Premium Resource Placeholders & Identifiers

Apr 17, 2021
Premium Resource Placeholders & Identifiers
  • Premium Resource Placeholders

    The ins and outs

    Spigot placeholders are super useful anti-piracy variables, injected into your plugin upon download.
    This means Spigot can track and observe unmodified premium plugins.
    You can protect yourself with obfuscation or individual class integrity protection.
    Since Spigot replaces these variables in all classes and it tampers with classes in general, JAR Signing or JAR Integrity Protection (for example with obfuscators like Stringer) is only possible when the obfuscator is properly configured.

    Now as you may or may not know, Spigot injects its own anti-piracy using these variables, and it's used as a deterrent to inexperienced plugin leaks. The more experienced however, know that anything is crackable, and you should keep this in mind.

    Also keep in mind that the placeholders will not work when declared inside a "static final" field.

    The nitty-gritty

    The placeholders are as follows.
    • "%%__USER__%%"
      • The ID of the user downloading the plugin.
      • You can go to to find the user page.
    • "%%__RESOURCE__%%"
      • The ID of the resource being downloaded.
      • You can go to to find the resource page.
    • "%%__NONCE__%%"
      • This is a unique ID for each and every single resource download. It is highly unlikely 2 downloads are going to have the same %%__NONCE__%%.

    How to use them

    Using these placeholders is easy... They're simply replaced in a string. So when you compile and upload the following
    Code (Java):
    String myUserString = "Welcome!"
        + "\nYour user ID is %%__USER__%%"
        + "\nThis resource ID is %%__RESOURCE__%%"
        + "\nAnd the unique download ID is %%__NONCE__%%";
    Will get transformed and the various variables will be changed to the appropriate values.

    Obfuscators Example Configuration: Allatori

    If you are using Allatori to obfuscate your SpigotMC plugins, then you can simply create a file called "spigotmc-patterns.txt" in the directory of your Allatori.jar and your Allatori config file.
    Then you have to paste this here into the "spigotmc-patterns.txt":
    Code (Text):
    Now, you have to add this line to your Allatori config:
    Code (XML):
    <property name="string-encryption-ignored-strings" value="spigotmc-patterns.txt"/>
    From now on, Allatori will not obfuscate strings that contain one of the SpigotMC resource placeholders.
    This means that SpigotMC can now replace these placeholders with the information of the user who downloaded the plugin.

    Keep in mind

    Before creating a thread asking why these placeholders will not work for you, please read this:
    • The placeholders will not work for the user that uploaded the resource (you). But don't get frustrated, it will work fine for other users that have purchased your plugin.
    • The placeholders will not work if your plugin is uploaded inside a .zip file.

    This is a wiki page!

    This is an open wiki page, and everyone can feel free to edit it. Please add any additional/new placeholders to benefit.
  • Loading...
  • Loading...