MRPack to ZIP

SHA-512 Verification in Modpacks — Why Every Download Is Hash-Checked

What SHA-512 does

SHA-512 is a cryptographic hash function. Given any input file, it produces a fixed-length 128-character hex string. Two identical files always produce the same hash; changing a single byte changes the hash entirely.

Why modpacks use it

The .mrpack manifest records the SHA-512 of every mod JAR. Tools that fetch the JARs (including our converter) recompute the hash after download and compare. If the values match, the file is intact; if not, it is corrupt or has been tampered with.

What a mismatch means

  • The mod author re-uploaded the file with the same URL but new contents (uncommon, against Modrinth policy)
  • The CDN served a corrupted response (network error)
  • The download was intercepted by a malicious proxy

The converter retries on mismatch and surfaces a warning if it persists.

What this protects against

Hash verification ensures that the JARs going into your ZIP are exactly what the modpack author specified — not modified malware injected by a man-in-the-middle. Combined with HTTPS download, this gives a strong end-to-end integrity guarantee.