These things do happen in the world outside RPG Maker, and obfuscated plugins are a great way for it to happen in the RPG Maker world too. Then there’s the problem of third party actors adding obfuscated malware to obfuscated plugins and spreading the malicious version. No one claimed VisuStella is doing that, but denying that obfuscated plugins could be successfully used to spread malicious code is just denying reality. Obfuscated plugins can also be used in the same way. People found malicious code in Github repositories, and even the NPM package manager was used by malicious actors to spread malware to NodeJS developers. Malware detectors don’t detect all malware, which is one of the reasons why new malware is developed. If any problem arises, players are going to blame the author of the game. To be fair, the obfuscated plugins aren’t likely to be doing any of that, but if they do, and the players of games that use those plugins find out, they are going to blame whoever made the game, not the authors of plugins used in the game.Įven if the plugin authors themselves don’t put malware into their obfuscated plugins, someone could add obfuscated malicious code to one of these plugins and distribute the edited, evil version - and no one would know, because it’s all obfuscated. It could be doing anything, from opening up the doors for more elaborate malware, to mining cryptocurrencies in the background, gathering usage statistics or even searching the computer for personal files or data to send to some server somewhere. Obfuscated plugins hide their source code, which means that game developers using them don’t know exactly what the code does. RPG Maker Web saff member and VisuStella team member Archeia closed the thread without giving anyone the chance to address the concerns raised by Faherya. Unfortunately, further discussion wasn’t allowed. ![]() Closed source cannot be audited and, consequently, optimized. From virus infections or data leaks, it will be left to you judicially.ģ) It is not feasible to carry out tests to find out if the script is doing what it says to do in the best way. And if there is a problem, the responsibility is yours. In a thread discussing the encrypted VisuStella plugins, Faherya wrote a post pointing out a big problem with them:ġ) If you don’t know what’s there, your data and your machine are at risk.Ģ) If you ignored the first point, you are exposing the machines of the people to whom you plan to distribute the project. Using obfuscated plugins puts game developers at risk, according to a member of the official RPG Maker forums. VisuStella plugins are the most popular examples of obfuscated plugins.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |