RetroCores -Support
There are news you haven't seen!
>> Click here to check them out
A game by Core-Series
Mar 16 2022
We are sorry to inform you that the payment option PayGol have been dropped permanently due to the many problems being caused by PayGol.
Feb 20 2022
Client version 1.45 has been released, if you are using the Wine or Linux client you will need to download the latest version manually.
Feb 18 2022
Official answer for accusations made towards RetroCores: FAQ -RetroCores is not violating your privacy!.
Feb 04 2022
Client version 1.44 has been released, if you are using the Wine or Linux client you will need to download the latest version manually.
Jan 31 2022
Client version 1.43 has been released, if you are using the Wine or Linux client you will need to download the latest version manually.
Changelog: Latest entry was made 135 days ago. Cheaters: Latest cheater deleted 1 day ago.
<< Back to FAQ

RetroCores is not violating your privacy!
Views: 1,875
There are rumors and accusations that RetroCores would take full-screen screenshots of your PC and upload them to the website illegally.
This is nothing but rumors and accusation on things that looks worse than they really are.

And I'm going to tell you how we ended up in the situation where people started these accusations!

A new idea was born, it had to be tested out if it could become a feature!
On September 18 of 2021, I suddenly got an idea, another one that could make RetroCores stand out.
After all, I'm known for making custom features that then other servers try to copy.
The latest "crazy feature" I've created was the Sudoku game in RetroCores.

The idea, I got on this Sep 18, was how would it be, if people's screenshots were stored on their account on the website.
To me at that point, it seemed like a cool idea.
Imagine you advance in level, client screenshot this moment and send it to your account, there you can later decide if you want to share it with others in the community, or delete it.
We thought it would be a cool thing, it could have made people more interested in sharing awesome moments on a better scale than how it's right now there you have to manually upload the image you want and wait for approval.
 
This is how you share screenshots at the moment, and this was the thing that inspired to the idea for the new feature
(This is on my local test website)


The development and testing started
So, I started experimenting.
And when you experiment you don't really care for what you use or how, you just want to try it out and see if it's possible.
Only when you've confirmed a few steps that it's possible, would you start cleaning everything up and rework it into something bigger and better.

First I created the file that would become famous in these accusations, the file that takes the screenshot.
It would take a screenshot of the client, and create a file that would be uploaded to the website.
But to be authorized to send it to the website, you need a token, a token that will tell the website who you are and why you're uploading something.
So I made it simplified for myself, for the experimental phase, I made a talkaction that would send the token of a certain protocol that would trigger a screenshot and then send it to website with the token it was just given by the game.
By chance, the screenshot method used coming from C++, was a 4+ years old one, one I used during MasterCores dev-phase while building MasterCores.

I had major problems getting nice screenshots, if I tried to focus the screen, part of the taskbar would still be there but half-covered in black.
I managed to make it focus on the client, but then I realized that when you had client on full-screen, the whole image would turn black.
So I backed up and made it full-window print for the moment and left it there.
At a later development stage I managed to get screenshots taken on only the client using graphical engines.
But the older screenshot method, was left in there, and soon forgotten.

I made the system use the official website instead of my local test-website, to ensure it would work as the official has much bigger limits than my local test-website, not to mention it's run on another operation system.

The test failed miserably
So the system was coming together, and I started testing it.
I used the command in the game..
the game sends the token to the client..
the client took the screenshot..
and that's when it happened.. the client froze like crazy.. while trying to upload the newly created screenshot.
the upload failed and I never looked into why, because suddenly I was worried about that freeze.
no feature of the game should cause the client to freeze.
I started wondering how to solve it and figured out if it was worth the hassle of fixing it.
and I started realizing, a screenshot system like this, would be bad for people using mobile internet and/or has limited data.

So I do as I often do when I run into roadblocks.
I stopped working on the system, I disabled the website part that would receive the images for safety and then I left the code as it is.
I didn't delete it because at that moment my idea was that maybe.. few hours or days would pass and I get an idea of how to work it out.
However, the days passed and I forgot it even existed, because I was busy working out other and new features.

