PurePerms plugin abuse

Explain to me for what purpose the plugin developer PurePerms encoded a line in his plugin?
https://github.com/poggit-orphanage...5484ec08e/src/_64FF00/PurePerms/PurePerms.php
86 line

Code:

       $this->getServer()->getLogger()->notice(base64_decode('UHVyZVBlcm1zIGJ5IDY0RkYwMCAmIFByb2plY3RJbmZpbml0eSEgI0xFRVQuQ0MNCg0KICA4ODggIDg4OCAgICAuZDg4ODhiLiAgICAgIGQ4ODg4ICA4ODg4ODg4ODg4IDg4ODg4ODg4ODggLmQ4ODg4Yi4gICAuZDg4ODhiLiANCiAgODg4ICA4ODggICBkODhQICBZODhiICAgIGQ4UDg4OCAgODg4ICAgICAgICA4ODggICAgICAgZDg4UCAgWTg4YiBkODhQICBZODhiDQo4ODg4ODg4ODg4ODggODg4ICAgICAgICAgIGQ4UCA4ODggIDg4OCAgICAgICAgODg4ICAgICAgIDg4OCAgICA4ODggODg4ICAgIDg4OA0KICA4ODggIDg4OCAgIDg4OGQ4ODhiLiAgIGQ4UCAgODg4ICA4ODg4ODg4ICAgIDg4ODg4ODggICA4ODggICAgODg4IDg4OCAgICA4ODgNCiAgODg4ICA4ODggICA4ODhQICJZODhiIGQ4OCAgIDg4OCAgODg4ICAgICAgICA4ODggICAgICAgODg4ICAgIDg4OCA4ODggICAgODg4DQo4ODg4ODg4ODg4ODggODg4ICAgIDg4OCA4ODg4ODg4ODg4IDg4OCAgICAgICAgODg4ICAgICAgIDg4OCAgICA4ODggODg4ICAgIDg4OA0KICA4ODggIDg4OCAgIFk4OGIgIGQ4OFAgICAgICAgODg4ICA4ODggICAgICAgIDg4OCAgICAgICBZODhiICBkODhQIFk4OGIgIGQ4OFANCiAgODg4ICA4ODggICAgIlk4ODg4UCIgICAgICAgIDg4OCAgODg4ICAgICAgICA4ODggICAgICAgICJZODg4OFAiICAgIlk4ODg4UCIgDQo='));

For what purposes are these obscure characters created?
line 59 - 61

Code:

    const MAIN_PREFIX = "\x5b\x50\x75\x72\x65\x50\x65\x72\x6d\x73\x3a\x36\x34\x46\x46\x30\x30\x5d";

    const CORE_PERM = "\x70\x70\x65\x72\x6d\x73\x2e\x63\x6f\x6d\x6d\x61\x6e\x64\x2e\x70\x70\x69\x6e\x66\x6f";

 

What is The Problem On PurePerms Plugin

 

Do you know what is encoded in line 86? this is the whole problem, I personally would not recommend putting the rest of this plugin and risking your project.

 

PurePerms is not in any way abusing your server.
The main prefix is just escaped characters, and on run time it is changed to "[PurePerms:64FF00]"
The core permission is also escaped characters, and on runtime it changes to "pperms.command.ppinfo"
I assume these two constants are like this so anyone editing the plugin does not thing change them, since they look important to the plugin.

The long string being decoded on line 86 is just the ASCII art that is printed to console when the plugin enables, and it's encoded to make it compact in the code.

HTML:

PurePerms by 64FF00 & ProjectInfinity! #LEET.CC

  888  888    .d8888b.      d8888  8888888888 8888888888 .d8888b.   .d8888b.
  888  888   d88P  Y88b    d8P888  888        888       d88P  Y88b d88P  Y88b
888888888888 888          d8P 888  888        888       888888 888    888
  888  888   888d888b.   d8P  888  8888888    8888888   888888 888    888
  888  888   888P "Y88b d88   888  888        888       888888 888    888
888888888888 888    888 8888888888 888        888       888888 888    888
  888  888   Y88b  d88P       888  888        888       Y88b  d88P Y88b  d88P
  888  888    "Y8888P"        888  888        888        "Y8888P"   "Y8888P"

(ASCII is not rendered properly on here, but that's what it is decoded)

 

As thunder mentioned it has been removed but a update wasn't pushed to poggit, the latest release got rid of that ASCII and is now available on poggit.