That game looks nice
1 Like
With you, I appreciate the advice @tibaverus!
1 Like
Thank you!
1 Like
A note about the standard encryption in Godot, there are tools (GitHub - DmitriySalnikov/GodotPCKExplorer: Small program for exploring and extracting files from the Godot Engine PCK) which can brute force extract the encryption key in about 1 hour.
One thing that can be done to prevent this, is to make some small, unique only to you, change to the source code of Godot, regarding how it handles and stores the encryption key. Then you compile your template.
This way the standard way of extracting the key will not work.
6 Likes
That I can definitely do, solid advice there, thank you.
Very nice guide, thanks. I wanted to ask if a similar procedure is available for web exports. The PCK file is also exposed in web exports and the tools listed above can also decompile that. Also, the point above about tweaking the handling of the key so that it cannot be brute forced, how would I go around to do that?
Thank you! I haven’t quite looked into how this all works on web exports, since I use the Mono version of Godot, and web never really applied in my case.
As for changing the location of your key, I’m not entirely sure as I haven’t really tried this myself, and unfortunately making a guide on that would kind of defeat the purpose, since you should make a modification that is unique to you.
But if you want to give it a go, start by cloning the godot github repo, and read up on how to build from source after you made your modifications.
3 Likes
Thanks to your tutorial I’ve gotten it fully encrypted now, thanks for the advice here!
1 Like