Anti Leak

  • Views Views: 381
  • Last updated Last updated:
  • Anti-Leak

    Overview

    The Revenact anti-leak is an anti-cracking and identification measure against leakers, crackers, and reverse-engineers who attempt to tamper with your code. The way this works is by modifying your resources uniquely to the user who downloads it and injecting a special protection wrapper. Currently, the anti-leak is capable of:
    • Swapping out resource placeholder strings
    • Protecting methods with a special protection wrapper for Java
    • Injecting a simple anti-piracy into the Java resources main class.
    Please note that the anti-leak tampers with Java classes in order to uniquely identify them to users so you may have to remove certain anti-tampering/integrity-checking protections.

    Supported File Extentions

    Placeholder injection & Obfuscation: jar
    Simple Placeholder Injection: json, txt, yml, css, scss, html, php, js, py, sh, sk
    Processed as directory with their content injected: zip, 7zip

    Notes: The injector will only go through 1 level of jar, zip and 7zip.
    If you need any other file type supported, please open a ticket.

    .jar -> .jar -> .class = no injection
    .jar -> .zip -> .class= no injection
    .zip -> .jar -> .class = no injection
    .zip -> .class = no injection
    .7z -> .class = no injection
    .jar -> .class = injection works

    .zip -> .zip -> .txt = no injection
    .zip -> .txt = injection works
    .zip -> directory -> .txt = injection works

    Placeholders

    Revenact supports on-download placeholder replacement. These placeholders are special types of identification that are intended to be unique to the resource and user who downloads said resource.

    To use them, place the following in string literals in your plugin where needed and they should be replaced on download.
    • %%__USER__%% or %%__USR__%%
    • %%__RESOURCE__%% or %%__RSRC__%%
    • %%__NONCE__%% or %%__DWL__%%
      • Placeholders for the download ID.
      • Currently, there is no lookup for the download ID to the user ID. There should be one soon, however.
    Java Protection Wrapper

    The anti-leak uses a special protection wrapper to protect certain methods. The wrapped method is then run through a special execution engine whenever a server uses the plugin. To protect one of your methods, you have to put "vm_entry" somewhere in the method name. For maximum protection, it is recommended that you use this to modify the plugin's internal behavior silently when your own anti-piracy system flags the plugin as pirated.

    Even though the protection wrapper is relatively advanced, it is recommended you do not create complex methods to protect with the wrapper as the wrapper's execution engine may not be able to handle it correctly. Additionally, it is recommended you do not use obscure initialization tricks to run wrapped methods when the server loads the plugin.

    The execution engine will break if Revenact's injected anti-piracy method is removed or not run so please keep this in mind.

    Also, make sure that your 'vm_entry' methods do not contain any of the following as the execution engine cannot handle them:
    • Lambdas and references.
    • Multidimensional arrays.
    • Switch statements.
    My Plugin Broke!

    Revenact's anti-leak system is by no means perfect. If the anti-leaks corrupts/breaks your resource in any way, please send @HoverCatz a PM with the following format filled out:
    Code:
    Link to the resource:
    Resource version:
    Download date (does not have to be exact but the day needs to be included):
    Unmodified resource (the one you uploaded):
    Modified resource (the output of the anti-leak):
    Text file of error log (I will not accept Pastebin-like links)

    Default Java Anti-Piracy

    Revenact, by default, injects an anti-piracy into the main class of bungeecord/spigot/bukkit plugins. This anti-piracy is a minor deterrent and is extremely easy to crack unless the protection wrapper is utilized.
  • Loading…