Unofficial Features are often part of the official game/client/website
Often, new features I'm experimenting on are released on the public game for testing purposes, just hidden away so nobody can use them.
I like making sure everything works, before an official release, what works while on the local test, might not work at all on the official side.
So by nature, I often "hide" features, I don't really choose which will be included and which will not, all I choose is if something shall be active or not.

The client crack
Then, 5 months later, in mid-Febuary of 2022, someone cracked the RetroCores client along with many other clients of various games.
The goal was to make people aware of certain things, it was never personal to RetroCores (as I understand it).
And when they cracked it, they found the file I had created 5 months ago, and thought it was something else than it really was.
They thought RetroCores was spying on users, and from that point, all hell broke loose.

The Shock
I was undeniably shocked, I didn't know what to do, I didn't know in or out.
I was hurt and worried, not about the screenshot part, but the part where someone managed to crack RetroCores client and others.
To me, I saw that once more, people will steal my hard work like they always do.
For, the priority was in trying to secure the client and my work, I didn't fully care about the screenshot thing, because I knew.. there was nothing to it, I didn't really defend myself or explain it, because I knew from the beginning, I've never had intentions on spying on anyone, I've never had the intention to do illegal things.
So, naturally, I ignored it while I focused on what the hell I was supposed to do with the crack thing.
I tried to encrypt the client a little differently, but the cracker still managed to open it up in no time.

Ignoring the screenshot was bad
Well, as the days pass by, and rumors and accusations are being discussed by large groups, everything started to spin out of control.
At a few places, I tried to make people think of it logically.
Why would I, who has been running Core-Series for so many years, are a grown man with wife and family, be risking everything to get some static images of people?
If I was as bad as accusations would claim, why would I bother with images at all and not just go full-bad and do viruses and things?
After that I kept ignoring the subject while figuring out what to do with the development of the client.

But then that's when it went wrong!
the inactive system of the screenshot... some people still found full-windows images in their client "config" folder.
I didn't knew, I didn't even realize.. but when I realized what has happened.. I yelled a certain F word out quite high and did a lot of facepalming.
The accident for the moment, the worst timing possible, has happened.
Something that would confirm for people that "I was spying".. but in reality is just a freak accident.

Since Cleanera I screw with bot-makers as much as I can
I want to keep Cleanera clean, I don't want people to cheat in there.
So I often screw around with bot devs to make their lives miserable.
Little did I know that one of these things would come and bite me in my ass in the worst possible moment.

There are protocols between the game and client, set codes that specify how and where the game and client should talk.
For example, if you want to speak in the game, the client would do that on code 1.
If you want to walk north, it would do that on code 2, if south.. then code 3.
If you want to logout, then it's code 4.. and so on.
The game and client have a long list of codes, what to use and when, to communicate.

So, here's the trick.
I often randomize these packets, literally, I throw them all into a cup, shake it and pull up new numbers for each protocol.
If a certain bot would not be properly updated, it could send code 2 for walking north, while in reality now he needs code 55 to walk north.
Maybe the bot tries to use a spell to heal, and it uses code 1, but instead, it should have been 43.
So basically, randomizing the entire communications between game and client, screws it up for certain bot-devs and make them have a very bad day trying to figure out all those codes again.

The CAMs caused the accusations to have "proofs", with horrible timing
The CAMs record what the game says to the client, to be able to play it back later.
But when I randomize the protocol codes, things can be screwed up.
Because if I've randomized all codes, and then watch an older CAM, the client will "freak out".
This is actually already known, people know that sometimes after updates older CAMs aren't working properly.
Because the CAMs are static, they repeat what was said earlier, exactly on the protocol codes as when they were recorded.

Now, I was not aware of this at all, that something very bad is happening and will be the leading proof for the accusations.
But out of randomness, someone writes to me, and wonders why he was deleted for watching a CAM.
And he sent me a picture, a picture named "report.dat".
I got confused about what he meant, and what this was about, but I opened the picture, and it was a full-window print of his screen.
There it was, a client on maximum size, and taskbar, and the client was "trying" to play a CAM but was frozen and slightly grayed out.

Then it hit me.. the screenshot system, the things I'm accused of, is only half-disabled.
The game that sends the token, is disabled, it can't send the token at all.
The website part that receive the image, is disabled since September of 2021 (5 months ago).
But.. the client is still listening for the token to take that as an order to take a screenshot and try to send it.

