Solved Hiding Strings.

Discussion in 'Spigot Plugin Development' started by JoseGamer_PT, Jun 13, 2016.

Thread Status:
Not open for further replies.
  1. HELLO SPIGOT COMMUNITY!

    There is any method to hide strings?

    Note: I don't want BASE64

    THANKS FOR YOUR TIME!
    - JOSE
     
  2. What do you mean hide strings? Can you give an example
     
  3. For example in my eclipse:

    String wow = "Test";

    In the decompiler:

    String wow = "Test";

    I triyed BASE64, but:

    String base = Base64.decodeblablabla("SWHGSWAUGSUWK=");

    In the decompiler:

    String base = Base64.decodeblablabla("SWHGSWAUGSUWK=");

    The crackers can edit the string ;/
     
  4. You can't. Even through $500+ obfuscators like Stringer they can still be cracked.
     
  5. So you want to obfuscate your strings? There is no reliable way to obfuscate your strings with 100% security. At some point you HAVE to reverse the obfuscation. Otherwise all string output on your server will be obfuscated as well. And you don't want that. So hashing is out of the question.

    So, you need a way to reverse the obfuscation, and your plugin needs access to the algorithm that does this. If you do the math you'll soon see that there is no real way to "hide" your strings.
     
  6. So i can't prevent crackers?
     
  7. There is no way to obfuscate the strings and even if there was, people will always manage to crack it no matter what.
     
  8. This is far and beyond what one would see as normal effort to obfuscate a string, but this is the best way I can come up with. It's still not 100% effective, but it will certainly give someone a headache.
    Look into the Java.crypto package. I would encrypt the string in a txt file and heavily obfuscate the key in your code. Granted, just decompiling the jar and printing it will defeat the entire system of any string obfuscation, but it is the most secure thing I can come up with.

    In other words, is near impossible to obfuscate a string in Java due to its VM nature.
     
  9. Hm.. I can't find the Java.crypto package D;
     
  10. I probably have the name wrong. One sec.

    javax.crypto
     
  11. Make a custom, non public obfuscator. That's the only way to at least have some protection for a time, all public ones are cracked already
     
  12. Well, i am good with plugins, not C# or other windows & mac languages ;p
     
  13. No reason you can't make with Java. I would use Python personally.
     
  14. Well, i gave up.
    THANKS FOR ALL HELP!
     
Thread Status:
Not open for further replies.