Easy to follow tutorial for encrypting your PCK file

Hello everyone!
I’ve decided to create an easy to follow tutorial for anyone who wants to release their games with the PCK file encrypted.

Please keep in mind that this doesn’t mean your assets are completely safe, no encryption is truly perfect in this case, but it will make it much more difficult to retrieve them for the average user.

ANY TIPS TO IMPROVE THIS OR MAKE IT EASIER TO UNDERSTAND ARE MORE THAN WELCOME! IF YOU NEED ANY HELP, DON’T HESITATE TO COMMENT OR REACH OUT!

This is only ONE way to do this, and the way I find to be the easiest! Feel free to experiment and try other ways too if you want!

KEEP IN MIND: This way of creating the template will limit your game to 64-bit machines only!

This tutorial was written for Windows machines, the steps to make this happen are different on iOS and Linux!

Let’s get started! Don’t let the length of this post discourage you, the steps you need to take are very simple, I just did my best to explain every step in as much detail as I can.

First, a few prerequisites

• Git - You’ll need to have Git installed on your machine. Git is a version control system (VCS) which we’ll use to clone the Godot repo. Git can be downloaded from here.
  Simply download and run the installer, always choose the “Recommended” options.

• Scons - Scons is a Software Build Tool which we’ll use to compile the Godot source code for our custom template. Here are the steps to install Scons on your machine.

  1. Install Python - The first step is to install Python, as scons uses python to automate the build process for us. You can download python here! Follow the install process, if the installer asks you to reboot your PC, do so.

  2. After installing Python, you need to open up a terminal window (or CMD) as an administrator. You can do this by searching for “cmd” in the start menu, right clicking it and selecting “Run as Administrator”. Once you have it open, copy and paste the following command to install scons:
     pip install scons

• LLVM MinGW - Next, we need to download and install a tool chain which will aid us in the building of the Godot source. We don’t need to “install” anything, but we do need to include a special folder in our system’s path environment, here’s a walk-through of this process.

  1. Navigate here to find the latest release of this tool chain.
  2. Download the file which ends with: “msvcrt-x86_64.zip”.
  3. Extract this file somewhere on your machine, but remember it’s path! I recommend, after extracting the file, renaming the folder to something simple, such as “llvm-mingw” In this example, I will move the extracted folder to C:\Users\YourUsername\Applications\llvm-mingw
  4. Now it’s time to include a folder in our PATH. Right click on “This PC” and choose “Properties”.
  5. Go to “Advanced system settings” → “Environment Variables”
  6. Under “System variables”, find “Path” and click “Edit”
  7. Add a new entry, and paste in the path to the bin folder, which resides inside the folder we extracted. In my example: C:\Users\YourUsername\Applications\llvm-mingw\bin
  8. Click on OK and close the terminal (CMD) window, then re-open it before continuing! The reason for this is that our environment changed, and this terminal is not aware of these changes yet. Simply restarting it will make sure our build script can use the executables found in the bin folder we just included!

Procedure
Time to get started, now that we have everything set up!

• Encryption key

  1. First, we’ll need an encryption key. Now this is very important, this key is like a password. It can be used to decrypt the PCK file. Once we have this key, do your best to store it somewhere safe, and do not expose it or give it to anyone! You’ll need to use this same key for all future release of your game!
     There are multiple ways to generate this key, but the easiest one (which is also included in the Godot documentation) is to go to this website.
  2. Once on the site, pick aes-256-cbc.
  3. Enter a completely random passphrase (although try to make it random, numbers and normal characters accepted).
  4. Once you click on “Generate Key”, it might take a couple of seconds for your encryption key to appear in the “Encrypted (Base-64)” field.
  5. From that, we are only interested in the key one! In my example, this looked like this:

  salt=BBC680352068FB3B
  key=AD2166A50EF24DBC2B298A049C529B3D68638DA2CACC22E7F87BD8ECB4D1098A
  iv =EA073E2E2171F7F85C73E7F2C108DEAB
  

  (THE ABOVE IS AN EXAMPLE! PLEASE DO NOT USE THAT KEY, GENERATE YOUR OWN!)
  6. Copy the text right after key= on the same line, we are only interested in that. Once you have this key, store it somewhere safe, write it down if you want, or use a Password manager to keep it safe! (Personal recommendation is Bitwarden)

• Getting the source code

  1. Now we need to clone the Godot source code! To do this, create a folder somewhere on your machine first. In my example, this will be C:\Users\YourUsername\SourceCodes
  2. Open up a new terminal (cmd) window, and navigate to the folder you just created with the following command: cd C:\Users\YourUsername\SourceCodes
  3. Now we need to clone the Godot repo, we can do this with the following command:
     git clone https://github.com/godotengine/godot.git
     This will take a little while, but wait for it to finish.
  4. Now we need to navigate inside the cloned repo! Simply run cd godot in the same terminal to move inside it.

• Switching versions

  1. Now that we not only have the godot repo cloned on our local machine, but we have a terminal (cmd) open there, we need to choose which version we will compile. Generally this needs to be the same version you are using to create your game. At the time of writing this (March of 2024), the latest release is 4.2.1-stable
  2. You can list all the current releases by running git tag -l
     Hitting enter will cause the list to go down further. You can hold enter to go to the bottom of the list, which is usually where the latest release will show up.
  3. Once you have the version you are currently using (in this example, I will use 4.2.1-stable), you can hit Q to go back to command mode.
  4. Now that we have the correct version, all we need to do is switch to it with the following command:
     git switch --detach versionNumber where versionNumber is the version you are currently using, which appeared on the list from before. In my example this would be:
     git switch --detach 4.2.1-stable

• Using the encryption key

  1. Next, we need to use our encryption key. This simply means that we’ll include this key in the currently running instance of our terminal session (cmd). Depending on what you use (either CMD or PowerShell), you need to run one of two commands.
  • If you use CMD, run: set SCRIPT_AES256_ENCRYPTION_KEY=your_generated_key where “your_generated_key” is the key we generated previously
  • If you use PowerShell, run: $env:SCRIPT_AES256_ENCRYPTION_KEY="your_generated_key" where “your_generated_key” is the key we generated previously, but in this case, keep the quotes around your key!

• Compiling the source code

  Now, the final step! We need to actually compile the source code! There are two different commands you can use for this, and which one you use depends on your version of Godot. If you DON’T use C# and the mono version, run the following command:

  scons platform=windows use_mingw=yes arch=x86_64 target=template_release use_llvm=true mingw64_prefix=x86_64-w64-mingw32-
  

  If you DO use C# and the mono version, run the following command:

  scons platform=windows use_mingw=yes arch=x86_64 target=template_release use_llvm=true mingw64_prefix=x86_64-w64-mingw32- module_mono_enabled=yes 
  

  This process will take a VERY long time, depending on your system configuration! This is a perfect opportunity to go and make a coffee or take a walk! Once this process is finished, we’ll have a few new folders inside our godot source folder. We are especially interested in the bin folder! That’s where you’ll find two files:
  godot.windows.template_release.x86_64.llvm.mono.console.exe
  and
  godot.windows.template_release.x86_64.llvm.mono.exe
  We are interested in the one without “console” at the end.

• Using the template

  1. Now that we have the template compiled, we need to use it! Open up your Godot project you’d like to export.
  2. Go to “Project” → “Export…”
  3. Click on “Add…” and choose “Windows Desktop” to create a new template.
  4. On the right side, in the Options tab, we’ll see the “Custom Template” fields. For both Debug and Release, navigate to the file we created in the “Compiling the source code” section. In my example:
     C:\Users\YourUsername\SourceCodes\godot\bin\godot.windows.template_release.x86_64.llvm.mono.exe
  5. Next, we need to include the encryption key, navigate to the “Encryption” tab, and tick “Encrypt Exported PCK”
  6. In the “Encryption Key” field, paste in the same encryption key we generated before.
  7. We can include or exclude files and fine tune what we want to encrypt, but for the simplicity of this tutorial, we will simply encrypt everything. To do this, in the “Filters to include files/folders” field, simply put in a single asterisk. *
  8. Once you have everything else set up you want (such as the name of the game, and other info), you can export your project using the “Export Project…” button!

And that’s it! The exported game should have it’s PCK file encrypted, which will make it so your players can’t easily open it using a free tool for opening them.
Remember to keep your encryption key safe, and if you ever change the version of the engine, make sure your repeat the steps starting from “Switching versions”

We just have to enter cmd like set SCRIPT_AES256_ENCRYPTION_KEY=your_generated_key and run the cmd that’s all

And Replace the “your_generated_key” with our 48GJVG575478HHJFHJJ467646" THIS KEY RIGHT

You do not want to post your encryption key online, otherwise everyone can find it. Treat encryption keys like passwords.

Is it working with android export? And if it is, how do i do it?

Hey there, I haven’t tested android export as I do not have an android phone, but I’ll look into it!