FYI: LBML Updater - Trojan Content

carbon

Mature
Joined
Sep 2, 2018
Posts
40
Location
Here & There
Society
The Ministry
Avatar Name
Insanity
Just a heads up for LBML users,

the latest update of LMBL is triggering Trojan Warning for Trojan:Win32/Zpevdo.B

LBML.jpg
 
Carbon, How did you go with this. Having similar issues on this end.
 
I Have to go to windows defender everytime i start the program and pull that file out of quarantaine so i can start it.
 
You should be able to exclude the whole installation folder from windows defender by adding it to the exclusion list.

Here is how.
 
Carbon, How did you go with this. Having similar issues on this end.

Heya,

First off sorry for the late reply !!

I opened my Windows Defender Notification > Clicked the alert regarding LBML files > Check the bottom right part & u can select the Allow from the drop down menu.
[OR]
You can follow Angel's link :D

Seems to be working fine but the radar latency is a bit slow for me atm, maybe because of triple display not sure.
 
I will say, Google is also blocking the site.

We sure this is completely safe..?

Google does this from time to time. When I talked to Ido last, he said it had something to do with how he obfuscates the LBML's code so people can't copy it. Something about that sets off false positives for Google and sometimes virus scanners. I'm sure there's some more official/professional way to do that, but I think it's also a product of being a volunteer project

I don't think Ido has been as active to address this recent round like they have others, but nothing has significantly changed with it in the years it's been in use really.
 
This ....

Yeah, it’s annoying to have to click through that see details button and continue on to the site. Maybe there’s somewhere to report it to Google as a false positive.
 
Google does this from time to time. When I talked to Ido last, he said it had something to do with how he obfuscates the LBML's code so people can't copy it. Something about that sets off false positives for Google and sometimes virus scanners. I'm sure there's some more official/professional way to do that, but I think it's also a product of being a volunteer project

I don't think Ido has been as active to address this recent round like they have others, but nothing has significantly changed with it in the years it's been in use really.

So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.
 
So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.

I agree. I think all MA approved third-party tools should be open source (the client side that interfaces with the game directly at least) so they can be audited by the public. LBML is pretty much just OCR + mining claim database that also feeds your data back to their servers. The billion dollar idea is that he managed to convince a lot of miners to share their claims so he has almost a real-time feed of mining data. If you are an active miner, you can likely capitalize on that data like knowing how recently an area has been mined and roughly how many TT of resources has been extracted, when/where is the last dunkel find and the distribution of enmatter on every random corner of NI server, all without needing to a drop single probe. Personally I'd love to get my hands on that kind of data, and there are so many analysis you can perform on that.
 
I agree. I think all MA approved third-party tools should be open source
Pretty sure Mindark has never 'approved third party tools.'. They actually suggest not using third party apps. The community may suggest using them, and some may be relatively safe but I don't think Mindark has every actually approved use of any of them... and may actually have suggested in some support tickets or comments on forums, etc. that using them as player's own risk of possible ban, etc.
 
Pretty sure Mindark has never 'approved third party tools.'. They actually suggest not using third party apps. The community may suggest using them, and some may be relatively safe but I don't think Mindark has every actually approved use of any of them... and may actually have suggested in some support tickets or comments on forums, etc. that using them as player's own risk of possible ban, etc.

They do: https://www.planetcalypso.com/planet-calypso/community-sites/tools/

Although it's not clear how often they actually re-evaluate these tools, and knowing MA I guess the answer is never or only upon request.

Unless MA carefully reviews the code on every update, it's always possible that a tool starts out legitimately and sneaks in some backdoors some versions later and you may never know. Hence why they should be open source and preferably in some ways that can be built reproducibly so you are sure the binary you are running is the same as the source, but I guess that is never going to happen.

I write my own tools that do not interfaces with the EU client at all (claims are typed in manually, no OCR or keylogger injection), and I can do my own analysis on the fly in a nice web-based interface.
 
