Sandyclawz Posted November 28, 2023 Share Posted November 28, 2023 RS2014-CDLC-Installer.exe (SHA256 7FCB252A6F44F03F8EB7EEA9685393A49C9660ECE2F73E04998B3C3C0D36F32F) is popping all kinds of malicious alerts from VirusTotal... What's up with that? Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted November 28, 2023 Share Posted November 28, 2023 @ Sandyclawz Yes, of course. It modifies an executable file by adding a dll (dynamically linked library). So virus checkers will flag it. You have to decide whether to trust the CustomsForge community, basically. (It tells you this on some of the CF tool sites, not sure about that one.) Quote Link to comment Share on other sites More sharing options...
Sandyclawz Posted November 28, 2023 Share Posted November 28, 2023 1 minute ago, Nick Beat said: @ Sandyclawz Yes, of course. It modifies an executable file by adding a dll (dynamically linked library). So virus checkers will flag it. You have to decide whether to trust the CustomsForge community, basically. (It tells you this on some of the CF tool sites, not sure about that one.) Right, I get that. I'm just wary of an unsigned installer that asks for blind trust. Especially when the installer is reporting network callbacks. (2 DNS lookups and 11 IP addresses) Instead of an installer, is the dll just located somewhere? I can inspect the dll and drop it in the right location and load it myself. Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted November 28, 2023 Share Posted November 28, 2023 1 hour ago, Nick Beat said: I tried to DM you on Discord I'm not on discord. 1 Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted November 28, 2023 Share Posted November 28, 2023 @ Sandyclawz yes, you can get the DLL alone… I saw a reference to that the other day on Discord. (Earlier in this thread there is a link to a DLL on my NAS, you can use that unless you have that souped up CPU, it requires that you have Cherub Rock as DOC or you can use CustomsForge So g Manager to change to a different ODLC. If you want it, search the thread, link starts with os5. The Discord group has the link, to the newer one which requires no ODLC let me see whether I can dig it up for you. Quote Link to comment Share on other sites More sharing options...
Administrator firekorn Posted November 28, 2023 Administrator Share Posted November 28, 2023 I've updated the first post with a direct link to the dll itself just in case. Quote Firekorn's workshop In Flames Discography #FirekornHasDoneNothingForTheCommunity Link to comment Share on other sites More sharing options...
Nick Beat Posted November 28, 2023 Share Posted November 28, 2023 @ firekorn thanks very much. @ Sandyclawz there you go, and since I just copied the link from discord, here it is: https://drive.google.com/file/d/1tX09jQosd8YoEusGIMT2v9U9ySBdarTy/view?usp=sharing Quote Link to comment Share on other sites More sharing options...
Sandyclawz Posted November 28, 2023 Share Posted November 28, 2023 Took a deeper look at the executable. Don't know why it was packed in this manner, the actual files being replaced are just compressed in the resouce DLL files are going to be overwritten and the installer itself will just do some checkups to see where its installed and whatever necessary, as much as I can see. microsoft.windowsapicodepack.shell try { string rsDirectory = string.Empty; string steamDirectory = GenUtil.GetSteamDirectory(); if (!string.IsNullOrEmpty(steamDirectory)) { rsDirectory = Path.Combine(steamDirectory, "SteamApps\\common\\Rocksmith2014"); if (!Directory.Exists(rsDirectory)) { foreach (Tuple<string, string> installRegKey in GenUtil.InstallRegKeys) { if (!string.IsNullOrEmpty(GenUtil.GetStringValueFromRegistry(installRegKey.Item1, installRegKey.Item2))) break; } rsDirectory = GenUtil.GetCustomRSFolder(steamDirectory); if (string.IsNullOrEmpty(rsDirectory) || !rsDirectory.smethod_0()) { int num = (int) MessageBox.Show("We were unable to detect your Rocksmith 2014 folder, please select it manually!", "Your help is required!"); return GenUtil.smethod_1(); } } else if (!File.Exists(Path.Combine(rsDirectory, "cache.psarc"))) { rsDirectory = GenUtil.smethod_1(); if (rsDirectory == string.Empty) { int num = (int) MessageBox.Show("We were unable to detect your Rocksmith 2014 folder, and you didn't give us a valid RS Folder.", "Closing Application"); Application.Exit(); } } } return rsDirectory; } catch (Exception ex) { int num = (int) MessageBox.Show("<Warning> GetStreamDirectory, " + ex.Message); } return string.Empty; } [Click and drag to move] <data name="D3DX9_42" type="System.Byte[], mscorlib"> <value> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA EAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0K