Community

LOst Removed As Sonic 2 HD Head Programmer, DirectInput Error Cause of Keylogger Scare

The Sonic 2 HD team announced today amidst the flurry and confusion of an alleged “keylogger” being detected in the program that it has decided to move on without their head programmer, LOst.

The decision comes on top of several allegations from team members that LOst held the project hostage through the inclusion of DRM, public feedback of a bloated engine running an otherwise simplistic game, and other behind the scenes issues. The final straw was the massive negative reception after reports of a keylogger were detected by various antivirus software.

After some careful examination by forum member Guess_Who, the “keylogger” was confirmed to be benign and a false positive, revealing that it was a result of shoddy DirectInput programming. This is how the program was able to register key presses even when the window was not selected and running in the background. In other words, it’s like how CW Cheat can trigger antiviruses as a trojan horse, despite having no malicious software behind it.

As such, we’ve since corrected our earlier PSA.

Previous Post Next Post

You Might Also Like

35 Comments

  • Reply

    It took all of this for them to change? Can you imagine the widespread adoption they’d have by now if they fired him long ago?

  • Reply

    So wait, nothing is TRULY wrong with the ZIP?
    At all? :0 Thank god, I got scared. XD

  • Reply

    I just want to point out that this ‘shoddy programming’ can in some cases be a legitimate feature. Not so much when using the keyboard for input, but when using a controller (which is probably the ultimate intention for the input).

    I often have a video or emulator going on my secondary screen while having my browser focused and appreciate the emulator continuing to pick up my controller input.

    • Reply

      Absolutely. But this wasn’t the case here, especially when the team revealed LOst was toying with making it impossible to screen cap the game at all.

  • Reply

    There’s no room for the egotistical decisions or show-offs on serious projects. No matter what good ideas may have come from an individual it only takes a few deep rooted bad moves to completely undo a team.

    I hope the team can find a suitable… no, superior replacement and move onward with the project.

  • Reply

    Call me naive, but I still don’t understand why all this drama had to wait until the alpha release to be revealed.

  • Reply

    That’s the perfect occasion to open up the development to more and more capable programmers.
    Put the source code on github, and let everyone that wishes to improve it work on his fork.
    The project will benefit from it in the end.

  • Reply

    I just want to point out that I knew it was a false positive from day 1 dont trust anti virus to ‘detect’ trojans use it as a general guideline; if its a program you personally installed its probably not as suspicious as you think.

    The anti virus “professional” probably did nothing but run the program through the virus scanner you already ran it through.

  • Reply

    Sorry if my previous blog comment caused all of this then.

    That said though I was correct in stating that it is indeed not the correct way to monitor key presses.

    For what it’s worth here were my findings on the matter that I was trying to contact Sonic Retro about yesterday:

    https://dl-web.dropbox.com/get/Public/sonic2hd.png?w=f2016f94

    This shows that it loads a dll that checks what version of Windows it was, and if it’s Windows XP is launches it’s keylogging like activity.

    This may be the reason why some people were finding that reg key and others weren’t.

    Again sorry for any hysteria this may have caused but this is the exact same behaviour that you would expect from a malicious program installing a keylogger onto a system. There’s no reason that a program should require to log keystrokes outside of it’s own Window, maybe it was some kind of shoddy hack for something that didn’t seem to work correctly with Direct Input on Windows XP by L0st and that’s understandable…

    It was just simply bad programming on his part.

    I for one am glad that he has now been removed from the project so that the project can concentrate on involving itself with a competent programmer.

  • Reply

    Just as an addendum to my previous comment it wasn’t just checking key strokes but it was also monitoring Windows system events, this would have theoretically allowed the program (if it was so coded) to monitor other things going on in the OS besides key strokes.

    This was lazy programming and a very dangerous precedent to set.

    I also ran both versions of the game through wireshark and other networking utilities but couldn’t find any evidence of it sending this data anywhere, which others seem to have found themselves in the mean time.

  • Reply

    It was pretty obvious it was a false positive from the start. I really wish you would have made that clear in your original announcement the first time. It seems like you made the announcement solely to harm the reputation of the project because of some bad history.

    • Reply

      It was an admitted knee-jerk reaction to the finding, even if it was under the air of better safe than sorry. It took us by surprise when we first heard about it as well.

  • Reply

    I didn’t make an announcement to anything, I made a comment on a blog post. I never officially represented anything I explained behaviour in the program that looked like a keylogger.

    It *is* a keylogger… it just so happens that this time it’s not a malicious one.

    It’s very very lazy programming.

    • Reply

      Hmm, not quite keylogger as such, as it isn’t actually making a log of the keys, as computer logs go.

      More than anything it’s a botched keylistener. All the program needs is basic commands like “if key press (left) is true, then do this”.
      Listening to every single keyboard input is very suspicious, it may have been part of his DRM at some point like the anti-screen capture mechanisms.

  • Reply

    @Anon

    I didn’t make an announcement, somebody took it upon themselves to make a seperate blog entry about it I was just reporting my findings via a blog comment.

    I have posted my reasoning for this finding above. I was trying to get in touch with ScarredSun and others via the forums to discuss it but they seem locked down.

    Tried getting in touch via Twitter also but no response. I was trying to provide my proof but it fell on deaf ears.

    That said there is still a keylogger contained within this program it just happens on further analysis not to be malicious. The method used to capture keyboard input on Windows XP at least is via a keylogger it just so happens that it’s not a malicious keylogger.

    This is was just lazy programming, pure and simple.

    Also under no circumstances should a program be monitoring general Windows system events unless it’s designed to do so or is some kind of diagnostic tool.

