You can always use nulled, but of course there are risk involved. If you use a nulled plugin you general wont know whats inside the code unless you check the plugin code and inspect it which is time consuming. So there's a risk of malware, viruses and other codes that might harm your site in the future. Nulled plugins are not generally illegal though cause some use a GPL. . Buy the plugin :) its worth it, if you buy the plugin you are helping the developer to continue to improve the plugin and develop more useful plugin which Is health for Wordpress ecosystem.