Optimize your pk3 files with my software Hakros Images Optimizer 1.6

[hakros]

Hi everyone

I would like to present to you my program, "Hakros Images Optimizer" designed for those seeking an efficient solution to reduce image file sizes without compromising resolution or as little as possible ;-)

This software is not just a typical image compressor; it stands out with its compatibility with ZIP, CBZ, and notably PK3 files, making it an invaluable tool for gzdoom developers.

The ability to directly optimize PK3 files is a game-changer, offering a quick and easy way to shrink their size, though some manual tweaks may be necessary.

The new and intuitive interface makes it user-friendly, and it supports batch processing of multiple images simultaneously, with no restrictions on file size.

I genuinely hope this tool proves useful to you, and I eagerly await any feedback, questions, or suggestions you might have.

Greetings.

VIDEO DEMO
https://hakros.com/webprojects/hakrosimagesoptimizer/hakros_images_optimizer_demo.mp4

SCREENSHOTS

An example optimizing the DOOM HD texture pack

EULA
https://hakros.com/webprojects/hakrosimagesoptimizer/EULA.txt

DOWNLOAD

You can get the tool from the official website:

https://hakros.itch.io/hakros-images-optimizer

 

Edited February 10 by hakros

[hakros]

Video demo.
https://hakros.com/webprojects/hakrosimagesoptimizer/hakros_images_optimizer_demo.mp4

[hakros]

An example of optimization for FOXTEX textures pack
 

https://hakros.com/webprojects/hakrosimagesoptimizer/hakros_images_optimizer_foxtex_optimization.mp4

 

It's true that such automatic optimization can result in some quality loss (and you'll see this in some images), but the intention of the program is to be as efficient as possible. It can serve as a tool for optimization or simply to explore the possibilities of loading smaller file sizes to improve performance on older equipment.

And as I mentioned, in the end, individual file optimization can always be performed.

My intention is to help.

I'll hope you like it.

 

[LuciferSam86]

Cool stuff. What kind of optimizations

 algorithms  are you using?

Standard stuff, or something custom?

[hakros]

On 12/22/2023 at 12:51 PM, LuciferSam86 said:

Cool stuff. What kind of optimizations

 algorithms  are you using?

Standard stuff, or something custom?

 

Hello, sorry, I just saw your message.
For JPG I use my own algorithm and for PNG a standard one.

[DevilMyEyes]

Hi Hakros, hope you're doing well. Can you explain to me why scanning most of your software posted in this site in VirusTotal it's always categorized as a trojan threat? @Obsidian

 

 

[Pancrasio]

The Hakros saga continues...!

[Vosolokoviteh]

39 minutes ago, DevilMyEyes said:

Hi Hakros, hope you're doing well. Can you explain to me why scanning most of your software posted in this site in VirusTotal it's always categorized as a trojan threat? @Obsidian

 

 

Speaking of that, the other time a friend of mine did a little checking, and compared the 3 launchers on 2 different pages (ZDL and Doomlauncher) and curiously, in addition to that, not much was detected in ZDL and Doomlauncher. It was mentioned to me that Hakros Doom Launcher weighs more than the others

 

 

Spoiler

 

 

Spoiler

 

Any explanation would be helpful

 

 

[Yisue]

Doom Awards saga continues xd 

[LuciferSam86]

Not for defending him but AV software that flags a program for using UPX might be a bit misleading

https://en.wikipedia.org/wiki/UPX

 

Instead should be more interesting to execute such software inside an advanced sandbox like the old Cuckoo Sandbox or something similar.

 

Now some of you might ask: what is UPX?

UPX is a piece of software that compresses the executable so it occupies less space on disk, and when it's executed, it gets uncompressed.

 

The problem is: some malware writers use UPX because it makes it harder to discover malicious code, and that's why AV software flags such behavior.

 

Don't take for the absolute Truth (tm) without prior research on what the AV says.

Edited April 21 by LuciferSam86

[Kroc]

Interesting, never saw this before! I created DOOM-Crusher, a rather less pretty-looking PK3/WAD crusher that strings together a collection of optimisation utilities in a simple drag-and-drop batch file.

