Ren'Py Lessons in Love [v0.43.0] [Selebus]

4.20 star(s) 299 Votes
Discussion Reviews (299)
BlackDays

BlackDays

Member
Jan 30, 2021
497
521
k1n5l4y3r said:
That DRM shit was a shoot in the foot, it affected a lot of subscribers too. By the talks here if he does the same or worse the retaliation will sting.
Click to expand...
The problem is that it is not only not working as intended, but could be even turned against them (Sel and team). Which i guess already happened and might still happen, regarding the subscriber complaints.
I hope they shut the service down for their own sake, unless they have a solution for it.

Thanks to vehemental i saw the code, and if i understood it correctly, lets just say, it's a bit frightening.
 
BlackDays

BlackDays

Member
Jan 30, 2021
497
521
I guess the person went with the name alt-f8 here? The developer of it.
I think he already admitted it, that it wasn't a good idea to have it in plain sight and human readable.

Besides that, theres more to the code (thats the scary part), but i don't want to go into detail. Don't want to give people ideas.

Maybe they should have at least put it into a dll or something.
 
KnowNoHope

KnowNoHope

Well-Known Member
Apr 16, 2020
1,104
1,427
BlackDays said:
I guess the person went with the name alt-f8 here? The developer of it.
I think he already admitted it, that it wasn't a good idea to have it in plain sight and human readable.

Besides that, theres more to the code (thats the scary part), but i don't want to go into detail. Don't want to give people ideas.

Maybe they should have at least put it into a dll or something.
Click to expand...
did Sel really put malware or worse in his own damn game?
Bingoogus said:
That sounds like something we should be informed about man, for our own security, wtf else did it do to our computers?
Click to expand...
exactly
 
  • Like
Reactions: Axismundi
Axismundi

Axismundi

Member
Jul 14, 2018
337
735
BlackDays said:
I guess the person went with the name alt-f8 here? The developer of it.
I think he already admitted it, that it wasn't a good idea to have it in plain sight and human readable.

Besides that, theres more to the code (thats the scary part), but i don't want to go into detail. Don't want to give people ideas.

Maybe they should have at least put it into a dll or something.
Click to expand...
If there is something that even possibly dangerous, you should let people know. Better to cause a fake scare then let serious damage be done.
 
BlackDays

BlackDays

Member
Jan 30, 2021
497
521
Guys, lol no. As far as i've seen, besides the save file and script.rpy stuff, i didn't see any other malicious code for clients.
That said it's still kinda bad to do that. They should have just tested it first with the "you don't download a car" blah blah text alone and see if it works and observe people, before anything else.

The scary stuff is, that it (the "drm") could be turned against them too.

And i got a feeling someone might just have done that already.
 
  • Like
Reactions: Bingoogus and Axismundi
KnowNoHope

KnowNoHope

Well-Known Member
Apr 16, 2020
1,104
1,427
BlackDays said:
Guys, lol no. As far as i've seen, besides the save file and script.rpy stuff, i didn't see any other malicious code for clients.
That said it's still kinda bad to do that. They should have just tested it first with the "you don't download a car" blah blah text alone and see if it works and observe people, before anything else.

The scary stuff is, that it (the "drm") could be turned against them too.

And i got a feeling someone might just have done that already.
Click to expand...
oh... scary for them. that sucks
a bit relieved though.
 
Bingoogus

Bingoogus

Engaged Member
Sep 5, 2021
3,192
7,963
BlackDays said:
Guys, lol no. As far as i've seen, besides the save file and script.rpy stuff, i didn't see any other malicious code for clients.
That said it's still kinda bad to do that. They should have just tested it first with the "you don't download a car" blah blah text alone and see if it works and observe people, before anything else.

The scary stuff is, that it (the "drm") could be turned against them too.

And i got a feeling someone might just have done that already.
Click to expand...
Ah ok, so more like, the DRM sending requests to their server is open to exploitation and certain forms of attack have an in? That's hilarious.
 
BlackDays

BlackDays

Member
Jan 30, 2021
497
521
Bingoogus said:
Ah ok, so more like, the DRM sending requests to their server is open to exploitation and certain forms of attack have an in? That's hilarious.
Click to expand...
You're on the right path, yes.
Obviously i don't know how things are handled server side, just checked if his host provider has at least the bare minimum countermeasurements in place, which they have.
And i really don't want to shite on any other devs work, and there's still a chance that im wrong with my assumption, but the whole situation looks kinda dire to me.

Let's just say that if i was a dick, i at least knew an angle to put a lever on.
And if this all is good for at least something, i hope it creates some awareness on Sels side, even if it puts me in a bad position here.
 