Last edited:
I used to use LBML back in the day heavily and found it to be a great tool. I'm not saying necessarily that it's dangerous, but on the other hand this is a little concerning.. it gives people a reason to pause. I comopletely agree that something like this should be open source. To the best of my knowledge Google only does this with Chrome extensions though (block obfuscated code), so I dont know, it's all just a little too unclear.

Anyway...
 
So he tries his best to hide the code and when it sets off virus alerts people are still willing to trust the program written by a guy they've never met?

Something like this should be open source, it's not like he's got the secret to a billion dollar idea in that code.

I've talked to Ido about this, and the main reason he doesn't open source it is to prevent people from manipulating the data. I suggested open sourcing it anyway but keeping the submission code as an encrypted library and he seemed somewhat receptive, but I don't think he has much time to dedicate to LBML.

That said, if you run LBML through VirusTotal, it hits on a lot of different scanners.

My personal opinion of Ido is that he's a decent guy (with a long history in EU) who probably wouldn't intentionally include malware in his app.

My professional opinion is to err on the side of caution for community software that I didn't build myself in a clean vm. We don't know what his build process is or if there is a legitimate infection that he did not intend but came from his machine.
 
I've talked to Ido about this, and the main reason he doesn't open source it is to prevent people from manipulating the data. I suggested open sourcing it anyway but keeping the submission code as an encrypted library and he seemed somewhat receptive, but I don't think he has much time to dedicate to LBML.

That said, if you run LBML through VirusTotal, it hits on a lot of different scanners.

Yes, I suppose part of the reason it isn't open sourced is that he doesn't want people to easily submit falsified data, but honestly I don't think it will stop really dedicated people.

I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.

My personal opinion of Ido is that he's a decent guy (with a long history in EU) who probably wouldn't intentionally include malware in his app.

My professional opinion is to err on the side of caution for community software that I didn't build myself in a clean vm. We don't know what his build process is or if there is a legitimate infection that he did not intend but came from his machine.

Yes, that's why I mentioned reproducible builds, so any interested parties can verify the binary matches the source code and has not been tempered/compromised. This is especially important since 99% of the users aren't going to build the executable himself.
 
I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.

Totally agree. Even without a full plugin interface, MA would be doing the community a huge service by simply amping up the logging. This would make so many community-driven apps so much easier to write.

https://www.planetcalypsoforum.com/forums/showthread.php?313419-Increase-logging-verbosity&highlight=
 
Yes, I suppose part of the reason it isn't open sourced is that he doesn't want people to easily submit falsified data, but honestly I don't think it will stop really dedicated people.

I also wonder why MA doesn't just open an API for 3rd-party programs when they are vetting these tools. It doesn't even need to be a plugin interface, just log users actions into chat.log like "You dropped a probe at [12345, 67890, 123]" and "You found a resource (Lysterium Stone) of size 5 at [12345, 67890, 123] depth 1234m" would be more than enough. LBML could then just parse chat.log without doing all these troubles to do OCR/keylogging stuff on the client. Heck, you could probably write an awk script to parse that and insert data into a sqlite db in 100 lines.



Yes, that's why I mentioned reproducible builds, so any interested parties can verify the binary matches the source code and has not been tempered/compromised. This is especially important since 99% of the users aren't going to build the executable himself.

They don't open that because it will result in people trying to bot or create bots, more so than the problem that we already have.
 
They don't open that because it will result in people trying to bot or create bots, more so than the problem that we already have.


Other MMOs prevent that by simply not having API functions for movement/combat, only for UI.
 
Other MMOs prevent that by simply not having API functions for movement/combat, only for UI.

They dont have that now and we have bots. Dont need AI for that.
 
They dont have that now and we have bots. Dont need AI for that.

Yea I agree, I was just speculating that having a full plug-in API (limited ofc) would likely not noticeably increase the botting activity. If I was going to make a bot in any of the MMOs that do have plug-ins, I would not do so using their plug-in system.
 
Looks like Ido got whatever was throwing the false positive taken care of. It's possible to directly access the website again.
 
Looks like Ido got whatever was throwing the false positive taken care of. It's possible to directly access the website again.

Well, it is back on Google's warning list.
 
Back
Top