7z, and managed to discover something. It's laid out like this: - Header: 0x0 - 0x20 (32 bytes long) - Contents data: 0x20 - 0x470B270 (74494544 bytes long, encrypted) - Contents metadata: 0x470B270 - 0x470C5E0 (4965 bytes long, encrypted -> decompressed: 38249 bytes long) - Footer: 0x470C5E0 - 0x470C60A The contents data and contents metadata are both encrypted, but the footer includes both the compressed and decompressed size of the metadata. And the decompressed metadata size is quite large, at 38KB. From that, even without knowing the password, we can infer that **there are many files or folders inside the 7z: likely at least several hundred**, anywhere up to a theoretical maximum of 1159. (33 bytes of metadata per file minimum, for a file that has a single-letter name)
Sounds like an install of Minecraft to me. The console version sounds very plausible. Also, that s3 bucket was their only bucket for some time at that point. It was probably put there by 4j studios so they could install it on the 360 devkit used for the demo. Edit: that's why the user metadata is missing I expect - 4j got a write only url to that bucket,vand perhaps there was no user data in the S3.
Hey hey hey! I'm a dev (not in java which is minecraft language). While everything could be in this file, I'd like to point why it could very well be the version 1.0 of minecraft: There is a difference in size between a dev build and a release build. dev build contains a shit ton of debug info, which can weight quite much (for example, at my workplace, we have our product that in dev build takes 1.5Go, but 400Mo in release build). debug info contains tremendous informations about the source code of the game, making it effectively "dangerous" if released in the wild for a closed source product. perhaps the file is a dev build of minecraft, that was archived there for convenience, then forgotten, then, when mojang noticed that oopsie doopsie it was a dev build, they swapped the file
The "playerswithcapes" makes me think that it is information about the players who have capes potentially things like real names, addresses, emails, potentially even credit card numbers. This fits with the "TAKE THIS DOWN" attitude that the users on that original thread had. The players who would have had capes at that time were only the attendees of that particular minecon and some mojang employees.
If that were the case, the people who "had seen it" wouldnt tell you to look at it and move on. They would be trying to prevent you seeing it at all. Its likely just a bunch of things like banners, videos, console/PC demos, etc and nothing of much value.
as a veteran of hackforums (the minecraft section, at that) the most likely explanation is that flipybitz was trolling and nobody had ever cracked the file to begin with.
I know he kind of had to cut Minecraft loose for his own sanity (which is better than holding on and letting fame destroy him), but I like to think that every once in a while he enjoys watching from a distance
He probably wouldn't have much nice to say. Some may be actually valid points, where as other comments would probably just once again prove how awful of a person he is. Gotta remember that after he sold Minecraft he started to reveal his opinions and a lot of them aren't good.
At 8:12, my gut feeling is that you are right and that this exchange is coming at the end of a longer dialogue. If the file was updated two hours prior to Notch's reply then their has to be a connection to that tweet. Perhaps other people where messaging him about the file in private or on some other social media platform, and maybe having forgot it existed he or someone else at Mojang went and changed it to the decoy file. Like, they knew if they just deleted the file then it would just draw more attention to it and energize more people to try and crack it open. Then when the next person messaged him in public about it he had an answer and acknowledged the files existence openly. Perhaps his response that it contained Minecraft 1.0 was just another smokescreen on top of the decoy file. Like, "Oh its just Minecraft 1.0 and you all already have that, no need to dig deeper" type of deal.
25:13 - It's 16 characters long, but the post also says that it's all numbers. The fact that the decoy was 16 characters long, and all ASCII characters is a pretty significant deviation.
Not really of 7z itself, but more of the AES encryption model. There's a reason it's used everywhere (including the browser/app you're reading this comment on).
@@JoBot__ what the FUCK IT FEELS SO MUCH MORE RECENT THAN THAT, i remember being so pissed that they kept delaying it and i remember beating it as if it were yesterday...
you know, if the cape names screenshot is real then maybe they didn't want people to open it cause it contained private information of people who went to that minecon
Or it could be used to wreak havoc. Imagine if you could slap an outdated, nonfunctional piece of nonsense code onto a Minecraft account tied to anybody's computer. Code is delicate, you could probably corrupt somebody's ROM with something like that if the stars aligned.
@@stardy8131 i'm young so idk about that minecon but was it ticket based? cause if it was then maybe they made the file when the tickets sold out or somethin
@@sopix7761 I actually do not know but knowing data, data analysis and mojang i doubt they'd list all the names of the people that bought tickets/went to minecon in a single txt file, the file is really specific too and usually when sending data like this its accompanied with other kinds of stuff (And even then, if the file itself did have more things, knowing developers and data workers it would've been more efficient to just make a XLS/CSV file and easily have all the data sorted there for you). Also, minecon already had the names of the people that went there along with their usernames, not mojang, if anything the file would've been named toMojang, and mojang essentially had no purpose in sending this kind of data aswell cause they could directly just send the capes to the users from their offices at mojang if they already had these usernames. //I'd also like to mention how the txt file is 6GBs, the zip is only 76mb, though that could be due to compression This is coming from someone that studies IT and had lessons about data like this in conclusion.. What I'm trying to say is - that although it is possible, it is extremely unlikely that this is the case, I'm sure one day the file will be cracked and we'll find out though P.S. Sorry if my punctuation is bad, I'm dyslexic and often make these mistakes while writing
I have worked at three cyber security companies in my time and I absolutely guarantee you it’s a master password, yes they are that dumb. Our company had a master password that was used on practically everything digital related including locked files, the password is absolutely a master password
16:40 I agree that it's just random bits appended in order to make the archive the same size. I did a simple frequency analysis over the bytes and it was pretty much flat i.e. each value was about as likely to appear, which is very unlike structured data.
Could also be encrypted, which will also appear like random noise, assuming you're using a good block cipher mode. But I agree, very likely just random data to pad out the filesize.
@@AcidicLanzador it's hard to predict the post compression filesize without just compressing over and over with different amounts of random data. They got it close and called it good enough.
I'm genuinely impressed at how interested the presentation of this video made me about absolutely nothing. I could change a single pixel on an image from 255, 255, 255 to 255, 255, 254 and it will produce an entirely unrecognisable hash through any well known one-way function. I could re-upload the file and a single byte of metadata (maybe the TIME IT WAS UPLOADED) would make the hash entirely different. "Did the president set fire to his feet?" Nobody has an answer, fair enough, but is it a question that needs to be posed? Nice work.
I knew something like this would come up. I always thought like "can't people just look into the game's code and find all the secrets or copy the whole game for themselves" but I guess not
Most games run off an “engine” these are programs like unreal4/5 where a middleman program will read data and translate it into an actual game experience for you. A lot of games have custom engines, or settings or program-plug-ins that modify how the original engine reads. Thus making it hard for normal people to just “rip” the game code. Sure you can access it, but actually using the code after is the biggest issue. For instance I can find all the data for a sim character very easily, download it and transfer it to another simmer in 5 minutes, but that data is almost useless unless you can find the right tools for (example) blender to read and actually display the data. As he mentioned some things are proprietary property too, and it’s very easy for devs to lock code away so you just can’t get it. Sucks to be a regular person I guess 🤷🏼♀️
If it can run and display on your machine in game, it can be reverse engineered. The issue with files like these is that you normally need the password to get in, and this was clearly not meant to be a public facing file.
generally when you download a game you are only downloading the compiled binary. this is the version of the game created from all the different bits of course code meant to actually run on a user's machine. the problem is that doing the *reverse* process (turning compiled code back into the decompiled source code) is much harder. big companies that put out games want their property to be protected, otherwise users could just recreate the entire game for free on their systems! for example, most compilers will "optimize" your code and run obfuscation programs, which will strip out each variable and function name and replace it with a generic one. because you don't have the compiler they used, you know have to try and guess what these variable and functions were called (for example, a simple function like getPos(player, 12) may turn into f9jj0z(gz0szn1,ff08s)). most compiled programs will also strip "symbols" from the program because it makes the file substantially smaller, which are impossible to regenerate of course, some programs are easier to decompile and reverse engineer than others. minecraft, a java program, has been decompiled many times because java compiles into what is known as bytecode, which retains symbol, class, and method names and thus makes it much more human readable.
