How To Null/Crack SpigotMC Minecraft Plugins

FateKid

DEVIL DID IT

Status

offline

Posts

14,666

Likes

125,824

Resources

3,373

Bits Credits

363

Admin

LEVEL

11

5,910 XP

Let's take a moment to go over the correct ways to null your own Minecraft plugins!
While understanding the general syntax behind programming languages such as java is extremely helpful, you can null your own plugins easily with some basic knowledge.

NOTE: Polymart plugins have advanced security measures such as custom injection placeholders, user-agent information and more. We do not recommend releasing these files unless you know what you're doing!



What Is Nulling?
By definition, 'Nulling' is described as:
to create a null; cancel out.

When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



STEP 1: Opening ReCAF

The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource

Open ReCAF, which was provided in the download above. ReCAF is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin. Dragging the plugin you'd like to null into the ReCAF window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking SEARCH > STRINGS - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
null-demo1 (1).png

If we opened the EA, VK, or mq class files, we'd find something called loadConfig0. This contains the validation of the SpigotMC APi. Things like your userID, resource downloadID, and some other strings tied to your account may be placed here, among other places.

--- don't worry, these aren't my REAL ones, I've already replaced them with 000111 for this tutorial. Nice try, trolls!

What do you think would happen if we changed

to

If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.

While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Edit with assembler' - doing such will open where the instruction is being used.

METHOD 1: Replace API Link

Let's try changing the string to another website such as google.com, or the default placeholders of their API endpoint.
Right-clicking the string will provide you with the option to edit with assembler.

null-demo2 (1).png

Change the text to
or

METHOD 2: Replace API Identifiers

SpigotMC Default Identifiers
  • %%__USER__%% | This placeholder is scanned and replaced automatically with your SpigotMC user ID when you download plugins from their website.
  • %%__RESOURCE__%% | This placeholder is scanned and replaced automatically with your SpigotMC individual session download.
  • %%__NONCE__%% | This placeholder is an added layer of security, providing administration teams with extra data when finding specific members and their downloads.

    SpigotMC in particular uses an outdated and archaic type of identification, in which all of your essential user placeholders are within reading view! This is not a smart decision. All engineers, such as yourself can view these security functions and modify them willingly. I've listed some of the default placeholders below. In this method, replacing your personal identifiers with these placeholders is a great way to return a nulled value. Try to replace your valid identifiers in the api link with the nulled, (default) non-operative SPIGOT values. In this java example, you can do this by changing:

to

Now either FILE > EXPORT PROGRAM, choose to either overwrite your previous jar, or save a new copy, then you're done!



But FateKid, Nothing Shows Up?

If you can't find any of this information, that can be a good thing, or a bad thing!

SpigotMC doesn't allow obfuscation, therefore most times if you cannot find your personal identifiers, you can upload the plugin safely without the need of ID removals. Not every developer knows how or chooses to take the time to implement their API into the plugin, and plugins downloaded as a ZIP archive file do not need to go through this process.

It's still a smart choice to attempt to remove any of your identification numbers from your plugin - follow the steps!
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators.

You may see some Boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!
 

thelostlord

User Suspended

Status

offline

Posts

2

Likes

1

Bits Credits

0

LEVEL

0

0 XP

Member suspended from NullForums
hhow t
Hello,
Let's take a moment to go over the correct ways to null your own Minecraft plugins! This is a valuable skill to learn - no matter what your profession you're in. While understanding the general syntax behind object-oriented programming languages such as java is extremely helpful, you can still null your own plugins easily.

What Is Nulling?

By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.

Nulling Resources Manually

STEP 1: Opening JByteEditor
The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource
Open JByteEdit, which was provided in the download above. JByteEdit is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin.
Dragging the plugin you'd like to null into the JByteEditor window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking TOOLS > FIND STRING - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
d87d84da740c1b3367614223a0592ec6.png

You can see that we've found a pretty interesting link which contained my spigot userID, resource downloadID, and some other strings tied to my account.
--- don't worry, these aren't my REAL ones, I've already replaced them with 000001 for this tutorial. Nice try, trolls!

What do you think would happen if we changed

to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.
While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Go To Method' - doing such will open where the instruction is being used.

0662ab92d24f038cd346cadcadd9d99e.png

METHOD 1: Replace API Link
Let's try changing the string to another website such as google.com.
Right-clicking the string will provide you with the option to edit the contents.

Change the text to

ce38f863d0db313f78b85a3a2019d842.png

METHOD 2: Replace API Identifiers
Another method you can try is to replace your valid identifiers in the api link with nulled, non operative values. In java, you can do this by changing:


to

Now either FILE > SAVE AS or FILE > SAVE and you're done!

