Fabfilter timebombed - and unregistered other plugins

Discussion in 'Software' started by Moms_little_pirate, Jul 10, 2019.

  1. Moms_little_pirate

    Moms_little_pirate Kapellmeister

    Joined:
    Jul 9, 2019
    Messages:
    95
    Likes Received:
    53
    So good old Fabfilter decided to timebomb on me (R2R v13.3.2019) and it seemed to unregister some plugins from other companies too, eg. Sonic Charge ones (R2R). What kind of black magic is that? Did they just find all R2R cracks or what?

    [​IMG]

    Edit: Oh, and I'm on Windows.
     
    Last edited: Jul 10, 2019
    • Interesting Interesting x 1
    • Useful Useful x 1
    • List
  2.  
  3. e-minor

    e-minor Platinum Record

    Joined:
    Jan 17, 2015
    Messages:
    531
    Likes Received:
    292
    You're supposed to stay offline if you use cracked plugins. Or have a software that blocks incoming/outgoing connections.

    You can try to remove and reinstall the plugins...AFTER you're offline. I can't guarantee, but it may work.
     
  4. The Pirate

    The Pirate Audiosexual

    Joined:
    Dec 20, 2018
    Messages:
    5,186
    Likes Received:
    4,420
    Location:
    NOYMFB
  5. Moms_little_pirate

    Moms_little_pirate Kapellmeister

    Joined:
    Jul 9, 2019
    Messages:
    95
    Likes Received:
    53
    I've used cracked plugins while staying online for many years and this is literally the first time I encounter a problem like this (or of any sort pretty much). I'm not gonna let this one-off affect me but I'm still curious how it could mess up other plugins too.

    Oh well, v30.11.2018 seems to be free of timeboms so I'll just go back to that.

    Yeah, my bad. Won't happen again.
     
  6. "...or infected by a computer virus"

    I can believe Fabfilter phoning home but I can't believe it interfering with another vendor's plugs. You need to do a major sweep on your root drive.
     
  7. Moms_little_pirate

    Moms_little_pirate Kapellmeister

    Joined:
    Jul 9, 2019
    Messages:
    95
    Likes Received:
    53
    Got damn it, just when I finished setting up a completely fresh install of Windows. I've also made sure to download everything from "safe" sources so I can't see where this computer virus would have come from.

    Maybe someone has a logical explanation to it before I nuke my PC to orbit. :dunno:
     
  8. You don't have to panic, just run a full drive scan followed by an offline (reboot) scan.
     
  9. Matt777

    Matt777 Rock Star

    Joined:
    Oct 17, 2015
    Messages:
    602
    Likes Received:
    410
    Like Fudsey said, no way is Fab messing with other (specific) plugins.. Do you have your DAW firewalled? Even if you do, the .dll probably just called the "default" browser and displayed that, you have to admit, nice and benevolent message. It was a thing with Duda's Serum.. and it's an easy fix. I bet the un-registration of those other plugs has nothing to do w/ this.
    To be on a safe side I'd run Rkill (to end all malware processes) and then AdwCleaner, Malwarebytes and Hitman Pro.. I get that from bleepingcomputer(dot)com. But it's up to you to choose your poison..;)
    I'll PM you how to prevent this in the future, but have to test it and now hth..
     
  10. Moms_little_pirate

    Moms_little_pirate Kapellmeister

    Joined:
    Jul 9, 2019
    Messages:
    95
    Likes Received:
    53
    Thanks guys, I did some quick scans with Malwarebytes, Hitman Pro, Adwcleaner and Windows Defender and they all came out 100% clean. I'll do a deeper scan later.

    The funny thing is that the Sonic Charge plugin didn't really get unregistered per se since it still said it was licensed on the plugin. BUT it acted like it wasn't licensed, i.e every time I moved a knob it randomized the preset. This happened at the exact moment that the Fabfilter plugin timebombed so it surely had something to do with it.

    It's a weird one. Maybe there's another explanation than "VIRUS!!!". I hope so at least. :unsure:
     
  11. darthloud

    darthloud Producer

    Joined:
    Dec 24, 2016
    Messages:
    172
    Likes Received:
    75
    cracked plugins need block host , block daw , for work without problem
    what would be the poor producers and beginners without the cracked plugin
    long life for all teams
     
  12. Mr. X

    Mr. X Guest

    My guess is that your DAW most likely isn't blocked properly from all internet traffic. That would explain why several plugins from different manufacturers were affected.

    VST's goes through the host and if your DAW is properly blocked then the VST's would be too.

    But then again, you have these few special cases like Sonic Charge who still can phone home (using other ways) who needs additional blocking.
     
    Last edited by a moderator: Jul 10, 2019
  13. twoheart

    twoheart Audiosexual

    Joined:
    Nov 21, 2015
    Messages:
    2,263
    Likes Received:
    1,442
    Location:
    Share many
    • Never say never. There's no guarantee that things that didn't happen in the past won't happen in the future.
    • If you encountered a problem with one prog at the same time you have encountered one with another one doesn't ultimately mean the source of the problem is the same.
    • Also, if there are several ways to tell how something has happened, the easiest explanation most likely is the right one.

