I would love to download this and have a listen but I literally don't trust that mega.nz link... 🙁

pan069 wrote on 2021-07-20, 09:22:

I would love to download this and have a listen but I literally don't trust that mega.nz link... 🙁

Really? For what reason?

pan069 wrote on 2021-07-20, 09:22:

I would love to download this and have a listen but I literally don't trust that mega.nz link... 🙁

Why? It's a very popular file sharing site and all the 7z contains are the promised MOD, XM, etc. files. Nothing even remotely fishy about it.

@pan069 If you want to be extra careful, you can always upload the 7z file to VirusTotal and have it scanned there. 🙂

EDIT: aw, never mind, the file is too large for VirusTotal. Anyway, I downloaded the file and its SHA256 checksum is 25a39e6755a5e6544710e4730937cbfb94aaef09091211ace60e6a1585b7cc51.

@spacedrone808 Perhaps you can confirm this SHA256 checksum here, to put the minds at ease of people who don't trust public download sites such as MEGA? (Thank you for compiling such a large collection, by the way!)

In the meantime, I ran clamscan on the contents of the archive and this was the result:

1Known viruses: 8679377
2Engine version: 0.103.2
3Scanned directories: 47
4Scanned files: 1433
5Infected files: 0
6Data scanned: 2585.93 MB
7Data read: 1191.05 MB (ratio 2.17:1)
8Time: 136.853 sec (2 m 16 s)
9Start Date: 2021:07:22 19:49:44
10End Date:   2021:07:22 19:52:01

Clamscan was even able to scan the individual sample files that were zipped inside some of the modules, depending on the format.

I'm still not giving anybody any guarantees, of course. Although so far it looks clear of malware to me. 😉

digger wrote on 2021-07-22, 17:38:

@pan069 If you want to be extra careful, you can always upload the 7z file to VirusTotal and have it scanned there. 🙂

EDIT: aw, never mind, the file is too large for VirusTotal. Anyway, I downloaded the file and its SHA256 checksum is 25a39e6755a5e6544710e4730937cbfb94aaef09091211ace60e6a1585b7cc51.

@spacedrone808 Perhaps you can confirm this SHA256 checksum here, to put the minds at ease of people who don't trust public download sites such as MEGA? (Thank you for compiling such a large collection, by the way!)

I'll provide checksum as soon as i reach my puter. Report back here.

spacedrone808 wrote on 2021-07-20, 17:31:

pan069 wrote on 2021-07-20, 09:22:

I would love to download this and have a listen but I literally don't trust that mega.nz link... 🙁

Really? For what reason?

This site is asking for specific storage access permissions to be able to download the file. I'm sure "it's just fine" but the truth is; I can't find any information on what the permission "actually means" (e.g. if I grant, can the site/app read my entire file system? I don't know...). So, thanks but no thanks.

Edit: But just ignore me, I have no intention to derail the conversation here. Let's stay on topic.

pan069 wrote on 2021-07-22, 20:12:

spacedrone808 wrote on 2021-07-20, 17:31:

pan069 wrote on 2021-07-20, 09:22:

I would love to download this and have a listen but I literally don't trust that mega.nz link... 🙁

Really? For what reason?

This site is asking for specific storage access permissions to be able to download the file. I'm sure "it's just fine" but the truth is; I can't find any information on what the permission "actually means" (e.g. if I grant, can the site/app read my entire file system? I don't know...). So, thanks but no thanks.

Edit: But just ignore me, I have no intention to derail the conversation here. Let's stay on topic.

Weird. 🤔 I didn't get a pop-up with such a permission request. I just had to wait a while for it to start downloading, since I was making free use of the site without a subscription or anything.

Have you tried another web browser? Or denying the permissions, and then waiting for the download to start anyway?

You indeed shouldn't let that site install any add-ons or anything. I wouldn't trust that either.

I denied the permission and it still downloaded successfully. But that makes it even more shady, because… what is it using the permission for if not for storing the file?

No issues here downloading from Safari. Go for it - it's nice having a good selection of MODs in one swoop.

digger wrote on 2021-07-22, 17:38:

EDIT: aw, never mind, the file is too large for VirusTotal. Anyway, I downloaded the file and its SHA256 checksum is 25a39e6755a5e6544710e4730937cbfb94aaef09091211ace60e6a1585b7cc51.
@spacedrone808 Perhaps you can confirm this SHA256 checksum here, to put the minds at ease of people who don't trust public download sites such as MEGA? (Thank you for compiling such a large collection, by the way!)

Here is my checksum.
Fresh windows install, installed mega.nz agent. 've done full sync and checked sum via 7zip.
See attach.

digistorm wrote on 2021-07-23, 07:24:

I denied the permission and it still downloaded successfully. But that makes it even more shady, because… what is it using the permission for if not for storing the file?

It's probably one of those "the download will go faster or your daily download quota will be higher if you allow us to install this tool or this browser add-on" kind of things.

And such an add-on (or standalone download tool?) will likely be ridden with adware (or worse). So yeah, no thanks, and not needed to download this anyway.

@spacedrone808 Thanks for sharing the checksum. It's the same as the one I got, so it checks out. 🙂

@pano69 So you can just open an incognito window in your web browser, answer "deny" if it asks you for any permissions, and then wait for it to download anyway. And of course, you can check the SHA256sum hash on your download afterwards as well, to be entirely sure that it's the same file bit-for-bit as the one spacedrone808 uploaded. Heck, you could spin up a temporary throw-away VM instance and download the archive inside there, then copy it from the VM image and throw the VM image away.

Or perhaps someone here can share the file through Bittorrent. 😉

Just in case you want to know i make myself more active on my tiktok channel.

digger wrote on 2021-07-23, 23:14:

It's probably one of those "the download will go faster or your daily download quota will be higher if you allow us to install t […]
Show full quote

digistorm wrote on 2021-07-23, 07:24:

I denied the permission and it still downloaded successfully. But that makes it even more shady, because… what is it using the permission for if not for storing the file?

It's probably one of those "the download will go faster or your daily download quota will be higher if you allow us to install this tool or this browser add-on" kind of things.

And such an add-on (or standalone download tool?) will likely be ridden with adware (or worse). So yeah, no thanks, and not needed to download this anyway.

@spacedrone808 Thanks for sharing the checksum. It's the same as the one I got, so it checks out. 🙂

@pano69 So you can just open an incognito window in your web browser, answer "deny" if it asks you for any permissions, and then wait for it to download anyway. And of course, you can check the SHA256sum hash on your download afterwards as well, to be entirely sure that it's the same file bit-for-bit as the one spacedrone808 uploaded. Heck, you could spin up a temporary throw-away VM instance and download the archive inside there, then copy it from the VM image and throw the VM image away.

Or perhaps someone here can share the file through Bittorrent. 😉

It is more likely using javascript to drive the transfer, as opposed to just giving you a URL to hit with a HTTP GET; if you click yes, you'll see the download is a "blob" URL, which is generated client (browser) side, not server side. JS needs permissions to access your local files system, but you can hit F12 and poke through the code if you want. I would, but I don't have the time; too much JS to deal with at my paying job. Using JS probably allows the site devs more control/throttling/tracking/etc over the downloads.