I love how I called that the etag isn't (always) md5 like the moment you first introduced the xml data describing the file and like 16 minutes later my hunch has been proven correct :'3
@@picaDoesStuff Because it's so computationally intensive that the few dozen times speedup we gained in the last 13 years are completely insignificant compared to how hard it is to crack.
@@polukieven notch doesn't know. He was asked again on a twitter post for his game levers and chests. I'm pretty sure notch doesn't know what is in the file
@@greenvm "Insignificant" is being too harsh. It'd take several years for ChatGPT-level of hardware to crack, so with a setup like minecraft@home it would definitely be possible
@@benedictgaming4766it takes like a lot of 4090s or a1000 gpus and then it would probably still take some time to crack the real password. Decryption is hard if not impossible to do without a whole gpu farm or trying every password but that is not worth it
The phrasing of, "It does not contain anything useful to you, Laki. What do you think it contains?" is oddly terrifying lmao. It makes the contents feel so ominous.
This is a very captivating mystery. I feel like it contains both a dev kit and the Minecon console beta. They possibly forgot that the dev kit was tied to the console beta when they first uploaded the file, hence why they removed it. If Mojang already allows us to pursue such a large number of previous Minecraft versions though, then why would this possible console beta prompt such a swift replacement of the file? Unless maybe the dev kit was somehow embedded into the Minecraft beta itself.
You really need to make more horror-esc videos like these, even outside of gaming. A 7zip file isn't scary, but the ambiance and the structure of this video makes it all SO scary
Really nice video. spoken like a true detective, following the theory with the least possible suppositions. At the end I think it's a mix of all the 3. now I'm subscribed❤
I adore waking up and seeing a notif for a new vid from you, always makes my day, i remmeber makin fanart for you a year ago, gotta do some more again💥💥💥💥
Edit: @NjRmMTIxMjVlNDFiNDkzMDVh in the replies corrected me, what I'm describing isn't called a hash collision, but it's called a second preimage attack and MD5 is not susceptible to it. The original message I sent can be found below, but keep in mind that it's not accurate. Not sure about s3md5, but regular md5 is incredibly susceptible to "hash collisions" and it's not too difficult to create a completely different file that would produce the same hash as some other file. If you have ever looked at any resources for hash algorithms you've probably seen people discourage the use of MD5 for this reason. I'm not sure if it would be possible to create a valid 7z file with password protection that would produce the same hash without custom tooling, but it's a possibility that I think is worth noting before we believe random things on the internet. It would be a good idea to find more independent copies of the original 7z file before we conclude that this guy actually has the original.
It's actually kinda weird that more people didn't preserve the original file anywhere. Well, maybe it's because not many paid attention to the file being replaced back then.
On the same thought-train, the s3md5 reversal script which mysteriously appeared, could potentially have been created to produce the desired string for this 7z.
@@tamoozbr I'm not going to pretend to fully know what I'm talking about, because I don't. From what I've heard and what little I do know about hash algorithms though is that as long as the file is long enough you should be able to replace enough of the internals without breaking the file to produce the same hash without compromising the file size or any important headers, the only thing you do compromise is the data itself (which wouldn't really matter for perpetuating a mystery on the internet, since the data in question is supposedly encrypted and the key to decrypt it is the mystery.)
@@AcidicLanzador I don't think it's that weird. Back then Minecraft was a smaller game, not many people probably would have been poking around for files like that and even fewer of those people probably cared about preservation.
Who else thinks Notch swapped the file, and when he was replying to the tweet, he was referring to the original one, because how was he supposed to remember which date he uploaded the decoy 4 years ago?
Thats hilarious @14:18 he is cutting that watermelon with a Ginsu just as I did an hour ago. Love that knife its been 35 or more years i've had it and its still razor sharp!
Ahaha this was genuinely riveting content! You had me on the edge of my seat for the duration of this video. Your imagination runs wild at the thought of the contents. Loving the unhinged devotion to the mystery! Great editing and naration.
A downside of this theory is that text (source code in this case) compresses way better than binary files, especially with algorithms like LZMA (in which the 7z format usually relies upon)
@@NickAc Having worked with java in the past, I can tell you many devs have libraries used to build the code in the source code files (or repo etc) included, as back then dependency tools like maven were not that great. This could explain the increased file size
@@dern3rd yeah, i've worked with similar tools before, and indeed sometimes the source-code is shipped with the built stuff, but text is still small when compressed with 7z. But I guess having both side-by-side could impact compression ratios
24:44 I was thinking this entire segment of this: Maybe the extra space is just the original Minecraft source code! Or maybe it's the whole codebase, and there's no build of the game at all!! This entire time, we always got the response "It's a Minecraft 1.0 *BUILD* ". What if it's NOT a build, and the whole Java project?
As someone who has worked conventions and such, dropping a file in an easily accessible place so that someone on site can grab it quick is a common last minute thing to do. The file name and quick .7z passwording lines up with that presumption too. My guess is it's attendee personal information for the making badges and receiving the cape.
There are only really three reasons, in order of likelihood, why the file was pulled: 1. The contents of the file itself are things of which the possession alone is a crime, and whoever uploaded the file has been in prison for the last 10 years. The whole "everyone looking into it should leave it alone and don't touch it" strongly suggests this is or has been the case. 2. If the part about version 1.0 of the software is the truth (and I doubt it, since they're not being consistent in the manner that matters), then it may have contained source code, signing keys or access credentials which may have allowed the publication of an update to the software, possibly to install malware on all their user's computers. However such access credentials are usually easy to revoke and replace instead. 3. The file contained personally identifiable information of at least one person, and the file was pulled in an attempt to remove it for identity protection. This may tie into reason number one.
Pretty sure the data file is meant to be mixed against the video file to output something else, a silly Mojang ARG. The password on the decoy being 16 characters in length is in reference to the forum post discussing the original.
Even if the password is all numbers and 16 digits long theres 10 quadrillion possible combinations 💀 Collectively everyone would have to go through ~19 billion combinations a minute, ~27 trillion a day, to have that done in a year. That is if someone isn't lucky and somehow it's the last guess. Just to get an idea of how large that number is and how unlikely someone has actually already cracked it even if that is the only parameters
An idea why the password was switched to thespicemustflow is that it was originally a different 16 letter quote from dune, those being "We must confront" "He who controls" "A beginning is" "Walk without rhythm" All of these are possible to be the original password, but remember that maybe somethings are better left unknown
I was expecting a sick jumpscare for the entire duration of the video glued to my seat idk how you do it but you are a master of viewer retention on longer videos
The dude said the password was only numbers, so there was already no way 'thespicemustflow' could have been the pw (assuming the first guy actually did crack it).
