Minecraftforge: About Netease

AES decryption is implemented in LaunchWrapper not Forge.
But it is the truth that Netease modified forge and not opened its source to follow LGPL.

Netease's modified Forge Libraries can be found here:
https://mega.nz/#F!aRRDwIiS!5A2QrYAYYc8elBfJbVhZNQ

Netease Minecraft official download page(Chinese):
http://mc.163.com/

Sadly, China doesn't have to follow the DMCA, and most of our copyright laws arnt reciprocated in any of theirs.
On top of that IIRC basically Microsoft is telling them they can do whatever the hell they want with Forge because Microsoft owns Minecraft.

But ya, to do anything would both require a fuckton of money for lawyers. Which I don't have. And put the rest of the project at risk, which I won't do. So for now there isn't anything we can do about it.

Just for the official stance:
Netease has NEVER contacted us to get any form of support or endorsement.
Forge does not condone or support Netease in any way.
Forge condemns them for their disregard for open source values.

OMG Netease is a very bad company
I tried NetEase Forge to verify MD5, no one same Forge on

http://www.oschina.net/news/86824/forge-condemn-netease
加油

实际上哪怕有钱有律师也做不了什么，因为中国是成文法，然后中国的法条里面没有一条法律叫LGPL，曾经有过审议这些协议的提案，不过，其实在中国，大部分人是拿开源当作可以随便用或者某些公司用开源做噱头，正儿八经搞开源的不多，协议通过之后显然对这些人是有害的，于是在运作之下，提案并没有被通过。

@crystalsis 感觉开源协议在中国应该受合同法保护吧

Even tho this is related to the Minecraft in China, this is a English project. Please keep comments to English.

I'm sorry that my english is poor

@TanJian DMCA（数字千年版权法案）中国没有签署，所以违不违法难说

@soarteam speak English pls,this is a English project no Chinese project
PS:应该不算违法，中国对这些开源协议好像真没什么法律

It is not clear NetEase copy Optifine has been allowed to sp614x, whether the anti-decompiled Optifine secondary package
If it is not allowed by sp614x, this will be a large plagiarism
I try to contact both sides of the Isseus, if this is an error I can delete.
sp614x/optifine#770

So https://github.com/MinecraftChina/Forge is a thing now. Default branch (master) has nothing special, please checkout other branches to see details.

Appendix: official announcement (caution: Chinese page) is also available: http://mc.163.com/news/update/2017/07/17/25511_700932.html

Appendix II: for clarification, BY NO MEANS I am affiliated with NetEase. I posted this message with sole hope of letting more people see this. @ShieLian

What's the meaning of developing Chinese version?

Well it looks like the developer over there has little to no idea how git repos work.
Their 'Fork' appears to be them taking the head of Forge, and then shoving their current copy on top of it and hitting commit.
This means that a lot of the changes you see are reverts of commits that we have done since they have forked Forge.
Its easy to tell that this is a copy/paste job because no NEW files are removed so their 'Fork' is in a half-working state that contains some features that they don't really ship.
You can see the mess here: https://github.com/MinecraftChina/MinecraftForge/commit/5bc5f734417162f02713a32b20c1929309867fbc
However, IF we just look at the content and not the git history we can see some of what they are doing.

I took a little bit of time to look at their repo and basically what they do:

• Remove Loading of Mods/Coremods from the /mods/{MC_VERSION} folder
• Remove Loading of directory based mods/coremods.
• Add a filter over the list of mods to load based on some permission system. *1
• They DO do some localization work in some of the menus!
• Remove any buttons related to snooper info. *2
• Remove access to LAN, Skin Settings, Realms, or Mod List.
• Add support for 'Encrypted' mods. *3
  
  
  
  1. This is the best I can do without decompiling as their modified version of LaunchWrapper is not open source.
  
  
  2. They do not DISABLE the snooper in code. They just remove the GUI that shows what they are gathering. This is concerning.
  
  
  3. Is there any official stance/statement on why they need encrypted mods? There is no reason for this besides to hide what they are doing... And very poorly.
  
  

Overall, this doesn't seem like anything bad/malicious, the only major concern is the encrypted mods... Why?
Something to note, this is all based off the code they released I have not verified that the code has any relation to binaries they are shipping.

If you want to know more see below for my per-version overview.

1.12:
Base? https://github.com/MinecraftForge/MinecraftForge/commit/dd42f84a474ebe6a9b766003a206af93315fedb7

• Diffs:
  
  
  
  • net.minecraftforge.common.ReflectionAPI:
    
    
    
    
    
    • New file. Addes 3 static functions:
    
    
    
    • checkPremission(ClassLoader, File) Basically delegates to their modified LaunchWrapper for a checkPermission call
    
    
    
    • decrytClass(ClassLoader, byte[]) Again delegates to their modified LaunchWrapper to decrypt the class file.
    
