Hacker vandalised our buildbot and Github organization

Approximately 5 hours ago, we were the target of a premeditated cybercrime attack on our key infrastructure.

The hacker did the following damage:

  • He accessed our buildbot server and crippled the nightly/stable buildbot services, and the netplay lobby service. Right now, the Core Updater won’t work. The websites for these have also been rendered inaccessible for the moment
  • He gained access to our Libretro organization on Github impersonating a very trusted member of the team and force-pushed a blank initial commit to a fair percentage of our repositories, effectively wiping them. He managed to do damage to 3 out of 9 pages of repositories. RetroArch and everything preceding it on page 3 has been left intact before his access got curtailed.

We are still awaiting any sort of response or support from Github. We hope they will be able to help us restore some of these vandalised Github repos to their proper state, and also to help us narrow down the attacker’s identity.

We wanted to clear up some confusion that may have arisen in the wake of this news breaking:

  • No cores or RetroArch installations should be considered compromised. The attacker simply wiped our buildbot server clean, there is nothing being distributed that could be considered malicious to your system. Nothing has happened here and there is no need for any concern.
  • For the current time being, the Core Installer is non-functional until further notice. The same goes for ‘Update Assets’, ‘Update Overlays’, ‘Update Shaders’.

The IP he was using while doing this was ‘54.167.104.253’, which seems to lead back to AWS.

We’re still assessing the situation but moving forward, we think that it’s probably best not to go forward with the buildbot server that was compromised earlier today. We had some long-term migration plans for a move to a new server, but this was always pushed back because we felt that we weren’t ready migration-wise. It might indeed be the case this is the catalyst for just starting all from scratch with a new server instead of trying to migrate the old one over. This would mean that the more commonplace builds for Linux/Windows/Android would be immediately available, but all the specialized systems like consoles, old MSVC builds and whatnot would have to wait for later until we have adapted this properly to the new system.

Lack of automated backups

This brings us onto another key issue – the lack of backups. We last performed a backup of our buildbot server about a couple of months ago. The truth is that while we pay a hefty amount for the servers on a monthly basis already, there is simply not enough money to pile on automated backups as well. We could really use your support on Patreon to help lighten our financial burden here, especially since this now-pretty-much-mandatory server switch will likely cost us an insubstantial amount of money upfront while we keep the current server running for a month longer.

How will we restore things

So, how are we going to restore things? We hope that Github will be able to restore the affected repositories. If they are unable to do so, we could rely on the goodwill of users to source us with git repositories with the full history intact.

As for the buildbot? No idea to be quite frank. If we make the switch to the new server, you’ll get Android/Windows/Linux up and running early again but all other platforms will have to be added as we go along.

It’s a shame what is happening to the emulation and homebrew community. When it isn’t developers leaving for greener pastures deciding it’s no longer worth it, prestigious developers like byuu are being forced to early retirement because of unsavory online gang-stalkers. In our situation, we can’t rule out the possibility that some of these attacks come from some of the same usual suspects (it isn’t the first time we’ve seen them abuse AWS for some of these attacks, we encountered them a year ago earlier targeting our lobby services). Whatever their aim may be, while they will not deter our will to continue working on this project, they have definitely increased our maintenance and cost burden for the time being. And for this we ask for your understanding and support as we attempt to come up with a plan to address these problems moving forward. Supporting us through Patreon is a great way of helping out, especially if we can reach the $1300 goal which means we can spend a bit more each month to make sure our stuff is properly backed up.

As if the complications with Android’s new store policies that requires us to coordinate with new contributors to come up with a workable solution was not enough of a headache, this comes along. With your help and support, we will overcome this and come out stronger than before.

Regarding the Android / Core Installer situation

While we’re on this subject briefly, while it’s off-topic, we felt the need to address this real quick. We will likely be making a version of RetroArch Android that is neutered ONLY for Google Play. It will mean that the Core Installer will not be available for this, and cores will come packaged in additional APKs that can be installed. Apparently there is a 50-core extra APK limit on this until it starts requiring a version of Android over version 8.0. So while trying not to artificially bump the Android OS system requirements, we’re deciding on a 50 core-APK limit for now. Hopefully we can fit nearly most of the cores within such narrow constraints.

