Is GOG Really DRM Free?

I don't think I have Galaxy on my computer. The only evidence of Galaxy I can find on my computer is the Galaxy.DLL file in The Witcher 3 directory. Furthermore, when The Witcher 3 checks for Galaxy as part of start-up, it fails the check.

I downloaded The Witcher 3 base game, both paid DLC, the free DLC, and the patches manually.

I downloaded some dos games 2 weeks back. Ill check tomorrow if i have the dlls in there.

Interesting. Not only does Trails in the Sky SC have it, but so does Trails in the Sky "FC".

FC came out in August 2014, though it had been updated before Trails in the Sky SC's release late last year.

Then disregard everything I have said, I am a massive faggot. Sage for my retardation.

Oops, sorry - made a small mistake here. Better picture.

Thank you for checking! GOG must have updated the game post-publish to include the DLL. Do you remember whether you bought this game before or after the open beta release of GOG Galaxy? Also, have you ever had GOG Galaxy installed on your PC or any PC in your household?

As long as the installer itself can be freely passed from user to user, it doesn't count as DRM, right?

Very interesting tho, nice work user.
Have a bump

it's not comic sans

Send to some gaming site like techraptor or whatever

I bought the game on it's launch in 2014. It's installed in a WINE prefix I've tweaked for maximum compatibility with Falcom games and literally the only game installed on this "computer" are Falcom games.

Unreal Tournament '99 has it. Not sure when it was released on GoG

I checked these games and they don't have Galaxy.dll
I have Galaxy installed on my PC because I wanted to try it out.

No need, I'll pass it along for you guys. We'll look into it further.

Way of the Samurai 4 is on GOG? Shiiiiet.

You're thinking of copy protection; DRM is used so that only people who’ve purchased legitimate licenses can use the software, and in this case, it appears that “Galaxy.dll” sends user information to validate their license.

Should i get it?

You don't know if it's sending data to "validate" the license. It's sending user data which seems to go against their privacy policy, but there's no proof that it's being used to "validate" anything.

Iunno if it's good, I've just heard good things and I'm kinda interested in it.

Maybe theyre just collecting data, maybe to catch people uploading torrents.

Yes, but on sale

Is there any way to see what that file is for?

Still not good tho.

From what I remember, you play as a Samurai that can use multiple sword styles and even use pistols. I've also heard that it's a little demanding in terms of difficulty, so it's not for the faint of heart.

Can't you sniff out what network traffic (if any) the service is sending or receiving?

What happens if you make a blank file called "Galaxy.dll"? Will it still run? (probably not)

Torrenting is a legitimate P2P file transfer protocol. How you receive or install the game is not important, only that you have a valid "license" to play and enjoy it. They have no right to track that.

Yeah I'm not defending it, and regardless it seems to be in contrast with their privacy policy.

Anyway, I'm not in the best position (with Linux being my daily driver) to be able to test this, so I've forwarded the OP pic and my own findings to the folks back home on our slack chat. I'll definitely work with them to try and find out more about this, and get back to you guys.

Now that's something I can test. Gimme a second.

Regardless of whether pirating GOG games with the Galaxy.DLL file is possible, the file does effectively deanonymise its users. Every single time I start up my GOG copy of The Witcher 3, it phones home and hands over my unencrypted private information. If I used my real full name or other personally identifying information as my PC host name, they would be able to link my actions to me. Whether they use that for anti-piracy efforts or not, it clearly breaks their privacy policy.

The Witcher 3 startup also sends a "ClientID" and a "ClientSecret" to GOG's server. Who knows what that is used for? I checked my GOG cookies whenever I "remember my password" on GOG.com to see if the ID is connected to my account in some way. (Un)fortunately, GOG being an HTTPS site, the cookies are too encrypted to tell.

Im not a casual faggot.

Can someone like trap the uploaded packets to see whats in it?

Is it in their privacy policy?

So beyond breaking GOGs privacy policy does this actually do anything at all to people who don't even have an account? Like "oh look another unauthorized user but he doesn't have an account and no banking information so we can't do anything".

It's 7am here and I'm about to go to bed, but even if I wanted to run some tests, that Galaxy.dll doesn't appear in my installation folders.
Maybe it's because I have Galaxy itself installed?

Whatever it is, it cant be good.

I think this specific one is actually part of the game and not the gog's one.

Alright, (as expected) just using a blank Galaxy.dll file won't allow games to run.

It's nothing to do with their privacy policy, but how two-faced they are as a company. Some people and companies legitimately torrenting is evil, period.

It might be about 10 hours till i can get on my computer, can anyone test and see if dos games have the dll?

Rayman 2 doesn't have it.

Has anyone decompiled the DLL?

