The point of the save token system is that python pickles containing executable code is not an obvious vulnerability, and so I wanted to bring it to the user's attention before loading these games. As best as I can tell, save editors that aren't aware of this aren't re-signing the save files after modifying them, and so Ren'Py is considering the files corrupt and rejecting them.
I'd strongly suggest that save editors resign the files with the player's key, if local, or with their own key if not, so the save can be accepted by Ren'Py.
Mods don't have a security problem, as it's obvious to everyone that you're downloading a program, and that by doing so, you need to trust the mod's creator.
The point of the save token system is that python pickles containing executable code is not an obvious vulnerability, and so I wanted to bring it to the user's attention before loading these games. As best as I can tell, save editors that aren't aware of this aren't re-signing the save files after modifying them, and so Ren'Py is considering the files corrupt and rejecting them.
I'd strongly suggest that save editors resign the files with the player's key, if local, or with their own key if not, so the save can be accepted by Ren'Py.
Mods don't have a security problem, as it's obvious to everyone that you're downloading a program, and that by doing so, you need to trust the mod's creator.
Hello, great to have you here
Can you please tell me more about this paragraph?
> I'd strongly suggest that save editors resign the files with the player's key, if local, or with their own key if not, so the save can be accepted by Ren'Py.
For local editors, I think it’s enough to set to the path for keys, but for online editors? Do they need to generate their own key and combine it with the local one, or did you mean something else?
Please tell people to not mess with the signing-key part of the "security_keys.txt" - it can and will cause issues later.
Also - making that "security_keys.txt" file - read only, is a path to failure.
The renpy folder has a savetoken.py that should over-write the old one.
The ren'py SDK's "savetoken.py" for the versions 8, 1, 1 - 8, 1, 2 - 8, 1, 3 etc., did change slightly with each version - but that file I provided works on all of them - and should work on futures versions as well!
The game folder - has an "extra_savedirs_FIX.rpy" file - that stops the extra "sync" files *(redundant save files) from being created in the appdata/roaning/renpy/game folders. Those files are fairly useless - and wastes a lot of drive space. It also includes some of the most common, and used game fixes - that aid many games.
and who is on android? It's useless because it's almost impossible to change files, especially if you're on Android 13. If you're on Android 12, I recommend using a PC emulator like mobox or winlator emu. Otherwise it will never work.
Please tell people to not mess with the signing-key part of the "security_keys.txt" - it can and will cause issues later.
Also - making that "security_keys.txt" file - read only, is a path to failure.
The renpy folder has a savetoken.py that should over-write the old one.
The ren'py SDK's "savetoken.py" for the versions 8, 1, 1 - 8, 1, 2 - 8, 1, 3 etc., did change slightly with each version - but that file I provided works on all of them - and should work on futures versions as well!
The game folder - has an "extra_savedirs_FIX.rpy" file - that stops the extra "sync" files *(redundant save files) from being created in the appdata/roaning/renpy/game folders. Those files are fairly useless - and wastes a lot of drive space. It also includes some of the most common, and used game fixes - that aid many games.
EDIT: 08 January, 2024
I am updating the OP to reflect new information and solutions. Big, HUGE thanks to Twistty for providing an elegant solution to this problem. Please see below for more information.
EDIT: As of 31 August, 2023, I am editing this OP to include more information and to summarize some of what has been discussed below.
I have recently noticed a new addition to Ren'Py. They have placed a save check/comparison option in the newest iteration which defeats the use of saveeditonline and Ren'Py save editor. Somehow, if one edits a save file using those tools, the game is able to detect that and a popup warning occurs such as the one below: View attachment 2788815 I suspect that if all is working correctly, one should be able to click on the "Yes" option which would allow the save to be opened. But in the two games that I've ran into this, clicking the "Yes" option does nothing but return to the main menu. While it's true one can continue to use Unren to enable the console and then edit variables in the game, often it's easier to edit the save file.
So, I am curious if anyone has found a way to defeat this check? Also, creators should be aware of this new option and enable the "YES" or "NO" options...or not. But one of the reasons Ren'Py is so popular is the ability to tinker with the game and explore different routes and choices. I'd like to see it stay that way.