FYI - encrypting an archive with AES-256 (or other similar algorithm) does increase the file size, sometimes quite drastically. So the encrypted archive being bigger than the 1.0 release is not in itself a proof that the archive is necessarily something other than 1.0 release files.
your theory of the development x-box version makes a lot of sense, even the conversation in the old forum, warning people that it could be risky to try to download, supports it plus, the missing 26 hours of posts from the wayback machine could be because of a takedown request by mojang (or the forum owners if mojang demanded it)
The video here shows the preparation days before the event. Notch mentioned though that during the preparation of the files, it was 1 and a half days to go before minecon which was far different from the three days that the file shows. ua-cam.com/video/rUXqv4HYRGE/v-deo.html
25:55 thespicemustflow may be an anagram for a different phrase that is the password. Or maybe given that the password is noted to be all numbers at one point the letters may translate to numbers in some way- maybe it uses the first digit of each hex code used to encode the letters or something similar.
I frickin love goofy ahh things like this being approached with a serious tone and a mysterious soundtrack to go with it! Here's a fun angle of approach. Scour every inch of each of the developers history for who might've been the likeliest to choose the password for the decoy - people are much easier to approach as an attack vector. Doing research on the possible originators is much easier than some profile-less file. Ofc the eventual hopeful result of which would be a much more accurate ability to craft a wordlist to bruteforce the file to. God damn I wish I was 15 again to have all the time in the world.
I checked but the file doesn't have a gzip header, and the data is so large that I don't think it would be nbt data. I think it really is just padding to get the file size close to the original
@@Maric18 I think some people misunderstand "would've" as "would of" when they hear it and then just write it like that instead of checking if it's even a real term. I've seen that multiple times just this year.
@@Lampe2020it‘s mostly Americans who are unable to speak their own language due to a lack of education. I have never seen an Indian, German or Romanian for example make these mistakes.
I've got money that says that that file probably held information to the fact that notch planned to sell Minecraft to Microsoft years before it ever took place
It probably contains early concepts of Minecraft (assets, mobs, videos) but probably was switched out because of the sensitive information in it. Or it was just a world that had a ton of builds and early structures that was used before it became generated.
Check out the update video here: ua-cam.com/video/jrOMooH-kjs/v-deo.html
YOOOO????
good to know
nice.
came at the right time it seems
@@twaan1524 no one who would attempt the brute forcing is unaware of the legality of it
finally a real mystery that isnt a arg, nothing against args, but a real mystery from time to time its awesome too
You had two chances to spell mystery correctly
It was an arg though
@@Akropolix sorry english aint my first language, and i forgot mystery was spelled with two y's
@@runed0s86 how was an arg?
@@runed0s86 No dude, this is just a straight up mystery, no alternate reality involved
The reason thespicemustflow is 16 chars might be that mojang saw the forum post saying the original password is 16 chars, and decided to make the decoy password 16 chars for fun.
This is a great idea
Yeah the likely situation is that the original file is what they said, and they made the decoy to have a fun outcome when people finally got in.
@@RetroGamingNow no, you're a great idea
ye this imo
they might have gotten word either from one of their own on hackerforums or someone else on it let them know that hackerforums both had the file and was looking to decrypt it (maybe even because of the guy who tweeted at notch?). not everyone on a place like that is necessarily going to go in with simple curiosity and good intention.
it seems to me that keeping the 16 chars (NONE of which are numbers, compared to the post about the original's being only numbers. the og pass being just numbers is only really mentioned on hackerforums that i've seen? hence why i think they were actually clued in to that specifically.), the password itself being something of a nerd meme, the random video it was replaced with to fill the space... I think all of these things are literally just to mess with hackers mojang knew were after something they had now been told was sensitive and potentially damaging. so beyond that point in their eyes, a fair few people would be then trying to access the file with the explicit intent of trying to do damage of some sort. so why not troll the people who tried once mojang realized what was up? intentionally messing with people deliberately trying to put their hands in the no-no jar that's locked for a reason. explains the inconsistency too imo, because it's possible that being too up front about what the file contains may fuel those actions further. and assuming it IS something to do for XBOX, that damage would have been wider spread than minecraft. so it's better to just be aggravating little schmucks about it. which is probably a valid response tbh
dune reference? omg
I wouldn't be surprised if the decoy file had a 16 long password _because_ of that forum post.
that's the most likely scenario. given that it's mathematically inconceivable that anyone ever has bruteforced the password, it makes far more sense that someone just lied about the password length to deter people, and mojang picked a 16 character password based on that forum
and changed to only letters to indirectly mark those people that said it's "important information that should not be in the wild" as liars taking with it the message of the important informations.
Yeah this is exactly what I thought, they probably saw the post
The fact that it's called "tominecon" just says to me that it was probably sent to someone setting up for minecon. As a dev, the easiest way I can think of to send a file (too large to be emailed) is to just upload it to the public servers encrypted. Especially considering they were smallish game dev company at the time. Someone probably did this and just forgot about it.
The people on hackforums are full of sh*t and you should take everything they say with a huge grain of salt.
Can a grain of salt be huge?
@@SarmonOflynn yes, big salt crystal
I hope that in a decade someone gets a million views on a spooky video made about something banal I do at work
@@hellomistershifty "Fluffer Hid Insane Messages in 25 Films"
@@SarmonOflynn a whole shaker of salt
As a developer, it’s normal for test builds to be much larger than production builds because of extra debugging code, longer variable and function names that are human-readable, etc. The version that ships to general audiences usually goes through a minifier, which is software that shortens symbols (variable and function names) to one or two characters, and then the compilation process can have further optimizations that make the code smaller and faster
If the original file indeed contains the 1.0 code for Xbox edition, it’s probably the version that the testers are using that retains its human-readable debugging tools, not the minified, optimized version that will ship to customers
Minification only makes sense if you're distributing and directly running source code, like in JS. Java compiles to bytecode which is then run on the JVM. It makes no sense to minify Java code because it will compile to the same bytecode regardless. The bytecode will not store each variable as a string of dozens of bytes, it will enumerate the variables as integers.
@@amaryllis0 if it's a debug build it'd have symbols embedded in/alongside the main jar file i think, so it could just be a debug build.
but also, if it's an actual 360 build of the game, it'd be written in c++, and i have no idea what black magic is used to store symbols in windows' PE files(the 360 is just a pc with a customized windows build on it afaik)
@@amaryllis0 That's not quite true. While Java is running bytecode, it doesn't use memory addresses to access its variables; it uses their names. Same for classes, packages and methods. So a compiled Java file will have a good amount of "minifiable" text in it.
And yes, Minecraft distributables are minified/obfuscated.
However, it wouldn't create a compressed archive that much bigger. The compression algorithm will do the same thing a minifier does, and do it even better. The archive would roughly be bigger by the combined length of each unique string.
@@amaryllis0fwiw Mojang is notorious for minifiying the heck out of their code. It's one of the things that makes mod development way more difficult than it need to be.
Can never deny a half hour Minecraft lore vid
quarter hour*
@@astermania6323 bro...
@@astermania6323 💀an hour is not 100 minutes so it's closer to half an hour
@@astermania6323 100 mins isnt an hour bro lmao
@@astermania6323
If Lemmino made a video about Minecraft
Fr, RGN and Lemmino are great comparisons.