So, when you use a client 1.44.. and try to watch a CAM made in version 1.43..
By freak accident, the CAM now spams stuff, on the very same protocol code that in the new client now belongs to the screenshot system.
So the client, is spamming-creating screenshots, and tries to upload them but fails (because web part is disabled) and the image is left behind.
This is why people have a problem watching CAMs from 1.43 on client 1.44, because protocols were randomized and the screenshot system accidentally got a protocol that was previously used for something else, and that's sent quite often to the client.

Situation made understandable by non-programmers
Why I didn't publicly address the issues are quite simple, and turned into a situation you will understand it too!
Imagine you have a house, and while you were away, someone broke into it.
You come home, and realize that someone have been in your house.
Shortly after you find out that someone is accusing you for being a burglar, because they found a crowbar in your house.
They even shared a picture of your house, with crowbar in it.
But you know you're not a burglar, so you ignore that.. because you're too worried about your house.
You wonder how he broke in, what he took.. and how to prevent it from happening in the future.
You're not going to use any time defending yourself from false accusations, you need to worry how to protect your house.
This is the situation I am in right now, someone broke into my client, and all I've worried about is how to protect it.

Proofs can be obtained by skilled people, to verify I'm being truthful!
The screenshot method is old and was used for advance screenshots:
The method called from C++ is named "g_game.doScreenShotGame(_path)".
"ScreenShot", "Game" in name suggest that.

The "file" is not in official use:
The "file" is spammed down with debuggers pushing info to the terminal, used by me during development stage to make sure everything is loading fine.
No official system in public use has debuggers like that!

(Click here to see full size)
This would suggest, that it was being built, but never reached a stage there it was used officially (intentionally).

Illegal things would be detected much earlier:
If I intended on doing illegal things as I'm accused off, someone would have figured that out month ago.
Bot-Devs are analyzing the client nearly every single day, tracking communications and so on.
Someone would notice large file transfers to website in no time!

You can confirm the code-randomness update yourself:
The windows client has already been updated twice and functions removed, but the WINE client haven't been updated yet.
If you use the Wine-Client and look at any CAM created before Feb 4, and look in "config" folder, and then speed the CAM up to 64x speed, the client will shortly lagg/freeze, and create the image in there, named "report.dat".
If you rename it to "report.png" you can open it with any photo application.
And if you're good at analyzing, you will see that the client tries to connect to the website, but will fail, because that part of website is disabled and have been for a very long time.

Bad timing with people finding images:
It's a horrible timing, but if the people who claim to have found image in their client folders, and are being honest and not someone trying to "forge proofs", you'll notice that every single image anyone would have, will be while playing a very laggy CAM file.

What happens now?
I'm still working on how to protect the client, but for now it looks impossible.
The cracker is very skilled, and have tried to crack a few versions of encryptions without any problems.
It's not that I'm not skilled enough to protect it, but that it's very hard to encrypt the client so it can't be unpacked.
Either the outcome, RetroCores will continue, nothing has changed there.

Be more careful!
I've been made aware now, that I must be more careful with what I keep in the client and not.
I will be updating RetroCores to 1.45 in few days, there the screenshot system will be entirely gone.
For now, it's only gone in Windows clients (not Wine/Linux).
I will wait a few days to update, so enough people can keep trying their 1.44 clients to confirm my side of the story.

Your privacy is secure
Either if the system is there or not, your privacy is secured, I've never collected any screenshots and never will, not like that.
I have never had intentions on hurting you or anyone, I've never had intentions on doing anything illegal or bad.
All I ever intended, was having an awesome game!

The Apologize
I'm terrible sorry if you ever doubted me, and I understand if you'll have trust issues towards me, these accusations really did went bad.
I'm sorry for being stupid enough to leave and forget the codes in the client in the first place, even though they were never intended for bad stuffs.

Sincerely,
Marcus
 
This site requires javascript to be enabled to run properly!
(Please enable javascript in your browser)
We use cookies to improve your experience on our website. By browsing this website, you agree to our use of cookies.
information...