    I think, as several other people said, it isn't a time bomb bombing TWO VSTs at the same time.
    It is most likely the misconfiguration of the firewall. Because VSTs tend to check serial numbers on verdors server.
    One needs to disallow these connections by HOSTS and/or by firewall (e.g. DAW)

    There's a little utility (freeware) for windows named "windows firewall control". It makes controlling the built in windows firewall much easier.
    Set it to "medium filtering" and you can control wich progs are allowed for in- and outgoing traffic. You are always asked if you allow or disallow a given prog to communicate through the firewall in the future.


    p.s.: funny profile picture :wink:
     
    Last edited: Jul 10, 2019
  14. willynucka

    willynucka Ultrasonic

    Joined:
    Mar 15, 2016
    Messages:
    78
    Likes Received:
    25
    Has nothing to do with your firewall or internet. It's just a new flag that needs to be patched. FF obviously added additional serial checks since November.

    If you actually watch your connection traffic, you'll see FF isn't even calling home. It's an internal check within the code that redirects to the piracy page (which you can access just by entering the same address without using the plugin).
     
  15. mono

    mono Audiosexual

    Joined:
    Jul 23, 2014
    Messages:
    1,062
    Likes Received:
    622
    Location:
    Floating Amongst the Stars
    @Moms_little_pirate
    I think R2R fixed the sonic charge time trap in some of the plugins, have a look for a later version than the ones you have
    and see if it helps also read the post there to see if other users got errors.

    Hard as it seems its a coincidence these plugins time bomb at the same time, they are knowing for traps
    and you happen to use them on the say day lol they do not need to call home and if you use an offline pc
    they will still go off but been online is never a good thing.
    Am going to drop back as well to the FabFilter Total Bundle v2018.11.30
    cause mac users as well got the pirat popup,
     
  16. Moms_little_pirate

    Moms_little_pirate Kapellmeister

    Joined:
    Jul 9, 2019
    Messages:
    95
    Likes Received:
    53
    Ok, now that I think about it they both time bombed when I opened a new project tab in Reaper. It was the first time I opened a second tab after reinstalling Windows. I rarely use Reaper so that's probably why they worked fine up until that point.

    So it makes more sense that something triggered the plugins from both vendors when opening a new tab in Reaper than one magically unregistering the other lol.

    Things start to clear up a little I guess.
     
  17. Iggy

    Iggy Rock Star

    Joined:
    Jun 21, 2011
    Messages:
    1,088
    Likes Received:
    435
    Location:
    The stage, man
    Same deal on the Mac side. Any k'd FF plug issued after last November will timebomb. You actually have to mess around with certain parameters to get them to go. I tested the most recent version of Pro-Q 3, which is apparently the worst offender, and the first few times, I was able to keep all the FF plugs loaded for hours in a Logic test project, convincing me that maybe they wouldn't timebomb at all, but the minute I started switching presets or tweaking settings, Pro-Q 3 and the others would timebomb after about a half-hour to forty-five minutes. I dunno about causing plugs from different manufacturers to timebomb -- maybe it was a coincidence? Stick with the November release, which doesn't seem to be causing any problems (as far as I know).
     
    • Interesting Interesting x 1
    • List
  18. Nightmix

    Nightmix Producer

    Joined:
    Jun 16, 2017
    Messages:
    184
    Likes Received:
    85
    This has nothing to do with Internet connections or blocking anything... the files themselves are not cracked properly.

    Cashmere released a fix for this, but only on Mac. Windows users will have to revert to the November 2018 release.

    CASHMERE NFO:
    MERRY CHRISTMAS
    This is the latest version avaliable from March 2019, fully patched with NO time bombs.
    The R2R version for macOS from March is a failed release they couldn’t be bothered to fix that does not take into account the new time bomb FabFilter added in the latest versions of their plugins.
    The March 2019 updates from FabFilter added various improvements and fixed some bugs but most notably they were fully notarised installers and signed binaries to comply with the Catalina guidelines apple laid out in 2018 (well done FabFilter for actually doing this before Catalina release unlike other companies *cough* iZotope *cough*).
    However with these shiny new signed binaries came a sneaky new time bomb which is triggered when the binaries code is altered and doesn’t match fabfilters code signature or the plugins code signature itself is altered which also triggers the bomb.
    It was very easy to find and patch out this bomb by changing just one byte. So no more nasty surprises. enjoy


    Unfortunately for us PC users, she does not specify which byte to change, or what to search for in a debugger. I know it opens the web site when it bombs but I couldn't find any strings that correspond to this. :(
     
  19. Iggy

    Iggy Rock Star

    Joined:
    Jun 21, 2011
    Messages:
    1,088
    Likes Received:
    435
    Location:
    The stage, man
    Is this available from the sister site? The only post-March 2019 "fixed" version I could find over there was by MORiA, which we all established some time ago doesn't actually work.

    (Edit: I found what I believe to be this release from Cashmere, but not on the sister site, even though the full .nfo indicates that this will be the last thing she releases there. Is that why you can't find it there now? Very strange. Anyway, fingers crossed, I hope Cashmere pulled it off again!)
     
    Last edited: Mar 18, 2020
Loading...
Loading...