That's the reason I watch this channel. RGN has a very similar style and it makes it very enthralling
been saying this
This is literally a parallel to the kryptos video both bluds got me wishing i could break codes
Real ❤❤❤❤❤❤
My personal theory is that it contains 1-2 builds of Minecraft 1.0 along with the source code.
Having the Minecraft source code be leaked could be very devastating, especially in 2012 when it was still somewhat recent. This explains why Dinnerbone said it wouldn't be that useful all those years later.
Edit: I did not mean exclusively game code! Additional internal systems as well, of course! :)
Not that the source getting leaked realy matters much anyway. Minecraft (at least the original version) is written in Java, which, due to it's status as an interpreted language, can be easily decompiled back to what's effectively the original source. It's why the game's code itself is obfuscated in all distributed .jar files to make it difficult to tell what anything's supposed to do (function, variable, and class names are turned into random series of letters). Not that this really stopped modders anyway, Forge has existed since release 1.0, and source mods to the .jar of the game itself along with other pre-Forge modloaders have existed since the beta/alpha days.
bro!! i think all of the 7tbh ppl have interconnected recommendations
Eh pretty sure Minecraft has been fully decompiled at this point, that is why mods work so well they just patch that. I mean we would get the code comments though, not much useful there though maybe some funny strings like in the TF2, Windows XP and MSDOS source. But why would they need the source for Minecon? Makes zero sense to me
Useful? No.
Interesting? Absolutely!
They literally publish the mappings to the original source themselves. They have for quite a while. (though I don't remember when they started doing that, exactly)
A potential reason to why the version was on AWS was to quickly publish it when Notch pulled the lever. There could have been some code in there that when run publishes the Minecraft version to accelerate the process and have it run smoothly with a potential plan B, this of course would mean that the AWS access tokens where stored in there giving them a reason to encrypt and later swap it.
Potentially it also contained additional software used for Minecon demos (or for giving out capes maybe?). Things you definetly don't want public but when you had time changing everything also wouldn't be detrimental anymore.
It's probably this. As a former game dev that presented at cons all the time, this is the kinda stuff we had
I think Notch was the one posting on the HackForums post claiming it was sensitive data, just to stir the pot a bit. It would be in character for him.
This could hold some weight, as this isn't the first time they have done something like this. I used to be part of the "OG community" of Minecraft between 2015 and 2019, which was a group of then teen-losers who obsessed over cool names, such as Fox, or Evil, for example. There is a server named NameMC (Blockmania) that was a hub that a lot of "OGs" would join to flex Minecon capes or rare usernames. For example, I used to have a Minecraft account named "Foul" that had a 2015 and 2016 Minecon cape until the TID got pulled, and I lost access to the account (it was stolen by another user). Well, in terms of the server as I said, the NameMC/Blockmania server is a server where users would often brag about how they've traded for, bought, or stole these accounts where their value had weight in a cool name or exclusive capes tied to the account such as Minecon capes. Notch and Jeb themselves invaded two prominent things, which are the NameMC/Blockmania server and a website that used to be called "MCMarket" (MCM), but has now been renamed to BuiltByBit. The formerly known MCMarker server was mostly focused on users who had cracked accounts and sold them for their rare names and capes, same with the server it was associated with (NameMC/Blockmania). MCMarket was threatened with a C&D way-back-when, where they had removed the entire market section for all things Minecraft related, and all threads were used to gather information on users and the accounts they compromised where Minecraft accounts experienced a large ban-wave across the "OG community" where these stolen or for-sale accounts were banned to wash out this 3rd party market. Notch and Jeb recorded many logs within the NameMC/Blockmania server and archived the formerly known MCMarket threads to put a stop (mostly) to the secondary market. The community has mostly died off, but there are a few stragglers out there. I still own an MC account today with a 4-letter name and a 2011 cape... I have been offered an upwards of $1,500 for it, but I'm smart enough to avoid being scammed by little kids who want to flex pixels to their friends.
I think that it is extremely likely that the files are the Minecraft console demo. A security person or the person who ran the website at Mojang likely realized the existance of the file and that it was a piracy threat, so they decided to plant the information about the 16 characters, then change the file to a decoy because it would be fun. I think we need to take into account that Mojang really existed to just have fun at that time, and they were really clever.
Very possible. The swap 100% was to make the result more fun for the community. Meaning they know the contents of the original, and it's almost certainly boring for most people, if not everyone.
Wait but then why did the hackers say it could ruin them?
@@seandorama5932 possibly just trolling. Could be that there's private attendee info in there.
@@seandorama5932 Because hackers are the best at trolling. It isn't hard to figure out what is in the original file, aes-256 bit encryption has been broken for years now.
@@seandorama5932 almost 100% trolling, probably didnt even crack into the file
These early Minecraft mysteries fascinate me. There’s something about the freshness of the game at the time and the puzzles surrounding it that make me want to go back and experience it firsthand.
i started with minecraft in early 2010 and lemmie tell you it was pretty cool
however, you can have a similar experience with any fandom ish game, undertale, hollowknight, inscryption, and outer wilds were similar experiences for me, just wait around for the next big thing. Obviously nothing lasts as long as minecraft (i just set up a modded server for friends :D i haven't played vanilla since before enchanting) but the whole herobrine phase and whatnot is close.
if you are able to avoid spoilers i can HIGHLY recommend just playing outer wilds :D there is a cult on youtube going around and watching others lets-play it because you can only experience it as its meant to be experienced once.
“I wish there was a way to know you're in the good old days before you've actually left them.”
@@Maric18 been meaning to pick up outer wilds for a while.. heard some crazy stuff about it
@@jooot_6850 idk about craaazy stuff, like, don't overhype it, but its a great game if you like solving mysteries and exploring and piecing things together
yeh this is the original one his Etag is :
e10d225cd041b43221a99ebea3c764e8-2
and the password is "boxpig41"
Bro there’s literally nothing scary about this video but somehow he makes it scary
That's good voicing.
@@andrewpinedo1883 i think it's good writing and music
i certainly did not expect a fresh-faced sparklez jumpscare
Definitely the music
If you like this I'd suggest looking up NationSquid's videos about old viruses. His video on Millionth Visitor in particular has a very similar vibe.
The thing is, I think that when they said it was Minecraft 1.0, they weren't lying: they never explicitly specified _which_ 1.0 - they could have been referring to the console 1.0 (the first version of the game), for all we know.
console versions have never been referred to as 1.0, the first beta builds we know were called 1.66.0016.0, the first release TU0, and the release corresponding to java release 1.0 is called TU7
@@Archman155 ah, gotcha - it's possible that the exact version could have slipped their mind or they forgot the exact versioning scheme - after all, the tweets _did_ happen way after the file's creation (and subsequent replacement).
Imagine after 1 decade we finally crack it, and just to see "The secret was the friends we made along the way"
considering that it's called tominecon, I think it may have information about people who have minecon tickets, which could explain why it would cause shit to go down.
It’s called tominecon
Oh, that could be something. Though I feel like Dinnerbone's statement about it not being useful anymore would be false in that case. Surely some of that info would still hold weight all these years later.
I guess I need context. What were Minecon tickets and why would related info be problematic?
@Copperkaiju Tickets to the event in Las Vegas. The file could contain the names, addresses, emails, or even billing info of those who bought tickets.
