Toggle sidebar

Homebrew Discussion PSA: SuperLan might be a virus

  • Thread starter Thread starter LUCKASS
  • Start date Start date
  • Views Views 11,516
  • Replies Replies 63
  • Likes Likes 1
LightBeam said:
Not sure about it being a very good advertisement.
Click to expand...

really yes, because they only make this type of post to do Hater but it ends up being everything as I said a Hater. SLP then benefits because every time they make a publication like this, 300 more registered to SLP.

But we never really try to do something that harms the scene, simply make a service for free that benefits everyone and is easier for everyone, nothing more. If you do not like it or if you are looking for problems where there is not, you are welcome not to use it and use another server without problems. I will not tire of repeating that if you do not like it, do not use it.

We do not make money with the project, we only do it because we like it and we want a place to play and we have it with SLP, this means that it does not harm us in anything that does not use it, they are fully entitled to NOT USE IT.

and I want to clarify that those who are hater and do this kind of thing, are simply angry because we did a free service and they wanted to use it to make money. Like I said ... we are not interested in money.
 
Last edited by Sonnydg,
Sonnydg said:
I will leave an answer to each point, but nobody is obliged to use SLP, simply if they do not like or do not care, do not use it and use the other servers and without problem.

  • the only thing that loaded by github is language file.
Click to expand...
The following files are loaded by super-lan-play-client.exe from GitHub when they should be built into the program:

These files are used for version checks and updates:

Other files downloaded:

That's a lot more than just the "language file".

Also: On startup, the program creates "MaterialSkin.dll", which is a C# theming library. Executables creating DLLs like this is a malicious behavior known as a "dropper", which may be one of the reasons why antivirus programs have flagged it.
 
Last edited by GerbilSoft, , Reason: +AV
  • Like
Reactions: Subtle Demise, Mambila2001, shabbypenguin and 2 others
GerbilSoft said:
The following files are loaded by super-lan-play-client.exe from GitHub when they should be built into the program:

These files are used for version checks and updates:

Other files downloaded:

That's a lot more than just the "language file".

Also: On startup, the program creates "MaterialSkin.dll", which is a C# theming library. Executables creating DLLs like this is a malicious behavior known as a "dropper", which may be one of the reasons why antivirus programs have flagged it.
Click to expand...

who are in the github does not mean that he is used. Each version we are making different changes and not all delete from the repository.

MaterialSkin is a library for the UI, which the antivirus then detects ... it does not matter xD, Although MateriaSkin was never the problem.
 
Last edited by Sonnydg,
Sonnydg said:
who are in the github does not mean that he is used. Each version we are making different changes and not all delete from the repository.

MaterialSkin is a library for the UI, which the antivirus then detects ... it does not matter xD
Click to expand...
You clearly didn't understand what I wrote.

The images are *downloaded* from the GitHub repository on load, rather than using an internal copy:
Code: 
private void Form1_Load(object sender, EventArgs e)
{
    /* ... */
    this.pictureBox1.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-sw.png");
    this.pictureBox2.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-ps.png");
}

The MaterialSkin.dll problem isn't the fact that you're using MaterialSkin.dll. It's the fact that, rather than downloading both files and then running the EXE, the executable itself is creating the DLL. This is known as a "dropper", and can trigger antivirus heuristics. https://www.cknow.com/cms/vtutor/virus-droppers.html
 
  • Like
Reactions: Subtle Demise
GerbilSoft said:
You clearly didn't understand what I wrote.

The images are *downloaded* from the GitHub repository on load, rather than using an internal copy:
Code: 
private void Form1_Load(object sender, EventArgs e)
{
    /* ... */
    this.pictureBox1.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-sw.png");
    this.pictureBox2.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-ps.png");
}

The MaterialSkin.dll problem isn't the fact that you're using MaterialSkin.dll. It's the fact that, rather than downloading both files and then running the EXE, the executable itself is creating the DLL. This is known as a "dropper", and can trigger antivirus heuristics. https://www.cknow.com/cms/vtutor/virus-droppers.html
Click to expand...

is that it seems that you did not understand, is that it really does not matter is it was simply done the way it was done and is only to use it easily, we do not intend to improve the code unless it is necessary.
 
Sonnydg said:
is that it seems that you did not understand, is that it really does not matter is it was simply done the way it was done and is only to use it easily, we do not intend to improve the code unless it is necessary.
Click to expand...
And this is reason alone to automatically blacklist anything you or your cohorts write. Just imagine what would happen if Microsoft said "we're not going to fix any bugs in Windows because it won't improve anything!"
 
