Resource [TUTORIAL] Anti Piracy

Discussion in 'Spigot Plugin Development' started by Aderm, May 21, 2016.


Was this helpful?

  1. YAS I LOVE YOU <3

    6 vote(s)
  2. ew no

    5 vote(s)
Thread Status:
Not open for further replies.
  1. Hey guys & gals.
    My good friend @ProJoosh has let me use this code, and he is the creator of this code (I have changed a lil' bit)

    Okay, so you want to protect your premium plugins?

    You want to insert this code into your main class:

    Code (Java):

    public static String uid = "%%__USER__%%";
    public boolean sts = true;
         public void auth()
             URLConnection localURLConnection = new URL("Your website link").openConnection();
             localURLConnection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11");
             BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(localURLConnection.getInputStream(), Charset.forName("UTF-8")));
             StringBuilder localStringBuilder = new StringBuilder();
             String str1;
             while ((str1 = localBufferedReader.readLine()) != null) {
             String str2 = localStringBuilder.toString();
             if (str2.contains(String.valueOf(uid)))
             this.sts = true;
           catch (IOException localIOException)
         public void disableLeak()
             int x = 0;
             while(x != 5000){
               Bukkit.broadcastMessage(ChatColor.RED + "You leaked my plugin, 5k broadcast!");
           sts = false;
         public void disableNoInternet() {
             Bukkit.broadcastMessage(ChatColor.RED + "You don't have a valid internet connection, please connect to the internet for the plugin to work!");
             sts = false;
    You also need to add:
    Code (Java):

    into your onEnable method.

    Where you see:
    Please make a .txt file on your website and just add the link there.

    When you want to add a user to the blacklist, just make a new line in the .txt file, and when the plugin loads it will disable the plugin.

    %%__USER__%% is spigot magic, powered by unicorns.
    This just puts their spigot user id in the code.

    That's it guys, hope you enjoy!
    • Like Like x 4
    • Winner Winner x 4
    • Informative Informative x 2
    • Optimistic Optimistic x 1
  2. Cool, yes. GPL compatible, no.
    #2 sander2798, May 21, 2016
    Last edited: May 21, 2016
    • Like Like x 2
    • Optimistic Optimistic x 2
    • Funny Funny x 1
  3. Don't license your plugins with GPL, simples.

    A lot of people use this method.
    • Agree Agree x 2
    • Optimistic Optimistic x 1
  4. This is awesome. Thank you!

    also, I love spigot magic powered by unicorns.. ;)
  5. No problem!
    • Like Like x 1
    • Friendly Friendly x 1
  6. Gonna start this discussion once again... You use Bukkit, your project must be GPL. If you license it under another license you can (probably not will) be DMCA'd or worse by any member from the Bukkit team. Many plugin owners make this mistake, but it's simple as that.
  7. well, you can make your own tos.

    Let's not have this discussion here, this is strictly a tutorial thread.
    • Useful Useful x 2
    • Agree Agree x 1
  8. Haha sure. I probably won't use it, but I am very curious about how this works. Just wondering, what would my webserver need to do? What does the response look like?

    Nevermind, didn't read the last part. Looks neat. Thanks.
  9. Add me on skype and I can explain more :p
  10. How does this even prevent someone from using the plugin? If, for example, I buy you plugin and my id is in the uid but I give the jar to a friend it would still have my id in there which would then still sucessfully validate against your check wouldnt it? Am I missing something? :p

    Edit: my bad, I missed a key part stating that this is a blacklist xD sorry about that
  11. w0t?

    If your UID is in my blacklist, and your UID is hardcoded into the code, it wouldn't work, no matter what.
    • Like Like x 1
  12. Remove one invoke from the onEnable method, and you should be good to go!
    • Agree Agree x 5
  13. huh?
  14. 1. Obfuscate Code
    2. What i do is put that method to call in alot of classes, so if its not callled in the main class it will check that and call it somewhere else.
    • Agree Agree x 1
  15. All da optimistic ratings in this.

    Anti-piracy, now this method is out there, it's already vulnerable. All anti-piracy is useless. All can be bypassed, especially in Java.

    Use wireshark to get URL of authenticator thing.
    Hosts file
    URLConnection proxying.
    Bytecode editing
    Like you don't even have to edit bytecode per se, as long as you know the URL, you can use the find and replace util in winrar to do this..

    You think if there was a way to stop people pirating software, there would be cracked versions of windows.. Yeah I thought so..

    As for the GPL issue? Because Bukkit and the developers followed that, right? xD The plugins are supposed to be licenced under GPL v2 but that never happened, and dbo even supported going against this by allowing other licences.. Also all rights reserved.. And then you get into the whole DBO Wolverness disaster which essentially abused the shit out of GPL. Basically YOLO swag, bukkit's licensing is a total mess.
    #15 _Cory_, May 21, 2016
    Last edited: May 21, 2016
    • Agree Agree x 4
    • Like Like x 1
  16. "Hey this method is called quite often, and executes HTTP request to the domain of the author - or any random domain, let me inject an early return with true/false and see how that works out"
    • Agree Agree x 4
  17. This version isn't.

    If it can't connect to the website to check for the UID's the plugin disables.
  18. See my edited post.
    Hosts file would be the easiest bypass for this. You don't even need to take the jar apart to see where the URL is, just wireshark.
  19. Hosts file would stop the outgoing connection.
    If the connection cannot be completed, the plugin will be disabled.
  20. No, it wouldn't.. Not if it directed to google or some other web server.. Or you set the IP to and you have a running webserver (Most default installs have a running webserver on
Thread Status:
Not open for further replies.