JAAAAAAAAADdbzcvmQ5ZfJkOWXyZDll8SnxafZMOWXxKfFx9FQ5ZfEp8XX2NDll8jHFcfbAOWXyMcV19 lg5ZfIxxWn2KDll8SnxYfZoOWXyZDlh8Gg5ZfKCOUH2dDll8oI5ZfZgOWXygjqZ8mA5ZfKCOW32YDll8 ........... #IRONY (lol!) if (!File.Exists(Path.Combine(installLocation, "IGG-GAMES.COM.url")) && !File.Exists(Path.Combine(installLocation, "SmartSteamEmu.ini")) && !File.Exists(Path.Combine(installLocation, "GAMESTORRENT.CO.url")) && !File.Exists(Path.Combine(installLocation, "Codex.ini")) && !File.Exists(Path.Combine(installLocation, "Skidrow.ini")) && GUI.CheckExecutable(installLocation)) return; int num = (int) MessageBox.Show("CustomsForge doesn't support pirated / stolen copies of Rocksmith 2014!", "ARGGGG", MessageBoxButtons.OK, MessageBoxIcon.Hand); Process.Start(https://store.steampowered.com/app/221680/); Environment.Exit(1); All that to patch the import table of the EXE for the game and add D3DX9 The old HASH of your EXE should be this: GUI.HASH_EXE = new byte[32] { (byte) 167, (byte) 37, (byte) 132, (byte) 97, (byte) 16, (byte) 29, (byte) 160, (byte) 32, (byte) 23, (byte) 7, (byte) 245, (byte) 194, (byte) 114, (byte) 186, (byte) 170, (byte) 98, (byte) 163, (byte) 211, (byte) 209, (byte) 11, (byte) 61, (byte) 34, (byte) 19, (byte) 192, (byte) 208, (byte) 242, (byte) 28, (byte) 200, (byte) 59, (byte) 69, (byte) 136, (byte) 218 }; After patching, should be: GUI.HASH_EXE_NEW = new byte[32] { (byte) 13, (byte) 66, (byte) 226, byte.MaxValue, (byte) 60, (byte) 122, (byte) 246, (byte) 132, (byte) 62, (byte) 203, (byte) 129, (byte) 37, (byte) 156, (byte) 198, (byte) 79, (byte) 29, (byte) 222, (byte) 250, (byte) 19, (byte) 151, (byte) 183, (byte) 206, (byte) 83, (byte) 253, (byte) 207, (byte) 10, (byte) 5, (byte) 208, (byte) 182, (byte) 26, (byte) 13, (byte) 195 }; All in all, verified it's clean as described. Common AVs will complain because it's packed with a really common .NET packer used in malware all the time. I repacked it for myself and it works fine with no alerts using a different packer. -Sandy Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted November 28, 2023 Share Posted November 28, 2023 @ Sandyclawz Interesting info. Of no use to me, though, I have nothing to do with how that is set up. You might want to contact firekorn (deliberately not pinging him with at-sign) about it, he's one of the administrators. One of them maybe should consider this other option of yours.... Anyway, if it works, happy for you. Quote Link to comment Share on other sites More sharing options...
elvis98 Posted November 29, 2023 Share Posted November 29, 2023 On 11/28/2023 at 1:00 AM, Sniper Reload3d said: Correct. Nick is saying you will need to find (purchase from the Steam Store) a(n) (official) DLC song, then use the RSConvert utility he said to find on Github to change the cDLC songs appID/Song ID to the appID/Song ID of the song you that you purchased. This worked, thanks 2 Quote Link to comment Share on other sites More sharing options...
Developer lovrom8 Posted November 30, 2023 Developer Share Posted November 30, 2023 On 11/28/2023 at 7:57 PM, Sandyclawz said: All that to patch the import table of the EXE for the game and add D3DX9 Yes, all that cos people will always find a way to brick it. Wrong filenames, extra (1), (2) in the name, wrong install locations, ..... we were tired On 11/28/2023 at 7:57 PM, Sandyclawz said: Took a deeper look at the executable. Don't know why it was packed in this manner, the actual files being replaced are just compressed in the resouce It's packed because, in my eternal wisdom, I forgot about embedded resources in .Net. The intention was to hide the DLL from users so that they don't accidentally move it, but alas it was unintentionally overcomplicated using a packer instead of using the easier and more logical methods of deployment. Interestingly enough, it started complaining after the new patch, even though 98% of the code is the same. The same packer and everything was used before, but now even the DLL is detected as potential malware.... oh well AI detections, you do you. FWIW, everything is pretty much open source: https://github.com/Lovrom8/RSCDLCEnabler-TooManyCoresFix And the installer is just a fork of this: https://github.com/Lovrom8/RSMods/tree/develop/Installer 2 Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted November 30, 2023 Share Posted November 30, 2023 Thanks for the response, @ lovrom8 . Appreciated. Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted November 30, 2023 Share Posted November 30, 2023 4 hours ago, lovrom8 said: The intention was to hide the DLL from users so that they don't accidentally move it One can never under estimate the ability of the end user to mess it up. 1 Quote Link to comment Share on other sites More sharing options...
