Malware accusations within DotMod - DotModGroup/ColdWaters-DotMod GitHub Wiki

You will have seen the announcement:

As a result of a recent incident, we have been reminded of some tools that were, in the past, used to protect our team's IP from unlicensed use. These tools had been embedded in the code and forgotten about. Unfortunately, one of these tools deletes the game install, without preventing further re-installation. This patch update is a fix for that issue. We recommend all users update immediately to avoid any potential issues as a result of these IP protection tools present in the old version.

This post explains what those measures were and we hope will allay the fears and wild speculation that has been going around. These changes were added to the code base around 3 years ago at the height of the feud between Dot and Epic over a massive amount of frustration. Over time the change was forgotten as we focused on other things and life happened. As we have moved into the newer versions of DotMod where our policy has been to ignore EpicMod this code has been left in when it should have been removed (in fact they never should have gone in).

The incident last night appears to be a result of someone running DotMod code on EpicMod in exactly the right way to get this forgotten system to activate. After being informed of this we have moved immediately to remove this system, which will come in v0.4c. We are aware of a number of independent parties who have decompiled the code for v0.4c and confirmed that the areas in question have been removed.

What follows is a technical discussion of exactly what this code did, based on the GitHub traces of it being removed.

These measures affected a number of files in the code as detailed below in the Git repository change log of them being removed. The vast majority of these measures interfered with the player’s win chance in missions.

image image image image image image image

The final two files are what is being referred to as “Malware” by some. The first function detects a folder called “epic” within one of the load paths of the game (which are StreamingAssets/default, StreamingAssets/dotmod, StreamingAssets/override, and StreamingAssets/priority in DotMod) if this folder is present it will make an attempt to remove two directories: Application.streamingAssetsPath and Application.persistentDataPath

image image

Application.streamingAssetsPath and Application.persistentDataPath are special directories known to UnityEngine, they are respectively the StreamingAssets directory (normally .../steamapps/common/Cold Waters/ColdWaters_Data/StreamingAssets) which is where the mod and original files are located. The second is Unity’s store location for persistent data (normally settings and saves) which is normally at …/AppData/LocalLow/Killerfish Games/Cold Waters.

These actions could break your game installation and require a redownload or reinstall but are not able to go further than that. This is also the action that we have recommended to everyone who has ever installed DotMod to prevent clashed with changes made by EpicMod to the base game files.

We hope that this openness helps you to understand exactly what could happen and the limitations of that We hope it also helps to allay fears of some of the more exotic forms of IP protection that other developers have turned to over the years.

We can only apologise for this, with most of us moving away from the mod it had been forgotten about over time, especially with the decision to just ignore Epic Mod. This kind of code is something that we are not proud of and will make every effort to remove.