I recently came across Nathan Baggs YouTube channel, they reverse engineer old games to get around broken DRM or allow them to work on modern windows. It wasn’t something I had any clue about so found it really interesting.
Basically as others have already said, its basically impossible to stop people decompiling software running on their machines. You can do some things to make it more difficult, but any time spend obfuscating your game could probably have been better spent making your game better
@tibaverus wrote a tutorial for encrypting your PCK files thats worth a read
It was, until the end of 2022. Chat GPT dropped on November 30th, and within days we developers were talking about how to leverage it professionally, and putting it to the test. GitHub CoPilot was already out then, but gained traction because of ChatGPT. For the past three years companies have been chasing the promise of AI, and replacing those entry-level coders with AI. They’re also getting rid of mid-level people. They hire fewer developers and use them to check the AI output.
MIT just put out a report a few days ago that only 5% of companies who have invested in AI have seen any meaningful returns in the last few years. AI is now being compared by some economists to the DotCom bubble of the early 2000’s. And pertinent to this conversation, there are worries that the lack of entry level jobs for aspiring developers is going to cause problems in the future where there will be a gap of experienced programmers in the future because relatively few are being trained now.
Which all is to say that yes, corporations treat employees as commodities. Hence things like quiet quitting, quiet cracking, and the great resignation.
When I first learned of the relative ease of ripping a game I too was surprised, but having read about the issue back then it does seem to just be one of those things. And the concern @SuperBidi raised is one I shared at first, but soon came to realise that this is just the reality of code on any engine, in any format and for any purpose (almost, there are exceptions of course).
PUBG and Fortnite are a good example, where although the code was not actually stolen the idea certainly was according to legend. In reality of course PUBG just started a whole new Battle Royale genre that was massively popular so of course others were ‘inspired’ by it.
So to the OP, I really don’t think this is something to be concerned about in reality (like I worry about the heat death of the universe but it is not a real life concern), and I am sure despite how you feel about it now, as I did when I first learned about this, the concern quickly diminishes to a “what can you really do about it” sort of niggle. Imagine when artists see their work recreated by other artists or AI, or writers have their plots stolen, or comedians have their jokes ‘borrowed’.
So as surprising as the reality is when you first learn about it, my advice would be to set your concerns to one side and not let it bother you too much.
PS Imagine how RangeRover feels when they see clones of their car designs being manufactured by Chinese car factories and the courts there say to them “although the design is identical they changed the tailgate a bit so no legal infringements there then!”
PS And look at all the cheat companies for triple A games that cracked the game and sell cheats for them, destroying in some cases those very games for normal game players.
No. If I give you an executable written in C++, Java, or C# and ask you for its code you won’t be able to retrieve it at all.
And your chinese example of Land Rover is invalid: It didn’t take 2 days to make it. If you have the code of a game you produce a copy in a week. You can then send a thank you letter to the original developer for having developed your game for free.
You missed the last part of that line which is a bit cherry picking:
And forgive the loose language, I really meant game dev, but I take your point and it was a surprise to me when I first learned of this too.
The example of the chinese car clones (I could have used any famous watch or hand bag brand here of course) was not meant as a direct comparison:
But as @gentlemanhal mentioned Nathan Baggs, which I watched with great interest too, this is something that can take some level of expertise. And the link to @tibaverus post I already had saved to revisit at an appropriate time for my own game.
However I am not belittling the point. For devs that have had their games stolen (and it does happen) this must be heart breaking. However devs much better than me on this forum seem to feel that this is not just a godot issue.
I think if Godot, in a future release, offered some encryption of some sort to make the ‘stealing’ process harder, I think if not everyone then at least most would use it and be delighted. Perhaps the limited gains for doing so compared to the time and effort (and potentially new bugs introduced) makes the whole ‘security’ project seem pointless or with little ROI.
I for one would welcome it, but for now, I kinda have to shrug and say “this is not something I can do anything about”. At the time when I was first suprised about this I looked again at Unreal Engine, but I just love Godot so much I could not move over.
I reckon that security will become a bigger issue if Godot gets bigger or keeps growing. I don’t really know, but it is something I put to one side and just carried on. Maybe one day in the near future I will come to regret that. For now I have just put it to one side.
PS It is my understanding that even executables can be reverse engineered. There are programs to help do that too, although way beyond me of course.
