Inspiration

Previously, Minecraft had been to me, much like it is to the rest of the world, a videogame. I had done some tinkering with datapacks, experimented with the interesting mechanics of redstone, and contrived some unique art with WorldEdit, but none of my prior experience was anything like what was to come. The first stage of the journey was discovery of the Minecraft-specific social media company NameMc. NameMC is a website dedicated to indexing all Minecraft accounts, and then producing profiles wherein you can link your contacts and socials. The goal is to help people find information about account owners, share your account's "skin" (your avatar's exterior), and more. However, NameMC was more than just a profile based Minecraft social media network. It also cataloged name changes and account cosmetics like capes.

On NameMC, one specific page caught my eye above the rest: the minecraft names droptime table. This page neatly listed all usernames soon to be available for claiming, and showed when they were to free up. It was able to list out all the names because NameMC, by polling accounts and caching the information was able to store the name-change history of all accounts, and automatically could list people who had recently changed their username. As I scoured the page, I saw that there were some really neat usernames soon to become available, and began wondering how hard it would be to claim them.

The first name of interest happened to be "adult," which I thought would be a really unique account name, so, instinctively, I got myself situated at my desk, logged into my account's settings page, entered the name, and carefully hovered my cursor over the "Change Your Username" button. But, as it turned out, my single hopeful click, also known as a "hand snipe," was no match for the storm of thousands of automated 'sniper' requests that I would soon learn about. When the time came for the name to become publicly claimable the page momentarily lagged out, and then the name was snatched away by a big-name username 'sniping' organization.

Research phase

As usual for these sorts of projects, my adventure into the world of username sniping began with extensive research. The Minecraft username community turned out to mostly take the form of a fairly decentralized array of Discord servers. I hopped from one to another, making friends and further exploring the community. I came across many smaller organizations just starting out, trying to make a name for themselves. I traversed many larger scale marketplaces for Minecraft accounts, some having complex auction systems and account proxying services (offering to sell your account through their system for a fee). I encountered middlemen that had built up reputations for trading tens of thousands of dollars worth of accounts, and much much more. Through my traipses, though it seemed insane to me that people were paying thousands for videogame accounts with cool names, I knew that there was potential for me to start a service of my own.

Sniping Services

One unique category of Discord server that I found interesting was that of username snipers. These servers had brands associated with them, such as the popular "Hydra" or "Cupid" sniping service. These services would go after the high-value usernames like "adult" with dozens of accounts and servers running proprietary software, and would then hold high-stakes auctions for names that they successfully obtained. Almost all snipes would go to these big players, since the more money they made the more they could reinvest in accounts and servers, and the more time they could afford to spend developing their snipers. Since Mojang technically doesn't allow you to sell accounts, the sales process, unless you were using an expensive middleman, heavily involved trust, and was always carried out with non-refundable cryptocurrency. It was clear to me that to be a popular sniper, you'd need to first build a reputation.

Since I was interested in a more hobbyist take on sniping, I started out by searching for tools to get started tinkering with. As it turned out, there were already many open source public autoclaimers out there to mess with, such as the first one I tried McSniperPy, a popular choice written in Python. It was preconfigured and easy to use, and was open source. To me it seemed like gold mining: just for fun, with a chance of extreme success. I also came across the fascinating youtuber Xinabox, along with a few others, who produce content specifically on the "og minecraft community" (a catch-all term for those interested in valuable accounts). At this point, I knew I wanted to get involved, but would need to further research the technicalities first. At that time, I was attempting snipes with a single account to claim names that interested me personally.

Getting started

But, I wasn't ready to settle for a popular open source sniper, and was sure I could do better. After weeks of learning about network requests for the first time, toying with async Python and multithreading, and exploring the actual endpoints of Mojang, I was beginning to get a better grasp of what I'd need to do. As it turned out, names release a few milliseconds early, so I'd need to extensively experiment. Each account was allotted only a few name-change-requests a minute, so I'd need many accounts. And, same-IP-requests led to processing gaps, so I'd need many servers. For every server I could only fit a few accounts, so there'd be an expensive recurring investment in compute time in addition to the actual account costs.

The partnership

Friend's skin art shop

MyOne of my first friends in the community, a person who went by the name "wro," had carved out a particularly interesting niche for himself: NameMc skin art. NameMc skin art, potentially the subject of a future post, takes advantage of NameMc's skin history display to showcase art on your NameMc profile page. NameMc displays a grid of your 27 most recent Minecraft account's avatar's faces, so by designing pixel art and then converting it to many skin files, one can build up a grid to take the form of an pixel artpiece. My friend was offering to create the art and skin files as a service, which I found really fascinating.

