901Three900

New Recruit
offline

Posts

3

Likes

3

Bits Credits

0

LEVEL

2

440 XP

Out of curiosity does this work with Songoda?, BuiltByBit?, or any other site similarly like SpigotMC? Or it is built only for SpigotMC?

I'm down to do some experiment with the other 3rd party plugin marketplace..

Just want to confirm šŸ˜„
 
Liked by:

sixtysix

Newcomer
offline

Posts

6

Likes

0

Bits Credits

0

LEVEL

1

305 XP

Out of curiosity does this work with Songoda?, BuiltByBit?, or any other site similarly like SpigotMC? Or it is built only for SpigotMC?

I'm down to do some experiment with the other 3rd party plugin marketplace..

Just want to confirm šŸ˜„
If I remember correctly, SpigotMC doesnt allow creators to obfuscate their plugins, so if the plugin is using spigots base auth, yes, it should work. BBB and other marketplaces allows other assets and potentially obfuscated items, so its more difficult to just open it up and remove the auth.
 
Liked by:

shanruto

Supreme Overlord
offline

Posts

6,040

Likes

250,660

Resources

1,724

Bits Credits

301

LEVEL

10

5,175 XP

If I remember correctly, SpigotMC doesnt allow creators to obfuscate their plugins, so if the plugin is using spigots base auth, yes, it should work. BBB and other marketplaces allows other assets and potentially obfuscated items, so its more difficult to just open it up and remove the auth.
Bunch of the plugins from SpigotMC are obfuscated. Some of them go to extensive lengths just to avoid their plugin getting leaked. :)
 
Liked by:
offline

Posts

2

Likes

1

Bits Credits

0

LEVEL

0

160 XP

Let's take a moment to go over the correct ways to null your own Minecraft plugins!
While understanding the general syntax behind programming languages such as java is extremely helpful, you can null your own plugins easily with some basic knowledge.

NOTE: Polymart plugins have advanced security measures such as custom injection placeholders, user-agent information and more. We do not recommend releasing these files unless you know what you're doing!



What Is Nulling?
By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



STEP 1: Opening ReCAF

The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource

Open ReCAF, which was provided in the download above. ReCAF is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin. Dragging the plugin you'd like to null into the ReCAF window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking SEARCH > STRINGS - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
View attachment 24446

If we opened the EA, VK, or mq class files, we'd find something called loadConfig0. This contains the validation of the SpigotMC APi. Things like your userID, resource downloadID, and some other strings tied to your account may be placed here, among other places.

--- don't worry, these aren't my REAL ones, I've already replaced them with 000111 for this tutorial. Nice try, trolls!

What do you think would happen if we changed


to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.

While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Edit with assembler' - doing such will open where the instruction is being used.

METHOD 1: Replace API Link

Let's try changing the string to another website such as google.com, or the default placeholders of their API endpoint.
Right-clicking the string will provide you with the option to edit with assembler.

View attachment 24447

Change the text to

or


METHOD 2: Replace API Identifiers

SpigotMC Default Identifiers
  • %%__USER__%% | This placeholder is scanned and replaced automatically with your SpigotMC user ID when you download plugins from their website.
  • %%__RESOURCE__%% | This placeholder is scanned and replaced automatically with your SpigotMC individual session download.
  • %%__NONCE__%% | This placeholder is an added layer of security, providing administration teams with extra data when finding specific members and their downloads.

    SpigotMC in particular uses an outdated and archaic type of identification, in which all of your essential user placeholders are within reading view! This is not a smart decision. All engineers, such as yourself can view these security functions and modify them willingly. I've listed some of the default placeholders below. In this method, replacing your personal identifiers with these placeholders is a great way to return a nulled value. Try to replace your valid identifiers in the api link with the nulled, (default) non-operative SPIGOT values. In this java example, you can do this by changing:


to


Now either FILE > EXPORT PROGRAM, choose to either overwrite your previous jar, or save a new copy, then you're done!



But FateKid, Nothing Shows Up?

If you can't find any of this information, that can be a good thing, or a bad thing!

SpigotMC doesn't allow obfuscation, therefore most times if you cannot find your personal identifiers, you can upload the plugin safely without the need of ID removals. Not every developer knows how or chooses to take the time to implement their API into the plugin, and plugins downloaded as a ZIP archive file do not need to go through this process.

It's still a smart choice to attempt to remove any of your identification numbers from your plugin - follow the steps!
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators.