Every game or application can be reverse engineered and decompiled, but it’s not that simple. If you throw it into a decompiler, the output isn’t going to be nice, it’s going to be assembly code ,which is not friendly at all…
If someone actually manages to work through all of that, then yeah, they’re skilled enough to rewrite or steal whatever they want. But saying it can be done in just 10 hours? Sure, maybe for a pro, but definitely not for a regular person.
It’s like SQL injection—anyone can read a tutorial/doc about it, but only someone with real experience can actually pull it off.
(It’s not ai written I sometimes use —)
Anyway, we can have a long discussions on how people feel getting stolen, but it’s besides the point.
Is your code fully accessible in Godot or is it at least modified so that you can’t get readily usable code out of a package? That’s the actual question.
You have the option to encrypt your package file that contains your game files and code. Just like with Unity, if you don’t use any of these encryption features, yes, you can get the assets and source code back. But as mentioned, you can easily get things out of a Unity game as well. This isn’t a Godot specific “issue”.
And since it seems like you completely ignored it, I’ll link this one again.
This made me laugh, but Minecraft was made to be easily modable. Notch said he intended to make it open source before Microsoft bought Mojang.
It would seem like you answered your own question with the previous comment you made that I quoted. Write your Godot code in C# and compile it and then people won’t be able to decompile it according to you. C# is C#. Godot isn’t magically making it vulnerable.
If you use GDScript, yes it is really easy to decompile the game if you didn’t encrypt it. You get all the scripts (sans file comments) and all the resources, which you can import directly into your editor.
For security, you can encrypt your PCK using the tutorial @tibaverus posted (twice).
It is unclear to me what the OP actually meant by their question, because they didn’t give enough information. There were no links to the claims. Was it about GDscript, or Godot in general? Were these claims made on 4.4.1 or 4.5 or older versions of Godot? Is a 256-bit AES key not considered secure enough by the people making these claims, even though it’s what’s used by governments and financial institutions and isn’t considered hackable in a reasonable timeframe by even a quantum computer?
As for the question about the key being in the code and isn’t that a risk? Yes, it is. But a public/private key architecture wouldn’t work here because the user has to be able to decrypt the files. So it’s as secure as it can get - unless you don’t want the player to play the game.
If you’re really that concerned about it, you can always switch to Mono (the Godot C# version) now. All your GDScript code will work, and you can just keep moving forward with C# code.
If you’re this bothered by it, more research might’ve helped you come to a different decision, yes.
But as you point out, the project is open source. If you have a better solution, submit it. Alternately when you come up with an obfuscation solution, consider making it a plugin so that others can use it.
I understand this seems very serious to you, but I imagine that for a large portion of the Godot userbase it’s not an issue, or the existing solution is enough. If you really think it needs to be addressed, I recommend opening up a GitHub issue.
Ohh yeah I almost forgot about that game…Then what? Godot games can be reverse engineered,Unity games also can be by using something such as UTinyRipper for ripping assets and Dokpeek etc for ripping code …
That’s kinda risk for good indie games that can blow.
I think we should think about something copyright related?
ORR maybe adding some kind of explosive? like renaming the title will brust ERRORS,overuse ram/gpu!!! That’s the only way
Or just get power and delete system32 somehow.END THAT ReVeRse EnGinEer!
You can’t maintain a game that you disassembled. So this is no issue. The issue is when fully readable code can be stolen. It means you can’t use gdscript for commercial applications unless you take necessary steps to protect it.
You can get back readable and usable C# code from Unity projects as well, unless you take steps to protect it.
But at this point, my previous answer stands. Use another game engine. You clearly accept no answer to the question originally posted by OP, and based on your answers, you’re not looking for a solution to this problem, you’ve already accepted the fact that “GDScript bad cuz code readable”, even when people suggested encryption, so I highly recommend looking into an alternative engine that will suit your needs better.
My suggestion is not work on encyrption or stop them from getting the source code. Just work on your games knowing this is going to happen, trying to gain as much profit as you can.
One system for doing such a thing is not giving all your best into your works. But with each release you give more of your designs, keeping them hidden to yourself. Releasing more and more as time goes by, knowing it’s going to get copied.
Steam said they have a problem with software piracy, even though they are using the lock and key.
Have you thought about an MMO? The client is just a window to the game world with player controller, and the server has the actually game logic.