Holy fucking christ user kill yourself. I'm asking if this actually does anything besides data gathering and what kind of data gathering.

Anyways only Deus Ex on my system has it I only have a few old games like neverwinter installed so there you go. I assume the galaxy.dll is something specific instead of being part of a game. And if I'm offline none of my GOG installs fuck up (outside online multiplayer obviously).

yeah looking at that ini, it's some sound system

I did. The only interesting traffic are the first 2 hits, which I screencapped. I was afraid much more due to the high risk of posting deanonymising info (which is why I did all of this in the first place, faggot), but I show that The Witcher 3 sends my PC Host Name, a ClientID, and a ClientSecret. That is condemning.

I'll try it!

People can investigate the matter themselves. I do not wish to dump the entire packet because my unencrypted deanonymising information is in it (and on GOG's servers, against their privacy policy).

It's Comic Sans, just for you, boys.

It's probably using C++… C# is trivial to decompile. I don't know how to figure out functions and hooks in a dll like that

That seems pretty intrusive of them.

Many people use their real name or other personally identifying information as their PC Host Name. Collecting this unencrypted information every time you start up one of their infected games is potentially deanonymizing.

It's really good. Theres a good dozen or two different weapon styles ranging from polearms, to shortswords, and naginatas. On top of that the game has a ng+ option where the gameworld changes depending on how you beat it last time. Your progress, weapons, techniques and everything else also carries over from each playthrough. You can also unlock different faces and femal samurai, or foreigner women the more you play and earn points for beating the game.

can't have dlls in ganoo+loonix :—DDD

Does it do anything or just link your game to your account?
And if you pirated an installer what does it do then?
Is it just to track if its a valid copy or not?

How on earth are you supposed to use libraries? It can't be worth running it from raw code every time. That paradigm is just too weird for me.

Can confirm that WOTS is great shit.
Check if GOG has WOTS3 though, as it gives more authentic experience compared to 4, which went full anime.
Both locked at 30 fps though, an unfortunate aftermath of being designed for PS3.

what do you mean raw code?
you mean the source code or executes/binaries?
or do you mean scripting languages like bash, html, python, etc.

Compiled code, which is what dlls are

Pirated no mans buy and it does have the .dll

...

I don't know because I've never used Linux and I've never had to manually set up compiler options

What's the point of playing a game where you can name animals if you can't call them niggerfaggots?

user, please upload the profanity filter dll! I wanna look at it!

Interesting. GoG is still less anti-user than steam with its DRM, but you should still pirate or buy directly from DRM free devs.

In No Man's Sky's case, GOG really is DRM
You can't play the multiplayer unless you bought it

Oh, sorry, "multiplayer"

No Man's Sky is not a multiplayer game, user :)

I also replaced my Galaxy.DLL with an empty DLL file with the same name. Initially, I get pic related error message. However, wait a bit, and The Witcher 3 starts up and plays just fine WITHOUT phoning home. This seems to be a practical immediate fix for games I already own. Uh, thank you.

The Galaxy.DLL file is apparently essential for the software to phone home. When it is replaced by an empty DLL file, it can no longer phone home. I'll just have an annoying Windows Error every time I start up my infected game, but it will otherwise be playable. More people should report their results.

my.mixtape.moe/tntnyk.dll

here

You upload and download player created content from their servers in real time as a standard part of the game
Granted, that's like saying the message system in dark souls is multiplayer, but there is indirect player interaction

...

...

They claimed you could physically meet other players in game. They lied.

shit hold on

my.mixtape.moe/tmsltq.rar

Mixtape and they're naming schemes

Went to go check any of my GOG games have the .dll. None of them have it thankfully including my arrrgh version of Witcher 3 complete. I'll try digging into the dll that was posted earlier.

Yes, and?

Fug. I don't suppose one kind user could upload theirs?

Did the same with no man buys and I got the same message but the game didn't run.

Yeah, I got it, thanks fam.

I was just curious to see if it had any inline data or was just utility functions. Looks like the latter.

So I assume that since the profanity filter is local (eg not server validated) the player receives a copy of the bad words (hidden and encrypted in the localization files somewhere) or else it sends/receives some kind of data from the server where it gets validated. In either case, putting a "crucial" thing like this on the client machine seems like a good way to fuck with the system by bypassing things … if you could figure out what the dll actually does, you might even be able to pass unrenderable characters as planet names, causing game crashes.

Galaxy.DLL - my.mixtape.moe/iguswu.dll

The Witcher 3 takes almost a full minute to launch. I double-clicked the icon, got the error message almost immediately, waited a minute, game started regardless. You are sure No Man's Sky never starts up, even after the message is OK'd? It's curious the programs behave differently. Regardless, my fix hopefully works for any Witcher 3 owners.