Example skin art (by me)

My involvement only transitioned to commercial interest a bit after meeting this person. He told me that he'd had some experience sniping usernames, and we began discussing some of his past experiences and successes. He said that in the past he'd sniped some lower tier accounts and made enough money to scale to around 9 accounts, and that it was around then that he struck success sniping the username "vac," which was sold for a significant amount of money. He knew a lot about the pre-drop delay, and other configuration related matters. He was interested in getting back in the game, but wasn't quite ready to make such a large investment, and didn't know how to code well enough to code a sniper of his own.

(On an unrelated note, I've coded a tool to apply any NameMc art of your choosing to your profile, which can be found here)

The offer

The problem was that, as it turns out, Minecraft accounts are really expensive. Used accounts can be acquired much cheaper, but they aren't popular in the sniping scene for a few reasons. For one, it's less secure to buy a used account from a sniper, since Mojang only recognizes the first owner as the true owner, and so without the codes found in the confirmation email from purchasing the game, there's no way to prove to Mojang 100% that it's you're account if anything were to go wrong and you were to get locked out of the account. Secondly, at the time when we were considering trying to snipe names, an approach called "Giftcard Sniping" was much more popular than trying to change the name of used accounts right at drop time. With "Giftcard Sniping," you'd claim a Minecraft giftcard on a brand-new Microsoft account, and then close out of the tab on the "choose your username" page. It turned out that the "set your username" button on that page had a rate limit of 6 requests per minute, up from 3 from the "change username" button for older used accounts. In other words, by using brand-new prepaid Minecraft accounts and activating them with a specific username at droptime you'd have a better shot than changing the name on already existent accounts.

To get us started, I had the single 25 account that I had bought from my own testing, and wro had an extra account of his own that the he also had used for tinkering. However, it didn't take long to realize that two accounts was nothing compared to what our competition had. Some other snipers were sniping with thousands of dollars worth of brand new accounts, and thus were automatically sending thousands of requests. Some weren't as ethical, and used myraid stolen accounts, and though I was strongly against the ethics of that, they were a threat to our business notwithtstanding. But where things took took an unexpected and exciting turn was when someone reached out offering wro a substantial discount on bulk Minecraft account giftcards. When buying in bulk, this anonymous figure offered us brand new accounts for only 5 a piece, down from $25. Wro wanted me to go half in with him on 20 accounts, and start a sniping organization of our own. With such a large number of accounts, we'd have a much higher chance of winning names, and so it seemed like a reasonable investment. And that's where it all began.

The beginning

First few sales

I still reminisce of the first few days of set up: we created a Google spreadsheet to log transactions before we even had any, set up a discord server to garner customers, and spent a while deliberating on what to name our organization (we eventually decided to name ourselves "Ember"). We began by sniping lower 'tier' usernames, such as random 3 character long ones, using McSniperPy on a few Vultr servers. Through the process we were able to get a better grasp of the configurations of our sniper. For the first few weeks we spent all our money reinvesting in discounted accounts, building up our request capacity and slowly buying more and more servers.

We quickly realized, however, that while McSniperPy is great for first timers and people sniping with just a single account, it was unideal for larger sniping organizations. It was designed to work with only a few accounts, and we needed to set up each server one by one on manually with only 2-3 accounts per server. Most of the major competitors had custom, larger codebases, with tools to automatically queue snipes and more accurately send name change requests at the second of drop. To get us started, my friend was able to get a proprietary socket-request based Python sniper from an old friend in the community. As we continued expanding, I began forking it to allow for name queuing with a discord bot, using a simple Flask API to create threads of the sniper on the servers. But as we continued growing, even this quickly outgrew our needs.

Expansion

While co-managing our auctions and facilitating transactions, I spent significant time making our systems more scalable and efficient. For the first few stages I improved the discord bot interface, and then proceeded to add more advanced features to attempt boost our odds. I made it so that we could set up a queue of many names, and have them automatically get 'sniped.' I added a channel in our main discord server that would announce successful snipes automatically, so that customers could start bidding right away, and that would automatically remove the account data from the list of accounts to snipe with when an account had its name changed. And, I added the ability to spread out the request offsets across our servers, so that we didn't have to bet on just a single droptime. Also, taking inspiration from many other snipers, we made it so that when our sniper were to succeed, it'd automatically swap the brand-new-account's skin to a skin with our logo. That way customers checking NameMC to see who got the name would know it was us when we won.