Last edited by GerbilSoft,
  • Like
Reactions: Subtle Demise, Friendsxix, antiNT and 5 others
D3fau4 said:
first you do not know how we have programmed it, second cubus the only thing that does is to say that it is closed code and since it is closed code it is a virus, third The code is closed and is obfuscate so that people do not copy it.
I teach the code without problem but with my conditions and my conditions is that we connect to my pc by TeamViewer or similar.
Click to expand...
>I show* the code
"Enseñar" on english on that context is "show" not "teach"
 
Sasori said:
Honestly after Cubuss going around saying that there where smash brickers with no proof and just spouting nonsense id take this with a grain of salt for now

--------------------- MERGED ---------------------------

I also find this convient that he is making these accusations shortly after he makes a thread for his own switch lan play website
Click to expand...

1. Never said there were smash brickers
2. Never said Super lan play contains a virus,
3. Never made any accusations against Super lan play,


switch-lan-play has a license which require people to make there project opensource if they are using it or using parts of it, which super lan play is not doing

https://github.com/spacemeowx2/switch-lan-play/blob/master/LICENSE.txt


Also when i asked them why there discord needed these specific premissions:
They told me middle in the conversation that he could not answer cause he was eating dinner,
unknown.png
 
Last edited by Cubuss,
  • Like
Reactions: Subtle Demise, Mambila2001, huma_dawii and 2 others
GerbilSoft said:
And this is reason alone to automatically blacklist anything you or your cohorts write. Just imagine what would happen if Microsoft said "we're not going to fix any bugs in Windows because it won't improve anything!"
Click to expand...

but microsoft you must pay for windows or another service, SLP is free and is only armed to facilitate some things, nothing else, we will not devote our whole life to the project.


Cubuss said:
1. Never said there were smash brickers
2. Never said Super lan play contains a virus,
3. Never made any accusations against Super lan play,


switch-lan-play has a license which require people to make there project opensource if they are using it or using parts of it, which super lan play is not doing

https://github.com/spacemeowx2/switch-lan-play/blob/master/LICENSE.txt


Also when i asked them why there discord needed these specific premissions:
They told me middle in the conversation that he could not answer cause he was eating dinner,
unknown.png
Click to expand...

There is no reason to give the source code of something that is 100% code of its own. As it has been said, the client downloads lan-play and generates the parameters to run lan-play.exe in the background. Nothing else, all the code of the web, client is 100% code of SLP.
 
Last edited by Sonnydg,
Sonnydg said:
but microsoft you must pay for windows or another service, SLP is free and is only armed to facilitate some things, nothing else, we will not devote our whole life to the project.
Click to expand...
"It's free, that means we're allowed to make it as shitty as possible."

And everyone else is free to disregard your project as useless garbage.

I do like how you completely ignored all of my suggestions, including the "bundle images in the executable instead of downloading them from GitHub" suggestion, because "IT'S A HOBBY PROJECT STOP TELLING US WHAT TO DO". That's a great way to gain popularity.
 
Last edited by GerbilSoft,
  • Like
Reactions: Subtle Demise, Arcanuskun, KingAsix and 1 other person
GerbilSoft said:
"It's free, that means we're allowed to make it as shitty as possible."

And everyone else is free to disregard your project as useless garbage.

I do like how you completely ignored all of my suggestions, including the "bundle images in the executable instead of downloading them from GitHub" suggestion, because "IT'S A HOBBY PROJECT STOP TELLING US WHAT TO DO". That's a great way to gain popularity.
Click to expand...

we do not want to gain popularity xD We simply announced the project and nothing more. And nobody said that his suggestion was not taken, but that the change would be made when it was necessary and thanks for your suggestion.

As we take it as a hobby, we simply dedicate as much time as we can.
 
GerbilSoft said:
You clearly didn't understand what I wrote.

The images are *downloaded* from the GitHub repository on load, rather than using an internal copy:
Code: 
private void Form1_Load(object sender, EventArgs e)
{
    /* ... */
    this.pictureBox1.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-sw.png");
    this.pictureBox2.Load("https://raw.githubusercontent.com/D3fau4/Super-Lan-Play/master/Resources/super-lan-play-ps.png");
}

The MaterialSkin.dll problem isn't the fact that you're using MaterialSkin.dll. It's the fact that, rather than downloading both files and then running the EXE, the executable itself is creating the DLL. This is known as a "dropper", and can trigger antivirus heuristics. https://www.cknow.com/cms/vtutor/virus-droppers.html
Click to expand...
Sonnydg said:
who are in the github does not mean that he is used. Each version we are making different changes and not all delete from the repository.

MaterialSkin is a library for the UI, which the antivirus then detects ... it does not matter xD, Although MateriaSkin was never the problem.
Click to expand...