On our download site (and on F-Droid), we will have a RetroArch Android version that will work as before – with the Core Installer feature completely left intact. We feel this is a much superior version to what will be available on the Play Store, but unfortunately Google will force our hand here.

RetroArch 1.9.0 released!


RetroArch 1.9.0 has just been released.

Grab it here.

A Libretro Cores Progress Report will follow later.

Remember that this project exists for the benefit of our users, and that we wouldn’t keep doing this were it not for spreading the love with our users. This project exists because of your support and belief in us to keep going doing great things. If you’d like to show your support, consider donating to us. Check here in order to learn more. In addition to being able to support us on Patreon, there is now also the option to sponsor us on Github Sponsors! You can also help us out by buying some of our merch on our Teespring store!

Highlights

Explore View for playlists

Probably the highlight of this release – there is a new ‘Explore’ view for all playlists.

The Explore view takes advantage of the Libretro databases’ metadata history of content. It allows you to search / find content based on criteria such as:

  • Amount of players
  • Developer
  • Publisher
  • System (game console/platform that the game released on)
  • Origin (country of origin that the game was developed in)
  • By Release Year
  • By Genre

The ‘Explore’ view only shows the content that has been added to your playlists. It will not show entries that haven’t yet been added to your collection.

The metadata is currently a bit on the incomplete side, but you can expect us to add more and more metadata to the Libretro database as we go along. This is only the beginning.

Usecases

There are tons of ways you can use the Explore view to find what you want. Here are some of them:

Granular filtering

Here is a good example of the kind of powerful context-sensitive filtering that is possible with the Explore view.

  • Go to Explore
  • Type in ‘super’, will list all entries in your collection that has ‘super’ in the name. 219 entries are shown.
  • We will now filter the entries by a specific developer to narrow down our search. We go to ‘Additional Filters’, and select a developer of choice. Now out of 219 entries, only 25 entries are still shown that matches this criteria (name has ‘super’ in the title, AND is from a specific developer)
  • Let’s add another filter to narrow down the search even more. We go to ‘Additional Filters’ again, and this time we select ‘By Release Year’, ‘1993’. There’s now only 6 entries shown that matches this criteria (name has ‘super’ in the title, AND is from a specific developer, AND was released in the year 1993).
  • Let’s add another filter. We go to ‘Additional Filters’, ‘Region’, ‘Europe’). Now only 3 entries are shown that matches this criteria (name has ‘super’ in the title, AND is from a specific developer, AND was released in the year 1993, AND was released in region ‘Europe’).

NOTE: It should be mentioned that in the future, if you want the metadata to be updated automatically in existing versions of RetroArch, you should go to ‘Online Updater’ and select ‘Update Databases’. After this, you might have to restart.

Enhanced playlist search functionality

Before, RetroArch’s inbuilt ‘search’ function was woefully inadequate:

  • The user presses RetroPad ‘X’ (or keyboard ‘/’, or Material UI’s search icon), and enters a search term
  • The navigation pointer jumps to the first match
  • That’s it. There is no way to continue searching from that point, or to do much of anything, really. It’s mostly a non-feature…

    The search functionality has now been enhanced as follows:

    • When viewing a playlist, the user presses RetroPad X (or /, etc.) as normal, and enters a search term
    • This becomes a filter – all matching entries will be displayed
    • The user can then perform another search to further refine the results. An arbitrary number of filters may be stacked in this fashion
    • Pressing ‘cancel’ clears the last entered filter

    Here’s an example of the search feature in action:

    Content loading animations

    A new “Load Content” Startup Notification option has been added under Settings > On-Screen Display > On-Screen Notifications. When enabled, a brief animation is shown whenever content is launched – it looks something like this –

    • The animation is disabled when running a core without content (there are some underlying technical issues that prevent this)
    • The animation is disabled when running content with ‘in-built’ cores (imageviewer, music/video player).
    • The animation works both for content launched via the menu and via the command line

    Easy dropdown lists for input remapping

    Before, when you wanted to remapp inputs via the Quick Menu (Quick Menu > Controls > Port N Controls), the user had to press left/right ad nauseam in order select an appropriate core input for each controller button. This is somewhat cumbersome, and highly awkward on touchscreen devices.

