login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
5 
This topic has been pinned, so it's probably important 
Report this post
As mentioned in OP, the malware is trivial:
As you know, TM:PE team have been working hard to fix speed-related bugs over the past few weeks, so you can imagine how it felt to discover that some of those problems were created on purpose by another modder and that they were directly targeted at us.
Given the persistent and escallating actions of Chaos / Holy Water / drok (same person), we are now treating all those mods as potentially malicious until proven otherwise. Even if they do not currently contain malware, we don't know what will be added in future updates (especially via "Update from Github" mod which bypasses Steam workshop entirely).
Holy Water has now largely scrubbed all evidence of this, but a version of the mod was released with code specifically designed to create bugs if it was used with the main Harmony mod[github.com] which Holy Water is trying to discredit (you can also see in that code update he's added more steam users to the malware target list).
Almost the entire modding community have devoted considerable time to transitioning their own mods - and lots of older mods - to Harmony framework. Again, you can imagine the frustration caused when it became apparent that one modder had specifically designed their mod to cause bugs when used with that mod.
If you need to recover a city broken by the NExt 3 mod, use this collection which contains complete set of NExt roads but without the NExt mod:
https://steamcommunity.com/sharedfiles/filedetails/?id=2642484580
This youtube video explains how it works: https://www.youtube.com/watch?v=O-If-hXz2KA
It should be obvious, but I'm going to point it out anyway.
Holy Water is targeting mods with over 1 million users (NExt, Harmony, TM:PE, etc), causing bugs in them, and then presenting his own versions as the 'fix'.
When modders complain, they get added to a targeted malware list in at least one of his mods, are also blocked them from creating derivative works of his versions of their mods.
For example, I contributed code to Network Extensions (specifially a project called "TAM" - Transit Addon Mod, you've probably seen it mentioned in log files if you use NExt 2 or NExt 3). If I try to "fork" (clone) the Network Extensions 3 project I get an error because Holy Water has blocked cloning that code that I once worked on.
Holy Water then goes to great lengths to reiterate over and over (something known as "repeat assertion technique" aka "proof by assertion") that his code is "open source", and also then claims that _he_ is the actual victim when people rightfully point out that he's the one causing problems.
As the number of users grows, more bugs appear in other popular mods... rinse, wash, repeat.
This is a discernable pattern and one which is very familiar to anyone trained to spot it due to their line of work, not that I would be such a person or doing that line of work ofc.
It's a technique used to split communities; it starts by drawing some people away, telling them that they are part of something special, that they must ignore all the disruption and other problems that are starting to happen, and that everyone else is out to get them... I don't need to say more, you can work out what's going on here.
The reports generated by Harmony "redesigned" are very familiar to anyone who worked on or observed the creation of the main harmony mod, and the transition of dozens of mods to using it.
Part of that work was a proposed system whereby errors could be trapped and associated with the mod where the error occurred. However, there are issues with this approach - namely, where an error is detected is often not the source of the problem but rather a symptom of the problem. It can be hugely misleading to anyone who doesn't uderstand what's acutally going on under the hood.
Holy Water is going round telling everyone that the original Harmony mod doesn't catch errors, and that they should use his which does. To most end users this will likely sound entirely logical - the mod that catches errors is surely better. But to anyone who knows what's going on under the hood, and also having to support one or more mods, it's an absolute disaster.
Again, this is designed to promote the "redesigned" mod as the solution, whilst simultaneously making all other mods seem broken "because they don't use that redesigned mod".
The transition to Harmony was a huge task involving most of the modding community. Harmony library was new at the time and undergoing regular updates to fix bugs, and sometimes those updates would cause new bugs. That's the nature of rapidly evolving software.
Holy Water has waited until the mod became stable, copied it, and then devoted huge amounts of time to reminding everyone that the original version _used_ to have bugs. That's gaslighting.
The main Harmony mod, with over 1 million users, was just updated with almost no problems reported (except for one notable mod as mentioned above that had "tripwire" code to specifically make that mod break once the new Harmony was released).
That update came after almost 1 year of testing by modders and players alike. The notion that the main Harmony mod is a "buggy mess" is absurd in the extreme, and is being peddled by one single mod developer - Holy Water - who's actually added code to his mods that causes bugs to make other mods look like they are broken.
As always, up to you who's mods you use. And I can practically guarantee that Holy Water will release a TM:PE clone that magically fixes a bunch of problems with slow speed limits and is magically compatible with Harmony mod again (_his_ Harmony mod, that is).
UPDATE: We have confirmed that "Supply Chain Coloring" and "Transfer Broker BETA" - the workshop versions only (which are locked to prevent updates) - do not contain any malicious code. TM:PE will mark them as compatible again from version 11.6.5.0 onwards.
First, the "update from github" mod that Holy Water is pointing people to. That mod completely bypasses Steam - and thus all of the checks that Steam does when stuff is uploaded to workshop. If there's malware in an update, there is no way to know or resolve that situation.
Second, Holy Water is claiming that modders aren't testing thier mods with his mods... yeah, no suprise there given that his mods contian malware aimed directly at those modders, and code specifically designed to break their mods.
Third, my first encounter with Holy Water was on the workshop page of my Mod Compatibility Checker mod (abandoned due to RL issues): He was claiming that its successor, "Compatibility Report" mod (which is awesome btw!), is "malware" because it was legitimately pointing out issues with his mods. That's something called "Projection" - where the person responsible for creating some kind of harm "projects" that on to others (usually those affected by the harm and/or those trying to prevent the harm). Again, it's a familiar pattern that's discernable to people trained to spot it due to their line of work.
"This is a fork of TM:PE that does work with all my mods, including Next3 and Harmony (redesigned)" -- Holy Water
LOL, as if by magic the speed limits and Harmony compatibility issues disappeared simply by uploading a clone of the mod without changing anything. Imagine that!
EDIT: The version from github does this, not the version in the workshop (that version is already locked from updates due to account violations apparently, which is why Holy Water is directing people to the github version).
Notably, the code it contains does not exist in any of the workshop releases, nor does it exist in the source code repository. It appears to be a different mod (modders are still investigating). Additionally, the way it downloads a zip file isn't controlled in any way; it can be any zip file that Holy Water uploads - it is automatically executed (run) when you start the game, even if the mod is disabled (it self-enables itself).
Image link of collapsed code view after decompiling the "download from github" version of "Harmony (Redesigned)": https://imgur.com/C8GZaQ9
Update: The `MalwareBypass` code blocks are doing stuff like disabling bits of Boformer's Harmony mod, and also remove feeds, workshop ads, whatsnew panel, dlc panels, paradox account panel and whole game telemetry. The code is still being investigated.
It looks like he also created a new sub-forum in his Harmony for Games cult for asking what mods to ripped off next so it should be watched for future developments.
LMAO Krzychu1245 spoke against him on my "A warning about NeXT3" discussion:
Yeah the fact he is creating a botnet (that what it really is now) is extremely petty. And that he's now not updating his source code on GitHub means he can no longer make the excuse that he's doing this for open source.
So he ripped off one of the less Steam mods?
Is the code obfuscated and is there a link to the decompiled code? I'm not a C# programmer so I don't what to spend time getting a decompiler but would still like to take a look.
JustDecompile from Telerik (free).
There is also a "diff" tool, which only shows differenes between 2 assemblies:
JustAssembly from Telerik (also free).
Like this:
https://github.com/drok/NetworkExtensions3/blob/0c705c394e6bc48ad5776941bf73d8c5629a183a/Transit.Framework/Mod/AccessControlLists.cs
Should I be worried about that having been subscribed to SCC??