Of course, any AV company could add a rule to their signature checking to undo the XOR if they were targeting the romhack.ing site, but it sounds like they aren't being targeted but just getting caught up in the dragnet.
Did they check to see if their service has been compromised?
Why would Windows Defender flag GameBoy ROMs as malware?
Does a GameBoy ROMs website really mirror all 45 petabytes of Internet Archive?
I'm sure I'll get in touch with these folks to understand details, but I just wanted to make it known that if you do encounter what you think are false spam or malware issues, you can always email me directly at jscott at archive.org.
derefr•5h ago
(I will not directly link to these collections, for the fates are cruel. I'll just say that these IA collections are 'complete' per-console ROM collection archives created by "GoodMerge", a ROM collection validation and repacking tool — and are named very intuitively given that.)
CBMPET2001•5h ago
waltbosz•5h ago
shazbotter•4h ago
fluoridation•4h ago
EDIT: Furthermore, what's the proposed workflow? Does the Internet Archive run AVs over its collections? There's no way, right? That would be a massive compute expense.
wolrah•3h ago
Distributing a modified ROM is as much copyright infringement as distributing the base ROM itself, so generally hacks are distributed as just the patch file and you have to provide your own copy of the base ROM and patch it from there.
It sounds like this site is packing the two together, and the patchers are causing the flagging issues. That also to me seems like the simple solution is to not do that and just distribute the patches without the software and have a note in the description pointing to a separate source for the patcher.
> Surely an automatic patcher is a pretty trivial piece of software, system-wise. It just reads a binary file and writes out a different binary file after doing some in-memory manipulations. Why would a an AV flag such a program? I don't buy this explanation.
A virus that wants to infect other executables on the system is going to have patching code in it where it's relatively rare in "legitimate" software so it makes sense for antimalware heuristics to find it suspicious.
fluoridation•3h ago
Sure, but what an AV is going to look for is code that manipulates executable files, not random binary files. If the patchers are designed to apply patch files to ROMs rather than having the patches embedded then it makes even less sense that they get flagged.
jonhohle•3h ago
Short answer is that no compiler would produce similar code and it’s probably a red flag that there’s odd dead code, jumps, or places where padding or nops are expected but there is code.
Rom hacks are more in depth, but often play the same tricks because they need to fit into possibly sections they shouldn’t exist in (say, code in BSS), encode instructions in a way that known compilers wouldn’t, long jumps to odd places.
immibis•2h ago
VoidWhisperer•4h ago
duskwuff•4h ago
boomboomsubban•4h ago