ShopDreamUp AI ArtDreamUp
Deviation Actions
Disclaimer: Yes, I know I talked about this game already (and you might be tired hearing me talking about it) and a lot of people possibly did this WAY better than me, but I wanna talk about the situation and every detail I can find about this. I originally wanted to do a video but I'm sure I'll screw up so I'm doing a journal instead. I'll leave my sources bellow this rant/documentary so you could read those yourself.
So I'll talk here about the next things:
1. The beggining
2. The start of controversy
3. Program actions
4. Consequences
1. The beggining
It all started in 2009 when LeemenaDan (Also known as SonicBleachFan) released a fan game called "SonicVLF2". He made it clear that he didn't wanted people to rip "his" sprites, those being only some edited sprites of Sonic Battle/Advence. However, when people started to rip the sprites he just started to harrash the persons and even said he will stop developing the game.
BONUS: Also I read on the "Crappy games" wikia that some of the sprites (including the customs from Charmy, Vector and Espio) we're taken from other sprite sheet from "Spriter's Resource."
That's when on 2016 Sonic Gather Battle apperead. Sonic Gather Battle was made for SAGE 2016 (that's what I heard from a video at least). However, things went wrong later.
2. The start of controversy
On the 4th December 2017 an updata for the game was released. After tthat some videos started to spread exposing that the game contained a DMR that could be classified as a Trojan Horse or even a different type of ransomware (as some people state).
After this descovery Leemena was banned from future Sonic Amateur Games Expos. While these was happening Leemena deactivated the game, making it unplayable for everyone.
3. Program actions
Here I'll talk bout these in order: The protection stages, how to trigger them, and what does the game behind.
First, the protection stages.
There are two:
The first one makes the background blue and tiles black, while red ghosts spawn while "Fakery way" from Sonic Adventures plays in the background. At this point the game isn't unplayable.
The second one makes things even worse, as the backround becomes static red while creepy eyes pop out and white ghosts appear, while the infamous boss music theme from the american soundtrack of Sonic CD plays in the backgroud. The game disables the function to pause and quit and even replaces the "game over" title with "you died". The gamne becomes unplayable at this point.
by KlicTE
How to trigger those protection stages:
I believe there are 5 ways.
The first way is to search on google the game's name followed by "hack" , "cheat" or "mod" while the game is open, it will close the browser and will trigger the first protection level. (However I heard there is a version that closed the game instead or even both)
The second way is to activate a cheat engine while the game is open, it will close both programs and activate the second level protection. Oh and it opens your router at "WhatismyIP" site.
The third way is to de-activate the DRM in the Registry edit, this will triger the second protection level.
The fourth way is by transfering your save file to another computer, this will trigger the second protection level on the computer is being transfered.
The final one is by trying to uninstall it after you activated the first protection level.
Aaaaand, what the game does behind the screen.
Most of the info is taken from SFGHQ's report of the game.
Calling this game a malwalre is kinda flawed. However, there are some some factors of questionable legality and very concerning activity by the program.
The game requires administrator access to run, which is kinda odd since no fan game should need this permission. However, someone who claimed to be the dev stated that it needs this to work. "It was confirmed that "Run as administrator" solves an issue when the game crashes at the loading screen".
The game also edits some registry keys (The dev again said "Creating and modifying registry keys are not completely done by the game; information is automatically stored while executing Microsoft function processes.")
Also the game could close different applications. (The dev said that it used a function called "findWindow" and it also states that in a new version the game closes itself rather than the window anymore)
The game has an api call for raw hard disk access, the game uses this to check your PC to determine if you have certain applications installed, such as hexeditors and things like cheat engine. (And the dev said that the game don't search for installed applications or registry keys)
The game also stores informations about the user in a cloud, also having a black/whitelist and being able t enable and disable the game for individual users. (The dev states that it doesnt identify ID adresses yet also states that the blacklist is set up to not send to "certain users" who are detected of cheating, yet the dev* can remove someone from that blacklist.