I'll also add that Galaxy.DLL may not be the only privacy offender. Maybe my copy of The Witcher 3 only relies on Galaxy.DLL, but it's possible No Man's Sky is a little more obfuscated.

Heh

Fixed

If we can break it we might be able to call Sean a kike in his own game.

It could be that NMS relies on Galaxy.dll for it's "multiplayer" features. Thanks for posting it.

see

It wont run, waited about 5 minutes.

my.mixtape.moe/uvctfz.rar

.dll if anyone wants to see

Disclaimer: That's the Witcher 3 DLL.

It's C++, and data-mining the strings gives a bunch of mangled function names and references to shared_ptrs. There are functions to get leaderboards, achievements, stats, lobbies, and peer to peer information. There is also this string which sounds like it is looking up whether or not you have DLC: Presence of DLC not confirmed: not valid JSON; productID=%llu, path=%s
I’ve also found a generic, steam, xboxOne, and ps4 signin strings.
The developers’ computers are also named “devel,“ “JenkinsSlave,” and “rmakagon.”

All this from NMS.

From the Galaxy.dll? It's likely a generic dll that ships with all GOG products; NMS doesn't necessarily make use of that stuff

If you pirate the game, you cannot connect to their servers
It has to be something

blah blah blah SPYING EVRYWHER bleh bluh

fucking dumb nigger

surveillance is a fact of this life, if you really cared about privacy you won't be even playing games at all. Look one system for games and doing normal as fuck work, and one system for privacy stuff, it isn't hard to understand and no matter how much whining about idealistic stuff you can argue, that dynamic is not going to change in the near future

nothing to hide nothing to fear! :^)

...

Isn't this component for the online features of games? I imagine any game that requires an online authentication of some-sort since the introduction of galaxy to have this .dll. I could be wrong though.

Nice bait, microshill. Go poo in the loo, Pajeet.

that's not what he said you homo

Looking through it now and it seems pretty harmless. Mostly just shit for Galaxy.

You just went full retard.

That's what you get for playing shitty jrpgs

I don't care what the Galaxy.DLL is supposed to. What it DOES do is send my unencrypted, deanonymising information to GOG's server every single time I try to run my favorite single-player game. I purchased it from GOG because I wanted to avoid these practices!

Fuck you, m8.

That's a fair enough point. Hopefully someone can get them to look into that!

Why would a company do this though?

Shit's pretty in your face, they were bound to get caught eventually.

Seems a stupid thing to do when your entire gimmick is that you don't spy on people unlike steam.

Well boys, it looks like our only logical course of action is to bomb GOG headquarters.

I'm sure if we burn enough Mosques that they'll look into it at the very least.

GOG has always been jewish. It's just that they don't want to appear that way. You saw the shit when they released both Witcher 2 and 3?

Operation Dank Ink 3.0?

I don't really pay attention to drama.

Was it that W2 felt like a bad console port and W3 pulled the gameworks shit?

you re complaining about a client using your data while using windows for fuck sake
bitching about drm doesn't fix shit, you can thank piracy for the use of drm, maybe you can come up with a better solution

Witcher 2 had a launcher with DRM which is why you see that little thunderbolt at the top right whenever you launch it.
When they released Witcher 3 they introduced regional pricing to try keep their profits high. The jewworks and bad PC shit were just icing on the cake.

So it's not the first time they broke the 'no DRM' thing?

And yeah I remember australians complaining that they were asked to pay like a hundred dolaridoos for preorder

...

I have TW2 on disc and I see it, but it does literally nothing to prevent me from installing and playing the game at any time offline or otherwise as if I had also pirated it. How is it DRM?

It was from version 1.1 onwards that they had removed the DRM. I only heard about the DRM shit after it happened so I guessed that they used the launcher. If someone wants to correct me then be my guest.

Oh so then who the fuck cares? I don't have any DRM.

post more best tag

Don't tell me what to do.

Something we have not looked at is it the "clientID" is the same every time. I'll look at it tomorrow maybe if no one else does it first.

I'll try to reverse this profanity filter too. I'd like to work closely with someone who has a copy of NMS so we can capture network activity when "discoveries" are uploaded. We could probably make a small client that spams discovery names.

So it looks harmless?
And me might be able to name planets nigger?

nigger is a banned word anyway
but jew isn't :^)

(((Nigger)))

It still sends the user's computer's name which can be the user's full name. I know a fag I played on hamachi with who did that. Shit was fantastic.

I do that with my family name because I technically shouldn't be using a company license OS of my dad. Not that anything would happen but better safe than sorry. Actually had to change it on hamachi

This can't be true because it'd be VERY illegal.

