Author Topic: Killing Blockland installations through slayer  (Read 20597 times)

So wait what does it do? Like does it make you try to uninstall it with a message or does it actually make the game crash?
I'm no coder, but this looks like it systematically deletes every file in the Blockland folder before displaying the message. It's like viral code.

So wait what does it do? Like does it make you try to uninstall it with a message or does it actually make the game crash?
It simply tries to delete every file in the Blockland directory. The game crashes from missing resources before it gets very far, though.

Holy forget that's terrible. If this was deliberate, I hope he gets what's coming to him.

Zapk doesn't appear to give crap about the game now so he won't care if all his keys are revoked. Not really anything we can do whether it was deliberate or not.

so, the question is should i uninstall my slayer files and try re-installing an older version

I'm no coder, but this looks like it systematically deletes every file in the Blockland folder before displaying the message. It's like viral code.
I opened blockland with it like 5 times and crashed every time until I realized it was the slayer gamemode. it just makes you crash, but sometimes you get a message saying 'required game files have been corrupted. you should re-install the game' before crashing

The thing I'm really really concerned about is the fact that this is actually possible through add-on code.

It simply tries to delete every file in the Blockland directory. The game crashes from missing resources before it gets very far, though.
Jesus
It's a good thing I'm used to not updating it, I heard that the version before that made the slayer bots not work or something so I just naturally never did.
idc if it wasn't true or not cause otherwise I would've had this happen to me.

The thing I'm really really concerned about is the fact that this is actually possible through add-on code.

this isnt the first time malicious code has been found in blockland addons

for example the whole marble man fiasco with the backdoors to provide admin to him and his friends to anyone unlucky enough to have the addon installed

The thing I'm really really concerned about is the fact that this is actually possible through add-on code.

addons basically have all access to the blockland installation folder

and that screenshot function actually has write access to the entire hard drive

Some good news here. Zapk has decided to show good faith in this issue by forcing a Slayer update which removes the malicious code. I have screened the new code and it no longer contains the malicious code. Take this as you wish.

Well, glad that's over. I can only imagine the sort of junk this would cause if it hadn't been patched this quickly.

Well, glad that's over. I can only imagine the sort of junk this would cause if it hadn't been patched this quickly.

The purge in blockland

Some good news here. Zapk has decided to show good faith in this issue by forcing a Slayer update which removes the malicious code. I have screened the new code and it no longer contains the malicious code. Take this as you wish.

I'm still too scared to start up Blockland. Is there a way to remove the malicious code by hand without messing up the script? Or will the update be installed before the code can start deleting files?

It didn't kill my blockland installation. I can play smoothly after removing slayer

I'm still too scared to start up Blockland. Is there a way to remove the malicious code by hand without messing up the script? Or will the update be installed before the code can start deleting files?
You can patch it yourself. Open Gamemode_Slayer and navigate to \client\dependencies\GUI.cs

Scroll to the bottom and remove the last line which should be "schedule(0, 0, fixSlayerClientConfig);"
If that is not the last line, your version isn't infected.


I am quite pleased with Zapk's quick cooperation with me to fix the issue. In my mind, this makes him a less likely suspect. Now we need to find out who caused it. Before Zapk updated, he sent me a line from his website's logs which he believed at the time was the hijacker.

5.172.248.223 - - [16/Aug/2014:13:16:51 -0400] "GET /domains/ftp.txt HTTP/1.0" 304 - "http://zapkraft.net/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0"

The address 5.172.248.223 does not show up in any logs I have, and it could possibly be made up, but it's probably worth investigating anyways.