-
Notifications
You must be signed in to change notification settings - Fork 6
Flags
func_111286_b gets your session ID. func_148254_d / field_148258_c gets your session token. The session ID is just token:[session token]:[player uuid].
When you join a server, you prove you're you without giving away your session token, and popular mods use the same functionality to not give away your session token.
Popular mods often still get your session token in order to make the Mojang call, so they'll get flagged for this, but I've heard that they could also use a built-in function that logs into a server. And rats can also just give away your session token, so they can log in to your account.
This flag trips on func_111286_b and func_148254_d
First, what is an IP address? Just an identifier for your internet connection, your Internet Protocol address. It resets every time your router reboots, it might be shared with someone else's internet, and only gives a vague sense of location. Live Overflow has a good video about this.
Ratters like to collect your IP address anyway, and it does tell them where you are (probably within a US state's size). A mod that gets your IP address might not be a rat though, as Pizza gets your IP address as a joke whenever you fail a puzzle.
This flag trips on multiple strings, mainly the names/urls of IP checker services.
Often rats will try to exfiltrate extra data, like passwords. This flag trips on the strings:
\Google\Chrome\User Data\Defaultessential/microsoft_accounts.json.lunarclient/settings/game/accounts.json.feather/accounts.json
Skidfuscator, an obfuscator, has a system where if it detects it's obfuscating something that tries to exfiltrate stuff, it inserts a warning into the jar (Skidfuscator Anti-Abuse). This flag trips on that. You can investigate it in the file browser.