Digital Rights Management is a legal thing.
Just because something relies on something else doesn't mean its DRM.
You can argue that its spyware in your case, but as long as its not been declared DRM its not DRM.

The reason why this distinction is important is because if something is DRM, then it is copyright infringement to break it.
If something prevents you from running the game, but that thing is not declared DRM, then breaking it for personal use is perfectly legal to do.
The reason why DRM is considered fucking cancer is because if you can't get past the DRM for some reason (e.g. relies on a connection to a server), then trying to bypass DRM is illegal.

I think this is an important point, and we should not call it DRM but rather spyware/malware, but keep in mind that this is a direct contradiction of their privacy policy. They have most certainly fucked up.

Nigger who the fuck gives a shit? If a game has DRM, I will simply pirate the game since no one wanted to sell me the DRM free version.

Fuck, at least Steam informs you that in order to use it you will have to fork over information. This shit is shady as fuck and borders on illegal as it's done without the full consent of the user.

Doing gods work, I just wish people would wake up to the idea of not messing with drm software at all.

they won't

I have a physical copy, let me check.

here's an idea

Why are you French?

but muh multiplayer and muh social experience

Yeah, no.

what if the game sends all the info once you're connected again?

Confirmed safe. My old ass physical copy has it, and this thing predates even Steam, so it's clean.

Yeah, no.

...

...

Ofc it's not that your regular GOG account suddenly has the game in it with a bill attached. :^)
GOG's policy is if you pirate their stuff and they find out and are able to identify you, you get sued by their lawyer. It is not relevant, how they find out, Galaxy.DLL might be just another sneaky way to get you.
Some retards think DRM is only DRM, when it fucks paying customers, but that's something GOG actually refrains from.

That is completely fucking ridiculous to even consider. But let's test it out. I have the GOG version of NMS installed fresh from TPB and I use Galaxy. I wanted to shit on it properly.

NMS is in the games list. However, W3 has his achievements listed, and it shows I'm online with it and the rest. NMS does not. Clicking on Connect Now gives me the option to input a gift code. I can still run the game fine even through Galaxy. Nobody cares. The galaxy.dll file is probably checking if you have bought the game to use achievements/friends, not to prevent you from playing it, but I'm no expert.

the idea of getting a blacklist of bad words turns on me

I'm 12

You present the possibility of it being anti piracy, don't even attempt to back it up, and then go on and make a bunch of accusations based on that statement. Thanks CNN, tell me more.
>That if I put my name in the host? :<
You can't be criminally charged or even have your property searched/seized under the basis of "it came from a hostname which happens to be your last name".
And deanonymize? If someone can link your IP address to you then what do they need your hostname for? Are you just complaining on the basis of consumer trust?

I understand the issues of privacy concern but presenting this in such an extreme form when it's really just careless lack of encryption, which is annoyingly common in the world, comes of as a faux pas.

This is from Energy Kyo-ka.

I could have sworn this was from butcha's delightfully fuckable series but I must be wrong since I can't find the panel or the beauty spot.

No idea what this is.

Now GOG knows for sure, that you pirated NMS.
That's the whole point of the Galaxy.dll.
The main question is if you get fucked over by GOG, if they notice that you installed a game you don't own. I think it depends on the country. If you're from Russia they can't do shit of course. The rumors are from countries with functioning law enforcement.

It's a long story.

so it turns out that GOG has indeed DRM.

Just checked a few gog games. Got three galaxy.dll

i don't have galaxy installed, maybe this dll is for galaxy to check for updates?

gog.com/forum/the_legend_of_heroes_trails_in_the_sky_series/trails_in_the_sky_sc_phones_homes

Here's a forum post about this exact issue

fuck so no more pirating gog releases eh

when can i play as naked female?

They still run fine, you just have to be cautious.

IT'S LIKE THEY PURPOSELY LEFT THIS SHIT OUT IN THE OPEN

That sounds like a great idea!

the no man's buy hole keeps getting deeper and deeper, looking at the steam page the divide between retarded normalfags/shills is getting bigger and bigger.

2016 is the year of happenings confirmed

What if a friend gave the install to me to try it out? Since there's no DRM on the installer, this is perfectly normal and expected behaviour. Of course it knows I didn't buy it, that's why it's giving me the possibility of inputting a gift code for it.

Why would I? The games I have purchased and use optional achievements do that, but the game I haven't purchased can't connect to the service to abuse it. There is nothing happening here.

Oh no, someone in Germany will get a letter politely asking them to stop pirating uncensored games. The horror! It's good to be cautious and aware of your consumer rights, but come on.

ok, just block the .exe of those games with the galaxy.dll and you are save to go. DLL's are blocked to when the exe is blocked.

That's against the ToS. Did you ever read it?

staring at this thread for any updates. is this for sure sending out info to gog?