You may see some Boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!
Thanks for sharing in details.
 
Liked by:
offline

Posts

3

Likes

1

Bits Credits

0

LEVEL

0

135 XP

Let's take a moment to go over the correct ways to null your own Minecraft plugins!
While understanding the general syntax behind programming languages such as java is extremely helpful, you can null your own plugins easily with some basic knowledge.

NOTE: Polymart plugins have advanced security measures such as custom injection placeholders, user-agent information and more. We do not recommend releasing these files unless you know what you're doing!



What Is Nulling?
By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



STEP 1: Opening ReCAF

The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource

Open ReCAF, which was provided in the download above. ReCAF is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin. Dragging the plugin you'd like to null into the ReCAF window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking SEARCH > STRINGS - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
View attachment 24446

If we opened the EA, VK, or mq class files, we'd find something called loadConfig0. This contains the validation of the SpigotMC APi. Things like your userID, resource downloadID, and some other strings tied to your account may be placed here, among other places.

--- don't worry, these aren't my REAL ones, I've already replaced them with 000111 for this tutorial. Nice try, trolls!

What do you think would happen if we changed


to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.

While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Edit with assembler' - doing such will open where the instruction is being used.

METHOD 1: Replace API Link

Let's try changing the string to another website such as google.com, or the default placeholders of their API endpoint.
Right-clicking the string will provide you with the option to edit with assembler.

View attachment 24447

Change the text to

or


METHOD 2: Replace API Identifiers

SpigotMC Default Identifiers
  • %%__USER__%% | This placeholder is scanned and replaced automatically with your SpigotMC user ID when you download plugins from their website.
  • %%__RESOURCE__%% | This placeholder is scanned and replaced automatically with your SpigotMC individual session download.
  • %%__NONCE__%% | This placeholder is an added layer of security, providing administration teams with extra data when finding specific members and their downloads.

    SpigotMC in particular uses an outdated and archaic type of identification, in which all of your essential user placeholders are within reading view! This is not a smart decision. All engineers, such as yourself can view these security functions and modify them willingly. I've listed some of the default placeholders below. In this method, replacing your personal identifiers with these placeholders is a great way to return a nulled value. Try to replace your valid identifiers in the api link with the nulled, (default) non-operative SPIGOT values. In this java example, you can do this by changing:


to


Now either FILE > EXPORT PROGRAM, choose to either overwrite your previous jar, or save a new copy, then you're done!



But FateKid, Nothing Shows Up?

If you can't find any of this information, that can be a good thing, or a bad thing!

SpigotMC doesn't allow obfuscation, therefore most times if you cannot find your personal identifiers, you can upload the plugin safely without the need of ID removals. Not every developer knows how or chooses to take the time to implement their API into the plugin, and plugins downloaded as a ZIP archive file do not need to go through this process.

It's still a smart choice to attempt to remove any of your identification numbers from your plugin - follow the steps!
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators.

You may see some Boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!

Thanks for sharing. Nulling will be even easier with AI agents nowadays.
 
offline

Posts

1

Likes

0

Bits Credits

0

LEVEL

0

165 XP

is this still working? wanna leak a plugin but dont want to leak myself
 
Liked by:

ghedox

Newcomer
offline

Posts

5

Likes

2

Bits Credits

0

LEVEL

1

345 XP

Let's take a moment to go over the correct ways to null your own Minecraft plugins!
While understanding the general syntax behind programming languages such as java is extremely helpful, you can null your own plugins easily with some basic knowledge.

NOTE: Polymart plugins have advanced security measures such as custom injection placeholders, user-agent information and more. We do not recommend releasing these files unless you know what you're doing!



What Is Nulling?
By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



STEP 1: Opening ReCAF

The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource

Open ReCAF, which was provided in the download above. ReCAF is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin. Dragging the plugin you'd like to null into the ReCAF window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking SEARCH > STRINGS - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
View attachment 24446

If we opened the EA, VK, or mq class files, we'd find something called loadConfig0. This contains the validation of the SpigotMC APi. Things like your userID, resource downloadID, and some other strings tied to your account may be placed here, among other places.

--- don't worry, these aren't my REAL ones, I've already replaced them with 000111 for this tutorial. Nice try, trolls!

What do you think would happen if we changed


to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.

While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Edit with assembler' - doing such will open where the instruction is being used.

METHOD 1: Replace API Link

Let's try changing the string to another website such as google.com, or the default placeholders of their API endpoint.
Right-clicking the string will provide you with the option to edit with assembler.

