- Mar 4, 2018
- 35
- 153
Only the weak need saves. The strong play through the game every update! I am prepared! I am ready! I am strong!
- Thread starter naughtyroad
- Start date
It is something that is newly getting some more attention, that vid coming out just over 6 months ago, and the change in renpy where it warns you when loading a save is from last May. And be honest, did you know ren'py saves are basically software? I sure as heck didn't, and I guess 99% of people on thread didn't either.
IDK about you, but I don't wanna put security of user level access to my computer down to "it's probably gonna be fine, no-one's been targeted yet that I know of so it's unlikely they ever will".
I can tell you from personal experience with my user base that most of them will do absolutely nothing of the sort, and wouldn't even know that's even a thing.
As to can't access anything important when not an admin (and mind, in my estimation, that's a small minority of users that protect themselves that way), just, you know, take a scroll through your documents and photos. Any financial info there? Copy of your passport from a few years back when HR asked for it. All those scans and forms for when you applied for that loan? How about them cookies in your browser caches, any chance it'll be able to get onto a ton of websites without having to log in if executed from within the context of that user? Yum yum, scrape all that data, and put it up on the dark web for the highest bidder.
Bottom line though is "Don't ever use a ren'py save you did not create yourself. Ever."
I can't take it anymore! The waiting game is pure survival at this point
- Mar 25, 2021
- 10,828
- 23,597
This just further proves why I think Naughtroad
Is one of the coolest & Nicest devs here
Thank you for the warning Naughty
I honestly had no idea before your post yesterday that saves could be harmful.
Hopefully more people read your message.
Because I see so many people in other threads asking for saves
And with how everything is connected these days it's better to be safe than sorry
Is one of the coolest & Nicest devs here
Thank you for the warning Naughty
I honestly had no idea before your post yesterday that saves could be harmful.
Hopefully more people read your message.
Because I see so many people in other threads asking for saves
And with how everything is connected these days it's better to be safe than sorry
I also have to admit I didn't suspect it's that bad. I imagined Ren'Py does heavy serialization to support its fundamental roll back<>forward feature but I didn't imagine it saves code in save files, I thought it saves some public object properties but mostly it saves just a list of public simple (int, etc.) variables capturing game state. Indeed NOBODY should ever use saves from untrusted sources. You are literally downloading an .exe from a random person who might pass it on to you from someone else and any modern evil code is not easily obvious, it may not even manifest for some/most if it doesn't find something juicy. It's very bad.
As a side-note, it's a VERY good idea to at least run all these games under a separate Windows desktop session opened with a dedicated non-admin account. Even better would be to run them in a VM but I don't know if this solution has any smooth path because it runs into the non-trivial problem of having "enough" video/3D hardware acceleration in a VM. I've been meaning to look into it for ages...
- Jul 1, 2017
- 71
- 176
Ren'Py uses the python pickle module to serialize/deserialize its data and it's well known that this module is insecure. There's a giant warning about it in the official documentation.
You must be registered to see the links
So yes, I did know, but you're correct that most game devs probably don't. It's an implementation detail of the engine.
My point was that this isn't new information to "hackers" and yet nobody seems to have taken advantage it so far.
Fair enough. I wasn't criticizing your post bringing awareness to it. It's still a fallacy though in my opinion.
2 quick points:
1. You make the "stranger danger" argument, which is good advice in general. It's however not obvious to me why I should trust a complete stranger with an F95 account called "pussylicker69" more or less than a complete stranger with a Patreon account called "PussyLicker69 Games". The former can hide malware in a save file, the latter can hide malware in the game itself. You can of course convince yourself that the stranger with the Patreon account is somehow more trustworthy, but that's faith not security.
Everyone here is running unverified code from complete strangers since the moment they signed up. No two ways about it.
2. Cost vs. benefit: Sure, someone could manipulate a save file and then post it here, in the hopes that a few people will actually download and use it. Or... they could cook up a few shitty DAZ renders and post a v0.1 incest harem game where an insufferable mc returns home to his family after studying abroad. It will be called "My returning home to the Milftown" Something along those lines, only with even worse grammar. Now all of a sudden, hundreds/thousands of people will happily run the malware. And if the game pops up a splash screen saying "This game is 10x hotter if you run it as Administrator" some people will do that too.
It's just not worth it trying to mess with save files when there are much better ways to achieve the same thing.
No. The bottom line is, if you care about security run any and all Ren'Py games in a Virtual Machine and never on your real machine. Anything else is merely a false sense of security.
Last edited:
Well, did you know that Windows 10 Pro has a little something called Windows Sandbox, which is akin to a lightweight VM? No? Don't be surprised, nobody does. It's an very interesting feature that can be used to build a secure testing environment... So it's very well hidden and not advertised at all. Figures.