And the GoG JIDF show up right on schedule.

Yes, it sends Personally Identifying Data to GoG.

Unreal Tournament's Galaxy.dll is unrelated, as installs predating Steam have it.

Could be that they fucked up security 101 and encrypt your info server side rather than end-to-end encryption.

Shared object (.so) are Linux and other Unix system version of dll

OP here. Thank you for making this point. I realized that Galaxy.DLL's offense more closely resembles Spyware than DRM while going to sleep. I saw the rumor, tested as much as I could, and made the opening pic in the course of a few hours. It's obvious there will be mistakes. I'll better educate myself on DRM's precise definition.

The DRM claim is a knee-jerk reaction to the company's shady as hell history of going after pirates and their aggressively "DRM-free" marketing of the GOG marketplace. This discovery was the final straw for me, so I was biased. After all, the introduction of "DRM"/spyware could have been due to miscommunication or misunderstanding of exactly what information is scooped up by the "syslog".

While GOG isn't perfect, I still believe that it is the lesser evil between GOG, Steam and Origin.

Still doesn't make this right, they're distributing spyware. Steam does similar shit, but they don't fucking hide it. This shit needs to go public.

To be clear, this isn't a pardon. I went to 8ch first to get my facts straight and learn which GOG games are infected. I'll get an official response from GOG and spread better presented evidence to other external gaming discussion communities.

polite sage for double post

OY VEY

they started adding the phone home to their games a while ago. trails in the sky: sc is the only game i have that wants to do it. it also looks to see if you have the galaxy client installed during application start. if you simply block the galaxy ip addresses it launches fine.
i'm not very happy about it and have been using alternatives for drm free purchases where possible (jewbundle for example). i can still forsee myself buying from gog in the future even with this because the biggest thing for me is being able to keep working backups of my games.
i thought this was common knowledge by now.

Didn't they try to sue a bunch of people who torrented a Witcher game at one point? Maybe they're collecting info to find people to sue and scare pirates.

...

That first image I get, but what's your problem with the second one?

That's exactly their strategy: Don't bother paying customers with broken authentication or shit like Denuvo, just hunt down pirates and sue/charge them.
It's basically like the 80s/90s, where publishers did go after magazine classifieds offering unauthorized copies.

What's the problem with EA anyway? The classic one from 25 years ago.

The fact that you money goes to modern one. Not to mention that EA was never good.

The games were.

Just call it your IP address already, your host name is translated into your IP address through DNS (Domain Name Service). FYI just connecting to their server without a properly set up proxy will also give them your host name and your IP address automatically just like 8ch.net and every site on the internet.

Anyways just block the IP address Note that you can do this to bypass software verification too but that's illegal goy.

Jesus, user, that's one dark theme.

Can you edit the dll to have the data go back to your computer?

Why are you treating the command line like voodoo magic? you don't have access to your admin account? The IP address that the data sends too is already listed in OP.

Im just curious what theyre using the data for and if you could use the dll, just edited so the data goes nowhere.

The .dll is part of Galaxy and it's pretty much already established it's for multiplayer in some games like No Man's Sky and achievments for the rest. For using it for various vague purposes it's fucking obvious; data mining and blacklisting accounts. Without those GOG can't really do much except try and sue you but if you're in a country where piracy laws are legal they can't even do anything and if you're too small then they won't even bother.

Seriously m8 what the hell is wrong with you, the amount of fear you're showing for a company having your IP address just reaks of misplaced paranoia. Every site you've ever visited without a proxy has both your host name and IP address and even your domain name the only problem is directly connecting your IP address to non-bought copies of GOG installed games.

No. The host name in Windows is known as the "computer name".

"Unrenderable character" doesn't mean profane, it means a character that the game wasn't intended to draw

I've pirated a shitload of GOG games and never had a problem. If there is some sort of tracking, I wouldn't call it DRM.

EA's PSP retro game compilation EA Replay was filled with watered down versions of each game. Wanted to play actual good versions of Wing Commander, Syndicate, and most notably Ultima 7? Tough luck, enjoy shitty graphics, controls, and gameplay. Oh yeah, and the music to all the Road Rash games were removed

I was perhaps a bit hasty in calling it DRM. I think it's more like spyware. It still apparently breaks their privacy policy and generally creeps me out.

I would appreciate if you share which of your GOG games have the Galaxy.DLL! I am compiling a list for my revision before going to GOG and random external gaming communities. :>

Also not true. You can direct download update files from the GOG websites and then install from exe.

Man fuck this. I want Falcom to get paid but I hate tracking.

It's getting impossible to just buy a game without giving your personal details and getting stalked.

Original Dude Sex has it

Probably because as said before Galaxy.dll is part of the original Unreal engine, which powers Deus Ex.