The gamechanger

After a few weeks of obsessive coding and growing our operations, we were at the point where we were sniping many names a day with upwards of 15 VPSes running at all times, causing operational costs to spike to over $100 a month. We were still profitable, but it was a huge money suck. The more accounts we had, the more servers we'd need, the higher the price. But together, we worked up an ingenious solution. If the VPSes only required 10 minutes to authenticate all our accounts and send the name-change requests, then why'd we need to pay for 15 24/7 VPSes? Sure, you can better tune the servers and get a sense of their individual latencies, but was it really that big of a deal? Instead, we could just have one central server deploy (create) all the servers we need for all the accounts 10 minutes before droptime, and automatically 'ship' the accounts and settings to them. It was an extensive, elaborate undertaking, and I didn't have much of an idea as to where to get started, but it seemed to definitely be the best way forward. While our competitors were spending hundreds a month on server overhead, we could focus our spending on accounts and maximize our number of requests. The more requests, the higher the chance that a single one of them wins.

The system

Queueing many names

After coming up with the plan, I got to work. I read up on Vultr's REST API, and created a script to automatically deploy servers. With async ssh I made it so that, as planned, one parent server would automatically spawn a 'sniping' child sever for every 2 accounts, and added a queueing system. We elected to make our interface Discord-based because of the ease of implementation, and because that was where we were holding our auctions. To put a name in the queue all we had to do was type /queue <name into Discord; i was super convenient. And, as can be seen to the right, I made it so that a simple slash command one could add many names to the queue at once, which would then get setup prior to drop. We'd spend times together scrolling through NameMC's monthly drop-list, pre-queuing all the names we thought we'd be able to turn a profit on.

Operations

As time went on, I continued adding innovative and unique features to our sniper to increase our success odds and streamline operations. One of the next improvements I made was to send many requests evenly distributed within a specific interval small time interval, so that we'd not miss the often unpredictable droptime-window. More competitive names tended to generally take longer to release due to the sheer amount of requests other people sent, due to server lag. By spreading out requests, we'd be more likely to send the request right at the moment the name were to become free..

The finalized system was super efficient. It'd wait until 10 minutes before the last item on the queue was to drop, would automatically deploy a server for every few accounts where each server was staggered by a fraction of a second, and, after the servers were finished loading, via SFTP would ship the account login data to each server. The parent server would concurrently SSH in and run a setup Python script, along with syncing the clock and other setup. The child servers would ping mojang to attempt to change the username of the accounts that they were serving, and then would automatically destroy themselves (undeploy) to save on server costs.

The system was quite finiky at first, but improved with time. As I worked on it we had an inventory of 50-80 accounts, and so when anything went wrong we'd be left with 30-50 Vultr servers running concurrently and billing me .05/hr each. Even short intervals of time spent with servers left over from testing running added up to 100s of extra expenses, but the ultimate system saved us so much money that it quickly paid for itself. Not only did we save money on server hosting, but we also saved time that would otherwise need to be spent manually authing into and configuring servers.

Ending operations

Sniping explicitly not allowed

Eventually, though, sniping became more challenging. Some snipers began taking things too seriously, and were actually DDOSing Mojang's servers. Mojang was forced to modify their systems so as to deter username sniping, and eventually Ined, one of the admins at Mojang, actually Tweeted to officially note that sniping is not allowed. They started out by cutting the rate limit for accounts, but that didn't stop the problem. They reworked the API a bit, and eventually our sniper broke, and offsets were completely different. Since the API for their systems is not technically supposed to be a public open API, it was completely reasonable for them to do what they wanted with their API, and using it to snipe names was inherently always at risk of an overhaul. Since we hadn't won snipes for a while and because with my senior year of high school approaching I had limited freetime, we decided that it'd be a good time to end the project. Given how large the community is, it wasn't that hard to find someone to buy all our unused Minecraft accounts that we were using to snipe with in bulk, and with that sale the project was over. For a while before the API changes we received various offers for large amounts of money to actually buy the software that I developed, which we never were able to end up selling once its lost its value. We were still lucky, though, since shortly after selling all our accounts Mojang finally began blocking all requests from datacenter IPs with Cloudflare, which made sniping completely impractical. Some people continued by using residential proxies, but to continue that way would be a major, major expense. Ultimately, the experience was definitely really fun, and decently profitable experience, but the project was more than anything extremely educational. It's how I initially learned Python to the extent that I know it now, and gave me experience with various web frameworks for the first time.