FYI: LBML Updater - Trojan Content

carbon

Mature
Joined
Sep 2, 2018
Posts
40
Location
Here & There
Society
The Ministry
Avatar Name
Insanity
Just a heads up for LBML users,

the latest update of LMBL is triggering Trojan Warning for Trojan:Win32/Zpevdo.B

 

Jay JJ Hawk

Hatchling
Joined
Aug 22, 2018
Posts
3
Location
Twin Peaks
Avatar Name
Jay JJ Hawk
Carbon, How did you go with this. Having similar issues on this end.
 

mg Joda VVV

Prowler
Joined
Oct 31, 2006
Posts
1,239
Avatar Name
mg Joda VVV VVV
I Have to go to windows defender everytime i start the program and pull that file out of quarantaine so i can start it.
 

Angel O2 Mercer

Marauder
Joined
Mar 1, 2010
Posts
6,128
Location
Spain
Society
Rangers
Avatar Name
Angel O2 Mercer
You should be able to exclude the whole installation folder from windows defender by adding it to the exclusion list.

Here is how.
 

carbon

Mature
Joined
Sep 2, 2018
Posts
40
Location
Here & There
Society
The Ministry
Avatar Name
Insanity
Carbon, How did you go with this. Having similar issues on this end.
Heya,

First off sorry for the late reply !!

I opened my Windows Defender Notification > Clicked the alert regarding LBML files > Check the bottom right part & u can select the Allow from the drop down menu.
[OR]
You can follow Angel's link :D

Seems to be working fine but the radar latency is a bit slow for me atm, maybe because of triple display not sure.
 

kingofaces

Old Alpha
Joined
Jun 9, 2013
Posts
701
Location
US
Avatar Name
Tony KingofAces Hans
I will say, Google is also blocking the site.

We sure this is completely safe..?
Google does this from time to time. When I talked to Ido last, he said it had something to do with how he obfuscates the LBML's code so people can't copy it. Something about that sets off false positives for Google and sometimes virus scanners. I'm sure there's some more official/professional way to do that, but I think it's also a product of being a volunteer project

I don't think Ido has been as active to address this recent round like they have others, but nothing has significantly changed with it in the years it's been in use really.
 

kingofaces

Old Alpha
Joined
Jun 9, 2013
Posts
701
Location
US
Avatar Name
Tony KingofAces Hans
This ....
Yeah, it’s annoying to have to click through that see details button and continue on to the site. Maybe there’s somewhere to report it to Google as a false positive.
 

slither

Marauder
Joined
Nov 12, 2005
Posts
6,175
Location
UK
Society
Rangers
Avatar Name
Snake Slither Hellfire
Google does this from time to time. When I talked to Ido last, he said it had something to do with how he obfuscates the LBML's code so people can't copy it. Something about that sets off false positives for Google and sometimes virus scanners. I'm sure there's some more official/professional way to do that, but I think it's also a product of being a volunteer project

I don't think Ido has been as active to address this recent round like they have others, but nothing has significantly changed with it in the years it's been in use really.
So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.
 

PkmX

Stalker
Joined
Mar 3, 2006
Posts
1,543
Location
Hsinchu/Taipei, Taiwan
Society
Art of Mining
Avatar Name
PkmX PkmX PkmX
So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.
I agree. I think all MA approved third-party tools should be open source (the client side that interfaces with the game directly at least) so they can be audited by the public. LBML is pretty much just OCR + mining claim database that also feeds your data back to their servers. The billion dollar idea is that he managed to convince a lot of miners to share their claims so he has almost a real-time feed of mining data. If you are an active miner, you can likely capitalize on that data like knowing how recently an area has been mined and roughly how many TT of resources has been extracted, when/where is the last dunkel find and the distribution of enmatter on every random corner of NI server, all without needing to a drop single probe. Personally I'd love to get my hands on that kind of data, and there are so many analysis you can perform on that.
 

mastermesh

Mutated
Joined
Apr 21, 2007
Posts
15,288
Location
Billy Bar
Society
the Ministry
Avatar Name
Maria Mesh
I agree. I think all MA approved third-party tools should be open source
Pretty sure Mindark has never 'approved third party tools.'. They actually suggest not using third party apps. The community may suggest using them, and some may be relatively safe but I don't think Mindark has every actually approved use of any of them... and may actually have suggested in some support tickets or comments on forums, etc. that using them as player's own risk of possible ban, etc.
 

PkmX

Stalker
Joined
Mar 3, 2006
Posts
1,543
Location
Hsinchu/Taipei, Taiwan
Society
Art of Mining
Avatar Name
PkmX PkmX PkmX
Pretty sure Mindark has never 'approved third party tools.'. They actually suggest not using third party apps. The community may suggest using them, and some may be relatively safe but I don't think Mindark has every actually approved use of any of them... and may actually have suggested in some support tickets or comments on forums, etc. that using them as player's own risk of possible ban, etc.
They do: https://www.planetcalypso.com/planet-calypso/community-sites/tools/

Although it's not clear how often they actually re-evaluate these tools, and knowing MA I guess the answer is never or only upon request.

Unless MA carefully reviews the code on every update, it's always possible that a tool starts out legitimately and sneaks in some backdoors some versions later and you may never know. Hence why they should be open source and preferably in some ways that can be built reproducibly so you are sure the binary you are running is the same as the source, but I guess that is never going to happen.

