Minecraft/Modding/META-INF

Information from The State of Sarkhan Official Records

In the early days of Minecraft modding, deleting the META-INF folder from the minecraft.jar file was necessary because of the security mechanisms built into Java JAR files. Here’s a deeper dive into why this was the case:

1. JAR File Integrity and Signature Validation

  • Why META-INF Was a Problem: The META-INF folder in the minecraft.jar file contained files related to the JAR's signature (e.g., .SF and .RSA files). These signature files were used to verify that the contents of the JAR had not been altered after it was created by Mojang.
  • Impact on Modding: When modders modified minecraft.jar (e.g., by adding or replacing classes), the integrity of the JAR was broken because the modified classes no longer matched the hashes or digests recorded in the signature files within META-INF. This caused Java's runtime to throw an error, preventing the game from running.
  • Solution: Deleting the META-INF folder removed the signature validation files. Without these files, the Java runtime skipped integrity checks, allowing the modified JAR to load without errors.

2. Security Mechanism in Java

Java's signing mechanism was designed to:

  • Verify Integrity: Ensure that files within a JAR hadn't been tampered with.
  • Authenticate Origin: Confirm that the JAR was created by a trusted source using cryptographic certificates.

In the context of Minecraft:

  • Mojang included signed JARs to ensure the game files hadn’t been modified (for security and stability).
  • Modding inherently violated this mechanism since it altered the files within the JAR.

3. Why Deleting META-INF Worked

When you deleted the META-INF folder:

  • You effectively disabled Java's ability to perform signature verification.
  • Java skipped the integrity checks entirely, allowing your modified classes to load and execute.

4. Modern Minecraft Modding and the Role of META-INF

Today, modding practices have evolved significantly:

  • Forge and Fabric Mod Loaders: These tools provide a standardized way to modify Minecraft without touching the original minecraft.jar. Mods are loaded dynamically, and the META-INF folder remains intact.
  • No Need to Delete META-INF: With modern loaders, the META-INF folder is left untouched since the game's JAR is no longer directly modified.

5. Security Risks of Removing META-INF

Removing the META-INF folder bypasses integrity checks, which can introduce security risks:

  • Malicious Code: Modified JARs could contain harmful or poorly written code.
  • Instability: Without signature validation, tampered files might cause crashes or unpredictable behavior.

Conclusion

In the early Minecraft modding days, the META-INF folder's presence blocked modifications due to Java's signature verification. Deleting it was a workaround to allow mods to work by bypassing these security checks. However, this practice is no longer necessary with modern modding tools, which load modifications externally without altering the base game files.

Retrieved from "https://sarkhan.wiki/index.php?title=Minecraft/Modding/META-INF&oldid=11940"