    
    
    • errorLog(String) Just logs a error message
    
    
    
  
  
  • net.minecraftforge.fml.common.discovery.asm.ASMModParser:
    
    
    
    
    
    • This is simple enough, it just changes our new ClassReader(inputStream) call decrypt the class file using ReflectionAPI. Simple and functional.
    
    
    
  
  
  • net.minecraftforge.fml.common.discovery.ModDiscoverer:
    
    
    
    
    
    • Uses ReflectionAPI.checkPremission to determine if they are allowed to load a mod file.
    
    
    
    • Disables loading mods that are Directories, but this change really is for development, so i think they just nuked it so they didn't have to run the Test mods.
    
    
    
    • Makes a copy of the findModDirMods function and adds a ReflectionAPI.checkPermission/directory filter pass over the files first. Simple enough, not sure why they had to make a new method. Most likely bad copy/paste.
    
    
    
  
  
  • net.minecraftforge.fml.common.Loader:
    
    
    
    
    
    • Makes it use it's new filtered findModDirMods function, and removes scanning the versions specific mods folder.
    
    
    
  
  
  • net.minecraftforge.fml.relauncher.CoreModManager:
    
    
    
    
    
    • Removes the commandline specified coremods feature.
    
    
    
    • Removes scanning of coremods in the versions specific mod folder
    
    
    
    • Removes support for directory based mods and filters them using ReflectionAPI.checkPermission just like normal mods
    
    
    
  
  
  • resources/assets/forge/en_US.lang:
    
    
    
    
    
    • Deletes every value in this file, keeps the keys tho. So English has no translations.
    
    
    
  
  
• Summery:
  
  
  
  • Basically it just tries to lock down what files can be loaded as mods. Not to bad.
    
    The MAJOR worring part is the whole concept for Encrypted mods/classes. The ONLY reason to do this is that they are doing something they don't want you to know about in those encrypted mods.
  
  

1.11.2:
Base? https://github.com/MinecraftForge/MinecraftForge/commit/2df36137c2c995b5d12f1e8b7db101b47650b570

• Diffs:
  
  
  
  • ReflectionAPI, ASMModParser, ModDiscoverer, Loader, CoreModManager, en_US:
  
  
  • All of these are pretty much identical to 1.12, Remove directory support, remove version directory, remove command line arguments, add encryption support.
  
  
  • net.minecraft.client.gui.GuiOptions.patch:
  
  
  • Removes the buttons for realms, skins, languages, and snooper info.
  
  
  • Resizes resource pack/chat buttons.
  
  
  • The concern here is hiding the snooper button.. so that you can't easily see what data they are snooping with the mods they install?
  
  
  • The other changes are a few bug fixes and some git derpage, nothing important.
  
  

1.10.2:
Base: https://github.com/MinecraftForge/MinecraftForge/commit/261313a682121aeb009fbaecfc0ec11c3c0eccfd (This base is nice they are actually almost using the head of this branch!)

• Diffs:
  
  
  
  • ReflectionAPI, ASMModParser, ModDiscoverer, Loader, CoreModManager, en_US:
  
  
  • All of these are pretty much identical to 1.12, Remove directory support, remove version directory, remove command line arguments, add encryption support.
  
  
  • net.minecraft.client.Minecraft.patch:
  
  
  • Moves the language initalizer to earlier, probably nessasary for better localization?
  
  
  • Changes the Display Title to Chineese.
  
  
  • net.minecraft.client.gui.ServerListEntryNormal.patch:
  
  
  • Localizes the cant connect error messages.
  
  
  • net.minecraft.client.gui.GuiMainMenu.patch:
  
  
  • Removes the language, realms, and mod buttons.
  
  
  • Removes the splash text.
  
  
  • Changes the minecraft logo.
  
  
  • Changes the copyright notice, and removes any branding from modpacks and the like.
  
  
  • net.minecraft.client.gui.GuiIngameMenu.patch:
  
  
  • Removes the share to lan and mod info buttons.
  
  
  • net.minecraft.client.gui.GuiFlatPresets.patch:
  
  
  • Localizes the preset names.
  
  
  • net.minecraft.client.gui.GuiOptions.patch:
  
  
  • Same as 1.11.2, removes realms, skins, languages, and snooper buttons.
  
  
• Summery:
  
  
  
  • This version actually has some useful changes in it, changes that they should be doing. That is, localizing the areas of Minecraft that are not translated to Chinese yet. The rest of the changes are just more locking down.
  
  

1.9.4:

• Again one commit behind, seriously guys the log4j fix is a crash fix you should update!
  But the changes are all identical to 1.10.2

1.8.8: (Why did they use this over 1.8.9?)