[DankMetal]

Hakros situation is insane

[ETTiNGRiNDER]

1 hour ago, DevilMyEyes said:

A result like that, where a small number of who-ever-heard-of-this scanners show a "generic" (see monikers like "susgen" or "AIDetect") problem can probably be written off as bogus unless you're in a situation where you have to be super paranoid about the slightest chance of anything malicious getting through.

 

1 hour ago, DevilMyEyes said:

This one is a little more concerning, because there are a few more hits and "big names" like Google and McAfee are complaining, although whether you want to consider either of those entities "trustworthy" well I wouldn't necessarily.  It still looks like they're giving a vague/generic "we don't know what this is but think it stinks" result which are often bogus compared to results where a lot of scanners agree on a specific, named malware.

 

I could ramble way deeper into it but in short, virus scanners, especially ones that are some obscure trash, often over-report/falsely report and one of the nice things about VirusTotal is that you can compare opinions to see if a lot of scanners are agreeing on a problem or not.

 

Not that I particularly care to defend Hakros specifically in this.  You'll have to answer for yourself the question of "how much do I think I should trust the person offering this software".

[Edward850]

Given the information provided, out of interest for public security I decided to do some investigation into this programs disassembly. Both his programs have been entirely JIT obfuscated and can't be decompiled, this is a deliberate action as .NET C# does not normally do this. While this is not meant to be suspicious on its own, and while his launcher checks out on an initial glance, his Optimizer program however sticks out with these:

private static IntPtr QkPC8qYelH(uint _param0, int _param1, uint _param2)
    {
      if (Xgj5ItBSV6aJrBvs0Tc.iTdCz00sw5 == null)
        Xgj5ItBSV6aJrBvs0Tc.iTdCz00sw5 = (object) (Xgj5ItBSV6aJrBvs0Tc.jXUkLoOogskEYcydUSs) Marshal.GetDelegateForFunctionPointer(Xgj5ItBSV6aJrBvs0Tc.gn2CNaJjH0(Xgj5ItBSV6aJrBvs0Tc.c8iKhNv3S(), "Open ".Trim() + "Process"), Type.GetTypeFromHandle(iCYk5ZOl8ERF5F3WvKX.yeur6FKpQJi(33554543)));
      return ((Xgj5ItBSV6aJrBvs0Tc.jXUkLoOogskEYcydUSs) Xgj5ItBSV6aJrBvs0Tc.iTdCz00sw5)(_param0, _param1, _param2);
    }

    public class THISPROGRAM
    {
      internal static PRIVILEGIES.THISPROGRAM XcKw5Kr7CxZoEBcPjquh;

      public THISPROGRAM()
      {
        // ISSUE: unable to decompile the method.
      }

      public static void subExecuteAsAdministrator()
      {
        // ISSUE: unable to decompile the method.
      }

That is a very obfuscated call to the system kernel OpenProcess function (the string has been split up and combines at run time, an attempt to hide its name in the code), and a method that appears to want to elevate the optimizer as an administrator. Combined, this would give the Optimizer the ability to open any process as an administrator, and combined with VirtualAlloc (also present in this code), inject into said processes.

I have no suitable explanation for why these both must exist at the same time in this program given the obfuscated code (I cannot find what process it wants to execute), and thus consider this highly suspicious.

This will also be why the AV scanners as noted by DevilMyEyes detected the program as suspicious. AntiVirus is actually getting better at detecting this kind of stuff (ironically because of Machine Learning, it's not entirely useless!), and a combination of OpenProcess (which the launcher also has, weirdly as a kernel call) and obfuscation is typically a red flag. Admin elevation is why the Optimizer is getting more hits.

Edit: Further information below.

Edited April 22 by Edward850

[roadworx]

i don't think that it's malware tbh. the reason for the obfuscation is probably because it has shitloads of stolen code lol

[Edward850]

As a previous correction, OpenProcess doesn't create processes, it opens existing ones. However combining with VirtualAlloc does allow for injection, which both this and the launcher has. However I can't find any reference to elevation in the launcher. Roadworx is maybe right though, it's plausible what's actually happened is a whole bunch of code has been dumped in here from god knows where that hakros doesn't actually understand the true nature of, rather than anything intentionally malicious at least on his own part (at least in regards to computer security, anyway). It's more likely that if there's anything malicious in this code, it's because he doesn't know about it.