Lastly, there's other small behaviors the progam exhibits that are concerning. It exhibits a variety of very odd and "malware like" behaviors that are rather spooky, such as writing it's own dll file (b.dll), loading it and then immediately deleting it, among other small bizarre api calls and activity.
4. Consequences
-After the discovery Leemena was banned from future SAGExpos.
-The game remains unplayable for everyone
-The Sonic fan game reputation got affected.
I remember I saw a comment that if someone would post the story to some news medie it could even damage SEGA's image because of a story like "Sonic game infected with Malware"
And now I'll post the sources I know/used
Youtube videos:
Tails' channel video: [link]
School boyz's video: [link]
Sami's video (Second level protection + closing browser payload): [link]
So I'll talk here about the next things:
1. The beggining
2. The start of controversy
3. Program actions
4. Consequences
1. The beggining
It all started in 2009 when LeemenaDan (Also known as SonicBleachFan) released a fan game called "SonicVLF2". He made it clear that he didn't wanted people to rip "his" sprites, those being only some edited sprites of Sonic Battle/Advence. However, when people started to rip the sprites he just started to harrash the persons and even said he will stop developing the game.
BONUS: Also I read on the "Crappy games" wikia that some of the sprites (including the customs from Charmy, Vector and Espio) we're taken from other sprite sheet from "Spriter's Resource."
That's when on 2016 Sonic Gather Battle apperead. Sonic Gather Battle was made for SAGE 2016 (that's what I heard from a video at least). However, things went wrong later.
2. The start of controversy
On the 4th December 2017 an updata for the game was released. After tthat some videos started to spread exposing that the game contained a DMR that could be classified as a Trojan Horse or even a different type of ransomware (as some people state).
After this descovery Leemena was banned from future Sonic Amateur Games Expos. While these was happening Leemena deactivated the game, making it unplayable for everyone.
3. Program actions
Here I'll talk bout these in order: The protection stages, how to trigger them, and what does the game behind.
First, the protection stages.
There are two:
The first one makes the background blue and tiles black, while red ghosts spawn while "Fakery way" from Sonic Adventures plays in the background. At this point the game isn't unplayable.
The second one makes things even worse, as the backround becomes static red while creepy eyes pop out and white ghosts appear, while the infamous boss music theme from the american soundtrack of Sonic CD plays in the backgroud. The game disables the function to pause and quit and even replaces the "game over" title with "you died". The gamne becomes unplayable at this point.
by KlicTE
How to trigger those protection stages:
I believe there are 5 ways.
The first way is to search on google the game's name followed by "hack" , "cheat" or "mod" while the game is open, it will close the browser and will trigger the first protection level. (However I heard there is a version that closed the game instead or even both)
The second way is to activate a cheat engine while the game is open, it will close both programs and activate the second level protection. Oh and it opens your router at "WhatismyIP" site.
The third way is to de-activate the DRM in the Registry edit, this will triger the second protection level.
The fourth way is by transfering your save file to another computer, this will trigger the second protection level on the computer is being transfered.
The final one is by trying to uninstall it after you activated the first protection level.
Aaaaand, what the game does behind the screen.
Most of the info is taken from SFGHQ's report of the game.
Calling this game a malwalre is kinda flawed. However, there are some some factors of questionable legality and very concerning activity by the program.
The game requires administrator access to run, which is kinda odd since no fan game should need this permission. However, someone who claimed to be the dev stated that it needs this to work. "It was confirmed that "Run as administrator" solves an issue when the game crashes at the loading screen".
The game also edits some registry keys (The dev again said "Creating and modifying registry keys are not completely done by the game; information is automatically stored while executing Microsoft function processes.")
Also the game could close different applications. (The dev said that it used a function called "findWindow" and it also states that in a new version the game closes itself rather than the window anymore)
The game has an api call for raw hard disk access, the game uses this to check your PC to determine if you have certain applications installed, such as hexeditors and things like cheat engine. (And the dev said that the game don't search for installed applications or registry keys)
The game also stores informations about the user in a cloud, also having a black/whitelist and being able t enable and disable the game for individual users. (The dev states that it doesnt identify ID adresses yet also states that the blacklist is set up to not send to "certain users" who are detected of cheating, yet the dev* can remove someone from that blacklist.