@@m72860 That's what I was thinking.Thanks 👍
It was put on a public server because, at that time, VPXs and the like were not as common and easy to use, and nobody had FTP servers anymore because of the security risks. When you were doing stuff for a trade show, you were doing it last minute, so the fastest way to get a last-minute build to the people at the show was to dump it in the S3 bucket. I’ve done the exact same thing in the past. There is no mystery there, IMO.
people *still* put sensitive data on public facing servers despite the security risks just because it's convenient and easy. you can easily find public facing security cameras or webcams that people have either forgotten or just neglected to secure properly, or go on Shodan to easily find other items.
There were secure alternatives to ftp at that point like sftp but the problem is always making it easy enough for non tech inclined workers to access it on their windows office computers. HTTP file transfer is still the most sensible way to do that sometimes in today's messed up world.
It could have been uploaded by mistake. People make mistakes, like probably every day a mistake is made. To be honest, mistakes are more common than conspiracy theorists would like to admit...
Isnt MD5 broken?
@@totheknee true, just one thing - it's certainly not "one mistake". If you work anywhere, you know how many rules you break per day, because it's not possible to don't do them. In fact in place where I work, there's one accident per 1-2 days (a big company; accident as one being hospitalized or otherwise incapacitated). And we aren't talking here about single mistakes, but clusters of them leading to such accidents.
As it's very interesting topic, let me write my view on that. Nothing happens with most mistakes, but as they are so common from time to time they interfere to create big catastrophe or something that goes public. When we make mistakes and nothing happens, we stop caring about that. Speeding cars? "Eh, nothing ever happened to me, nothing will ever happen". Security is diminishing with each day, because "eh, nothing happened, why bother with additional steps". And then conspiracy theorists yell - how is it possible that x and y happened at once, all while z was in place? Must be conspiracy! Well, for that reason that when x happens you don't hear about it, nor when x with y happens. Big stuff needs a lot of mistakes at once, so it's not happening often. Poland has lost almost entire gov with a chain of mistakes, putting all important people on one plane, being one of them. But we are not the only one, Eschede train disaster would be another example to Polish plane crash. At last, but not least, we don't see most of the things that happens around us, only when they become big, so we might have falsified view that nothing happens or when it does, it's so big, it's unbelievable. My life was repeatedly destroyed and fixed by a bunch of seemingly random things and yet I'm real, so why catastrophe can't be catastrophe just by mistakes, not by some conspiracy?
The reason the file is called tominecon doesn't actually have anything to do with Minecon 2011. It actually contains RubyDung demos for Minecon 2008, as mentioned in the first Iceberg Video on this channel. It was encrypted to hide the fact that Alphaver is real and they had a RubyDung convention in 2008 and called it Minecon for some reason and Herobrine's feet are hidden in the game files at 3am and-
Bruh
Bro got Boeing'd during his comment smh
@@danem2215 He tried speaking out against Boeing and they weren’t having it 😂
So you're telling me that Herobrine stores his feet pics on this particular file?
One more reason to be afraid of Herobrine
How you know that
It's just Minecraft 1.0 where the build wasn't obfuscated. I was around at the time as a modder, and that was the consensus between what we believed in the modding and forge IRC channel.
Wait what?
@@owenfeilds The new video posted today basically said this is true.
13 years since this happened. now it has been cracked. it really is just 1.0 minecraft. time to experience the nostalgia i never had. damn dude.
It's been 12.5 years. We need to see what's in it. I don't care if it's just an insanely elaborate rick roll.
I was digging around and found a video from a small channel showing how he decoded it ua-cam.com/video/cH1NLToRz_o/v-deo.htmlsi=asNgLM_zXvWZGPqX
This fucking file haunts my dreams
Edit: Its finally over
just minecraft files
Let's ask gpt-5 then
@@LukasPetry Its literally just minecraft pass is boxpig41
This is probably my favourite ARG-style video on this channel. Others are fun and all, but at the end of the day, they are just orchestrated pieces of internet art. This, however, seems very real. Would be cool to actually see the contents of the file
that's becuase it's an actual mystery related to Minecraft
I swear people think everything on his channel is an arg I mean take a hint sometimes 😂
There are a lot of videos from this channel about ARGs. This isn't one of them.
It is real, unlike my ARG videos
@@RetroGamingNow if u get your hands on the file I would try getting a 7zip/zip cracker
Assuming that the hack forums attempt at cracking it was real and successful, why cant it be repeated if we have the original file. It was 12 years ago, hardware power has increased very significantly.
yeah i agree, people probably ARE trying to crack it
It absolutely can be cracked, the problem's just that cracking a 7zip password takes a lot of GPU power.
The person on the hacker forum was likely lying about finding the passcode to troll or deter skids from cluttering the forum with questions about how to crack an encryption that would take millions of years to brute force (given the tech of the era)
Even now, assuming you can dedicate a couple 4090s or A100s to cracking AES-256, you're gonna be waiting a while to get the results. And that's when you're using the strongest GPUs on the market.
The big question you need to ask is, given the technical hurdles, how much money are you willing to invest into a curiosity that will not offer any meaningful payoff?
@@CaptainBeebi i mean that whole minecraft@home thing happened to find pack.png and etc, i could see the community utilising that or something similar for this
@@CaptainBeebi I'm inclined to agree. I tested the 16-character numbers-only thing on my RX 5700. Does about 144 H/s and estimated time to crack is 220 754 years and 183 days. If someone cracked it, it being 16 characters is bollocks.
Time obscures details. Maybe the password was so obvious back in 2011 because it was related to something fresh at the time? e.g. a then-recent tweet by a dev like Notch with a notable phrase. It would be on people's minds and theoretically someone could have tried it and opened the 7zip. Or it could have been related to someone from 2011 pop culture, who is forgotten now (e.g. Justin Bieber). Or maybe its something so simple that people overlooked it, like an epoch
Well, I took a look at the plaintext parts of the 7z, and managed to discover something.
It's laid out like this:
- Header: 0x0 - 0x20 (32 bytes long)
- Contents data: 0x20 - 0x470B270 (74494544 bytes long, encrypted)
- Contents metadata: 0x470B270 - 0x470C5E0 (4965 bytes long, encrypted -> decompressed: 38249 bytes long)
- Footer: 0x470C5E0 - 0x470C60A
The contents data and contents metadata are both encrypted, but the footer includes both the compressed and decompressed size of the metadata.
And the decompressed metadata size is quite large, at 38KB.
From that, even without knowing the password, we can infer that **there are many files or folders inside the 7z: likely at least several hundred**, anywhere up to a theoretical maximum of 1159. (33 bytes of metadata per file minimum, for a file that has a single-letter name)
Interesting
Btw, that's just extra proof that the "players with capes" screenshot is fake.
this adds up to it being something like an early 360 build
Could be sourcecode then
Sounds like an install of Minecraft to me. The console version sounds very plausible. Also, that s3 bucket was their only bucket for some time at that point. It was probably put there by 4j studios so they could install it on the 360 devkit used for the demo.
Edit: that's why the user metadata is missing I expect - 4j got a write only url to that bucket,vand perhaps there was no user data in the S3.
