• You can earn a permanent ☑️Verified status for your account across the entire Hytale Hub Network simply by following @Hytale_Hub on Twitter!

[FREE] [TUTORIAL] Learn how to protect your plugins against leaking.

Norska

Java Developer
Legend
Master
Joined
Jan 13, 2019
Messages
31
Likes
7
I'm creating this thread/tutorial because I believe such knowledge is vital and important for every developer, in order to protect their rights, code, and sales. This tutorial will be split into many parts where I explain in detail every step you need take (few optionals) in order to have an extra layer of protection when it comes to your plugin getting leaked/mirrored/re-distributed by a 3rd party.

How do I protect myself against leaking & slow down the leaking process?
First, you have to understand that leaking and taking down leaks is a perpetual loop, you can't permanently stop someone from leaking your resources but you can take a few easy steps to make it hard, detectable and sometimes not worth the time of the leaker. There are many ways to do this which do not require much effort, such as, DMCA takedown requests, obfuscation, licensing systems and more.

A. What are "DMCA Takedown Requests"?
When content is removed from a website at the request of the owner of the content or the owner of the copyright of the content. It is a well established, accepted, internet standard followed by website owners and internet service providers. Any owner of content has the right to process a takedown notice against a website owner and/or an Online Service Provider (e.g. ISP, hosting company etc.) if the content owner's property is found online without their permission.

Simply said, you send a form to the website (or host which the website is on), requesting a DMCA takedown. You do this via e-mail and most of the times the e-mail you contact is in such form "[email protected]". Most of the time you can find those e-mails and more information regarding the host's policies at the bottom of the website, branded as "Copyright" or "DMCA" etc.

An example, Mediafire:
media1.png
media2.png

Here's a DMCA takedown request template (Make sure to edit it to your needs):
Greetings,

My name is [YOUR NAME] and I am the developer/owner of "[YOUR RESOURCE]", which is a paid plugin (software) for a video game called Minecraft. My file ([YOUR RESOURCE]) was uploaded to your servers without my permission and is infringing on at least one copyright owned by me.

You can find the main page of "[YOUR RESOURCE]" here: [ORIGINAL LINK TO THE RESOURCE]

The unauthorized and infringing copy can be found at:
[THE LINK WHERE THE LEAKED FILE IS HOSTED]

This letter is an official notification under Section 512(c) of the Digital Millennium Copyright Act (”DMCA”), and I seek the removal of the aforementioned infringing material from your servers. I request that you immediately notify the infringer of this notice and inform them of their duty to remove the infringing material immediately and notify them to cease any further posting of infringing material to your server in the future.

Please also be advised that law requires you, as a service provider, to remove or disable access to the infringing materials upon receiving this notice. Under US law, a service provider, such as yourself, enjoys immunity from a copyright lawsuit provided that you act with deliberate speed to investigate and rectify ongoing copyright infringement. If service providers do not investigate and remove or disable the infringing material this immunity is lost. Therefore, in order for you to remain immune from a copyright infringement action, you will need to investigate and ultimately remove or otherwise disable the infringing material from your servers with all due speed should the direct infringer, your client, not comply immediately.
I am providing this notice in good faith and with the reasonable belief that the rights I own are being infringed. Under penalty of perjury, I certify that the information contained in the notification is both true and accurate, and I have the authority to act on the copyright(s) involved.

Should you wish to discuss this with me please contact me directly.

Thank you.
[YOUR NAME],
[YOUR EMAIL]

DMCA Takedown Requests usually take 3-7 days to process.

A1. What if my resource is not hosted on any external host, but on the leak website itself?
You can find information about any website by using simple tools which can be found on the internet. Some of those include https://who.is/ , https://hostingchecker.com.

Keep in mind that DMCA complaints are only viable within the US, meaning that hosts which are outside of the US do not have to comply with your DMCA complaint. About that, there's not much you can do except take further steps to add more protection layers to your resource.

B. What is obfuscation?
Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation will not necessarily 100% protect you against leaks.

Simply said, obfuscators can make your plugins really hard to read/understand, impossible to read/understand and even crash decompilers (software used to view source code).

There are many publicly available tools that can obfuscate plugins and make them hard to understand/reverse engineer for leakers. Obfuscation is easy to do and pretty much just adds an extra wall of "wasting other people's (leakers) time and will to leak your resource". Some of the most popular choices when it comes to plugin obfuscation is ProGuard, Allatori, Klassmaster, ClassGuard, and, my personal choice -- Obzcure. Obfuscation combined with licensing systems, Spigot's nonce tricks and more will most of the time make cracking/leaking your plugin not worth it. Some obfuscators are free to use, others are paid. Keep in mind that most of them support student licenses, so if you're a student don't forget that you can gain access to such tools for free.

Here are a few tutorials regarding obfuscators:

B1. What is "Spigot's nonce tricks"?
Keep in mind that HytaleHub currently does not inject any additional code to resources (plugins) which makes this trick unusable for plugins published on HytaleHub. Though, if you have resources on SpigotMC you can take advantage of special placeholders, branded as "anti-piracy variables" by SpigotMC, in order to further shield your plugins.

Long story short, you hide such variables in your code (which you later obfuscate) and read a file from your (or a hosted) web server, if the file contains the nonce (meaning someone is trying to use your plugin unauthorized), you can take full control over it, such as shutting it down, break functionality and more.

You can read more about this here.

splitter.png

Generally summing up, as mentioned above -- leaking resources and taking them down is an infinite loop. Some decide to accept it and others decide to do something about it, and, the good thing is that it's not hard at all to take a few precautions, send a few e-mails every now and then when it comes to protecting your rights and your work. Minecraft plugins are still software and their developers have right over them.

To be continued. Please do ask any questions if you have any & feel free to contribute to the thread.

Last Edit: 12.01.2019
 

Zontonix

Well-known member
Joined
Jan 16, 2019
Messages
1
Likes
1
This is incredibly useful and informative, thank you very much for this post.
 

Dev

MC Modder and Experienced Java Developer. 19
Legend
Master
Joined
Jan 13, 2019
Messages
47
Likes
14
Great post. Developers vs Leakers is just the same story as Anticheats vs Cheats or Antivirus vs Virus. Its a infinite loop.

I have used Obfuscation and Licence Systems in the past on some of my plugins and tbh they will (eventually) find a way to crack your obfuscation and bypass the License Systems. I might sell/release some of the Code I used to add a License to plugins in the future.

IMPORTANT NOTE: If you are planning to add some kind of security to your plugins and you want to post those plugins on SpigotMC let me tell you that 99% of those "protection methods" like Licensing and Obfuscation are banned. I know developers from SpigotMC that use this types of protection on their plugin and It works pretty well but you have to be carefull with staff.
 

Harvey

Well-known member
Joined
Jan 24, 2019
Messages
29
Likes
7
Awesome guide, good information also. Very useful for people with knowledge in developing and for people that are new to it.
 
Top