    In this new version we have added drop-down lists to the input remap entries. For example, when viewing this:

    …the user can now press OK (or keyboard enter, or tap/click the entry) to open a list of available inputs:

    This works for both controller and keyboard Device Types.

    In addition:

    • You can now use the RetroPad start button to reset (unbind) controller keyboard remaps (when Device Type is a keyboard type, obviously!)
    • Fixed a bug whereby pressing RetroPad select on certain entries would spawn a message box with no text – this would be invisible, and would therefore appear to ‘hang’ the menu.

    FFMpeg/Video Player Improvements

    • A new progress overlay bar has been added to the ffmpeg core (embedded in RetroArch for Windows/Linux). When you skip forwards or backwards via the directional keys or D-pad, you will see this interface appear for a brief period of time.
    • Lockups could occur when playing videos if a forwards seek operation would take the target playback position past the end of the file. We have added the following workaround: seek operations are limited to a point 1 second before the end of the file, and if the user attempts to seek past the end then playback of the file will restart from the beginning.
    • Solved several big memory leaks upon opening videos

    iOS/tvOS Metal Renderer

    RetroArch on iOS/tvOS now supports Apple’s Metal graphics API. Slang shader support is already implemented and all software rendered cores should work.

    Currently the iOS/tvOS build will default to OpenGL because of a few outstanding issues that still have to be resolved:

    • Slang shaders degrade performance noticeably on most cores
    • When audio is interrupted, it doesn’t resume with the Metal renderer (OpenGL seems ok)

    Other general menu improvements

    • The RGUI menu now shows boolean settings as a ‘toggle switch’ if you have the setting ‘Show Switch Icons’ enabled (Settings -> User Interface -> Appearance).
    • Previously, RetroArch would have the bad habit of resetting the selection cursor to the first entry in the menu after returning from almost every list of selectable values for a setting. For example, if you go to Settings -> Drivers -> Audio and change the audio driver (or press Back), the selection cursor will be reset to the first entry of the Drivers menu instead of the Audio item from where we were originally. This has been fixed.
    • People previously complained that it was possible to set drivers to ‘null’ that are necessary for RetroArch to work, such as ‘Menu’ and ‘Video’. It’s now no longer possible to set a driver to ‘null’ unless there is no driver available for this type.
    • MaterialUI – The Playlist screen now shows icons of the associated system.
    • The three separate Scan Directory/Scan File/Manual Scan entries are now moved into a submenu called ‘Import Content’. They are no longer shown in any ‘top level’ menu. This unclutters the Playlist screen.
    • You can now selectively hide/enable widget notifications of several types. For instance, autoconfig messages, load content animation popups, cheat code notifications, fastforward notifications, screenshot indications, and more can all be individually configured. You no longer have to disable widgets altogether if you don’t like any one of the widget UI elements, you can now just opt to disable the widget that you don’t like.
    • (Windows only) Screen resolution dropdown list improvements – it no longer includes multiple duplicate entries.

    File I/O/Memory improvements

    A significant amount of time has been spent reducing RetroArch’s memory footprint and reducing disk I/O overhead when doing menial operations such as loading a configuration file or a playlist inside RetroArch.

    Changelog

    There’s much more to this release than meets the eye. See the CHANGELOG below for a more detailed breakdown.