- Jul 6, 2021
- 917
- 921
I really like this weird game, it would be nice if you could release updates much sooner than it currently takes, etc more than a year! can't you make smaller updates and release sooner like every 3 or 4 months, surely so much easier and your keeping everyone happy?
- Jul 6, 2021
- 917
- 921
can you make this into a game mod please? i hate pdf files, sorry.
Does anyone know of a way to extract your save file from android so that when you play you won't lose the data If you delete the app on your device?
- Jan 21, 2018
- 135
- 179
I remember, I did it manually with PC connection. But I don't remember the folder.
There is what's the internet says:
"On Android your save files can be found in SD:/Android/data/com.andrealphusgames.love and sex second base
This is a protected folder and you will need to connect your device to a computer to access this folder.
Downloading another file manager might work too (no guarantee)"
Maybe not exactly SD, but it can be a phone.
Totally agree, real players download, start from scratch and go. Each and every update. Why? Because you are worth it. Save files is for weaklings. There I said it. Weaklings. Now discuss.
I have no idea what the point is you're trying to make. An exploit isn't a risk because right now nobody's actively exploiting it? Seriously...
Apples and oranges. A dev with a big following has a vested interest to build trust and keep that so as to make good on the significant investment of time and effort that goes into making a VN, because once you pull the trigger it's just a matter of time before the jig is up. Same as the builder of an App on your phone, or a game in your Steam library. You don't jeapardize that kind of investment on purpose.
A rando with a throw away account and some python skills that can plop a doctored save into a forum just to see which one of the thousands and thousands of viewers will bite on the other hand has every reason to give it a shot.
So yeah, its a risk as much as it is a risk to pull some app on your phone. It's still a world apart from firing up a random executable you stumbled across in some forum in the underbelly of the internet.
Like I said, I'm not really sure what the point is you're trying to argue, but it feels like an argument for argument's sake, and I'm kinda done with this discussion now.
Nope. I've talked about this in the past but the short of it is that I do whole chapters, and they take time. If that frustrates anyone, that's really too bad, because the alternative is not doing LomL at all.
No, that's not happening, mainly because there's no need for it.
There's no narrow line you have to walk to unlock everything, just answer questions normally and you get content you like. E.g., you like a character, act normal towards them (no need to kiss their asses either, just act like a normal person), and if they propose, accept, and you get their content. Treat them bad, actively avoid them, or turn them down, you don't get their content.
There's no puzzle or hidden stuff there, no moment where you find out you had to pick a specific set op options at the start of the game so you can get a special scene at the end of it. The game even has an option to simply not present you with any choice that would lock you out of the main character's storylines, if you really, really need guardrails.
So don't sweat it, you really have to try to mess things up.
On a philosophical note, having a dev sanctioned WT mod implies there's a "best path" through the game, which feels kind silly because why then did they go through all the trouble of creating alternative paths. It just encourages players to treat the game as a visual novel, so then why not make a visual novel, much less work, really.
Nm, answered above.
- Jan 21, 2018
- 135
- 179
Ahah) To be serious, I played the game a year ago and was going to load my old save, but decided to play again to remind myself, what was in the story. It turned out that I've forgot A LOT. Even, that Macy and Denise have a
You don't have permission to view the spoiler content.
Log in or register now.
I advice to everyone to replay at least the 6th chapter, to remember all the things))
- Mar 25, 2021
- 10,828
- 23,597
My save is ready
My heart is ready
And my penis is ready
So I'm definitely ready everyone
My heart is ready
And my penis is ready
So I'm definitely ready everyone
- Jan 21, 2018
- 135
- 179
Without photo-provement it's just words.
- Oct 1, 2017
- 1,459
- 3,238
No. You forgot a pack of tissues.
Reminds me a lot of back when public WiFi was getting hugely popular. Many software devs raised the red flag about the vulnerability of website cookies in public WiFi and the industry just shrugged ... well, because nobody was really exploiting it.
So one of these guys made an app for Firefox called "Firesheep" to show how bad it was. I read about it and I installed that app and then headed to my local mall to test it. With no coding skills and only having to download a simple Addon for my browser, I hijacked 5 different people's social media accounts in the first 5 mins. After that, I absolutely never logged into any accounts when using a public WiFi, lol.
- Oct 6, 2017
- 521
- 1,373
Download the x52 mod and add it to your game it's not a real walkthrough/guide but you can see what the answers get.
https://f95zone.to/threads/universal-renpy-mod-1-15-2-mod-any-renpy-game-yourself.48025/
I hope Naughtyroad is not angry with me
Hey, why is my basement door open And why is the power off?
Last edited:
I tried to say it last week, but here it is again. Congrats on 6.9 Million post reads Naughty. Not many game creators can claim to get to that amount of views for their project/ passion. Hear's to 6.9 million more!