The reason why it's not running is because DLL files are loaded via the LoadLibrary() function which is part of the windows API. See here: msdn.microsoft.com/en-us/library/windows/desktop/ms684175(v=vs.85).aspx?f=255&MSPPError=-2147217396

Since the LoadLibrary function can't find a valid DLL file structure in the file? The function call does not succeed and causes the program to abort.

If you volafile the Galaxy.DLL file and let me take a look at it with ollydbg, I can try to figure out what it does. No promises, still a scrub at debugging/disassembly/REing

I checked my GOG games.

Clean.

Clean.

Clean.

Has Galaxy64.DLL

Clean.

Clean.

Clean.

Clean.

Clean.

Clean.

Does Crimson Clover have the DLL?

So if I just block the IP I would be fine? Or does it connect with more adresses?

GOG had DRM ever since they started requiring you to have GOG Galaxy installed to play certain multiplayer games. This has been going on for a while now, and is nothing new. But thanks for bringing this to light for the more uninformed users on 8/v/.

Alright, blocked 46.105.121.139 now Nu Males Sky wont boot at all.

It's pure DRM alright.

But it does launch via a shortcut. Strange

volafile.io/r/8qewfW Well since no one's doing it, here it is.

As I said, The Witcher 3 runs just fine with an empty Galaxy.DLL. The only difference I can tell so far is no phoning home & that initial Windows error. I do appreciate you looking into this, though!

I'll repost my copy of Galaxy.DLL from The Witcher 3, too: my.mixtape.moe/iguswu.dll

Also, thank you! polite sage

Thanks, but I already found galaxy.dll on my system in a pirated copy of minimetro…, so I'm disassembling that one. (sha256: 2b3375cf6f09712558744573b6a19599740ac8bdff4543d6563e8f72c4600839)

Here's what I know so far.
I'm willing to bet IGalaxy is where the actual logic is here…

I'm disassembling as we speak. There are a lot of weird functions with just single JMPs in it. Seems like they want to throw off disassemblers or something. I'm not sure since I'm a scrub at this.

contact falcom about this and tell them not to allow it in their games. this isn't something gog did without consulting them.
i sent them an email back when i bought sc, but they just sent a generic "we'll consider all options" response.

I think its more likely its sending generic Galaxy data for datamining (which as the other user said, is still against the policy), which, when combined with sloppy programming on the Witcher 3 side that fails to account for the dll missing, makes it look malicious.

...

I've heard that the PC port of Nu Male Sky comes with some libraries that suggest it may be "emulating" a PS4. I don't believe it's an emulator, but an adaptor like Wine for Linux. Can anyone say what these libraries are, and what they're for exactly?

They're probably a library that was used on PS4 recompiled for Windows. I'd assume it's nothing.

As an example, if I compiled SDL for Windows and then compiled it for Linux so that my SDL application works on Linux, am I really running some compatibility layer that emulates Windows?

iirc it's called libscefios or something so my guess would be that it's just a library that has to do with file I/O ( dunno about the s, maybe system or scheduler), sce most likely refers to sony, so at best you might find a way to read files packed for PS4 usage on another platform.

PC gaming is getting worse

At least it's related to the game, how many outside ads plastered on in-game billboards have we had to endure? That shit's been going on since the 90s.

It's actually only one game and it requires it because it relies on GoG's servers. This is like saying requiring online for online multiplayer is DRM.

EA was always shit. They just haven't gotten around to gutting the devs yet

Having spyware on your computer that transmits PC name, and hostname, in unencrypted plaintext to a datamining server is NOT needed for online multiplayer.

I just checked and Grim Dawn has Galaxy.DLL.

yes it does

Never said it was.

Go on, explain why one has to have identifiable information transmitted to an unrelated server to play a game that connects over TCP/IP?

Go on, explain why one has to have identifiable information transmitted to an unrelated server to play a game that connects over TCP/IP?

Replace with an empty file and report back

Re-read your post, fair enough.

...

Does it load anyway, as this user noted:

No I waited a while and the game just wouldn't launch, let me try again.

"this user", otherwise known as OP here. The empty Galaxy.DLL file fix is causing some games to run OK without phoning home (The Witcher 3) while causing others to crash immediately (No Man's Sky and Grim Dawn).

This user posted a link to how Windows DLL files function. Here's my hypotheses in response:

The Galaxy.DLL can be used for different purposes within a game. Let's say Grim Dawn and No Man's Sky use it for "multiplayer" & the Witcher uses it for achievements. At this point though, it could still be anything. I don't have data to back this post up.