    1.9.0

    • 3DS: Fix sound crackling when paused
    • ANDROID/VIBRATION: Fixes “Vibrate on Key Press” having no effect on Android devices, which occurred because only the off time/strength was defined in what should have been a pair of off/on values
    • AUTOCONFIG: Ensure correct directory is used when saving autoconfig profiles
    • BLUETOOTH: Add a Bluetooth driver (Lakka-only for now)
    • CHEATS: Fix for wrong number of remaining cheat search matches on some machines
    • CHEEVOS: Option to play sound on achievement unlock.
    • CHEEVOS: Upgrade to rcheevos 9.1
    • CHEEVOS: Restore display of unlocked achievements across hardcore modes
    • CHEEVOS: Hash buffered data when available
    • CHEEVOS: Fix ‘Auto Save State freezes RetroArch while Cheevos is enabled’
    • CORE OPTIONS: Pressing OK (or clicking/tapping) on a ‘boolean toggle’ core option no longer opens a drop-down list. The value now toggles directly, just like boolean options everywhere else in the menu
    • CORE OPTIONS: Toggling an option that changes the number of core options being displayed (i.e. things like `Show Advanced Audio/Video Settings) no longer resets the navigation pointer to the start of the list
    • CORE OPTIONS: Before, RetroArch would identify core option values as being ‘boolean’ if they had labels matching the specific strings enabled or disabled. Most core devs would abide by this, but not always… As a result, we sometimes would end up with misidentified values, with all kinds of Enabled, Off, True, etc. strings littering the menu, in place of proper toggle switches. All boolean-type value labels are now detected, and replaced with standard ON/OFF strings.
    • CLI: A new command line option –load-menu-on-error has been added
    • CRT: On the fly CRT porch adjuments – these changes allow a user to adjust how the porch algorithm generates the 15khz/31khz output. Giving the ability to change over/under scan.
    • CONFIG FILE: Optimise parsing of configuration files
    • D3D9/D3D11: Fix core-initiated D3D9/D3D11 driver switches
    • DRIVERS: Implemented protection to avoid setting critical drivers to nothing thus preventing the user from locking him/herself out of the program
    • EMSCRIPTEN: Fix input code to ignore unknown keys
    • FFMPEG CORE: Prevent seeking past the end of files (hang fix)
    • FILE I/O: VFS and NBIO interfaces will now use 64-bit fseek/ftell where possible, should allow for reading/writing to files bigger than 2GB
    • INPUT MAPPING/REMAPPING: Add input remap drop-down lists
    • IOS: Fixed iOS 6 version
    • IOS: Hide the home indicator as it obscures the content too frequently
    • IOS/METAL: Metal video driver now works on RetroArch iOS
    • IOS/METAL: Support getting video metrics to support proper touchscreen interactions
    • LOCALIZATION: Updates for several languages (synchronized from Crowdin)
    • MEMORY/LINUX/ANDROID: Fix reporting of free memory
    • MEMORY/WINDOWS: Fix reporting of free memory
    • MENU: Enlarged INT/UINT selection limit from 999 to 9999
    • MENU: Fix cursor forced to first entry after displaying lists
    • MENU: Make Notification Font option visible when Graphics Widgets are enabled
    • MENU/RGUI: Add optional ‘toggle switch’ icons
    • MENU/WIDGETS: Add optional widget-based ‘load content’ launch feedback animation
    • MENU/WIDGETS: Make notification font size option visible when graphics widgets are enabled
    • ODROID GO ADVANCE: Video driver – fix race condition with RGUI callback
    • PLAYLISTS: Change playlists to use dynamic arrays. Instead of a fixed initial 12MB memory allocation (99999 * 128 byte (on 64bit arch)), use a dynamically growing array
    • PLAYLISTS: Playlist base content directory paths – portable playlists
    • PLAYLISTS/SEARCH: Enhanced playlist search functionality
    • PLAYLISTS/DATABASE: Add ‘Explore’ view
    • PLAYLISTS/DATABASE/EXPLORE: Show system icons in explore view
    • PS2: Improve FPS Limiter
    • RUNAHEAD: Prevent runahead from being disabled permanently when an error occurs
    • SCANNER: Add more region codes for GameCube/Wii game detection
    • SHADERS/SLANG: Increased Slang max Parameters, Textures & Passes
    • VIDEO FILTERS/BLARGG: Make Blargg_snes filter customizable
    • WINDOWS/RAWINPUT: Fix invalid calls to dinput_handle_message when input driver is not set to dinput
    • X11: Add lightgun support

    Other news

    We will follow this up with more news soon on all the recent core developments that have been going on. As usual with these blog posts, there’s a lot we don’t have time to touch on when it comes to bugfixes, improvements and additions to the Libretro/RetroArch project.

    New and improved versions of the Dolphin and Citra cores will be coming soon. The PPSSPP core is now being actively updated again and should be up-to-date with the Git upstream repository. In addition to this, there are several other big new things that will be discussed soon.