Beginning with Ren'Py 8.0.x or 8.1, a security check was added to the code which is an attempt to defeat bad actors from interjecting malicious code onto someone's computer via Ren'Py save files. If one attempts to load a save file that has not been generated with the token found on the player's machine, a warning as shown above will appear. If you're confident the save file is clean, you have the choice to allow it to be used.
However, if you manipulate one of your own save files (such as through saveeditonline.com) and attempt to use it, regardless of choosing "YES", the file will not work/load. There are ways to get around this problem as the following describes.
(Sorry, but I do not have the location of these files if one uses MacOS. I do not know if security tokens have been added to Android and if so, where their locations might be.)
Location of Ren'Py save files on Windows: .../AppData/Roaming/RenPy/
Location of Token folder (unique to each computer): .../Roaming/RenPy/tokens/
Download his SaveLockFix, open the .zip and place the two folders (/game/ and /renpy/) into the main game folder. The OS will ask you if you want to overwrite one file. Answer YES and you're all set. This solution will not only fix the encoding issue, but as Twistty states, block the creation of the redundant save files in the sync folders. Once you have this in place, you can use the previously mentioned save editors as you once did. You should also now see that the preferences/options are being saved as they should and you can load from the appropriate page.
You can also continue to use 0x52Universal RenPy Mod This mod can be used to search for several things including variables and their values and also be used to edit those values. It is used in-game and one doesn't need to worry about the security token if using this tool. It's also simply fun to try routes and paths a dev has been into a game without replaying the entire game. I use this in all my Ren'Py games.
No offense to anyone else and I/we appreciate all the help and suggestions, but I recommend disregarding previous solutions in favor of Twistty 's. For more information see his post further down this thread at: Twistty's recommendations
EDIT 04 January, 2024. I recently became aware that the site
You must be registered to see the links
now offers an option to re-pack your save files. (Thanks to derfirm for the update.) (This solution is a bit cumbersome and I would recommend the previous solution as a better choice.)
These two mods allow you to do several things. Unpack .rpa files, decompyle .rpyc files, -->enable the console<--, etc. Enabling the console is easy and then one can, for instance, manipulate variables while in-game. I would suggest taking the time to learn how to use these tools. UnRen for all UnRen.bat
Pinsel, derfirm and dotjeal(*as of 10 Sept, 23 I tried dotjeal's approach and it worked flawlessly) have posted workarounds below. Check them out if you're interested, but please note I have not personally tried their solutions.
Hi, if you try to do this on an android device do the following:
1. Connect your device to a computer.
2. Enable PTP
3. Create, on your computer, a file called security_keys.txt with the text: Signing-key (and nothing else).
4. Make that file read only.
5. Transfer that file to your device.
6. Replace the signing_keys.txt file inside the folder that holds your saves with the file you had created.
*7. Open the game, load the fixed file and then save to a new spot.
*8. Close the game and delete the altered security_keys.txt.
*9. Reopen the game (so it will recreate the original security_keys.txt) and open the NEW save, it will ask you one time if you sure but will let you to open.
*10. Save the game again and there should be no problems henceforth.
11. Enjoy.
* 7-10 are to address the concern about not having the original security_keys.txt
I certainly do hope the smart folks at Ren'Py who decided that a modified savegame is unacceptable to load will suffer some very, very painful accidents indeed just to remind them what a great thing it is to use the power you have to take choice away from other people. I might actually just go on and eat Ramen for a few months and use the savings to buy some voodoo dolls and some VERY long and sharp needles, just to drive the goddamned point home - it would TOTALLY be worth it...
I certainly do hope the smart folks at Ren'Py who decided that a modified savegame is unacceptable to load will suffer some very, very painful accidents indeed just to remind them what a great thing it is to use the power you have to take choice away from other people. I might actually just go on and eat Ramen for a few months and use the savings to buy some voodoo dolls and some VERY long and sharp needles, just to drive the goddamned point home - it would TOTALLY be worth it...
