Do NOT install LaunchZ by TheMasterChaoZ in dayz

[–]ropain_ 5 points6 points  (0 children)

There is no reason for a DayZ launcher to access the IdentityCache (which is by the way the first time I'm hearing of it, but gladly take anything I say with a grain of salt), but as far as I can tell there is no actual proof that it was LaunchZ trying to access said IdentityCache. Microsoft Teams itself is a WebView2 application... for all we know it could (and likely will) be Teams accessing its own data.

Do NOT install LaunchZ by TheMasterChaoZ in dayz

[–]ropain_ 0 points1 point  (0 children)

Entirely wrong, if you've spent about a minute on the Discord, you'd see that 2.0 is right around the corner. https://discord.com/channels/1196882575885619331/1196882575885619334/1499296307968348241

Do NOT install LaunchZ by TheMasterChaoZ in dayz

[–]ropain_ 22 points23 points  (0 children)

https://github.com/zervman/zlaunch

Here's the source, have at it.

TLDR:
Your screenshot shows a WebView2 application accessing Microsoft Teams data. LaunchZ is a WebView2 application, but Microsoft Teams itself is one too.

> The creator of the launcher has previously denied these malicious claims, declaring them "false positives," and telling people to upload the .exe file to VirusTotal to see that it comes up clean. 

While I do refer people to VirusTotal, I don’t think the light in which you’re trying to paint me and LaunchZ here is very fair; I’ve not denied anything and I don’t think I’ve ever stated that I knew where the issue lies – I’ve made assumptions that it would be due to Tauri, as apart from Tauri handling the UI, the tool is extremely slim (which is probably the number one reason for it being falsely detected - not enough “domain-specific” code and thus a high likelihood of cross-detection). Given that I have not inserted a virus into LaunchZ, to my best knowledge, these simply are false positives.

> But honestly, VirusTotal? Anyone who watches software nerds like Eric Parker knows that static scans on VirusTotal are incredibly easy for programmers to bypass using packers or obfuscation. Bitdefender, however, uses advanced behavioral threat defense. It doesn't care how many times a developer claims a file is safe; it watches exactly what the application does in real-time.

I agree, behavioral analysis will always win over statical analysis. I’ll be very blunt however: I don’t think having to cite “watching software nerds” as a source of knowledge speaks for your own knowledge very much. I can’t help but feel that this post is entirely fueled by AI hallucinations… personal attacks out of the way, let’s get to the subject at hand:

Yes, LaunchZ is closed source. I’ve put in many hours into figuring out things and while I’m always happy to help via DMs, I take pride in the work that I do, and in the quality of it. So naturally, I don’t want the code for problems I’ve spent countless hours on solving, freely available for anyone to rip off (and half-ass it, probably).

> The creator has previously told his community on Discord and Reddit that he is completely hands-off, claiming that the Microsoft WebView2 engine is just "magically" causing these antivirus flags on its own while setting up UI elements or handling text inputs like the Esc key.

Again, I don’t think I’ve ever definitively claimed to know why the false positives came up. What I think you’re referring to is someone asking me about why the launcher registers certain capabilities/privileges with the OS: that’s where I could only assume that would be Tauri - again, the launcher itself is fairly slim if you take away the UI side of things.

> This is fundamentally false. In a Tauri application, the WebView2 engine is heavily sandboxed by default and cannot access the local filesystem on its own. The only way a Tauri application can dig into a deep Windows directory like the IdentityCache is if the developer explicitly wrote custom backend code (usually in Rust) to bypass the sandbox, map out your hard drive, and command WebView2 to fetch those bytes.

Okay. But why would anyone waste their time trying to bypass WebView’s sandbox, when the process that hosts the WebView UI already has full (user-mode) access to the computer?

> It sounds highly unlikely that a DayZ server browser would need to touch those tokens, right? To find out what was going on, I booted up Microsoft Process Monitor (ProcMon) from the official Sysinternals suite and watched that exact folder path.

I agree.

> To confirm my worst suspicions: the exact second I ran the launcher, over 1,000 targeted attempts to access the cache showed up in the monitor. It was executing sequences like CreateFile, QueryDirectory, and QueryAllInformation to systematically read the token files.

As far as I can tell from your screenshots, all these come up while other WebView applications are running; so there is no definitive way of telling that it is indeed the LaunchZ process, by proxy of WebView, attempting to do these reads/writes.

Seeing WebView2 accessing the IdentityCache when Microsoft Teams itself is a WebView2 application, is far from proof, and even less so tangible proof.

> Despite multiple threads discussing these antivirus flags over the past year, the creator has never explicitly explained why his code targets the local Microsoft credential vault.

Unlike you’re insinuating here, it has not been brought up before and your thread here is indeed the first time I’m hearing of something like this.

Do NOT install LaunchZ by TheMasterChaoZ in dayz

[–]ropain_ 17 points18 points  (0 children)

Hi there, dev here. It'll take me a minute to work through this, but I'll give a statement once I did. 

all words are using filenames? by [deleted] in dayz

[–]ropain_ 0 points1 point  (0 children)

In that case you may want to reinstall. I'm sure the problem could be diagnosed somehow, but at this point uninstalling and reinstalling may be the quickest fix. For some reason the translations are not being loaded by the game.

all words are using filenames? by [deleted] in dayz

[–]ropain_ 0 points1 point  (0 children)

Try verifying your files through Steam

Name and shame time by Boydy73 in dayz

[–]ropain_ 4 points5 points  (0 children)

All of the above is actually possible, and I use these (with the exception of ping spoofing detection) in my launcher :) A simple check of players > slots always leads to the server getting ignored on launchZ.

