Help seeing if the loggerfactory class in a mod I've downloaded is malicious | Modrinth | Page 1

light crown Feb 7, 2024, 3:12 AM

#

https://modrinth.com/mod/toggleable-piechart

Modrinth

Toggleable PieChart - Minecraft Mod

Allows you to toggle the Debug PieChart on/off, and also change it's position and scale

#

📎 some_of_the_code_ive_found_decompiling

#

I know all modrinth stuff are safe just still kinda nervous

livid ravine Feb 7, 2024, 3:15 AM

#

look to see if in the decompile if it states "rat" or "token" if so I wold probably not use it

light crown Feb 7, 2024, 3:15 AM

#

You can download it and probably use a web decompiler

#

I used decompiler.com

light crown Feb 7, 2024, 3:15 AM

#

livid ravine look to see if in the decompile if it states "rat" or "token" if so I wold proba...

i doubt there is anything

livid ravine Feb 7, 2024, 3:15 AM

#

ok

light crown Feb 7, 2024, 3:16 AM

#

looks like normal code plus the developer would try to hide it if it was indeed malicious

livid ravine Feb 7, 2024, 3:16 AM

#

idk

light crown Feb 7, 2024, 3:16 AM

#

should i just take the risk

#

public class KeyInputHandler {
public static final String KEY_CATEGORY_TOGGLEABLEPIECHART = "key.category.toggleable_piechart";
public static final String KEY_TOGGLE_PIECHART = "key.toggle_piechart";
public static final String KEY_TOGGLE_SETTINGS = "key.toggle_roo_settings";
public static class_304 togglePieChartKey;
public static class_304 toggleRooSettingsKey;

public static void registerKeyInputs() {
ClientTickEvents.END_CLIENT_TICK.register((client) -> {
if (togglePieChartKey.method_1436()) {
if (ToggleablePieChart.PieChartX == -1.0D) {
ToggleablePieChart.PieChartX = (double)class_310.method_1551().method_22683().method_4480();
ToggleablePieChart.PieChartY = (double)class_310.method_1551().method_22683().method_4507();
}

        ToggleablePieChart.renderPieChart = !ToggleablePieChart.renderPieChart;
     }

     if (toggleRooSettingsKey.method_1436()) {
        ConfigurationScreen screen = new ConfigurationScreen();
        client.method_1507(screen);
     }

  });

}

public static void register() {
togglePieChartKey = KeyBindingHelper.registerKeyBinding(new class_304("key.toggle_piechart", class_307.field_1668, 80, "key.category.toggleable_piechart"));
toggleRooSettingsKey = KeyBindingHelper.registerKeyBinding(new class_304("key.toggle_roo_settings", class_307.field_1668, 75, "key.category.toggleable_piechart"));
registerKeyInputs();
}

this just looks like normal keybind handlers

#

yet i'm scared

#

Could anyone help?

#

resolved

obtuse peak Feb 7, 2024, 3:36 AM

#

in the future you can just look at the source code on the linked github page
And if you still don't trust it, you can build it from source yourself after looking through and confirming there's nothing wrong with it

#

Keep in mind that if a mod is closed-source, and you decide to decompile it and upload code snippets, that's probably not a good idea. The mod you picked though is open-source and MIT licensed so that's fine...?

light crown Feb 7, 2024, 5:09 AM

#

i mean if it would want to be closed source you couldve just obfuscated it

#

but yes, thank you

obtuse peak Feb 7, 2024, 5:43 PM

#

light crown i mean if it would want to be closed source you couldve just obfuscated it

I mean in terms of taking a mod that is closed-source and then uploading snippets of the decompiled code to a public server - if you wanted to decompile something that is closed source just for your own curiosity no one can stop you. Even obfuscation can only do so much

#Help seeing if the loggerfactory class in a mod I've downloaded is malicious