Protecting my plugins

Discussion in 'Plugin Development' started by tylersyme, Mar 21, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    tylersyme

    Hey, so I make plugins for servers, but I want those plugins to have a built in way to somehow shut down itself or maybe have it delete itself if I tell it too. All of this so that I can protect myself from those who would seek to steal my software. I would prefer that the plugin just delete itself, so that there's no way they can get it back. But really anything that allows me to have some level of control over it would be great :D. Thanks!

    Edit: I'm only curious about this subject, I wanted to learn remote access 'stuff' and I thought this would be a good place to get opinions on this topic (However, it appears that remote access is not practical)
     
  2. Offline

    Barinade

    No matter what you do it will always be able to crack, it's pointless to do this.
    If you don't want them taking your plugins and giving you the boot then don't give them your plugins in the first place.
     
    Rocoty likes this.
  3. Offline

    drtshock

    And when you think about it, deleting the plugin that's on the server won't do much. Anyone sensible running a server will have backups of everything. Just put your plugins on BukkitDev (with no backdoors please) because open source is best source :) Then you don't have to worry about people stealing it.
     
    Gamecube762 likes this.
  4. Offline

    willeb96

    Either keep your plugins for yourself or release them publicly, doing something in-between doesn't seem very reasonable.
     
    drtshock likes this.
  5. Offline

    RawCode

    sorry bro, if you dont know such thing, your plugin just can't have any worth.
    Ever if you post source code everywhere, nobody will ever look at it.

    Protip - FASM + JNI
    http://board.flatassembler.net/topic.php?t=15514

    But this just for lulz, since your code will instantly became platform and target dependant
     
  6. Offline

    tylersyme

    I do know 'such things', I was really just curious more than anything else
     
  7. Offline

    Barinade

    RawCode is notorious for having random replies that have nothing to do with a working solution, I think he just googles the question and finds a page with the most code-looking content and pastes it here tbh.

    Like I said originally, no matter what you do, it's always crackable. You think if it was possible to protect your code so that people wouldn't use it without your permission Minecraft would be pirated as much as it is?

    If you really want to message the plugin externally, I think this can be used, I've never done it myself so I have no idea where to start with it, but considering it's rather pointless to use for protection, you're better off just not using it until you find a reason to (which I haven't yet)
     
  8. Offline

    tylersyme

    I have, but not for any of the server ones, most plugins made for servers can't be useful for the general public anyways because they're built specifically for that server.

    drtshock Yea, true about the backups, but not all servers are smart in that area :). Open source is awesome, I wouldn't be doing anything if bukkit wasn't open source. However, when I make something that a server specifically asks for, I can't post those on BukkitDev because it removes the exclusivity of that plugin for the servers that I make stuff for. Which is the reason they ask me to make them in the first place, so not really much I can do there
     
  9. Offline

    drtshock

    tylersyme So my question to you is: if you are making a plugin specifically for a server, why do you need to be able to disable it at your convenience any time you want? Why would anyone want to get a plugin from someone who does that?
     
  10. Offline

    tylersyme

    Yea, I'm aware. As I told RawCode, I was just curious if it was even possible. As I already knew, it can never be fully protected, but you can take steps to make it at least annoying

    drtshock I'm not actually going to, I should have mentioned that I was just curious in my first message, sorry :/

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 7, 2016
  11. Offline

    Barinade

    You can host your classes on the web and make it so people can't see them
    You can disregard all naming conventions and "personally obfuscate" your code
    (Make every method with the same return type but different arguments the same name, like a())
    Not sure what else would even work with Bukkit tbh
     
  12. Offline

    tylersyme

    Barinade Yea, the obfuscation was my thought. Although I never considered hosting the classes on the web
     
  13. Offline

    drtshock

    While it sounds like a great idea, if the plugin can get the classes then why can't anyone else.
     
  14. Offline

    tylersyme

    Hmmm, encrypting the login/access information would help a good deal, but once again, anyone can crack it if they just look at the code (which is why we obfuscate the entire encryption and decryption process so that it's ridiculously hard to crack it)
     
  15. Offline

    Barinade

    You can deny access from the server if for some reason you want to stop them from using it, it would just be an addition "annoyance" for the cracker

    You'd still have to put that information in your plugin, no bueno

    You could generate a salt using the current date and have the plugin send information to a server, decrypt, and return the decryption result, and keep a whitelist of allowed servers to get the information, there's more to that concept but I'm not getting in to it, I've left out at least half of the necessary procedure
     
  16. Offline

    tylersyme

    Barinade Yea, the process would be in there, but making it super confusing is what I was talking about. Lol, all of this is totally overkill for plugins, but it's an interesting topic
     
  17. Offline

    RawCode

    I think he just googles the question Barinade
    Not this time, in most cases just first link, ever without reading content.

    i have bad news for you all:
    CUSTOM JVM that log and dump all classes (and all methods execution and all variables and anything else developer wants), you just can't protect from this, no matter how hard you try, as long as classes executed on server there is no protection.
    You can slowdown cracking process, but wont stop it.

    Moving part of logic to remote server is OK, but such plugin can't run in sync with server due TCP delays, limiting possible usage of such plugin severely.
     
  18. Offline

    Barinade

    I can't figure out if you're a massive troll or not. Some things you say are decent contributions, then you just randomly spew nonsense that isn't necessary for the topic. I don't know why.
     
  19. Offline

    AoH_Ruthless

    Wizehh
    I don't think a real troll would provide actual useful information at any given point in time. Perhaps English isn't his first language but why does it matter?

    Barinade
    Maybe the information isn't always a good contribution, but don't tell me you have never given meaningless or even faulty information before. Nobody is perfect.

    tylersyme
    If you were just curious and had no intent of doing this you would have never even thought of doing this. Backdoors are kind of despicable. A safer, cleaner, and morally rewarding way is to add custom licensing to your plugin. This includes a terms of use (and consequences of violation) that you can have your clients agree to before you coding a plugin for them.

    What I do to ensure a client's faith and honesty while still being an honest coder is to do what I just mentioned, and if money is involved, require a small down-payment.
     
  20. Offline

    jthort

    I'm not even sure if Bukkit would approve a plugin if it was encrypted
     
  21. Offline

    Gamecube762

    I remember hearing that the BukkitDevStaff is told not to bother their time with obfuscated plugins.

    Also if a plugin is on Bukkit Dev, your ownership of it is protected by Bukkit and by the license you choose to use.
     
Thread Status:
Not open for further replies.

Share This Page