While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators. You may see some boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Overview & Results

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community!
how to releak plugin?
 

FateKid

DEVIL DID IT

Status

offline

Posts

14,666

Likes

125,824

Resources

3,373

Bits Credits

363

Admin

LEVEL

11

5,910 XP

When I search for "https" nothing comes up.
You probably don't need to null the plugin's authentication then! It's still a smart choice to remove any of your identification numbers from your plugin - follow the steps below:
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.
 
Liked by:

Aegis

User Suspended

Status

offline

Posts

1

Likes

0

Bits Credits

0

LEVEL

0

10 XP

Member suspended from NullForums
Hello,
Let's take a moment to go over the correct ways to null your own Minecraft plugins! This is a valuable skill to learn no matter what your profession you're in.
While understanding the general syntax behind object-oriented programming languages such as java is extremely helpful, you can still null your own plugins easily.



What Is Nulling?

By definition, 'Nulling' is described as:


When you null a plugin / resource, you're removing the required information or instructions the program uses to validate various different other instructions! Each program may contain different methods of validating, protecting, and accessing them. After all, it's typically individuals or small creative agencies and there's tons of methods to do such.



Nulling Resources Manually

STEP 1: Opening JByteEditor
The first thing you'll want to do is download the nulling suite we've provided on our website! This file contains loads of interesting different tools you can use to explore the insides of different resources - primarily focused on java! Use the download link below to get it, then save the .RAR contents somewhere on your PC.


STEP 2: Nulling The Resource
Open JByteEdit, which was provided in the download above. JByteEdit is a java bytecode editor, allowing you to modify the assembly instructions of a java plugin.
Dragging the plugin you'd like to null into the JByteEditor window should result in some file structures being shown on the left-hand side of the software.

It's time to start nulling! By clicking TOOLS > FIND STRING - search for common usage factors when authenticating, think of how you'd want to do this and try different things!
Some common things to search for:
  • web links ( "http" / "https" )
  • piracy message notices ( "piracy" / "leaked" / "auth" / ".api" )
d87d84da740c1b3367614223a0592ec6.png

You can see that we've found a pretty interesting link which contained my spigot userID, resource downloadID, and some other strings tied to my account.
--- don't worry, these aren't my REAL ones, I've already replaced them with 000001 for this tutorial. Nice try, trolls!

What do you think would happen if we changed

to


If you guessed the plugin would be nulled, you're wrong! You've merely just replaced your personal string identifiers with someone else's, or no ones.
While this may sound like nulling, you're just giving the resource a way to invalidate the original instruction.

Now, let's try exploring deeper into this specifically found string!
Right-clicking the selected string will provide you with the option to 'Go To Method' - doing such will open where the instruction is being used.

0662ab92d24f038cd346cadcadd9d99e.png

METHOD 1: Replace API Link
Let's try changing the string to another website such as google.com.
Right-clicking the string will provide you with the option to edit the contents.

Change the text to

ce38f863d0db313f78b85a3a2019d842.png

METHOD 2: Replace API Identifiers
Another method you can try is to replace your valid identifiers in the api link with nulled, non operative values. In java, you can do this by changing:


to

Now either FILE > SAVE AS or FILE > SAVE and you're done!



But FateKid, Nothing Shows Up?

You probably don't need to null the plugin's authentication then! It's still a smart choice to remove any of your identification numbers from your plugin - follow the steps below:
  1. Find your personal spigot profile ID number ( https://www.spigotmc.org/members/username.XXXXXX/ )
  2. Search for the numbers shown for your profile ID, like the above link.
Explore the files which have these identifiers. You'll most likely find a string containing your download ID & nonce as well.



TLDR;

While these methods work for most spigot plugins, you'll need to learn and experiment more on your own to remove advanced solutions such as license management systems, checks to things such as this, and much more.

Sometimes a plugin will throw an error, make sure to check the code above and below the inspected lines to make sure you're not missing checks or other validators. You may see some boolean (true / false) values, or strings with 'FAILURE' 'INVALID' 'NOT_FOUND' - try changing things and re-saving! It's a game of cat-and-mouse, finding the most efficient way to trick the program into validating your session.

Happy nulling!
If you found this quick tutorial helpful, help us by providing more resources to our community![/SPOILER]
should I have the plugin jar first to be able to null the plugin?
 
Liked by:

FateKid

DEVIL DID IT

Status

offline

Posts

14,666

Likes

125,824

Resources

3,373

Bits Credits

363

Admin

LEVEL

11

5,910 XP

should I have the plugin jar first to be able to null the plugin?
Yes, you'll need a JAR file to null a plugin.
 
Liked by:

Latest threads

Forum statistics

Threads
53,960
Messages
84,002
Members
50,551
Latest member
ogfagocik
Top Bottom