Hey hey hey! I'm a dev (not in java which is minecraft language). While everything could be in this file, I'd like to point why it could very well be the version 1.0 of minecraft:
There is a difference in size between a dev build and a release build. dev build contains a shit ton of debug info, which can weight quite much (for example, at my workplace, we have our product that in dev build takes 1.5Go, but 400Mo in release build). debug info contains tremendous informations about the source code of the game, making it effectively "dangerous" if released in the wild for a closed source product. perhaps the file is a dev build of minecraft, that was archived there for convenience, then forgotten, then, when mojang noticed that oopsie doopsie it was a dev build, they swapped the file
The "playerswithcapes" makes me think that it is information about the players who have capes potentially things like real names, addresses, emails, potentially even credit card numbers. This fits with the "TAKE THIS DOWN" attitude that the users on that original thread had. The players who would have had capes at that time were only the attendees of that particular minecon and some mojang employees.
Im dont think so. File weight is too high for this.
If that were the case, the people who "had seen it" wouldnt tell you to look at it and move on. They would be trying to prevent you seeing it at all. Its likely just a bunch of things like banners, videos, console/PC demos, etc and nothing of much value.
as a veteran of hackforums (the minecraft section, at that) the most likely explanation is that flipybitz was trolling and nobody had ever cracked the file to begin with.
Why the f*ck will someone put their credit card and address numbers into a random game file
@@qhgaming8653 and store it on a public assets bucket, for God's sake
Imagine Notch now looking over what he has created now lol
I know he kind of had to cut Minecraft loose for his own sanity (which is better than holding on and letting fame destroy him), but I like to think that every once in a while he enjoys watching from a distance
@@amethyst_cat9532 one time, he played with Dream. So this is probably true
@@amethyst_cat9532he played with dream one time. So this is probably true
He probably wouldn't have much nice to say. Some may be actually valid points, where as other comments would probably just once again prove how awful of a person he is. Gotta remember that after he sold Minecraft he started to reveal his opinions and a lot of them aren't good.
@@chaonegamesandmore4490 that's old stuff, he seems very different now
At 8:12, my gut feeling is that you are right and that this exchange is coming at the end of a longer dialogue. If the file was updated two hours prior to Notch's reply then their has to be a connection to that tweet. Perhaps other people where messaging him about the file in private or on some other social media platform, and maybe having forgot it existed he or someone else at Mojang went and changed it to the decoy file. Like, they knew if they just deleted the file then it would just draw more attention to it and energize more people to try and crack it open. Then when the next person messaged him in public about it he had an answer and acknowledged the files existence openly. Perhaps his response that it contained Minecraft 1.0 was just another smokescreen on top of the decoy file. Like, "Oh its just Minecraft 1.0 and you all already have that, no need to dig deeper" type of deal.
25:13 - It's 16 characters long, but the post also says that it's all numbers. The fact that the decoy was 16 characters long, and all ASCII characters is a pretty significant deviation.
speaks well of the security of a 7z file
Not really of 7z itself, but more of the AES encryption model. There's a reason it's used everywhere (including the browser/app you're reading this comment on).
Its not just 7z its also aes encryption.
@@ImAkiyamanot just AES, but the key-stretching algorithm (probably PBKDF2) used to convert the password into a key.
@@ImAkiyamaMay I introduce to you Quantum Computing
@@tovinbradley it isn't commercially available yet. So your argument isn't that valid in the current time.
1:33 "Stanley, is this a bucket?"
Lol good one
I can't believe The Stanley Parable Ultra Deluxe is already 2 years old.
@@JoBot__ what the FUCK IT FEELS SO MUCH MORE RECENT THAN THAT, i remember being so pissed that they kept delaying it and i remember beating it as if it were yesterday...
(In a french accent) _This is a bucket._
@@widmo206 Dear god...
I honestly didn't know Dinnerbone left, I suppose I haven't seen anything of him since he presented the account migration video.
he didn't he still works there
@@bonkerbonk343 perhaps there's a mistake in the video then.
6:33 This message is so chilling to me. What horrible things can a Minecraft file contain to cause this reaction?
I'd be willing to dedicate some of my time and tools to crack this. We've got quantum computers, you know.
you know, if the cape names screenshot is real then maybe they didn't want people to open it cause it contained private information of people who went to that minecon
Or it could be used to wreak havoc. Imagine if you could slap an outdated, nonfunctional piece of nonsense code onto a Minecraft account tied to anybody's computer. Code is delicate, you could probably corrupt somebody's ROM with something like that if the stars aligned.
it cant because the file was made three days before the minecon itself
@@stardy8131 i'm young so idk about that minecon but was it ticket based? cause if it was then maybe they made the file when the tickets sold out or somethin
@@sopix7761 I actually do not know but knowing data, data analysis and mojang i doubt they'd list all the names of the people that bought tickets/went to minecon in a single txt file, the file is really specific too and usually when sending data like this its accompanied with other kinds of stuff (And even then, if the file itself did have more things, knowing developers and data workers it would've been more efficient to just make a XLS/CSV file and easily have all the data sorted there for you). Also, minecon already had the names of the people that went there along with their usernames, not mojang, if anything the file would've been named toMojang, and mojang essentially had no purpose in sending this kind of data aswell cause they could directly just send the capes to the users from their offices at mojang if they already had these usernames.
//I'd also like to mention how the txt file is 6GBs, the zip is only 76mb, though that could be due to compression
This is coming from someone that studies IT and had lessons about data like this
in conclusion..
What I'm trying to say is - that although it is possible, it is extremely unlikely that this is the case, I'm sure one day the file will be cracked and we'll find out though
P.S. Sorry if my punctuation is bad, I'm dyslexic and often make these mistakes while writing
it's not real, the file extension shown is .zip when the real file has a .7z extension.
I have worked at three cyber security companies in my time and I absolutely guarantee you it’s a master password, yes they are that dumb. Our company had a master password that was used on practically everything digital related including locked files, the password is absolutely a master password
Oh no
Oh boy.... Anyone got a quantum computer?
@@Jacy-dx6dxquantum computer would not help here
@@Jacy-dx6dx 10 More Years and we'll Know what that file was!
Noted.
16:40 I agree that it's just random bits appended in order to make the archive the same size. I did a simple frequency analysis over the bytes and it was pretty much flat i.e. each value was about as likely to appear, which is very unlike structured data.
Could also be encrypted, which will also appear like random noise, assuming you're using a good block cipher mode.
But I agree, very likely just random data to pad out the filesize.
how flat
@@chri-k I deleted it but we're talking ±0.1%
@@fission1110 I'm just wondering why the updatded version has a slightly different filesize
@@AcidicLanzador it's hard to predict the post compression filesize without just compressing over and over with different amounts of random data. They got it close and called it good enough.
Wow, the editing in this is amazing! Great job on the music, it definitely gave me chills while watching. Subscribed.
I'm genuinely impressed at how interested the presentation of this video made me about absolutely nothing. I could change a single pixel on an image from 255, 255, 255 to 255, 255, 254 and it will produce an entirely unrecognisable hash through any well known one-way function. I could re-upload the file and a single byte of metadata (maybe the TIME IT WAS UPLOADED) would make the hash entirely different. "Did the president set fire to his feet?" Nobody has an answer, fair enough, but is it a question that needs to be posed?
Nice work.
I knew something like this would come up. I always thought like "can't people just look into the game's code and find all the secrets or copy the whole game for themselves" but I guess not
Most games run off an “engine” these are programs like unreal4/5 where a middleman program will read data and translate it into an actual game experience for you.
A lot of games have custom engines, or settings or program-plug-ins that modify how the original engine reads. Thus making it hard for normal people to just “rip” the game code. Sure you can access it, but actually using the code after is the biggest issue.
