this post was submitted on 25 Jan 2024
153 points (89.2% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
55016 readers
636 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The go to would be the forum cs.rin.ru . They have two boards Russian and English but you don't need to bother with the Russian side.
How to go to English board? I am only seeing Russian. I'm using Google translate page to read the page. Help
Yo sorry, I know this is 23 days old, hopefully you figured it out by now, but if you still didn't
When you log in the website it should show you two separate tables. The top table is the Russian forum.
What you want is the one called "Main Forum" from the second table.
Usually I have no issues with the above site but when looking for the latest patch this is the result of a virus total scan from a very prominent known-user: https://www.virustotal.com/gui/file/0a661adf06c2bef40749e9eba17ffccef0eb0e76321a5a21ec11ca60c34fb0dc/behavior
Gonna have to reassess my views regarding the safety of this site..
I see nothing in the virustotal results that I would be concerned with. The only file with issues is the online fix, which makes sense that it will find something about it, because most cracks will show some false positives. Take a look at the results and check what it says.
I'm no stranger to false positives, especially when virus scanners are all too keen to label things as "hacktools" and class them as malicious. However there is apparently no need for an online fix at the moment as there is no real authentication to play online so I just can't understand why there are so many calls to specific IP addresses that aren't in the legitimate version. (As there are currently no need to run pirated servers)
Also it's the first time I've see so many sigma flags in the sandbox tests. When I see "Critical: Ransomware" I get spooked. (As I've never seen this level of warning before. Nothing above a medium, infact)
Ive done quite a bit of googling but haven't been able to find much to dissuade my fears with sandbox flags like these.. What's more cracks from different users all have differing detection flags and call different IP addresses..
TL;DR: I'm out of my depth with this one.
That makes more sense, and a bit beyond my depth as well. But this is not the sites issue at this point, just some honest questions about the online fix.
I was under the impression we needed the online fix for it to work with other legitimate players. It doesn’t make sense to have an online fix if one isn’t needed. I’ll look into that part more, but I can see it being titled ransomware if they redirect queries to another server to make them go to the legit server and bypass the legit check.
Still depends on if we needed the online fix or not from the beginning, and then the question becomes, “how did they make the online check work, and where does it redirect to?”