MC-Market is now BuiltByBit. Read more

  • We're giving away $35,000 of prizes! Invite 2 friends to our Discord for free Premium! Learn more

[TUTORIAL] How To Licence Your Plugins

Status
This thread has been locked.

CureMe

Java Developer
Deactivated
Reputation
8
Posts
249
Reactions
97
Resources
1
This is something which can allow you to protect your plugin from leaks and stop yourself being scammed. It all comes down to having a licencing system in the code (I am spelling licence the British way because I am British).

The licence for a plugin can be controlled externally (not inside the code) meaning that it can be changed at any time without a third party i.e. the user of the plugin, to have access to it.

This is something which just simply is barely shown anywhere for beginner developers and is vital to ensure their premium plugins they make allow them to achieve their full potential & sales.

Free Method
For this we are going to be using paste-bin as that is one of the only few external sites that can be controlled by you if you edit pastes.
  • Firstly, head over to https://www.pastebin.com
  • Inside the "new paste" section, type something like "true" or the name of your plugin
  • On the next line put in the name of the user who purchased this product
  • Publish the paste
This will be referred too later from the code so keep the tab open. I would also recommend setting up a pastebin account so it is easier to manage your pastes and navigate through them.
Head back over to the plugin that you are creating this licence for and prepare to write some code. I will try to explain this the best I can in it's comments.
For this example we are going to say that my paste's top line is "true" and the second line is "CureMe":
Code:
private void isLicence() {
        //We are getting the licence key string from the config
        String key = this.getConfig().getString("licence-key");
        try{
            //We are defining the url location as a string to begin with using "/raw" after pastebin to get the raw paste.
            String url = "https://pastebin/raw/" + key;
            //Here we open a connection with the pastebin url
            URLConnection openConnection = new URL(url).openConnection();
            //We use firefox's key to access the site, this can be changed to chrome for example but you will need to find the correct key to do so.
            openConnection.addRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0");
            @SuppressWarnings("resource")
            //Here we are then reading from the webpage
            Scanner scan = new Scanner((new InputStreamReader(openConnection.getInputStream())));
            while(scan.hasNextLine()){
                //We save the first line into a string
                String firstline = scan.nextLine();
                //If the firstline contains the string "true" (this is where you could put your plugin name)
                if(firstline.contains("true")){
                    //The string customer would be "CureMe" as that is the second line of the pastebin
                    String customer = scan.nextLine();
                    this.getLogger().info("ThisPlugin has been successfully licenced. The user who purchased this product was " + customer + ".");
                    //We return the method not having disabled the plugin
                    return;
                }
            }
        }catch(Exception e){
           
        }
        //We return the method having disabled the plugin because it hasnt already been returned.
        this.getLogger().info("This plugin was not successfully licenced. It has been disabled.");
        Bukkit.getPluginManager().disablePlugin(this);
        return;
    }

If you don't understand that is alright, but I have done my best to comment information in there for you.
You MUST call this method from your onEnable and I would recommend putting this in your main class to make it easier.

When using this, the licence key you provide them will be that which ends the pastebin file. e.g. the link "pastebin.com/WviWFzyf" would have the licence key of "WviWFzyf".
As you can tell though somebody could decompile your code, figure out what needs to be in the pastebin and then simply create their own to effectively hack your plugin. Thats why the following method is way better.

Paid Method
This method uses what is called a virtual private server. These cost around £3 a month. I am now hosting a service where I will upload your licence keys to a vps for simply £0.50 per licence key.
This is likely better than having somebody setup lots of security on it for you so people cant simply steal all your licence keys. Security for a vps is essentials otherwise all your keys will be open to the public.
Find somebody that knows what they are doing and pay them to set it up for you. I am not getting into that in this tutorial but maybe another time.

The code for this method is exactly the same as the last one but instead of putting "pastebin/raw/" in your string url u put the ip associated with your vps. I use http://www.cureme.club as that is my domain linked to my vps. If you look into using vps' a lot more you may understand this further. Nobody else will have access to the licence keys apart from the owner of the vps unless they have the link to an exact licence key which would be the licence you provide them.



I hope this tutorial was useful and not too revealing for what developers have to do to fight back against leakers. Let me know your thoughts and suggestions to update this thread below.

Some credit to Shprqness
 
Last edited:
ReliableSite: Dedicated Servers

Kuzni

If you signed up after 2016 don't diss me thx
Supreme
Reputation
12
Posts
1,696
Reactions
950
Resources
0
Are you aware of how easy this is to crack?
 

CureMe

Java Developer
Deactivated
Reputation
8
Posts
249
Reactions
97
Resources
1
This is for beginners and using long licence codes in a vps is much better than in the pastebin method like I stated before.
This guy is right, that simple method of checking if user have their license key is so easy to crack. Instead, you must try use user's HWID to create license.
Are you aware of how easy this is to crack?
 

Eric

Software Engineer
Supreme
Reputation
14
Posts
1,762
Reactions
1,648
Resources
2
This is for beginners and using long licence codes in a vps is much better than in the pastebin method like I stated before.
How does the length of the license code matter?
 

Ghast

Founding Father of Hypocrisy - https://artemis.ac
Ultimate
Reputation
54
Posts
2,116
Reactions
3,278
Resources
79
Easiest license system to crack.
 

CureMe

Java Developer
Deactivated
Reputation
8
Posts
249
Reactions
97
Resources
1
For everyone saying it’s easy to crack I would appreciate suggestions for a better system.
 

LillianA

beep boop
Premium
Reputation
7
Posts
351
Reactions
259
Resources
1
For everyone saying it’s easy to crack I would appreciate suggestions for a better system.
Learn how to abuse the fuck out of reflection[DOUBLEPOST=1555604484][/DOUBLEPOST]
I think if you use this and obfuscate the plugin it'll be not that easy and it's better than nothing
Obfuscation only slows people down and people who know how to crack plugins will get past it just as easy. No plugin is safe from leaks but if you do it right you'll make it so fucking annoying to crack where people just won't care enough to do it.
 
Last edited:

Orochimaru

ACAB
Supreme
Reputation
21
Posts
2,701
Reactions
1,349
Resources
3
I hope this tutorial was useful and not too revealing for what developers have to do to fight back against leakers. Let me know your thoughts and suggestions to update this thread below.
You do realize some of the people who leak these also know how to create plugins aswell, I got a friend who puts plugins on spigot and knows how to leak them properly aswell. "too revealing for what developers have to do to fight back against leakers." He already knows, cause he is one. Not that effective.
 

FlowZz

Dreamer
Premium
Reputation
2
Posts
100
Reactions
45
Resources
0
Remote class loader with auth, and only a Launcher as plugin would be Better (ofc won't stop 100% of leakers but for sure the 99%), i know it's not simple to code, but it Will be worth i think
 
Status
This thread has been locked.
Top
You need to upgrade!
Our dark style is reserved for our Premium members. Upgrade here.