Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

getServerUniqieID doubts

Comments in 'Plugin Development' started by deot, Dec 25, 2015.

  1. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    PHP:
    $this->getServer()->getServerUniqueId();
    Recently, i found out there's getServerUniqueID() API in Pocketmine... I found it on Github

    So, Im asking if this API is usable in plugins? And, if its usable, what does it return?

    I mean, there're tons of Pocketmine server running around the world, does getServerUniqieID() returns a specific ID for every servers? Or the ID could be duplicated as it is generated randomly? Or that ID wont be duplicated and it must be different for every servers?

    :) thx
    CraftYourBukkit likes this.
  2. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    It returns a unique string that represents this server. It is based on the machine unique ID + server port + server bind IP (which is usually 0.0.0.0).
    deot likes this.
  3. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    May I know what's the differences between getUniqueID() in Utils class?
    getServerUniqueId() in Server Class
    vs
    getUniqueId() in Utils Class
  4. Tim // robske Büba
    Offline

    Tim // robske Büba Notable Member

    Joined:
    Feb 26, 2014
    Posts:
    606
    Minecraft User:
    robske_110
    But whats the sense of getting that id in a plugin?
  5. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    https://github.com/PocketMine/PocketMine-MP/blob/master/src/pocketmine/Server.php#L1583:
    PHP:
    $this->serverID Utils::getMachineUniqueId($this->getIp() . $this->getPort());
    $this->serverID defines the return value of getServerUniqueId().
    But whats the sense of thinking that it is there for plugins to use? It is actually only used internally for the "Server unique ID: " message on startup as well as for sending anonymous usage to stats.pocketmine.net . Nevertheless, it can be useful for plugins. For instance, I used it in the Basin plugin as the primary key of the servers table to identify a server in a network.
    deot and luca28pet like this.
  6. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Because I'm launching a Pocketmine Plugin Website, people can buy or use demo version of plugin from there :) If they paid, they will receive a License Code that can be inserted in plugin's config.yml... I don't want my plugins ended up like MCG76... can be downloaded for free from a hosting website (like dropbox etc).... Coding a license system can protect my plugin :)

    Basic Overflow is like this:
    On Server started, plugin will check license key inserted, if it's "DEMO", it will launched into DEMO version, if license key is inserted, it will proceed to next step
    Next, it will start verifying license key, if it haven't registered to any server, it will fetch server's IP, Port and UniqueID and send to my database server... And here's the point... I need to make sure that UniqueID won't be duplicated or changed... Otherwise, the next time user start their server, it will disable their paid plugin because of UniqueID mismatch...

    This is my algorithm to detect if they're using Original License or "Stolen" License :)
  7. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Much simpler: I will download the plugin and modify its source code and remove the checking part. Therefore, consider obfuscating your code a bit.

    I recommend you to use machine unique ID for this purpose.
    Flow:
    1. User gets a onetime activation code
    2. User pastes the code into a file or console via a command
    3. Plugin detects the code, does a Utils::getMachinUniqueId(Utils::getIP() . $activation_code) and post it to verification server:
      Code:
      POST /verify?activation_code=$activation_code&localized=$unique_id
    4. Verification server searches for a record of the activation code. If not found, respond with a message that makes the plugin suicide (or do more destruction if you like :D). If found, delete that record, and internally save the hash of the localized parameter + request source IP.
    5. In the future, plugin only posts the localized unique ID.
    Legoboy0215 likes this.
  8. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Much simpler: I will download the plugin and modify its source code and remove the checking part. Therefore, consider obfuscating your code a bit.

    I recommend you to use machine unique ID for this purpose.
    Flow:
    1. User gets a onetime activation code
    2. User pastes the code into a file or console via a command
    3. Plugin detects the code, does a Utils::getMachinUniqueId(Utils::getIP() . $activation_code) and post it to verification server:
      Code:
      POST /verify?activation_code=$activation_code&localized=$unique_id
    4. Verification server searches for a record of the activation code. If not found, respond with a message that makes the plugin suicide (or do more destruction if you like :D). If found, delete that record, and internally save the hash of the localized parameter + request source IP.
    5. In the future, plugin only posts the localized unique ID.
  9. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    That's a good idea too :) Hahahaha, but LOL idk how to code self-destruct :p

    Actually, I have finished coding License Verification and tested, every thing is working :) And, I tested with FOPO PHP Obfuscation too, it's working :) But, Im just worrying for FOPO isnt strong enough, although its failed to be decoded with unPHP, but Im still afraid for new Obfuscated PHP Decoder xD LOL :p

    If u interested to work with me, u can PM me, i will talk about details with u :) If not, never mind, its okay ;)
  10. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    I'm just interested in the cryptological part, and I personally don't support paid plugins.
    Vaivez66 and Legoboy0215 like this.
  11. Tim // robske Büba
    Offline

    Tim // robske Büba Notable Member

    Joined:
    Feb 26, 2014
    Posts:
    606
    Minecraft User:
    robske_110
    You can realy easy hack the source code...
    And why making paid plugins?
  12. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Nope, I will encrypt it before publishing... Means that u cant "hack" the source code easily + building a connection to my server and check all things simultaneously :p

    U asking why? That's the power of one thing, money! xD Anyway, paying for my plugin is optional, u can use DEMO version with less features if u dont want to pay...
  13. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Then no players should be joining at all. If the server is down, well, he is paying for his own reputation and then fewer people will download his plugin.
    LDX likes this.
  14. Brutus
    Offline

    Brutus New Member

    Joined:
    Aug 31, 2015
    Posts:
    21
    The issue of obfuscating plugin code has been discussed to death in places like the Bukkit/Spigot forums. In summary:

    It does not work. If the Zend engine can read your scripts to be able to run them, then they can be reverse engineered, often without even that much effort. There are as many public deobfuscation tools as obfuscation tools.

    There is absolutely no way to "encrypt" your code in a way that people cannot undo if they also are able to run it. If a computer can run your code, it can also recreate and change it. If you want to keep code out of people's hands you need to not give it to them in the first place. This will not and cannot change.

    However, in certain cases obfuscation still is worth it, as long as you are not expecting miracles. Obfuscation can:
    1. Make your code somewhat harder to reverse engineer. For example, someone with no technical skills won't be able to just look at your script and delete the checkLicense() method. Additionally, obfuscated code is harder to maintain than well organized and documented source.

      Anyone sophisticated will still be able to reverse engineer your code, and a sophisticated person can do it and then just release a version that doesn't include license checking that unsophisticated people can then use.

    2. Make your code smaller by removing comments, long and descriptive variable names, etc.

    Obviously, if you are releasing or selling a plugin, not giving out the plugin code is impossible. You just have to accept that there is a risk people will steal it. You can also look at alternatives like SaaS where some or most of the code is never run on your customer's machine and thus is not vulnerable, but that is infeasible for most plugins.
    Last edited: Dec 31, 2015
    applqpak, Legoboy0215 and PEMapModder like this.
  15. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    I would simply Ctrl + Alt + L (reformat code) in PhpStorm :p
    Legoboy0215 likes this.
  16. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    Wow... Ctrl - Alt - A. You gotta be kidding me.
  17. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    I use the eclipse keymap :p CtrlAlt-A is Git stage-all there.

Share This Page

Advertisement