Grim Dawn has multiplayer in it, and No Man's Sky has that upload/download discoveries thing it does have at least that, right?. Say multiplayer immediately tries to call a function within the Galaxy.DLL file at startup. If you replaced it with an empty DLL, the call will fail and crash the game. To you, it looks like your game crashed at launch.

The Witcher 3 isn't multiplayer, so it doesn't have same checks at the beginning. Perhaps it uses Galaxy.DLL for achievements in this case. It may play just fine until I get an achievement. At that point, it will attempt to call a function within the Galaxy.DLL. Since mine is an empty file, it will fail and crash. I'll let you guys know what really happens when I hit the next storyline achievement, I guess.

I assume something of that sort is up too, maybe it's possible to block said dll with the firewall?

All the Deponia games have the DLL as well, but when I deleted them in Deponia one it launched without even giving me an error.

what blacklisting the website?
thats pretty easy, use your router to block it ezpz

Also just checked. The Deponia games also have Achievements.

I think this thing is just checking for achievements

True.

It's either GOG or Steam. Pick your poison. PC gaming is becoming a walled garden.

Does anybody else smell gefilte fish?

I'm just sayin, it'd make sense since it's only games that have an online component like achievements.

Guys, someone should run this on the games which use Galaxy.dll. It will give you a hell of a lot more info than what you currently have.

dependencywalker.com/

>browse >>>Holla Forums for fun threads
Never change Holla Forums.

Why do you even care? You're all posting on an imageboard data mined by a freemason ffs

...

i don't see any problem with phoning home for achievements/multiplayer, however if i downloaded the game manually and not through gog galaxy said DLLs shouldn't even be present in my directory

if this violates their privacy policy we should write to them, but Holla Forums, stop being retaded and searching for the JEW everywhere

If find it worse, that PC gaming became somewhat download only. So to save on paying for bandwidth, I have to get console versions.

That won't work. You need to compile an empty library with the same exports. All exported functions can then be stubs.

And do what? Play video games? It's much harder than reposting shit webms and infographics.

That's not really true, most games of a somewhat large scale are sold in physical copies. More often than not, they're cheaper than their digital counterparts, especially if you can wait several months. Check online retailers, check bargain bins, check supermarkets. Over here, we've had a few AAA releases being available at 20% off day one in large supermarket brands (SC2, GTA V, D3, probably more).

Sure, you'll still have to download patches but it's nowhere near as bad as downloading the whole games

I've already seen "physical copies" of PC games, which just contain a Steam code inside the box.
OTOH Sony requires developers to put the entire game onto the Bluray disc and online patches are optional.
I even have a PC Bluray drive, yet nobody releases PC games on them.
Which is what I don't understand. They could just put the disc into the box and who doesn't have the drive (because his $900 GPU did eat up the entire budget), just downloads the shit as usual. Give me options, gaming industry!

You don't need options in gaming, goy. Remember the thirteen quintillion!

What do you think, chump? This is why you always apply the principle of least privilege. A single player game doesn't need network access so I don't give it network access. Linux namespaces have been in the kernel since 2.6.24, you have no excuse unless you're a windowsfag or something.

What is Linux?

...

...

All of my GOG games I've checked don't have the galaxy.dll file, including NMS

It's in "Binaries" in NMS, not the root.

For NMS it's called galaxy64.dll

I'm stupid as shit lol, I see it now i didn't look that far

Elsass oder Lothringen?

Actually one thing that a lot of people don't know:

Steam is a goldmine for data. If you go to a store and anonymously buy a game then they would lose out on all of that. Also digital DRM.

Denuvo wouldn't work with a bluray.

You can do the same with a firewall, just pirate Bitdefender or something.

Elsasse aber mein familie ist von Lothringenmy dialekt really sucks beyond a few words here and there with my family, but I do understand most of the common stuff

Managed to misquote.

OP here - I just contacted GOG. Pic related screenshot is my email for them! I attached the pic related infographic for them, too. When I hear back, I'll let you guys know what they say! In the mean time, I'll keep picking through the Galaxy.DLL to see if I learn anything.

GOG doesn't accept massive files with reports. Pic related is a higher res infographic, if any of you want it.

Good luck OP. I generally had good experience with GoG's support. But since you're dealing with a touchy subject, you might get something more dodgy.

Top kek.

...

GOG/CD Projekt Red is probably a big enough company now that the big idea guys' ideals aren't always effectively communicated down to grunt coders who aren't held to a high enough standard. If someone used the Syslog protocol without realizing it was doing extra things, this is an opportunity for unifying the company's direction.

However, I feel sneaking spyware in with games is consistent with GOG's anti-piracy history. Regardless of the answer I receive, I would be surprised if Galaxy.DLL did not remain in some form in future games. I also wouldn't be surprised if GOG went full Galaxy, since all the people who insist "Steam isn't DRM" would let them get away with it.