I love when someone KNOWS what they're talking about! <3

Kudos! @GerbilSoft
 
  • Like
Reactions: antiNT and GerbilSoft
Cubuss said:
1. Never said there were smash brickers
2. Never said Super lan play contains a virus,
3. Never made any accusations against Super lan play,


switch-lan-play has a license which require people to make there project opensource if they are using it or using parts of it, which super lan play is not doing

https://github.com/spacemeowx2/switch-lan-play/blob/master/LICENSE.txt


Also when i asked them why there discord needed these specific premissions:
They told me middle in the conversation that he could not answer cause he was eating dinner,
unknown.png
Click to expand...
Indeed you did with this post, that you never corrected, and also have posted in a few other threads in regards to the matter

Of course there is a license they should abide by, but life ain't perfect. Yes its horrible they aren't following it but that doesn't instantly mean that it's a virus. As mentioned multiple times obfuscation does many weird things when it comes to AVs.

Soo if he was eating dinner...simply ask again civilly now. Which Im sure anyone here can do if they are truely worried about it. I know it seems like a shot in the dark..but maybe..just maybe..he was *gasp* eating dinner! We are only human and have things to do outside of these websites and some people even have better things to do than being pulled into some petty drama like this that has absolutely no basis

Either way, in the end it doesn't matter since we will just be going after each other like cat and mouse ¯\_(ツ)_/¯

The whole point of my original comment is that this scene as a whole needs to stop trying to go after each other and slicing everyone down at every possible moment over petty nonsense
 
Last edited by ,
Miqote said:
False positives are very much a thing. When you obfuscate code, it's common for it to get flagged as virus/malware because viruses and malware also use obfuscation. Just throw it in http://virustotal.com. If you get under 4-5 results, it's likely a false positive. If you get 5+, maybe it could be. If you get 10+, it probably is. Claiming that something is a virus simply because the author won't release the source code is obnoxious, and that person should never be in charge of anything.


I don't think this post could ever get enough likes to express how much I resonate with it.
Click to expand...
This is incredibly bad advice. Just because there isn't a signature doesn't mean that something isn't malicious. Crypting software has existed for a long time now, and can easily bypass scans. Use a detailed analysis site like this one. This is much more reliable if one doesn't want to put forth the effort to set up an analysis environment.
 
Joom said:
This is incredibly bad advice. Just because there isn't a signature doesn't mean that something isn't malicious. Crypting software has existed for a long time now, and can easily bypass scans. Use a detailed analysis site like this one. This is much more reliable if one doesn't want to put forth the effort to set up an analysis environment.
Click to expand...

Could you analyze this file?
https://github.com/D3fau4/Super-Lan-Play/raw/master/Super-lan-play-client.exe

that is the link of the official download.

Sasori said:
Indeed you did with this post, that you never corrected, and also have posted in a few other threads in regards to the matter

Of course there is a license they should abide by, but life ain't perfect. Yes its horrible they aren't following it but that doesn't instantly mean that it's a virus. As mentioned multiple times obfuscation does many weird things when it comes to AVs.

Soo if he was eating dinner...simply ask again civilly now. Which Im sure anyone here can do if they are truely worried about it. I know it seems like a shot in the dark..but maybe..just maybe..he was *gasp* eating dinner! We are only human and have things to do outside of these websites and some people even have better things to do than being pulled into some petty drama like this that has absolutely no basis

Either way, in the end it doesn't matter since we will just be going after each other like cat and mouse ¯\_(ツ)_/¯

The whole point of my original comment is that this scene as a whole needs to stop trying to go after each other and slicing everyone down at every possible moment over petty nonsense
Click to expand...

what he talks about was already explained and he continues with that.

You can find everything here, both the explanation of the login that is explained in some comments on the pages, also the client and everything.
https://gbatemp.net/threads/super-lan-play.522836/
 
Last edited by Sonnydg,
Joom said:
It's already been analyzed. You can find the results in the Discord log in the OP. Also, for all of you whining about not having the source, just use .NET Reflector and de4dot. .NET programs are stupid easy to RE.
Click to expand...

I am from the SLP development team.

We remove the obfuscator so they can if they want to unpack.
 
  • Like
Reactions: Dichotomy754

Site & Scene News

Go to forum More news

Popular threads in this forum

Feedback Homebrew  Essential Homebrew

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

Homebrew Homebrew game  Lego Star Wars: The Complete Saga · Switch Port

Homebrew Homebrew game  GTA: Chinatown Wars - Switch port

running 20.5 Is it worth upgrading my firmware...?

Homebrew Homebrew game  Half Life 2 (Source Engine) - Switch Port

Homebrew Homebrew game  Final Fantasy IV 3D Remake - Switch port

Hacking Hardware Misc  Yo chat! I'm I cooked?