Obfuscate

Discussion in 'Spigot Plugin Development' started by Lifeonblack, Jun 2, 2017.

  1. is it allowed to spigot to post a resource with obfuscate jar? because dev bukkit don't allow one of the staff said so.
     
  2. It is allowed as far as I know, don't know for sure though
     
  3. Many have done it, at least for free plugins.
     
  4. how about premium plugins you've seen one?
     
  5. Yes, for example: AAC, Spartan, and other premium plugins. It's still allowed.
     
    • Agree Agree x 1
  6. if you're certain and I think it is okay thanks.
     
  7. Gianluca

    Gianluca Retired Resource Staff
    Retired Patron

    You can post a Premium plugin with an obfuscated jar file. But, for the initial approval stage, we recommend providing a non obfuscated (or very lightly obfuscated) jar so we can check it. After that, go wild (so long as everything else follows the Spigot rules)
     
    • Like Like x 3
    • Informative Informative x 1
  8. Could it be possible that we can provide the mapping to improve approval process? Would be nice if a resource-teammember can download the jar, apply the mapping and see not obfuscated source.
     
  9. obfuscate may harm computers?
     
    • Funny Funny x 2
  10. No, it can speed up a little.
     
  11. Gianluca

    Gianluca Retired Resource Staff
    Retired Patron

    No. But when you submit a plugin for Premium, we look at the source code as well.
     
    • Agree Agree x 2
  12. Thank you then.
     
  13. Wait another question for you what is the best obfuscator program you used?
     
  14. All of them will be cracked at some point, so personally I don't think it's worth the hundreds of <insert valuta>.

    You can consider just open sourcing a premium plugin, it won't be the first one.
     
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  15. I know it well I'm going to open source the plugin for sure but I'm trying to have an obfuscate plugin for once then it is a choice for us to have I know it will be cracked at some point, but I rather choose to use brilliant tools to obfuscate the jar.
     
  16. TIP: Dont use ProGuard (It can be Deobfusecated, I wont say how since its a Bugg,)
    EDIT: The reason that i cant tell since Its i have no clue how it works, but i know it exists,,
     
    • Funny Funny x 1
  17. Mas

    Mas

    ProGuard just doesn't offer any flow obfusucation or String encryption, meaning you can often get a good idea of how the code works. It isn't a bug that you can decompile it; you can decompile any jar, but depending on the obfuscator it will be harder/easier to read.
     
    • Agree Agree x 1
  18. MiniDigger

    Supporter

    thats the point, it only makes it lightly harder (and most stuff can be deobfuscated by automated tools easily). I generally would consider obfuscation a waste of time.
     
    • Like Like x 1
    • Agree Agree x 1
    • Funny Funny x 1
    • Zelix Klassmaster
    • Stringer
    • Allatori
    • Smoke
    Maybe I get also DexGuard or DashO soon.

    However, I would recommend Zelix for "normal" resources, and Zelix + Stringer for resources you really want to keep secret.
    Zelix + Allatori + Stringer works too, however, the performance impact can be slightly noticeable under certain circumstances.
     
    • Funny Funny x 1
  19. I wouldn't really consider Smoke as an obfuscator you can use, since it's not out yet due to their lack of permission to sell it yet. I believe you might be able to send them a plugin so you can test it, but I don't really recommend that because you don't get any configuration to it.