Lastly, there's other small behaviors the progam exhibits that are concerning. It exhibits a variety of very odd and "malware like" behaviors that are rather spooky, such as writing it's own dll file (b.dll), loading it and then immediately deleting it, among other small bizarre api calls and activity.
4. Consequences
-After the discovery Leemena was banned from future SAGExpos.
-The game remains unplayable for everyone
-The Sonic fan game reputation got affected.
I remember I saw a comment that if someone would post the story to some news medie it could even damage SEGA's image because of a story like "Sonic game infected with Malware"
And now I'll post the sources I know/used
Youtube videos:
Tails' channel video: [link]
School boyz's video: [link]
Sami's video (Second level protection + closing browser payload): [link]
SFGHQ's report/information: sonicfangameshq.com/SGB.txt (This one is detailed too)
Crappy games WIKIA: crappy-games.wikia.com/wiki/So…
Malware wikia: malware.wikia.com/wiki/Sonic_G…
Leaked sprites:
Virus Free Sonic Gather Battle Sprites
[Old] Silver the Hedgehog - Sonic Gather Battle
Classic Sonic Gather Battle Sprites NO MALWARE
[Old] Blaze the Cat - Sonic Gather Battle
UPDATE: more leaked sprites www.mediafire.com/file/j7t2g45…
If I had forgotten something please tell me. I'll try to update with more links and stuff if needed.
Crappy games WIKIA: crappy-games.wikia.com/wiki/So…
Malware wikia: malware.wikia.com/wiki/Sonic_G…
Leaked sprites:
Virus Free Sonic Gather Battle Sprites
[Old] Silver the Hedgehog - Sonic Gather Battle
Classic Sonic Gather Battle Sprites NO MALWARE
[Old] Blaze the Cat - Sonic Gather Battle
UPDATE: more leaked sprites www.mediafire.com/file/j7t2g45…
If I had forgotten something please tell me. I'll try to update with more links and stuff if needed.
Moved accounts
Originally I wasn't gonna mention it here but I might as well. I reopened a new dA account as a fresh new start. @DreamChaserInk Here's the new @ Feel free to follow me there. I won't be that active but I'll try. As of this account. It will be inactive from now on.
Ask Heroes Squad is back
ALSO FORGOT GFDGDFGDF I restarted Heroes Squad once again (hopefully for the last time) as an ask series. It's going, slowly, but hopefully over time it will grow. Links Twitter: https://twitter.com/STH_HeroesSquad Tumblr: https://sthheroessquad.tumblr.com/ Discord server: https://discord.gg/gNJu7kg (The server offers sneak peeks and in the future "talk with the cast" sessions (hopefully))
Commission listing + more updates
hey there, long time no see. So, I just don't connect with deviant art that much anymore. And no, it's not entirely because of Eclipse. I just kinda, distanced myself from the site way before the change, and well, this change was basically the last nail in the coffin for me. I'll still post from time to time, but I'll mostly be active on my adopts account to try and sell things like ychs and commissions. Here's the listing if you are interested. If you want to talk with me or follow me on other social medias, here are my links. Twitter: https://twitter.com/DreamChaserInk Discord server: https://discord.gg/TurA6MA (it has a few members and it's sorta active) Youtube: https://www.youtube.com/channel/UCHyds0UJYo5Wz9RfmE447gg?view_as=subscriber (I plan to start uploading more videos soon, mostly speedpaints) I guess that's all for now.
Heroes Squad is changing... again
I swear if I had 1$ for every single time my brain went "HEY LET'S DO THIS INSTEAD!" So, Heroes Squad is an ask series again being hosted on Discord and Twitter (I was planning to do it on dA as well but they don't accept Protonmail so, yeah) Discord link: https://discord.gg/mYuGwZH Twitter: https://twitter.com/STH_HeroesSquad
© 2017 - 2024 Shift-Dreams
Comments7
Join the community to add your comment. Already a deviant? Log In
Now, you might be wondering; how did this Sonic fan game exactly become a virus/malware? What if I told you, Sonic Gather Battle doesn't only prevent you from stealing OCs by preventing you from using a cheat program or anything of the sort, but also reports your browser history and your personal information off to it's server for the creator to potentially blackmail you with?