Which is maybe the best lesson of them all in why you should make projects like these open source. If you don't know the code yourself, you can't audit it yourself! The attempts to hide the codes origin and obfuscate even debuggers (seriously there's debugger detection in these) might actually be more harm to himself than anyone else.

Edited April 22 by Edward850

[Kinsie]

29 minutes ago, Edward850 said:

The attempts to hide the codes origin and obfuscate even debuggers (seriously there's debugger detection in these)

This, combined with Hakros's past, uh, misadventures in using random commercial assets, code templates and generative tools, suggests that the links should be deleted and the earth on which they stood burned and salted until he sits down, figures out what his own code is actually doing, and issues an update that is less likely to inadvertently give someone's computer Havana Syndrome.

[Logamuffin]

8 hours ago, Pancrasio said:

The Hakros saga continues...!

Every time we think it's over, someone revives a thread to tell us of *another* even worse thing he's done. At this rate, in 7 months someone's gonna tell us he burned down an orphanage or something else equally as heinous.

 

7 hours ago, DankMetal said:

Hakros situation is insane 

Don't tempt Midnight :P

[Edward850]

Upon further investigation, it may be what I'm looking at is the applications very own obfuscation process, which is starting to explain why it's the only code I can reliably see. This is some rather complicated stuff for what basically a Visual Basic program (turns out this is VB, not C#), but it basically has the programs code encrypted, and it runtime it uses this code to decrypt itself and copy it into the programs own memory for execution. It's basically injecting into itself.

 

I cannot say if that's the only thing it does with this code, but it's not actually his code at all, that's ultimately impossible to see because of this (at least with static decompilation, this wouldn't hold up with JIT disassembly at run time). For this reason, I cannot judge this program as safe or unsafe, or as anything really. It's a mystery box through and through. Here be dragons.

The optimizer does however ask for process elevation. That is still his code.

[Hebonky]

2 hours ago, roadworx said:

i don't think that it's malware tbh. the reason for the obfuscation is probably because it has shitloads of stolen code lol

Well I mean why not both!

[kevansevans]

This reeks of consciously and naively going out of one's way to hide one's work, opposed to giving the benefit of the doubt Hakros is paranoid someone might steal "their" code. Personally, if I didn't want people stealing my code, I'd pick a language/target that isn't easily decompiled to begin with.

 

Regardless of Harkos' intentions and whether or not they made a safe program, obfuscation at this level should be one of the reddest flags ever. Links should be removed until source code is provided in some fashion.

[Sneezy McGlassFace]

I'm not much of a computer wizard but somebody covering their tracks like this makes me think they're trying to hide a body. 

Is it possible without the code to see if the program tries to connect to the internet and where it wants to go? Like, if it wants to mine bitcoin or whatever? 

Edited April 22 by Sneezy McGlassFace

[Craneo]

2 hours ago, Logamuffin said:

Don't tempt Midnight :P

Well if Midnight ever makes a vid then...

Gracias Hakros.

[Major Arlene]

3 hours ago, Edward850 said:

 it's plausible what's actually happened is a whole bunch of code has been dumped in here from god knows where that hakros doesn't actually understand the true nature of, rather than anything intentionally malicious at least on his own part (at least in regards to computer security, anyway). It's more likely that if there's anything malicious in this code, it's because he doesn't know about it.

 I did remember doing some digging as this was also brought up in a Discord I moderate - it includes a plugin called pngquant, which according to the license txt was evolved from another project.

Github for convenience.

[Dreemurr Deceevurr]

[Misty]

Imagine if all his programs are sort of crypto miners in the background, lol. Wouldn't put that past him knowing how his alt doom awards turned out. 

