[PhP] AntiLeak System

[funkemunky]

To put it short, I need an anti-leak system. Now, I'm going to be specific for how this should work so you don't have to go off the back off your head to get a function for an anti-leak I would like.

Description
- Make a PhP where I can put in a .JAR and it will inject its own ID on download. This so the one JAR downloaded is uniquely identifiable.
- Make a panel to where all IDs are stored, and make it to where I can remove it. I don't need anything special. I would even be fine with just just basic HTML (though please at least make it legible and to where it doesn't hurt my eyes). This is so I can put a killswitch in my plugin. Make it so I can make a check with a link like "ids.funkemunky.cc/ks?id="id here" and make it return a boolean (true/false) to my plugin. This will trigger the killswitch if it returns false. It will return false if the ID doesn't exist.
- Make one page where I can check the amount of plugins that came from different IPs. IF you can make it auto-remove an ID after a certain amount, that'd be great. If you aren't fine with that, that's cool.

What I'm Willing to Pay You
Message me so we can discuss a price.

Note: I'm able to do anything Java related for this service.

 

[/usr/bin/]

What I don't understand is what's stopping someone from decompiling your plugin and removing the check system ?

 

[funkemunky]

What I don't understand is what's stopping someone from decompiling your plugin and removing the check system ?

A good obfuscator can. However, I just need it to inject it in a certain place. Also, 99% of the people who would buy a plugin don't know java or how to crack a plugin.

 

[/usr/bin/]

A good obfuscator can. However, I just need it to inject it in a certain place. Also, 99% of the people who would buy a plugin don't know java or how to crack a plugin.

My point being, if your plugin is going to get leaked, the leaker would obviously remove any checks/etc whether they exist or not. Such as on [Censored], if it can be obfuscated it can be de-obfuscated.

 

[funkemunky]

This is possible?

Yes, it is. On spigot, premium resources are injected with an id and protection on download. Difference with this is, it only injects an ID.[DOUBLEPOST=1502562394][/DOUBLEPOST]

My point being, if your plugin is going to get leaked, the leaker would obviously remove any checks/etc whether they exist or not. Such as on [Censored]

You don't the reason for this obviously. Yes, java is a meme enough to where reverse engineering is incredibly easy unless you make it download the resource itself into the system's ram on start (which is possible). However, I don't want it easy enough to where you can just upload and you're good to go.

 

[Ghast]

What I don't understand is what's stopping someone from decompiling your plugin and removing the check system ?

A good obfuscator

 

[/usr/bin/]

Yes, it is. On spigot, premium resources are injected with an id and protection on download. Difference with this is, it only injects an ID.[DOUBLEPOST=1502562394][/DOUBLEPOST]

You don't the reason for this obviously. Yes, java is a meme enough to where reverse engineering is incredibly easy unless you make it download the resource itself into the system's ram on start (which is possible). However, I don't want it easy enough to where you can just upload and you're good to go.

Well I still think its a waste of time, however if your soo adamant on doing this you can do it yourself depending on your PHP knowledge, its pretty straight forward.

Since Jar files are essentially ZIP you can add a file containing id.txt in the JAR programatically containing the unique ID of the download, upon download. You would store the ID, Timestamp and Perhaps a column called "enabled" in the database. Write a simple php page that grabs the data from the database and returns true or false based on the "enabled" setting: your.site.com/ks.php?id=some_id . Make your plugin read this value, onEnable or something and if the URL returns false, server shutdown or something. Really straight forward.

Auto removing the ID after a certain amount can be done using Cron Jobs.

Personally I wouldn't pay more than $10 for this, it should take a maximum of an hour with intermediate knowledge. Good luck!

 

[kampai]

A really good obfucscator can make it extremely hard to decompile it unless you're great at reading java machine/byte code

 

[Ghast]

Honestly making a anti-leak is pretty easy when you are fluent with databases, php and java. After for the whole panel that is where it gets tricky

 

[Gokor]

Hello!

I am currently one of the sales representatives from Minecript and I saw that you were looking for Java development.

We at Minecript have the needed individuals with the necessary skills that are needed to help you with all your needs regarding graphics, plugin development, building, web design, system administration, etc...

Although I do not have a quote for you at this time for the development, I will be able to contact the rest of our team at Minecript to get the estimated prices for the development, as well as to see if there is anyone to take your request.

Best regards,
~ Gokor
Minecript Sales Representative

Please Contact me on Discord - Gokor#1430

- Minecript Links -
Visit our website @ https://minecript.com/
Join our community @ https://discord.minecript.com/
Follow us on Twitter @ https://twitter.com/minecriptae
Minecript (@minecriptae)
Your one-stop shop for anything design, development, building, or server related!

 

[Eric]

The injection system isn't possible within PHP, you'll need to change bytecode and compile it again through the server.

This can be done, but it would be expensive.

 

[PepegaGamer]

Sorry for the necro, but I am going to add my personal knowledge.

This is very possible. You just need to make an injection server which takes an InputStream from a PHP hit. The server processes the file which then outputs it back to the PHP file which hands it to the user to download. Very simple for experienced devs

 

[Zorify]

subbotted got a decent anti-leak system

 

[Wouterg]

The injection system isn't possible within PHP, you'll need to change bytecode and compile it again through the server.

This can be done, but it would be expensive.

Couldn't you store the source on the server somewhere, add a class file which only contains a field for the ID of the plugin, adjust that file on every download and execute the javac command in php to compile the jar and make it available for download?

 

[PepegaGamer]

Couldn't you store the source on the server somewhere, add a class file which only contains a field for the ID of the plugin, adjust that file on every download and execute the javac command in php to compile the jar and make it available for download?

If you are willing to do that then you would also be willing to make a cross link between an injection server (most likely in Java) and PHP. You are unzipping the Jar and rezipping it, you might as well make an injector using ObjectWeb ASM

 

[Wouterg]

If you are willing to do that then you would also be willing to make a cross link between an injection server (most likely in Java) and PHP. You are unzipping the Jar and rezipping it, you might as well make an injector using ObjectWeb ASM

All that can also be done in just PHP though (If you really wanted to) just using the exec() function

 

[PepegaGamer]

Tbh yeah, that wouldn't be too hard.

 

[Ghast]

Guys, this is from August, stop trying to still get a piece of it, @funkemunke doesnt need it anymore.