Sandyclawz Posted November 30, 2023 Share Posted November 30, 2023 6 hours ago, lovrom8 said: It's packed because, in my eternal wisdom, I forgot about embedded resources in .Net. The intention was to hide the DLL from users so that they don't accidentally move it, but alas it was unintentionally overcomplicated using a packer instead of using the easier and more logical methods of deployment.Interestingly enough, it started complaining after the new patch, even though 98% of the code is the same. The same packer and everything was used before, but now even the DLL is detected as potential malware.... oh well AI detections, you do you. My day job is in malware analysis and threat intel. I tend to be overly suspicious. The .NET packer is REALLY common in malware (because it's easy and ubiquitous) so that's why it's flagging there. The dll hash has now been associated with the exe patcher, so that's why it's on the naughty list, too. I'll definitely check out the source, though! Thank you for the link. For what it's worth from yet another internet stranger; To anyone reading this thread, as long as the file hash for the executable is 7FCB252A6F44F03F8EB7EEA9685393A49C9660ECE2F73E04998B3C3C0D36F32F and the DLL matches 730E6F154A13B7AEFA55ED3A39EC288B62486A1485A05959B6A0BE5887FEBE1D it's clean. 3 Quote Link to comment Share on other sites More sharing options...
penguinsonparade13 Posted December 15, 2023 Share Posted December 15, 2023 The cdlc installer cannot detect where I have rocksmith located. Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted December 15, 2023 Share Posted December 15, 2023 Not sure I can help you with that, but for someone else's benefit, you might want to add a bit more information, for example, where do you have it installed? Ordinarily, the location is pretty standard. So, are you saying that it's elsewhere, or are you saying that it's in the usual place but somehow isn't being picked up.... In other words, give as much useful context as you can to help someone offer a potential practical solution. Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted December 15, 2023 Share Posted December 15, 2023 3 hours ago, penguinsonparade13 said: The cdlc installer cannot detect where I have rocksmith located. The easiest thing to do then would be just download the standalone .dll and manually put it in the Rocksmith folder. The link is on the first page, first post of this thread, right under the video. Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted December 15, 2023 Share Posted December 15, 2023 Why didn't I think of that... sigh (Although I'd still like to know more about the issue) Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted December 15, 2023 Share Posted December 15, 2023 I am assuming a Windows 11 issue. But that is an ASSumption. I have to scroll back, I believe someone else had the same problem. Edit: December 16, 2022. https://customsforge.com/index.php?/topic/901-how-to-use-custom-dlcs-in-rs2014-remastered-updated-for-2023/page/32/#comment-374588 Quote Link to comment Share on other sites More sharing options...
LostScout_8X Posted December 16, 2023 Share Posted December 16, 2023 Bitdefender found Gen:Varaint.Jaik.181428 Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted December 16, 2023 Share Posted December 16, 2023 40 minutes ago, LostScout_8X said: Bitdefender found Gen:Varaint.Jaik.181428 Scroll back just a few posts above yours, and read what Sandyclawz and Lovrom8 discussed. If you do not trust it, then manually put the .dll in the Rocksmith 2014 folder. The link is in the first post of this thread. 1 Quote Link to comment Share on other sites More sharing options...
panda69 Posted December 19, 2023 Share Posted December 19, 2023 hello, I have a problem I installed cdlc I got the message that I could now play the custom song, the songs are downloaded and put in the "dlc" folder but once in the game none of the custom songs are there 's available. please help me Quote Link to comment Share on other sites More sharing options...
WobyHydros2006 Posted December 19, 2023 Share Posted December 19, 2023 I have recently downloaded a version of rocksmith that has most of the dlc which works fine. I want to start using cdlc but when I download the .dll file at the start of this thread and place it in the rocksmith directory the game will not start. I have tried with two versions of the .dll, one that is 117kb and the second was 161kb neither worked. I tried to download the intaller to have it do it for me but my computer will not allow the download. Am I missing something? Quote Link to comment Share on other sites More sharing options...
Sniper Reload3d Posted December 19, 2023 Share Posted December 19, 2023 1 hour ago, WobyHydros2006 said: downloaded a version of rocksmith that has most of the dlc This statement is very indicative of and suggests a pirated, non-Steam purchase . No legal downloadable forms of Rocksmith exist. Per site rules: -Before continuing you agree you have a purchased copy of Rocksmith 2014 Remastered -No piracy, no mentioning piracy-related sites, no crack discussion If this is the case, that is why neither .dll will work, and you are risking a site ban. 1 Quote Link to comment Share on other sites More sharing options...
Nick Beat Posted December 19, 2023 Share Posted December 19, 2023 @ panda69 Did you follow the steps in the tutorial for Use CDLC (see tabs at top of page)? It would seem you either didn't run the installer (alternatively: placed the DLL yourself). If you use the most recent installer/DLL then you don't even need to adjust the app IDs of CDLC if you're on Windows (on Mac, you still have to). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.