SpigotProtect - Protect your plugin against pirates!

Status
This thread has been locked.

HoverCatz

Professional programmer (https://obzcu.re)
Premium
Feedback score
0
Posts
30
Reactions
7
Resources
0
Hey!

Not sure if this is the right forum/subforum, so if it's wrong just move it (staff).

I just created this website that allows you to upload any mc plugin (if you have the dependencies of it) and protect it against pirates/theft.
I don't come here and pretend I am better than everyone else when it comes to this, but everyone who has tried decompiling/deobfuscating/reverse engineering it, hasnt figured it out yet.
But this is my solution to pirating - SpigotProtect. It's not free as it costs money to run the service I offer, but I think this is pretty cheap compared to buying f.ex Zelix or Stringer.

Feel free to join or Discord here

You can find the link in my signature =)
 
Last edited:

HoverCatz

Professional programmer (https://obzcu.re)
Premium
Feedback score
0
Posts
30
Reactions
7
Resources
0
I've tried a few, and they all fail to provide anything readable, feel free to try the javadeobfuscator project and post the results. I'll upload a sample .jar file to the website, check it in a few minutes.
 

Kuzni

If you signed up after 2016 don't diss me thx
Supreme
Feedback score
12
Posts
1,694
Reactions
950
Resources
0
Very cool site
 

HoverCatz

Professional programmer (https://obzcu.re)
Premium
Feedback score
0
Posts
30
Reactions
7
Resources
0
Kuzni , I can give you 2 free vouch apikey-uses so you can test it :)
 
Last edited:

Kuzni

If you signed up after 2016 don't diss me thx
Supreme
Feedback score
12
Posts
1,694
Reactions
950
Resources
0
I would love to. I'll pm you.
 

user7089

I deleted discord. Clones are scams.
Premium
Feedback score
5
Posts
137
Reactions
112
Resources
0
You do realize the people who actually crack stuff use javaassist and their own tools right? I bet proguard(yes an obfuscator lol) would do a great job at this, since it does manage to remove most of flow obfuscation(code optimizer portion of it) and renames everything into abc instead of whatever the f that is, also strings cannot be really obfuscated, reverse engineering them is just a matter of a: just running the program or b: using javaassist to call those specific methods method(String) and have them deobfuscated. Sorry to burst your bubble, but java reverse engineering is childs play. However you can achieve a decent amount of protection by not having the classes in the plugin if you know what I mean(Loading plugins from teh internet and causing application to crash on a: debug and b: illegal access).
 
Last edited:

Kuzni

If you signed up after 2016 don't diss me thx
Supreme
Feedback score
12
Posts
1,694
Reactions
950
Resources
0
You do realize the people who actually crack stuff use javaassist and their own tools right? I bet proguard(yes an obfuscator lol) would do a great job at this, since it does manage to remove most of flow obfuscation and renames everything into abc instead of whatever the f that is, also strings cannot be really obfuscated, reverse engineering them is just a matter of a: just running the program or b: using javaassist to call those specific methods method(String) and have them deobfuscated. Sorry to burst your bouble, but java reverse engineering is childs play. However you can achieve a decent amount of protection by not having the classes in the plugin if you know what I mean(Loading plugins from teh internet and causing application to crash on a: debug and b: illegal access).

It is so depressing to me that you do all this smart shit and then spell "bubble" as "bouble"
 

user7089

I deleted discord. Clones are scams.
Premium
Feedback score
5
Posts
137
Reactions
112
Resources
0
This is really similar to Ruans obfuscator (LiteBans dev)

This is what decompiled Litebans looks like:
b4b3e1.png

Compared to your sample jar, it's really similar. I like it
That's just adding synthetic to the method modifiers...
 

HoverCatz

Professional programmer (https://obzcu.re)
Premium
Feedback score
0
Posts
30
Reactions
7
Resources
0
I actually love the fact how you just upload the jar and depends. That's REALLY smart imo. Stops people sharing the jar and a whole mess of cracking down on leakers.
Thats kind of what I was thinking while creating this :p
 

HoverCatz

Professional programmer (https://obzcu.re)
Premium
Feedback score
0
Posts
30
Reactions
7
Resources
0
For anyone interested, my discord is HoverCatz#1234
 
Last edited:

Kuzni

If you signed up after 2016 don't diss me thx
Supreme
Feedback score
12
Posts
1,694
Reactions
950
Resources
0
Hey,

So lets begin lads.
I've only run one test so far, on a small plugin.

This is pigg121 's TabAPI. Shout out to him (I didn't ask him so I have to be nice)
https://gyazo.com/2ae5924991129459b078a2d13ae222ed
It would normally come with two classes. Personally, I believe that the obfuscation did an extremely good job.

A large proportion of users on mcm and spigot would look at that and give up. I would. Obviously there will always be people able to get around it. That's the same with anything. The average buyer would not be able to get past the obfuscation. The Website and the way it operates is extremely good. You upload the plugin and dependencies, The site will obfuscate it and get back to you with a jar within a minute or so.
 
Status
This thread has been locked.
Top