  • Thinking Face
Reactions: LuisD and Bingoogus
W

worthlesspeon

Member
Jun 10, 2017
191
443
Bingoogus said:
Ah ok, so more like, the DRM sending requests to their server is open to exploitation and certain forms of attack have an in? That's hilarious.
Click to expand...
I do think the idea of a porn game phoning home without explicit permission is a bit worrisome. Especially one with content as questionable as this one. I'm curious how much data could be collected if they were inclined to do so. Especially since Sel has threatened legal action in the past. Even if ren'py is fairly sandboxed and can't just go collecting data from the entire host, the logs do still reveal some information about the host. Not to mention he'll have an association with real IP addresses. Even if the content of the game is legal (which is probably not true in all countries), many of us would risk our jobs if it came out we play this game.

Additionally, the more I think about it, the DRM as it is may well violate the EU's GDPR law. Specifically the data processing regulations.
You must be registered to see the links
 
  • Like
  • Thinking Face
Reactions: Dringar, DrFree, crustlord12 and 2 others
G

graz150

New Member
May 26, 2020
14
50
worthlesspeon said:
I do think the idea of a porn game phoning home without explicit permission is a bit worrisome. Especially one with content as questionable as this one. I'm curious how much data could be collected if they were inclined to do so. Especially since Sel has threatened legal action in the past. Even if ren'py is fairly sandboxed and can't just go collecting data from the entire host, the logs do still reveal some information about the host. Not to mention he'll have an association with real IP addresses. Even if the content of the game is legal (which is probably not true in all countries), many of us would risk our jobs if it came out we play this game.

Additionally, the more I think about it, the DRM as it is may well violate the EU's GDPR law. Specifically the data processing regulations.
You must be registered to see the links
Click to expand...
Yes, all this.
I don't know what it would entails, as I'm a noob about these things, but it might be worth it to only share a "cleaned up" version of the game here in the future. Just in case some malicious content get added to random files in future updates.

I'm sure even subscribers might be interested in getting a safe version of the game.
Or maybe more knowledgeable guys could share tips on how to prevent future damages?
 
Last edited by a moderator:
  • Like
Reactions: worthlesspeon, Mythrs, Axismundi and 2 others
B

b7512966

Newbie
Aug 11, 2019
36
130
graz150 said:
I don't know what it would entails, as I'm a noob about these things, but it might be worth it to only share a "cleaned up" version of the game here in the future. Just in case some malicious content get added to random files in future updates.

I'm sure even subscribers might be interested in getting a safe version of the game.
Or maybe more knowledgeable guys could share tips on how to prevent future damages?
Click to expand...
That is not difficult at all.
It is really easy to make a metadata cleaning script + using git to check the differences between version of his game to know what he is changing on the code. Even if he does decide to share only rpyc files, or rpas, it is really easy to decompress and deobfuscate them.
 
  • Like
Reactions: graz150
Axismundi

Axismundi

Member
Jul 14, 2018
337
735
graz150 said:
I'm sure even subscribers might be interested in getting a safe version of the game.
Click to expand...
It should be possible to upload a "fixed" version, but I'm sure you'd need to talk to the moderators on this site so they don't update the front page every time a new release gets leaked here. But now that I think about it, this game doesn't appear on the recently updated page anymore, right? So I guess it's only an issue for the people sticking around.
 
chronox42

chronox42

Newbie
May 1, 2020
34
151
It's seriously unethical for a program to call out over the internet without the knowledge or consent of the people using it. This is especially true when the program has never done so before and does not present itself as such. The incident we've all been experiencing points out Renpy's insecurity and the ease of foisting abusive behavior on trusting players. Selebus's choice to deceive LiL's entire player base without warning is disturbing. What might he do next? Renpy has the potential to collect extensive information about your computer and send it off for their perusal.

Everyone who plays Lessons in Love should consider their options for running the game with no internet access, or better yet, in a sandbox where it can access only certain files. This goes for all similar games as well, but now we've seen that Selebus is actually willing to start down the path of distributing thinly disguised malware.

This is a frustrating situation for me because Lessons in Love is my favorite work of fiction. The story is a joy to experience and I want to see it completed under good conditions. Selebus is an excellent author, and I don't want him to lose his social or financial motivation to keep working on the game. Unfortunately, I will never financially support his work as long as he shows contempt for the people who use the program he distributes.

Some here have suggested that things would be better for everyone if Selebus behaved as if this site did not exist; I agree. His obsession with "piracy" hurts all with a stake in LiL's success. Selebus: focus on your work, let the grudge go, and you will continue to enjoy the prosperity you've created for yourself with this amazing story. Everyone else: be careful out there.
 
  • Like
  • Thinking Face
  • Angry
Reactions: ohnothx1, LuisD, crustlord12 and 8 others
You must log in or register to reply here.
Top Bottom
4.20 star(s) 299 Votes