• This one is almost identical to 1.9.4/1.10.2. Only notiable changes are that they don't relocate the LanguageManager constructor. And they remove the stream button.
• One thing to note is that the changes are attribuited to "yuanfeige" with the comment in ASMModParer: //revise by yuanfeige
  Hi yuanfeige! If you're out there and you speak english it'd be nice to talk!

1.8:

• This one is a little bit harder to know what they are doing as this is back when FML and Forge were seperate repositories. So their repo doesn't have the full copy of FML with their changes.
  But judging by the pattern they are doing this will most likely be identical to 1.8.8-1.10.2.
  The Forge parts I can see patches wise are identical.

1.7.10:

• This one they actuallky included the FML sub folder, and as I suspected, its identical to the changes they did in 1.1-1.10.2.
  Their Forge side changes were the same as well.

Netease is not a company which have a good fame in China,I still remembered the Argument between MCBBS and Netease,I don't think they did the right things.
They has been recommend that some Chinese player's produce without any agreement.
Now the most of Chinese player are dis-agree with what Netease done with Forge.
In my opinion,I think that Netease has made a huge mis-take.It's certain that the Netease goes wrong wtih their FOOL MISTAKES they had ever done.

What's more interesting, Netease once said they respect copyright.

Well, I think they encrypt mods to prevent hacks. Minecraft is extremely easy to hack. Since the decryption is public, it doesn't really work.

@HeartyYF Actually they did say they respect "copyright", but LGPL is copyleft. How ironic.

LGPL is explicitly chosen because it's NOT 'copyleft'. Note the L part. GPL is parasitic, LGPL is not. Both however share the same trait as MOST OS licenses saying that modified works must be open. Modified != Derivative.

As for the idea of needing encryption for anti-cheats.. No... anyone who knows any about security would instantly know thats a futile effort and has nothing to do with encryption. Encryption is purely there to hide what they are doing. Not very will tho.

Some things to note:
I acknowledge that they have published what appears to be the source of their modified Forge version, so that parts fine. But this is clearly a response to this thread, and the news surrounding it. So I am still not fully trusting what they do.
However, they have yet to release their modified version of LaunchWrapper.
The entire system they are implementing, the encryption of mods. Is futile and has no place in the Minecraft community. There is no legitimate reason to do this.

@liach Don't you think it is for restricting users to install mods from only one source (id est, NetEase's launcher, a.k.a. "The Box")? There has been such rumor for a while yet no official statement can imply so.

Where can I get source of LaunchWrapper? Is it under LGPL?

I personally disagree with their decision to restrict mod loading. But as an official version for China only, they provides free access to all the users, which means they have to earn money otherwise, possibly from community contents.

Maybe there will be further discussion with mod authors from Netease, at least they have done something with Optifine (from the updates of https://github.com/sp614x/optifine/issues/770).

I'm not sure about the effect to the community, but the fact is the aimed users of the China version is not the old users, maybe students who cannot afford a minecraft copy. So thay are running a very typical method for games in China, which is free access and paid for extra content. Players will be given some points, but if they want to have a advantage, it should be paid.

Another thing is they are building a huge server (possibly) for all the Chinese users to play on, so they want to have some methods to prevent cheating (although it's not well implemented).

As I have said, I personally disagree with their decision, but just want to put some details for understanding of the whole thing.

@PeterRK https://github.com/Mojang/LegacyLauncher

@3TUSK I think that is for anticheat mods.

Some little thing I can do.
https://github.com/MinecraftChina/Forge/issues/1
It's very possible that they just give out this version of codes and change the binary file of forge.
By the way, the reason why they encrypt mods is They want to limit players so that the mods downloaded other place such as MCFourm can't be loaded. Then they can SELL mods in their launcher(Box) and profit.

A protest, or a boycott, like that of Net Neutrality may work against such shameless behaviors of big companies, I wish.

@Towdium Netease is absolutely going for the freemium way. However, in China, anyone can download a pirate copy of Minecraft for free at ease; in fact, most former (before Neteast's release) Minecraft players know how to get a pirate copy of Vallina Minecraft. So @liach, no "boycott" is needed anyway.

IMHO whether if Netease releases modified code does not affect Forge in anyway. The major victim of this is rather the player group who prefer freemium games over premium games (like those on Steam).

BTW, is the new translations done by Netease useful?