For instance I can find all the data for a sim character very easily, download it and transfer it to another simmer in 5 minutes, but that data is almost useless unless you can find the right tools for (example) blender to read and actually display the data.
As he mentioned some things are proprietary property too, and it’s very easy for devs to lock code away so you just can’t get it. Sucks to be a regular person I guess 🤷🏼♀️
@@sunshinelastname1813 Yeah, makes sense
If it can run and display on your machine in game, it can be reverse engineered. The issue with files like these is that you normally need the password to get in, and this was clearly not meant to be a public facing file.
generally when you download a game you are only downloading the compiled binary. this is the version of the game created from all the different bits of course code meant to actually run on a user's machine. the problem is that doing the *reverse* process (turning compiled code back into the decompiled source code) is much harder. big companies that put out games want their property to be protected, otherwise users could just recreate the entire game for free on their systems!
for example, most compilers will "optimize" your code and run obfuscation programs, which will strip out each variable and function name and replace it with a generic one. because you don't have the compiler they used, you know have to try and guess what these variable and functions were called (for example, a simple function like getPos(player, 12) may turn into f9jj0z(gz0szn1,ff08s)). most compiled programs will also strip "symbols" from the program because it makes the file substantially smaller, which are impossible to regenerate
of course, some programs are easier to decompile and reverse engineer than others. minecraft, a java program, has been decompiled many times because java compiles into what is known as bytecode, which retains symbol, class, and method names and thus makes it much more human readable.
@@Otome_chan311 👍
I love how I called that the etag isn't (always) md5 like the moment you first introduced the xml data describing the file and like 16 minutes later my hunch has been proven correct :'3
i cant tell whether that apostrophe is meant to be a cheek marking, a nose, a tear, or an ear
i think about that because of the `-`
can't believe this mystery is still unsolved, we'll definitely need a part two! what's in the file?!?!
exactly what I was thinking, what is in the file?
The real mystery is why can’t we just brute force the og one? Computers have gotten much better since 2011
@@picaDoesStuff Because it's so computationally intensive that the few dozen times speedup we gained in the last 13 years are completely insignificant compared to how hard it is to crack.
@@polukieven notch doesn't know. He was asked again on a twitter post for his game levers and chests. I'm pretty sure notch doesn't know what is in the file
@@greenvm "Insignificant" is being too harsh. It'd take several years for ChatGPT-level of hardware to crack, so with a setup like minecraft@home it would definitely be possible
Thank you for this video, not only was the subject matter interesting, the music gave me vibes of some perticular C&C songs!
Ok but can we have a copy?
You can just google it. "Original tominecon.7z found! : r/MinecraftUnlimited"
i found the copy
@@Yuuki4.0 send it
Wat
It disappears
you cant just talk abt this and not give us an answer im gonna think abt this till the day i die
we... don't... have... an... answer.
the... file... is... not... cracked...
@@StarHorder well why didnt he crack it smh
What did you think "no one has solved" meant?
@@benedictgaming4766it takes like a lot of 4090s or a1000 gpus and then it would probably still take some time to crack the real password. Decryption is hard if not impossible to do without a whole gpu farm or trying every password but that is not worth it
Only the flying spaghetti monster understands Minecraft's code.
he suffers inside it
Everybody knows the pirates of Rastafarian myth made Minecraft soon after the oceans dried. Ramen.
R’amen.
Fun Fact there’s currently 4 religions who’s god/ deity is a spaghetti monster
@@AresHoax_9did not know that lol
but why
Two RetroGamingNow videos uploaded within only two weeks of each other!? We're eating good!!! 🔥🗣💯
Yeah, he said that he intends to start uploading more regularly again
@@ThunderCube3888 WOOOOO 💯💯💯
@@ThunderCube3888SICK 🔥🔥
The phrasing of, "It does not contain anything useful to you, Laki. What do you think it contains?" is oddly terrifying lmao. It makes the contents feel so ominous.
For real, that's an answer you'd get as a grunt asking a mob boss what he's keeping in a secured safe
you make MUSIC for your videos too?!! what a gem of a channel!
HOLY that takes a ton of effort
This is a very captivating mystery. I feel like it contains both a dev kit and the Minecon console beta. They possibly forgot that the dev kit was tied to the console beta when they first uploaded the file, hence why they removed it. If Mojang already allows us to pursue such a large number of previous Minecraft versions though, then why would this possible console beta prompt such a swift replacement of the file? Unless maybe the dev kit was somehow embedded into the Minecraft beta itself.
I just finished rewatching your Minecraft ARG videos yesterday, what a coincidence 😮
I love the dramatic horror themes of these old Minecraft mysteries. Love the content! ❤❤
RGN has got to be my favorite channel when it comes to having background audio when playing minecraft or falling asleep too, I love the content :)
You really need to make more horror-esc videos like these, even outside of gaming.
A 7zip file isn't scary, but the ambiance and the structure of this video makes it all SO scary
another mysterious video, loving these!
Fr
True, I would like to see more of the IRL documentaries from RGN like the weird Space radio signal thing he uploaded
I just searched up your channel randomly right after you uploaded the video. Damn I'm lucky.
honey wake up a new retrogamingnow video dropped
YIPEEEEE
Really nice video. spoken like a true detective, following the theory with the least possible suppositions. At the end I think it's a mix of all the 3. now I'm subscribed❤
"Danny Dorito" made me do an imaginary spit-take
Silly internet handles popping up in serious mystery stories is just wonderful
I swear minecraft players will cure cancer if its part of an obscure mystery of a data packet from invdev version or something like that.
You might not be wrong
Let's gooo New video!! Love watching your videos for the feeling of Paranoia and Inspiration! (Watching it at 11:20pm) I love your videos RGN!!! ❤❤❤❤
"Let's goon" 💀
I think it's really nothing notable, since Mojang employees chose to respond like they're just trolling
I adore waking up and seeing a notif for a new vid from you, always makes my day, i remmeber makin fanart for you a year ago, gotta do some more again💥💥💥💥
22:55 Oh my god that sony ericcson just gives chills down the spine. Darn man the nostalgia.
It’s so comfy watching your videos
Edit: @NjRmMTIxMjVlNDFiNDkzMDVh in the replies corrected me, what I'm describing isn't called a hash collision, but it's called a second preimage attack and MD5 is not susceptible to it.
The original message I sent can be found below, but keep in mind that it's not accurate.
Not sure about s3md5, but regular md5 is incredibly susceptible to "hash collisions" and it's not too difficult to create a completely different file that would produce the same hash as some other file. If you have ever looked at any resources for hash algorithms you've probably seen people discourage the use of MD5 for this reason. I'm not sure if it would be possible to create a valid 7z file with password protection that would produce the same hash without custom tooling, but it's a possibility that I think is worth noting before we believe random things on the internet. It would be a good idea to find more independent copies of the original 7z file before we conclude that this guy actually has the original.
It's actually kinda weird that more people didn't preserve the original file anywhere. Well, maybe it's because not many paid attention to the file being replaced back then.
At least for the 1st segment, wouldn't the header make collision attacks significantly harder?
On the same thought-train, the s3md5 reversal script which mysteriously appeared, could potentially have been created to produce the desired string for this 7z.