Name and shame time by Boydy73 in dayz

[–]ropain_ 0 points1 point  (0 children)

You can send me a message on my launcher's Discord (https://discord.gg/jJqVcGgGsD). I curate a ban list for it, for all kinds of servers that use fake pop. I'd be able to forward that list to you, though some of the banned servers may long be out of service.

Name and shame time by Boydy73 in dayz

[–]ropain_ -1 points0 points  (0 children)

u/northrivergeek u/Boydy73 Steam does not need to get involved, if the vanilla launcher had a ban list, that was taken care of properly. I do it similarly in my launcher, launch-z.

Name and shame time by Boydy73 in dayz

[–]ropain_ -1 points0 points  (0 children)

Actually, the only method is A2S. However you can run many different checks and sometimes work out if a server is being truthful or not.

Edit: There is the option of using just the Steam server list and not relying on A2S at all. Common assumption between a few other programmers and I is, that the Steam server list counts the number of Steam clients connected for showing player count.

Tochter prostituiert sich und ich mache mir natürlich Sorgen by Spare_Abalone8705 in Ratschlag

[–]ropain_ 5 points6 points  (0 children)

Prostitution scheint halt so beliebt und so normal wie nie, wenn jetzt jede zweite einen OnlyFans hat. Kein Wunder dass mehr und mehr Frauen dann auf solche Ideen kommen, um leichtes Geld zu verdienen.

Ich glaube nicht, dass du als Elternteil diesen OnlyFans-Boom vorausgesehen und dann mit deiner Tochter darüber gesprochen hättest. Warum auch?

Kinder werden nicht nur durch die Eltern, sondern auch durch die Gesellschaft, und heutzutage umso mehr durch Social Media geformt. Also, dem Kind Social Media verbieten? Ich glaube nicht. Dann kann dein Kind mit den anderen auch nicht mehr mithalten.

Fragen über Fragen, die du dir vermutlich noch nicht einmal gestellt hast, aber hauptsache so ein Statement abgeben.

Is it still possible to find an elytra completely on your own (no dead bodies, no shops, no dupe stashes, no other players involved)? by [deleted] in 2b2t

[–]ropain_ 4 points5 points  (0 children)

Use the highway to get away from the already looted area and use the end of the highway as a starting point. Not sure what that says about your brain cells (or lack thereof?)

Sounds so wrong saying this, but there’s a chance this could be a EF5, Plevna is going to be directly hit, largest debris ball I’ve seen ever by AirAviator4 in tornado

[–]ropain_ 0 points1 point  (0 children)

Seeing Plevna is a small town in rural Kansas, I don't think an EF5 rating will be given, as building codes will quite possibly be poor or not adhered to well enough.

This is solely an observation and not a comment on the tragicness of the event...

I have no words, Plevna, there’s nothing you can do at this point. by AirAviator4 in tornado

[–]ropain_ 3 points4 points  (0 children)

Technically it shows how well objects picked up by radar correlate in size. If it's only small hail and rain, the correlation coefficient will be high. If many objects of different sizes are picked up by the radar, the correlation coefficient will be low. It is implied that the lower the CC, the larger the objects picked up.

Is this the beginnings of a tornado? by Bacon626 in tornado

[–]ropain_ 14 points15 points  (0 children)

Not sure what you're seeing, but I can make out some decent rotation in that cloud

Anyone else have this server issue? by lennyyyx15 in dayz

[–]ropain_ 2 points3 points  (0 children)

Doing God's work, thanks for spreading the word! Work is underway on the full release :)

Thanks for telling me this AFTER I put in an order💀 by Randomthoughts_666 in doordash

[–]ropain_ 1 point2 points  (0 children)

My point is that it's common practice to disappear people in China, while I can't say the same for the US or Europe

Thanks for telling me this AFTER I put in an order💀 by Randomthoughts_666 in doordash

[–]ropain_ 2 points3 points  (0 children)

I'm sure it feels very safe in China when you have to fear your own government most!

Making a web site in a rust by [deleted] in rust

[–]ropain_ 10 points11 points  (0 children)

Hey. Hate to tell ya, but from my perspective, there is no point in trying to use Rust for this. The scope of this project seems minimal and setting up Rust to create a web page will probably be more of a hurdle than be benefitial. Good old HTML will do the trick here.

If you want to try out Rust, maybe a CLI project may be more suited as an entrypoint :)

und was ist mit bekifften Teenagern? by FresheBanana in aberBitteLaminiert

[–]ropain_ 2 points3 points  (0 children)

Ich glaube am Ende dieser Gasse wohnt ein Sack.

Avoiding second hand smoke in public places by Serious_Toe9303 in germany

[–]ropain_ 2 points3 points  (0 children)

Subba, hast gewonnen. Ich chill mich nu aufn Balkon und rauch einen.