'Locking Down' A plugin to one server?

Discussion in 'Plugin Development' started by stuntguy3000, Feb 6, 2013.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Offline

    Shevchik

    even hosting company method won't help, i will write the plugin the will dump the JVM and what so? Totally impossible to protect. If your plugin worth it, someone will hack and steal it, be sure.
     
    Shevchik, Feb 9, 2013
    #31
  2. Offline

    Ne0nx3r0

    And just like encryption, the goal isn't to make it impossible, just to tip the time+effort paradigm in the developer's direction. Just because something is impossible to do perfectly doesn't mean it can't be done well enough to be effective.
     
    Ne0nx3r0, Feb 9, 2013
    #32
  3. Offline

    Hoolean

    A slight adaptation of previous ideas (of course this would only work if the person isn't a plugin developer/won't decompile):

    • Config file has password field
    • On startup, plugin sends password in field to a server elsewhere
    • If the password is correct, the server sends back true and the plugin enables
    • Else, the server sends back false and the plugin disables
     
    Hoolean, Feb 9, 2013
    #33
  4. Offline

    Sagacious_Zed Bukkit Docs

    MrBluebear3
    You don't even need to decompile to break this. Ill just add a man in the middle. a competent networkadmin should be able to do this. Really it is a pointless endeavor.
     
    Sagacious_Zed, Feb 9, 2013
    #34
  5. Offline

    mastermustard

    not exactly they could always use the program ShowMyCode in which decompiles a class file with a few clicks
     
    mastermustard, Feb 9, 2013
    #35
  6. Offline

    keensta

    Not if you use a good obfuscation.
     
    keensta, Feb 9, 2013
    #36
  7. Offline

    Deckerz

    How about making it send a key to a site and it sends back 'ghost code' or downloads the actual plugin @ runtime i.e. the java code is on the site no in the plugin. BTW i dont know if this is possible
     
    Deckerz, Feb 9, 2013
    #37
  8. Offline

    microgeek

    Download an encrypted file, have another plugin use a modified ClassLoader to read the files and load them into memory as a byte array. To keep it private, set a password in the config that the file was encrypted with.

    Go to town:

    http://diablohorn.wordpress.com/2010/11/05/java-in-memory-class-loading/
    http://www.javablogging.com/2010/03/
    http://www.javablogging.com/java-classloader-2-write-your-own-classloader/

    Use very strong flow obfuscation. I'd use ZKM.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 31, 2016
    microgeek, Feb 9, 2013
    #38
    MrBluebear3 likes this.
  9. Offline

    polo2673

    Maby you could make it so when the server is on the code is changed when it is off it is changed back and you can't decompile a jar if its in use so you could try that but idk if you can do things like that
     
    polo2673, Feb 10, 2013
    #39
  10. Offline

    XlegitXcrazymanX

    *One time there was this thing called "good and nice people" and they shared their source code*
     
    XlegitXcrazymanX, Feb 10, 2013
    #40
  11. Offline

    Tamewolf

    Slightly confused as to the reason one would be afraid of something like this happening. Unless the person you give the plugin to starts handing it out to other people, then there would be a fairly small chance of someone else getting the plugin. Don't release it to the public and the issue is largely solved. Just like if you hide in a hole (provided no one ever knew or will know the hole existed, or that you existed), you can hide from the internet altogether!
     
    Tamewolf, Feb 10, 2013
    #41
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page