Does it sound like it's out of a crazy nut-house conspiracy? Yes. But did it actually happen? You bet it did! This game doesn't really lock your computer, it's a game DRM. One that didn't show up in virus circles or scans because it was newly created by the developer. No one's ever seen anything like it.
There was a popular Discord post made from an individual named LISTAR, who says that while the game is pretty good for what it is, it does have a DRM that is close to being malware. People complained about Sonic Mania and Denuvo, a third party DRM that is commonly used by recent games to prevent piracy. Sometimes it works, sometimes not, but it does it's job pretty well.
Though, lots of people hate it because of some shady things it does, such as decryption on the fly, which can attack your drives or whatever. I'm not an analyzer, but people just don't like Denuvo, and it's been that way for a while. LISTAR goes on to explain more about the DRM used in Sonic Gather Battle. There's a DRM in the game that can be triggered in various ways, either a bug or if you try to run Cheat Engine.
Cheat Engine is a program that can be used to get down to a game's memory addresses. You can theoretically change a game's values, such as HP, money, and so on. You can do this with games that calculate things client-side, but not server-side. So, that's basically what Cheat Engine is.
Also, correct me if I'm wrong, but I think the sprites used in this fan game are taken from a GameBoy Advance title called Sonic Battle from 2003. More so, I believe the game runs on an engine called Little Fighters 2, I know it's not that relevant, but I think the gameplay is from there.
The game's DRM will then make the background and foreground change and spawn in invincible enemies. Once it happens, there's not much else you're able to do. If you attempt to modify your Windows registry, the game's super-protection will be triggered. At this point, the game will look like something out of a Creepypasta. Even the music that follows is the creepy Sonic CD boss theme. Reinstalling the game doesn't do anything, by the way.
Also, what's interesting is, I found out that you can't share a save file between computers. The computer receiving the save file will be stuck in the super-protection mode. It may likely be because the DRM is tied to hardware tags, Windows ID, OEM flags, or anything of the sort. But beyond that, it's even worse after that.
However, you also can't type the name of the game, followed by "cheat/hack/mod" on Google, as this closes your web browser, whatever it may be, and instantly enables the protection. Now, you may be wondering how to remove the protection. You have to talk to a specific person and prove that a glitch caused the protection. Then they will tell the developer to whitelist your computer again.
The developer of Sonic Gather Battle can store your computer's information in their databases, even being able to check your browser history. Yet people complained about Sonic Mania and Denuvo. It seriously sounds more like ransomware than a fan game, where the payment is your computer's information. That's just not right. Basically, if you try to do any of this stuff, the game then opens "WhatIsMyIP," then packages the information off to the developer.
This is actually so bad that, if you use a virtual machine, the game would not be able to run. But even so, there are a couple of red flags; for example, it needs administrator privileges before it can run properly. Never give a program administrator privileges, ever, unless you're sure the program's trustworthy. It's literally like handing someone the keys to your stuff and letting them do whatever they want with it.
It also looks for raw disk sectors, which is not something that a "game" should ever need to do. I personally recommend giving such privileges to a self-made program, a program you made and know the inner workings of. Not to some mad Sonic fan that made this game because someone stole their OCs/sprites. And that's really the only reason the developer made something like this.
Like, seriously? If stealing this person's OCs is what caused many computers to be blacklisted and their information/browser history being compromised, then the Sonic community sure is mental. Not to mention that when the game was discovered to be a trojan, the developer got banned from the SAGExpos, the game no longer runs to this day, and the Sonic fan game reputation was damaged. SEGA's image was potentially damaged by this as well.