I did not contact GOG with the expectation that they would remove spyware from their products. I want to share the information we have gathered together here to a broader audience. 8ch is smaller, more technically literate, and more cooperative with building a better case. The rest of the Internet tends more towards strong emotional responses and less constructive criticism. Showing that I have contacted GOG and have received a response would make me feel more comfortable about riling up the people that bought into the DRM-free meme. I still see GOG as a lesser evil in the industry and want to give them a chance before an unlikely swarm of angry Youtubers inadvertently push people towards other companies with real DRM. And who knows? Maybe GOG will prove this is all a huge misunderstanding and there is absolutely no worry.

Spreading this information is one goal, and contacting GOG is part of my plan. As a separate matter, I also find it important to find a reliable fix anyone can use to circumvent any gross extras in GOG's games. Pic related frowns upon this, so I posted it for anyone who cares. I'll keep digging just slower because school :

It looks just to be for checking achievements. I looked it up on their forum and that seems to be the conclusion they reached, and I looked it up in my GoG library and the only games with a Galaxy.dll were either unreal games or games with achievements. Deadly Premonition, Hyper Light Drifter, Hotline Miami 2, and LoG 2 don't have it meanwhile all the Deponia Games and the Original Strife have it and the only thing they have in common is achievements.

I'm pretty sure it's just used for achievement syncing.

Interesting.
I'm curious as to what gog's response is.

So dumb. .-. Checking the wiki, I should definitely have some of those quest-related achievements already. My achievements aren't listed on my GOG profile or anything, and I am not using Galaxy. I get nothing out of this besides spyware. ;~;

No response yet.

Yeah, the achievements system in GoG Galaxy just doesn't work for me.
Not that it matters. I suppose some of them look challenging to accomplish, but even if they worked I don't really feel like going out of my way for an arbitrary task that has no impact on anything.

EXE files used to just run games too user, now they have the added feature of launching spyware

Enter the Gungeon has a few files with galaxy in the name. If I remove galaxy.dll it still runs, but if I remove one of the GalaxyCSharp.dll's in one of the subfolders it doesn't start. I haven't checked if any of them are phoning home though.
I'm never buying another game from GOG. I've never bought from them in the first place but I have pirated a lot from them.

I checked and it's sending my computer's name to Cdprojekt at 194.110.240.185

Well that was a wound that didn't need refreshing.

...

Does it really matter what it's 'for'? It's still doing something that can be used to track someone and confirm if they have a legit copy. Whether this was the intention or not matters naught to any real DRM-free consumer.

I'm personally not too worried but I would still like them to make an official response about this.

They should just make the galaxy client open source and modular, with an optional closed-source module that is the thing that connects up to your gog account and allows downloads, patching etc. The offline, open source galaxy client should handle offline, drm-free packages of GOG's games and be cable of updating the game easily if you have the patch packages. This will probably please pirates a lot but I don't give a shit, I know I'd love this as a paying consumer and frequent user of gog.

10 rupees have been deposited in your spice sack

Has the GoG or CD Projekt responded yet to the anons who sent an email or support ticket?

oldfag win16 developer here. you guys have the dll stuff right, so i'll just add this: that Witcher 3 starts with an empty galaxy.dll is not proof of, but strongly indicates, they added this in late in development and/or handed it off to a junior coder.
what you'd usually do is what NMS does, which is not check to see if the DLL file exists, but actually attempt to LoadLibrary() on startup to confirm that the appropriate methods are available. That's for just the reason you guys have noticed, just checking for the file itself is trivial to circumvent.
You could probably compile a galaxy.dll with unmangled method names equal to the mangled names in the real one, and make those empty methods, but that's just conjecture.

So, should this information be spread publicly for maximum effect?

And if so, what picture/infograph do we use?

This is the latest right?

Basically some people need to understand that this shit is made specifically to track pirates and their accounts. If a person shared too many copies of a game on the internet, and they got a lot of responses from galaxy.dll, they might block his GOG account or send an invitation to a court if he's from poland.

Install Linux already, everyone is tracking you for piracy.

So even if this did become widely known, normalfags would go "well if it's only for pirates".

Or do they know enough to know that the data GOG gets could be sold on or intercepted, and that info used for… Something?

If GoG goys say that, we will have come full circle

Well it's not really DRM if it doesn't ACTUALLY check for anything. I can play most GOG games offline without using a separate launcher.

Unlike Steam.

Nice assumptions. The only thing this tells gog is your root folder whatever "client ID" and "client secret" is both which OP left vague. It doesn't check if the copy of the game is pirated,

The only thing that we know so far is that every game with it uses achievements as well.

What are you saying? It sends your host name to them.

PC's host name can't be used to find out if you own the game or not.