View attachment 24447

Change the text to

or


METHOD 2: Replace API Identifiers

SpigotMC Default Identifiers
  • %%__USER__%% | This placeholder is scanned and replaced automatically with your SpigotMC user ID when you download plugins from their website.
  • %%__RESOURCE__%% | This placeholder is scanned and replaced automatically with your SpigotMC individual session download.
  • %%__NONCE__%% | This placeholder is an added layer of security, providing administration teams with extra data when finding specific members and their downloads.

    SpigotMC in particular uses an outdated and archaic type of identification, in which all of your essential user placeholders are within reading view! This is not a smart decision. All engineers, such as yourself can view these security functions and modify them willingly. I've listed some of the default placeholders below. In this method, replacing your personal identifiers with these placeholders is a great way to return a nulled value. Try to replace your valid identifiers in the api link with the nulled, (default) non-operative SPIGOT values. In this java example, you can do this by changing:


to


Now either FILE > EXPORT PROGRAM, choose to either overwrite your previous jar, or save a new copy, then you're done!



But FateKid, Nothing Shows Up?

If you can't find any of this information, that can be a good thing, or a bad thing!

SpigotMC doesn't allow obfuscation, therefore most times if you cannot find your personal identifiers, you can upload the plugin safely without the need of ID removals. Not every developer knows how or chooses to take the time to implement their API into the plugin, and plugins downloaded as a ZIP archive file do not need to go through this process.

It's still a smart choice to attempt to remove any of your identification numbers from your plugin - follow the steps!
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators.

You may see some Boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!

Let's take a moment to go over the correct ways to null your own Minecraft plugins!
While understanding the general syntax behind programming languages such as java is extremely helpful, you can null your own plugins easily with some basic knowledge.

NOTE: Polymart plugins have advanced security measures such as custom injection placeholders, user-agent information and more. We do not recommend releasing these files unless you know what you're doing!



What Is Nulling?
By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



STEP 1: Opening ReCAF

The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource

Open ReCAF, which was provided in the download above. ReCAF is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin. Dragging the plugin you'd like to null into the ReCAF window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking SEARCH > STRINGS - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
View attachment 24446

If we opened the EA, VK, or mq class files, we'd find something called loadConfig0. This contains the validation of the SpigotMC APi. Things like your userID, resource downloadID, and some other strings tied to your account may be placed here, among other places.

--- don't worry, these aren't my REAL ones, I've already replaced them with 000111 for this tutorial. Nice try, trolls!

What do you think would happen if we changed


to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.

While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Edit with assembler' - doing such will open where the instruction is being used.

METHOD 1: Replace API Link

Let's try changing the string to another website such as google.com, or the default placeholders of their API endpoint.
Right-clicking the string will provide you with the option to edit with assembler.

View attachment 24447

Change the text to

or


METHOD 2: Replace API Identifiers

SpigotMC Default Identifiers
  • %%__USER__%% | This placeholder is scanned and replaced automatically with your SpigotMC user ID when you download plugins from their website.
  • %%__RESOURCE__%% | This placeholder is scanned and replaced automatically with your SpigotMC individual session download.
  • %%__NONCE__%% | This placeholder is an added layer of security, providing administration teams with extra data when finding specific members and their downloads.

    SpigotMC in particular uses an outdated and archaic type of identification, in which all of your essential user placeholders are within reading view! This is not a smart decision. All engineers, such as yourself can view these security functions and modify them willingly. I've listed some of the default placeholders below. In this method, replacing your personal identifiers with these placeholders is a great way to return a nulled value. Try to replace your valid identifiers in the api link with the nulled, (default) non-operative SPIGOT values. In this java example, you can do this by changing:


to


Now either FILE > EXPORT PROGRAM, choose to either overwrite your previous jar, or save a new copy, then you're done!



But FateKid, Nothing Shows Up?

If you can't find any of this information, that can be a good thing, or a bad thing!

SpigotMC doesn't allow obfuscation, therefore most times if you cannot find your personal identifiers, you can upload the plugin safely without the need of ID removals. Not every developer knows how or chooses to take the time to implement their API into the plugin, and plugins downloaded as a ZIP archive file do not need to go through this process.

It's still a smart choice to attempt to remove any of your identification numbers from your plugin - follow the steps!
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators.

You may see some Boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!
Thank you for the instructions, I will study them.
 
Top Bottom