I write my own tools that do not interfaces with the EU client at all (claims are typed in manually, no OCR or keylogger injection), and I can do my own analysis on the fly in a nice web-based interface.
 
Last edited:

xxPriestxx

Provider
Joined
Dec 8, 2015
Posts
177
Avatar Name
xx Priest xx
I used to use LBML back in the day heavily and found it to be a great tool. I'm not saying necessarily that it's dangerous, but on the other hand this is a little concerning.. it gives people a reason to pause. I comopletely agree that something like this should be open source. To the best of my knowledge Google only does this with Chrome extensions though (block obfuscated code), so I dont know, it's all just a little too unclear.

Anyway...
 

Detritus

Sel-requested Deactivation
Joined
Sep 25, 2016
Posts
1,084
Avatar Name
Detritus the Troll
So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.
I've talked to Ido about this, and the main reason he doesn't open source it is to prevent people from manipulating the data. I suggested open sourcing it anyway but keeping the submission code as an encrypted library and he seemed somewhat receptive, but I don't think he has much time to dedicate to LBML.

That said, if you run LBML through VirusTotal, it hits on a lot of different scanners.

My personal opinion of Ido is that he's a decent guy (with a long history in EU) who probably wouldn't intentionally include malware in his app.

My professional opinion is to err on the side of caution for community software that I didn't build myself in a clean vm. We don't know what his build process is or if there is a legitimate infection that he did not intend but came from his machine.
 

PkmX

Stalker
Joined
Mar 3, 2006
Posts
1,543
Location
Hsinchu/Taipei, Taiwan
Society
Art of Mining
Avatar Name
PkmX PkmX PkmX
I've talked to Ido about this, and the main reason he doesn't open source it is to prevent people from manipulating the data. I suggested open sourcing it anyway but keeping the submission code as an encrypted library and he seemed somewhat receptive, but I don't think he has much time to dedicate to LBML.

That said, if you run LBML through VirusTotal, it hits on a lot of different scanners.
Yes, I suppose part of the reason it isn't open sourced is that he doesn't want people to easily submit falsified data, but honestly I don't think it will stop really dedicated people.

I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.

My personal opinion of Ido is that he's a decent guy (with a long history in EU) who probably wouldn't intentionally include malware in his app.

My professional opinion is to err on the side of caution for community software that I didn't build myself in a clean vm. We don't know what his build process is or if there is a legitimate infection that he did not intend but came from his machine.
Yes, that's why I mentioned reproducible builds, so any interested parties can verify the binary matches the source code and has not been tempered/compromised. This is especially important since 99% of the users aren't going to build the executable himself.
 

Detritus

Sel-requested Deactivation
Joined
Sep 25, 2016
Posts
1,084
Avatar Name
Detritus the Troll
I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.
Totally agree. Even without a full plugin interface, MA would be doing the community a huge service by simply amping up the logging. This would make so many community-driven apps so much easier to write.

https://www.planetcalypsoforum.com/forums/showthread.php?313419-Increase-logging-verbosity&highlight=
 

atomicstorm

Marauder
Joined
Aug 21, 2013
Posts
7,359
Location
Tennessee, USA
Society
Entropialoot.com
Avatar Name
MeLoveYou LongTime FiveDolla
Yes, I suppose part of the reason it isn't open sourced is that he doesn't want people to easily submit falsified data, but honestly I don't think it will stop really dedicated people.

I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.



Yes, that's why I mentioned reproducible builds, so any interested parties can verify the binary matches the source code and has not been tempered/compromised. This is especially important since 99% of the users aren't going to build the executable himself.
They don't open that because it will result in people trying to bot or create bots, more so than the problem that we already have.
 

Detritus

Sel-requested Deactivation
Joined
Sep 25, 2016
Posts
1,084
Avatar Name
Detritus the Troll
They don't open that because it will result in people trying to bot or create bots, more so than the problem that we already have.

Other MMOs prevent that by simply not having API functions for movement/combat, only for UI.
 

atomicstorm

Marauder
Joined
Aug 21, 2013
Posts
7,359
Location
Tennessee, USA
Society
Entropialoot.com
Avatar Name
MeLoveYou LongTime FiveDolla
Other MMOs prevent that by simply not having API functions for movement/combat, only for UI.
They dont have that now and we have bots. Dont need AI for that.
 

Detritus

Sel-requested Deactivation
Joined
Sep 25, 2016
Posts
1,084
Avatar Name
Detritus the Troll
They dont have that now and we have bots. Dont need AI for that.
Yea I agree, I was just speculating that having a full plug-in API (limited ofc) would likely not noticeably increase the botting activity. If I was going to make a bot in any of the MMOs that do have plug-ins, I would not do so using their plug-in system.
 

kingofaces

Old Alpha
Joined
Jun 9, 2013
Posts
701
Location
US
Avatar Name
Tony KingofAces Hans
Looks like Ido got whatever was throwing the false positive taken care of. It's possible to directly access the website again.
 

PkmX

Stalker
Joined
Mar 3, 2006
Posts
1,543
Location
Hsinchu/Taipei, Taiwan
Society
Art of Mining
Avatar Name
PkmX PkmX PkmX
Looks like Ido got whatever was throwing the false positive taken care of. It's possible to directly access the website again.
Well, it is back on Google's warning list.
 
Top