Discussion in 'Programming' started by Achieving, Jun 21, 2018.

Thread Status:
Not open for further replies.
  1. I have a configuration which is currently working for our plugin, this is without any dictionary set (default).

    Whenever I add a dictionary it shows this error at the very end of the process:

    There is no issue with obfuscation when there is not a dictionary but the second it is ticked, it doesn't process even though the dictionary file is there.

    Any help/methods appreciated, thanks.
  2. As it already says, the system can not find the path.

    By the way, do you really need obfuscation for your own plugins? I think that's not really possible unless you gonna publish it.
    If you're a developer, who knows programming very well, you don't need to obfuscate your code. That's not professional in any way.
  3. So why is it not professional?
  4. TheJavaHacker


    I think most people claim it isn't professional to obfuscate is because future software engineers or future employers may not be able to see the works that you have produced, meaning they may feel as if the code is malicious or unusual and therefore cannot verify the integrity of the program that has been developed.
  5. If you really know how to develope software, you don't need to obfuscate your code. Most people do this, for example to prevent decompiling if they sell their products to prevent further unauthorized copies or to disguise/hide their inability.
  6. right so you're saying that a program that's client sided can be prevented from cracking just if you're a competetent dev? Obfuscation is a must when you're going commertial, not just to prevent your coding being rip'd off, but to fight against cracking.

    Sadly i cant reverse java at all but im able to reverse .net and pe files, so i've not gone further than opening a decompiler and checking few java obfuscators and i realized that them are really really basic and do not do much besides "obscuring" the code by changing the flow, changing the names or encrypting constants.
    I dont know in java but overall in .net or pe files those protections are easily defeated and the best way is just to use virtualization. (ofc just in the parts that you want to protect, not the entire application).
    Overall, IMHO obfuscation should be applied in the following way:
    -Virtualization in login/integrity methods
    -Constants/control flow in algo's
    And renaming in all the application to make it harder to be interpretated.
    However i realized most people just apply "max" settings on their file and feel like its ok, when even in some situations applying ALL the obfuscator and not partially can make your app be defeated easier.
    Ofcourse this wont defeat a dedicated cracker, but it will definetly slow them down a lot, you want it to slow them the enough time so that by the time they've cracked your app, you're already releasing a new update.
    And about performance, it will be affected indeed but remember you're just obfuscating login/integrity methods that are usually started with the server, so such performance should only be noticed at startup. At the same time, the algo's obfuscation is not so resource intensive, so should not be that big of a deal for the client.
  7. All obfuscation will eventually be cracked though (in relatively short time periods), so there isn't much to hide from the clients.

    Most you can really do with it, is minify the code so it's lighter to ship.
    • Agree Agree x 1
  8. Optic_Fusion1

    Resource Staff

  9. I think obfuscation makes sense on some things.

    If I would not obfuscate AntiBotDeluxe everyone could just go there and copy the code for their own antibot, including algorithms.
    The same for AntiCheats.

    It really helps against "Skids". But if a developer has problems with cracks he needs to work on that instead of trying to get rid of them, its impossible. Also, I have only made good experiences with leaks, because most people try before they buy.
  10. You're getting confused here, cracked doesnt mean unpacked, as far as i know there has never been nor will be a proper devirtualizer for denuvo because they make changes on their VM for each client plus its a pain on the ass to get rid of such virtualization.
    Most people do not unpack the VM's but attempt to find a way to get around them, meaning we're talking about human mistakes and not protection weakness.
    Also, are you trying to compare software that is in the trigger of THOUSANDS of people with a plugin that is mostly in the trigger of 13y/o?
  11. Optic_Fusion1

    Resource Staff

    actually, denuvo mostly just gets bypassed, the code and such is there, it just doesn't trigger, when it comes to denuvo, it's a lot more complicated yes, it's shows that if something like that (and lets be honest, it probably has obfuscation as well) can get bypassed completely, then obfuscation only won't last
  12. You dont seem to get my point, denuvo obfuscation is not removed, they crack the programs by patching the file and removing integrity checks, but vm is never unpacked.
    only vm that might have been unpacked is vmp due to the fact is well-known already and crackers have working devirters for it, other than than denuvo has never been devritualized.
  13. Optic_Fusion1

    Resource Staff

    In the message you replied to i said it gets BYPASSED
    When it comes to just obfuscation, if any of the groups that crack denuvo tried to crack a plugin on this site that has nothing but obfuscation and the basic spigot protection the damn thing would get cracked incredibly fucking quickly. also may i point out, FeatherBoard gets leaked it has obfuscation, the point is, if the right person comes along and tries to crack your plugin obfuscation quickly becomes pointless, when it comes to denuvo the only reason there isn't zero day cracks for the games it protects is because it's complicated as fuck and only two or three groups try to crack it even though there are WAAAAY more group in the piracy scene
  14. have you ever unpacked a vm before?
  15. Optic_Fusion1

    Resource Staff

    quite honestly no because i have no reason to
  16. Right so do not talk as if it was easy, if they have not made a devirtualizer before its because virtualization is the highest level of obfuscation you can achieve.
    If it already takes them weeks just to do patchs, making a devirt would take >1 month easily, and thats more than enough time for having the sales of a game done.
  17. This is just going off topic. Obfuscation wont stop resources from being cracked and never will. The pure facts are that code needs to be readable to verify integrity and check for malicious intent. A system like denuvo won't be accepted on any resource on spigot as it is unreadable and requires internet connection (Remember a plugin needs to be able to work without being connected even on first run). I recommend OP just goes without obfuscation.
  18. We're talking about virtualizaiton over all, denuvo is just an example.
  19. You might want to:
    A: Move the conversation into another thread then link it here.
    B: Move the conversation into DMs

    Because this thread will never get support if people keep answering to off topic responses.
  20. TheJavaHacker


    Obfuscation != Virtualization. Are you sure you're on topic!?
Thread Status:
Not open for further replies.