    If you have a look at my screenshot in an earlier comment you will see that this is being reported by the sandbox.

    I’ll repost said screenshot here for posterity:
    https://dl-web.dropbox.com/get/Public/sonic2hd.png?w=f2016f94

    I did previously make a comment regarding this but it seems that it was either deleted or the moderator didn’t allow it to be published.

  • Reply

    I’m glad the truth came out; hopefully this storm can be put behind and the team can continue to work on the project, even if it means a major change in direction from here on out. Good luck, team S2HD

  • Reply

    MrVestek: The URL you linked is bringing up an error page. Can you try linking the image again? (Public links should start with dl.dropbox.com, not dl-web.dropbox.com.)

  • Reply

    So given that the head programmer is removed, does this mean that someone else who is more capable of coding with a *bit* of trust in the community will take his place?

    I read the entire editorial and I made assumptions that LOst had his reasons for acting in such a paranoid manner, but the gap in his logic and his behavior came from sloppy coding (like the false positives and ridiculous resource consumption).

    It made me wish he would step down and make the project a lot more open to other programmers who might have a skill in making the game more efficient.

    Pray tell this means Sonic 2 HD will be ran with a bit more… how you say… teamwork?

  • Reply

    Not to imply that teamwork did *not* take place in the project, but I am pretty damn sure the rest of the S2HD team would not be “HAWWRIGHT LET’S PUT DRM AND SHTUFF” . It feels a lot like a band where the lead singer’s microphone is louder than the rest of the members.

  • Reply

    Yes! Yes! Yes!

    • Reply

      Best comment.

  • Reply

    hopefully this will show positive results

  • Reply

    I think all the s3hd developers should be moved to the Sonic Fan Remix project.

  • Reply

    Something that doesn’t actually log or send anything can’t accurately be called a keylogger.

    The monitoring may have shown some characteristics of a keylogger, but I would think anyone thoroughly assessing the software would actually check that it does this rather than immediately throwing a scary label on the activity and disseminating that “information”.

    I feel seriously horrible for the art team behind this project. On the one side, the only way they could figure out how to use the art they created for this project was to work with someone who was obviously concentrating on building a proprietary engine to try to sell to Sege or [insert other misguided plan here].

    On the other side, there’s a PR machine (or at least one administrator) behind this blog that appears to have the experience and maturity of a (not particularly mature) fourteen-year-old.

  • Reply

    Seriously did anyone game tested the final protect of this fan game in the first place!? >:/

  • Reply

    All I can say is:

    Well, finally.

  • Reply

    I don’t buy that it was just shoddy programming. I don’t think it was any kind of malicious grab for personal info either. Given the other stuff going on, it seems most likely that it was intended to be another aspect of the DRM that hadn’t been fully fleshed out yet.

    And as for the reaction, honestly, what kind of reaction would you expect from PC users when you do something like that without telling them about it? Even if it’s harmless right now, would you expect them to take your word for it that you’ll do nothing malicious with it in future? You’d at least be expected to explain yourself, and I think that’s fair enough.

    It’s great news that they’ll be moving on without the person behind all this hassle. I wish them all the best and look forward to seeing where things go from here.

  • Reply

    Vestek its not a ketlogger it doesn’t log keystrokes it just reads input, what you are doing is preying on the fears of uninformed computer users by using the highly misleading term “keylogger”.

    There is no danger in running s2hd and it looks like a great game.

  • Reply

    Team Sonic2HD, may you recompile and share the alpha version of game without DRM?

  • Reply

    >Free Game
    >Made by the “community” (yeah right)
    >Based on a commercial product 99,5%

    >has DRM present

    I rest my case.

  • Reply

    After reading about the troubles this game has had, I am legitimately worried that the recently released Alpha may be all we ever see from the team. Here’s hoping this cutting of the chaff keeps the whole project moving forward.

    As currently is, Sonic 2 HD is like a big hypodermic needle of happiness stabbed into my arm. All I have to do is fire it up and get a quick pair of Perfect bonuses to turn my mood around, so I’d hate to see the project grind to a halt via scandal now. I at least want to see the Chemical Plant Zone remastered since that’s possibly the best level in any Sonic game ever.

  • Reply

    Oy Vey…

    Guys you do realize programming is hard work… right?

    I’ve been wanting to say this for a while now (since guess who’s article) but Sonic 2 HD isn’t an example of bad programming.

    Contrary to popular belief 2d in HD is a very power intensive proposition, I mean just look at the recent monkey island remakes, their not exactly low spec friendly.

    I don’t want to get into specifics right now as to the exact causes of this, but really guys? If anything Sonic 2 HD was impressive.

    Also I think people keep forgetting that this was an Alpha release, ever played a beta for an MMO? remember the bugs? well this is the version that comes before that.

    Look, what L0st did was incredibly unprofessional pushing for DRM when his entire team was against it, but that doesn’t make him a bad programmer, that makes him a bad teamworker.

    Personally I’m just hoping that team can find a new programmer to replace L0st, because if they had to bend to his every whim while working on the project, that might indicate a slim pickings for the position (I’d volunteer, but I’m good at basic systems design in java, not much else yet…).

  • Reply

    @GerbilSoft:

    http://dl.dropbox.com/u/27067641/sonic2hd.png

  • Reply

    So glad they told LOst to get lost. Hopefully the team will be making up for lost time. Hell, if the official site had a donate button I might even throw in $5 to help encourage the team get done something that should’ve been in a far greater stage of development because of the shitty lead programmer.

  • Reply

    Oh thank god, they finally fired him. I didn’t had a good time with the DRM log.

  • Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.