Sadly,almost all the forum about Minecraft in china have deleted the news about Netease's Forge.They even use the world“**”to replace "forge"
there's an example

i hope u will understand

Because in China, there is something like “水军”,

@wan-qy If you do want to paste something to show your opinion, PLEASE HELP TRANSLATE INTO ENGLISH. If your English is poor, PLEASE USE GOOGLE TRANSLATE.
Thank u very much.

netease have a lot of money to increase his fame.
but this is a cheat.
(sorry to m English)
about wan-qy's img,img says netease steal good peple from mcbbs,the second says netease only have money.
(sorry to my English again)

@ShieLian i translate it.
but my English is very pool,not Google translate
maybe you can't to understand it

“水军”(its literal translation is water army) means the employs employed by a network company of network public relations who earn their livings by posting messages on communities, increasing own company's fame or attacking other companies.
Netease has a lot of these water armies and some of them often publicly plagiarize others' works.
And due to the Chinese conditions(GFW) we chinese can't Google translation easily.
@ShangJixin and your English is really very very poor...at least refer to your dictionary...

mcbbs is the biggest forum about minecraft in China, netease want some administrators of it to help them to write articles which says good words(in Chinese, we are used to calling them like “软文” ) of netease, remove negative comments，and netease will give them money in return.(My English is poor：)

@HeartyYF https://translate.google.cn/ works well, try using it：)

And in the second picture one of netease's staff admitted that they want to nobble some people. As @ZhangqianStudio 's picture shows, almose all of Chinese forums cannot display "forge" but replace it by "*". A post in mcbbs reported this event was blocked(now it can be accessed). In Zhihu(a website like quora), under a question about this event, netease hired a lot of people to defend its action.

↑They also bought some websites about games over.

@SourcePowered lex means that in general, operations in China do not follow the DMCA. That's obvious, because it's a US law. This is not a personal attack on its citizens and getting super defensive about it only serves to muddle discussion.

It doesn't seem like any useful discussion has really happened here so I think the relevant people should contact Lex directly instead and the thread should be locked. Just my opinion.

Before Netease, China also has a lot of sites to provide Forge download
They are using their own links, but not modify Forge.
But in China, the lack of legal protection of copyright
This is a question that has been a straight one,Cause this thing.
Because of the limitations of the firewall, in many cases people do not know the direct owner of the thing
They will mistakenly believe in other sites

The translation of @ZhangqianStudio ,my vocalubary is poor(graudated form senior high school):
The biggest problem is *(censored by Netease,which is Forge),a thing which obeys LGPL,Netease modified it and distributed it to the users,and also don't open the source code of modified version,disobey the * (sorry,I don't know what behinds *s)open-source license of LGPL.

For the anti-addicted system,i guess is caused by the political reason----recently a chinese lol-like game was on china's goverment's offical newspapers claimed that the games causes a lot of students addicted into the game.(Of course.....netease anti-addicted system is shit.)

For mod encryption,I guess it is use to monitoring for some legit data they want to have (Or the goverment forced them to? I don't know.....)

Guess we should be grateful that Netease didn't manage to do what it aims to do good enough.

From a corporate point of view, one way Netease can make money out of Minecraft the java version is to control the "frontend" - by dominating the launcher market, Netease can ensure that most innocent players are using a client version they control. so whatever sellable content they want to put on a payment ladder can be designed without hands being tied.

And sellable content here means whatever content they can fetch from the web. Like Lex has said, LGPL is but a word without any magic unless the Law comes in. And Netease doesn't even have to word it like they are selling originally free content - once they have control over a client that everybody is using, they can simply sell you the 'right to use' that free content on their platform. So all that encryption is not to hide their content or what ever - the encryption is to prevent you from installing your free content from the community.

That's not even invented by Netease as it's just how walled garden works. Luck for us this time the garden must be good enough to get everybody walled in. Like what Apple originally did on the iOS. Netease's launcher apparently didn't manage to beat even the Chinese amateurs already shipping pirate game launchers, but that might just be a matter of time.

You can't really use ethics to shield a corporate from improper money making. The only way I see that can keep Netease out is the free and open community going strong. That's especially hard as servers cost money, good programmers need life, and even Minecraft itself is not free and owned by a big corporate.

cruelty of reality I guess.

Quite agree with @williewillus

It doesn't seem like any useful discussion has really happened here so I think the relevant people should contact Lex directly instead and the thread should be locked.

能否拜托你们不要在这里讨论与技术无关的问题了。这里是Github，是一个代码托管网站，不是什么新闻网站，更不是用来聊天或吐槽的地方。要评论的话知乎上有一大堆相关的问题，而且还有赞拿。在这里拿着机翻出来的英语"热心的“告诉外国人，我们中国的网易公司是有多么多么糟糕之类，意义在哪里？

@ShieLian commented 2 days ago
请各位尊重github社区，issue是用来讨论技术上的问题而不是给你们用来泄私愤的

Ya, gunna lock this, if anything major comes up people can let me know other ways.
As it sits. I still don't like what Netease is doing. Nore how they are doing it.