@@tamoozbr I'm not going to pretend to fully know what I'm talking about, because I don't. From what I've heard and what little I do know about hash algorithms though is that as long as the file is long enough you should be able to replace enough of the internals without breaking the file to produce the same hash without compromising the file size or any important headers, the only thing you do compromise is the data itself (which wouldn't really matter for perpetuating a mystery on the internet, since the data in question is supposedly encrypted and the key to decrypt it is the mystery.)
@@AcidicLanzador I don't think it's that weird. Back then Minecraft was a smaller game, not many people probably would have been poking around for files like that and even fewer of those people probably cared about preservation.
Who else thinks Notch swapped the file, and when he was replying to the tweet, he was referring to the original one, because how was he supposed to remember which date he uploaded the decoy 4 years ago?
Thats hilarious @14:18 he is cutting that watermelon with a Ginsu just as I did an hour ago. Love that knife its been 35 or more years i've had it and its still razor sharp!
Ahaha this was genuinely riveting content! You had me on the edge of my seat for the duration of this video. Your imagination runs wild at the thought of the contents.
Loving the unhinged devotion to the mystery!
Great editing and naration.
14:38 "Huh? What are we looking at?"
Best out-of-context moment
The file contains the source code for the 1.0 version of Minecraft. That would explain why it is so much larger than the compiled version.
A downside of this theory is that text (source code in this case) compresses way better than binary files, especially with algorithms like LZMA (in which the 7z format usually relies upon)
@@NickAc Having worked with java in the past, I can tell you many devs have libraries used to build the code in the source code files (or repo etc) included, as back then dependency tools like maven were not that great. This could explain the increased file size
@@dern3rd yeah, i've worked with similar tools before, and indeed sometimes the source-code is shipped with the built stuff, but text is still small when compressed with 7z. But I guess having both side-by-side could impact compression ratios
@@dern3rd Back in the day Mojang used Subversion as their version control, and SVN repos can be fairly large
dude
this is what i like to call an unsatisfying ending
24:44 I was thinking this entire segment of this: Maybe the extra space is just the original Minecraft source code! Or maybe it's the whole codebase, and there's no build of the game at all!! This entire time, we always got the response "It's a Minecraft 1.0 *BUILD* ". What if it's NOT a build, and the whole Java project?
I like way you tell the story. This movie for me is worth more and is more enjoyable, than Hollywood films :D
22:14 "Minecraft 2, the S€X Update"
have you tried 12345
As someone who has worked conventions and such, dropping a file in an easily accessible place so that someone on site can grab it quick is a common last minute thing to do. The file name and quick .7z passwording lines up with that presumption too. My guess is it's attendee personal information for the making badges and receiving the cape.
There are only really three reasons, in order of likelihood, why the file was pulled:
1. The contents of the file itself are things of which the possession alone is a crime, and whoever uploaded the file has been in prison for the last 10 years. The whole "everyone looking into it should leave it alone and don't touch it" strongly suggests this is or has been the case.
2. If the part about version 1.0 of the software is the truth (and I doubt it, since they're not being consistent in the manner that matters), then it may have contained source code, signing keys or access credentials which may have allowed the publication of an update to the software, possibly to install malware on all their user's computers. However such access credentials are usually easy to revoke and replace instead.
3. The file contained personally identifiable information of at least one person, and the file was pulled in an attempt to remove it for identity protection. This may tie into reason number one.
Liking the video before I watch it just because of the music. Your content is always great.
Pretty sure the data file is meant to be mixed against the video file to output something else, a silly Mojang ARG.
The password on the decoy being 16 characters in length is in reference to the forum post discussing the original.
Wake up babe new RetroGamingNow dropped
Even if the password is all numbers and 16 digits long theres 10 quadrillion possible combinations 💀
Collectively everyone would have to go through ~19 billion combinations a minute, ~27 trillion a day, to have that done in a year. That is if someone isn't lucky and somehow it's the last guess. Just to get an idea of how large that number is and how unlikely someone has actually already cracked it even if that is the only parameters
An idea why the password was switched to thespicemustflow is that it was originally a different 16 letter quote from dune, those being
"We must confront"
"He who controls"
"A beginning is"
"Walk without rhythm"
All of these are possible to be the original password, but remember that maybe somethings are better left unknown
I was expecting a sick jumpscare for the entire duration of the video
glued to my seat
idk how you do it but you are a master of viewer retention on longer videos
Spoiler alert: Minecraft has been a crypto mining bot this whole time.
btw, Dinnerbone is still an employee at Mojang (you said at some point in the video he was a former dev)
The dude said the password was only numbers, so there was already no way 'thespicemustflow' could have been the pw (assuming the first guy actually did crack it).
FYI - encrypting an archive with AES-256 (or other similar algorithm) does increase the file size, sometimes quite drastically. So the encrypted archive being bigger than the 1.0 release is not in itself a proof that the archive is necessarily something other than 1.0 release files.
your theory of the development x-box version makes a lot of sense, even the conversation in the old forum, warning people that it could be risky to try to download, supports it
plus, the missing 26 hours of posts from the wayback machine could be because of a takedown request by mojang (or the forum owners if mojang demanded it)
The video here shows the preparation days before the event. Notch mentioned though that during the preparation of the files, it was 1 and a half days to go before minecon which was far different from the three days that the file shows.
ua-cam.com/video/rUXqv4HYRGE/v-deo.html
nice that you found that
25:55 thespicemustflow may be an anagram for a different phrase that is the password. Or maybe given that the password is noted to be all numbers at one point the letters may translate to numbers in some way- maybe it uses the first digit of each hex code used to encode the letters or something similar.
i might try that
@@selvius101 did you ever try it? if so, what was the result?
@@bladdexz i havent thought about it since i posted the comment, i might give it another go
ill keep you posted.
@@bladdexz just found a github including the file password, the password was "boxpig42" seriously.
@@selvius101 nahh apparently its already solved and it wasnt even 16 numbers sadly
Is there a way to get the decoy and the one with the strange "data" file in it, as well as the original file?
I frickin love goofy ahh things like this being approached with a serious tone and a mysterious soundtrack to go with it!
Here's a fun angle of approach. Scour every inch of each of the developers history for who might've been the likeliest to choose the password for the decoy - people are much easier to approach as an attack vector. Doing research on the possible originators is much easier than some profile-less file. Ofc the eventual hopeful result of which would be a much more accurate ability to craft a wordlist to bruteforce the file to. God damn I wish I was 15 again to have all the time in the world.
Great video, really high quality and interesting, but damn, and crazy discovery from 2012
16:33 Maybe that's GZip-compressed NBT data?
@@Velocifyer would have
I checked but the file doesn't have a gzip header, and the data is so large that I don't think it would be nbt data. I think it really is just padding to get the file size close to the original
@@Maric18
I think some people misunderstand "would've" as "would of" when they hear it and then just write it like that instead of checking if it's even a real term. I've seen that multiple times just this year.
im pretty sure that it's just random junk they got from /dev/(u)random just to make the archived file appear bigger
@@Lampe2020it‘s mostly Americans who are unable to speak their own language due to a lack of education.
I have never seen an Indian, German or Romanian for example make these mistakes.
imagine it's just a rick roll
new salc1 and rgn videos on the same day???
New conspiracy theory just dropped
I've got money that says that that file probably held information to the fact that notch planned to sell Minecraft to Microsoft years before it ever took place
It probably contains early concepts of Minecraft (assets, mobs, videos) but probably was switched out because of the sensitive information in it. Or it was just a world that had a ton of builds and early structures that was used before it became generated.