[ducon]

For your information, here is what whois hakros.com prints:

> whois hakros.com
   Domain Name: HAKROS.COM
   Registry Domain ID: 1704047989_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.advancedregistrar.com
   Registrar URL: http://www.netearthone.com
   Updated Date: 2024-01-07T16:15:54Z
   Creation Date: 2012-02-25T20:12:29Z
   Registry Expiry Date: 2026-02-25T20:12:29Z
   Registrar: NetEarth One Inc. d/b/a NetEarth
   Registrar IANA ID: 1005
   Registrar Abuse Contact Email: a-b-u-s-e.whois.field@netearthone.com
   Registrar Abuse Contact Phone: +44 02030 26 99 87
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS4710.BANAHOSTING.COM
   Name Server: NS4711.BANAHOSTING.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-04-22T08:10:09Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: HAKROS.COM
Registry Domain ID: 1704047989_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.netearthone.com
Registrar URL: http://www.netearthone.com
Updated Date: 2024-01-07T16:15:56Z
Creation Date: 2012-02-25T20:12:29Z
Registrar Registration Expiration Date: 2026-02-25T20:12:29Z
Registrar: NetEarth One, Inc.
Registrar IANA ID: 1005
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: GDPR Masked
Registrant Name: GDPR Masked
Registrant Organization: GDPR Masked
Registrant Street: GDPR Masked
Registrant City: GDPR Masked
Registrant State/Province: MADRID
Registrant Postal Code: GDPR Masked
Registrant Country: ES
Registrant Phone: GDPR Masked
Registrant Phone Ext: 
Registrant Fax: GDPR Masked
Registrant Fax Ext: 
Registrant Email: gdpr-masking@gdpr-masked.com
Registry Admin ID: GDPR Masked
Admin Name: GDPR Masked
Admin Organization: GDPR Masked
Admin Street: GDPR Masked
Admin City: GDPR Masked
Admin State/Province: GDPR Masked
Admin Postal Code: GDPR Masked
Admin Country: GDPR Masked
Admin Phone: GDPR Masked
Admin Phone Ext: 
Admin Fax: GDPR Masked
Admin Fax Ext: 
Admin Email: gdpr-masking@gdpr-masked.com
Registry Tech ID: GDPR Masked
Tech Name: GDPR Masked
Tech Organization: GDPR Masked
Tech Street: GDPR Masked
Tech City: GDPR Masked
Tech State/Province: GDPR Masked
Tech Postal Code: GDPR Masked
Tech Country: GDPR Masked
Tech Phone: GDPR Masked
Tech Phone Ext: 
Tech Fax: GDPR Masked
Tech Fax Ext: 
Tech Email: gdpr-masking@gdpr-masked.com
Name Server: ns4710.banahosting.com
Name Server: ns4711.banahosting.com
DNSSEC: Unsigned
Registrar Abuse Contact Email: a-b-u-s-e.whois.field@netearthone.com
Registrar Abuse Contact Phone: +44 02030 26 99 87
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2024-04-22T08:10:19Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Registration Service Provided By: ZOILO DIAZ

The data in this whois database is provided to you for information purposes 
only, that is, to assist you in obtaining information about or related to a 
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree 
that you will use this data only for lawful purposes and that, under no 
circumstances will you use this data to: 
(1) enable high volume, automated, electronic processes that stress or load 
this whois database system providing you this information; or 
(2) allow, enable, or otherwise support the transmission of mass unsolicited, 
commercial advertising or solicitations via direct mail, electronic mail, or 
by telephone. 
The compilation, repackaging, dissemination or other use of this data is 
expressly prohibited without prior written consent from us. The Registrar of 
record is NetEarth One, Inc.. 
We reserve the right to modify these terms at any time. 
By submitting this query, you agree to abide by these terms.

The GDPR masked thingy is suspicious.

[Major Arlene]

11 minutes ago, ducon said:

For your information, here is what whois hakros.com prints:

The GDPR masked thingy is suspicious.

Considering that isn't even supposed to work that way - normally GDPR masking is common practice to hide PII, but it is supposed to replace real data with fictitious but real-looking data, not uh, that.

[Professor Hastig]

I tried whois on a few Doom related URLs.

In that case zdoom.org and youfailit.net must also be suspicious, all those fields are blanked out with 'REDACTED FOR PRIVACY' when I call WHOIS on the URLs.

doomworld.com returns data, but it doesn't look particularly useful.

 

 

[roadworx]

yeah, you guys are looking waaaay too into this. chances are that code edward posted is the obfuscation decryption and the av results are false positives; hakros is a complete dipshit but i don't think he's that malicious. he wants clout more than anything else, not bitcoins mined from computers.

 

he's been dragged through the mud more than enough at this point, we don't need to go hurling unfounded accusations based entirely on suspicion.