Ahhh, MineCraft. An awesome game that lets you sandbox buildings. But while it’s very fun, the new skin feature seems to be very insecure. After wondering where raw PNGs were stored, I realized that it was imperative to have a uniform system based on confirmed username. This would help for the server, which has to display custom skins based on your particular username.

Fortunately, it was easier than I thought. The names were not even MD5’d or otherwise hashed to make it hard for us to detect. It wasn’t in a hidden folder. It was all public in minecraft.net/skin. What I mean : My raw custom skin PNG was stored in minecraft.net/skin/AlLnAtuRalX.png. Notch’s is in minecraft.net/skin/Notch.png. Easy right? Also fun… Everything is public domain now. Just see someone with a skin you like and grab it. Here is a zip of a few I grabbed earlier today (yes, there are some awesome ones in here).

Notch, I tried to notify you, but you weren’t on IRC. Oh well… I have a feeling it’ll get fixed soon enough. Or hell, you can leave it. This is an awesome feature IMO, and I want people to use it. Download as many skins as you can before it gets sealed up forever!

Cheers,

AlLnAtuRalX

Reddit Public Server Admin