Not to mention that it's a criminal offense under the U.S. jurisdiction. Yes, I know this even though I live in Japan. Do you see everything that's wrong with this situation? It just annoys me to no end! Forget it, I'm not going to talk about this issue any further. Anyways, farewell, DeviantArt. This is Aika, the little girl, signing out.
Does it sound like it's out of a crazy nut-house conspiracy? Yes. But did it actually happen? You bet it did! This game doesn't really lock your computer, it's a game DRM. One that didn't show up in virus circles or scans because it was newly created by the developer. No one's ever seen anything like it.
There was a popular Discord post made from an individual named LISTAR, who says that while the game is pretty good for what it is, it does have a DRM that is close to being malware. People complained about Sonic Mania and Denuvo, a third party DRM that is commonly used by recent games to prevent piracy. Sometimes it works, sometimes not, but it does it's job pretty well.
Though, lots of people hate it because of some shady things it does, such as decryption on the fly, which can attack your drives or whatever. I'm not an analyzer, but people just don't like Denuvo, and it's been that way for a while. LISTAR goes on to explain more about the DRM used in Sonic Gather Battle. There's a DRM in the game that can be triggered in various ways, either a bug or if you try to run Cheat Engine.
Cheat Engine is a program that can be used to get down to a game's memory addresses. You can theoretically change a game's values, such as HP, money, and so on. You can do this with games that calculate things client-side, but not server-side. So, that's basically what Cheat Engine is.
Also, correct me if I'm wrong, but I think the sprites used in this fan game are taken from a GameBoy Advance title called Sonic Battle from 2003. More so, I believe the game runs on an engine called Little Fighters 2, I know it's not that relevant, but I think the gameplay is from there.
The game's DRM will then make the background and foreground change and spawn in invincible enemies. Once it happens, there's not much else you're able to do. If you attempt to modify your Windows registry, the game's super-protection will be triggered. At this point, the game will look like something out of a Creepypasta. Even the music that follows is the creepy Sonic CD boss theme. Reinstalling the game doesn't do anything, by the way.
Also, what's interesting is, I found out that you can't share a save file between computers. The computer receiving the save file will be stuck in the super-protection mode. It may likely be because the DRM is tied to hardware tags, Windows ID, OEM flags, or anything of the sort. But beyond that, it's even worse after that.
However, you also can't type the name of the game, followed by "cheat/hack/mod" on Google, as this closes your web browser, whatever it may be, and instantly enables the protection. Now, you may be wondering how to remove the protection. You have to talk to a specific person and prove that a glitch caused the protection. Then they will tell the developer to whitelist your computer again.
The developer of Sonic Gather Battle can store your computer's information in their databases, even being able to check your browser history. Yet people complained about Sonic Mania and Denuvo. It seriously sounds more like ransomware than a fan game, where the payment is your computer's information. That's just not right. Basically, if you try to do any of this stuff, the game then opens "WhatIsMyIP," then packages the information off to the developer.
This is actually so bad that, if you use a virtual machine, the game would not be able to run. But even so, there are a couple of red flags; for example, it needs administrator privileges before it can run properly. Never give a program administrator privileges, ever, unless you're sure the program's trustworthy. It's literally like handing someone the keys to your stuff and letting them do whatever they want with it.
It also looks for raw disk sectors, which is not something that a "game" should ever need to do. I personally recommend giving such privileges to a self-made program, a program you made and know the inner workings of. Not to some mad Sonic fan that made this game because someone stole their OCs/sprites. And that's really the only reason the developer made something like this.
Like, seriously? If stealing this person's OCs is what caused many computers to be blacklisted and their information/browser history being compromised, then the Sonic community sure is mental. Not to mention that when the game was discovered to be a trojan, the developer got banned from the SAGExpos, the game no longer runs to this day, and the Sonic fan game reputation was damaged. SEGA's image was potentially damaged by this as well.
Not to mention that it's a criminal offense under the U.S. jurisdiction. Yes, I know this even though I live in Japan. Do you see everything that's wrong with this situation? It just annoys me to no end! Forget it, I'm not going to talk about this issue any further. Anyways, farewell, DeviantArt. This is Aika, the little girl, signing out.