Ren'Py New Ren'Py Token Check (when creating a save)

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
EDIT: 17 May, 2024

UPDATE: Twistty has provided an update for his Save Lock Fix to address changes in a newer version of Ren'Py. Please see this post for the download and be sure to give him thanks for his efforts. Save Lock Fix

EDIT: 23 April, 2024

UPDATE for ANDROID users: Please see by nosterdamus . I don't use Android for these games, so can't test it myself, but it seems to be legit. Please give him thanks for offering this solution.

EDIT: 08 January, 2024
I am updating the OP to reflect new information and solutions. Big, HUGE thanks to Twistty for providing an elegant solution to this problem. Please see below for more information.

EDIT: As of 31 August, 2023, I am editing this OP to include more information and to summarize some of what has been discussed below.

I have recently noticed a new addition to Ren'Py. They have placed a save check/comparison option in the newest iteration which defeats the use of saveeditonline and Ren'Py save editor. Somehow, if one edits a save file using those tools, the game is able to detect that and a popup warning occurs such as the one below:
save message - Copy.JPG
I suspect that if all is working correctly, one should be able to click on the "Yes" option which would allow the save to be opened. But in the two games that I've ran into this, clicking the "Yes" option does nothing but return to the main menu. While it's true one can continue to use Unren to enable the console and then edit variables in the game, often it's easier to edit the save file.

So, I am curious if anyone has found a way to defeat this check? Also, creators should be aware of this new option and enable the "YES" or "NO" options...or not. But one of the reasons Ren'Py is so popular is the ability to tinker with the game and explore different routes and choices. I'd like to see it stay that way.


Beginning with Ren'Py 8.0.x or 8.1, a security check was added to the code which is an attempt to defeat bad actors from interjecting malicious code onto someone's computer via Ren'Py save files. If one attempts to load a save file that has not been generated with the token found on the player's machine, a warning as shown above will appear. If you're confident the save file is clean, you have the choice to allow it to be used.

However, if you manipulate one of your own save files (such as through saveeditonline.com) and attempt to use it, regardless of choosing "YES", the file will not work/load. There are ways to get around this problem as the following describes.

(Sorry, but I do not have the location of these files if one uses MacOS. I do not know if security tokens have been added to Android and if so, where their locations might be.)
Location of Ren'Py save files on Windows: .../AppData/Roaming/RenPy/
Location of Token folder (unique to each computer): .../Roaming/RenPy/tokens/
You don't have permission to view the spoiler content. Log in or register now.
You don't have permission to view the spoiler content. Log in or register now.
Tools to edit save files (now problematic), but can still be used to identify variables and values:



EDIT 08 January, 2024.

Twistty has provide what I think is the most elegant solution to this problem if one wants to use either:
1.
2. Ren'Py Save Editor

Download his SaveLockFix, open the .zip and place the two folders (/game/ and /renpy/) into the main game folder. The OS will ask you if you want to overwrite one file. Answer YES and you're all set. This solution will not only fix the encoding issue, but as Twistty states, block the creation of the redundant save files in the sync folders. Once you have this in place, you can use the previously mentioned save editors as you once did. You should also now see that the preferences/options are being saved as they should and you can load from the appropriate page.

You can also continue to use 0x52 Universal RenPy Mod This mod can be used to search for several things including variables and their values and also be used to edit those values. It is used in-game and one doesn't need to worry about the security token if using this tool. It's also simply fun to try routes and paths a dev has been into a game without replaying the entire game. I use this in all my Ren'Py games.

No offense to anyone else and I/we appreciate all the help and suggestions, but I recommend disregarding previous solutions in favor of Twistty 's. For more information see his post further down this thread at: Twistty's recommendations

EDIT 04 January, 2024. I recently became aware that the site now offers an option to re-pack your save files. (Thanks to derfirm for the update.) (This solution is a bit cumbersome and I would recommend the previous solution as a better choice.)

These two mods allow you to do several things. Unpack .rpa files, decompyle .rpyc files, -->enable the console<--, etc. Enabling the console is easy and then one can, for instance, manipulate variables while in-game. I would suggest taking the time to learn how to use these tools.
UnRen for all
UnRen.bat

Pinsel, derfirm and dotjeal (*as of 10 Sept, 23 I tried dotjeal's approach and it worked flawlessly) have posted workarounds below. Check them out if you're interested, but please note I have not personally tried their solutions.

Thanks.
 
Last edited:

OldHiccup

Our Home DEV
Donor
Game Developer
Jan 29, 2021
610
1,855
I have recently noticed a new addition to Ren'Py. They have placed a save check/comparison option in the newest iteration which defeats the use of saveeditonline and Ren'Py save editor. Somehow, if one edits a save file using those tools, the game is able to detect that and a popup warning occurs such as the one below:
View attachment 2788815
I suspect that if all is working correctly, one should be able to click on the "Yes" option which would allow the save to be opened. But in the two games that I've ran into this, clicking the "Yes" option does nothing but return to the main menu. While it's true one can continue to use Unren to enable the console and then edit variables in the game, often it's easier to edit the save file.

So, I am curious if anyone has found a way to defeat this check? Also, creators should be aware of this new option and enable the "YES" or "NO" options...or not. But one of the reasons Ren'Py is so popular is the ability to tinker with the game and explore different routes and choices. I'd like to see it stay that way.


You can only defeat this check if you change the SDK. It was made to just give the user a heads up that they might be modifying the persistence records.

The whole point of this process is to let the user know that they could be running some nasty software hidden in the persistence file.

If the source that changes the save is reliable, there's nothing to worry about!


Just to complement, renpy will generate signuture keys when you run the game for the first time.

And if the save is modified, if the user accepts it, it will recreate these keys.

Maybe save edit will generate new keys when changing a save, so that the user replaces the original keys, but between us, I don't think it's necessary.
 
Last edited:

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
You can only defeat this check if you change the SDK. It was made to just give the user a heads up that they might be modifying the persistence records.

The whole point of this process is to let the user know that they could be running some nasty software hidden in the persistence file.

If the source that changes the save is reliable, there's nothing to worry about!


Just to complement, renpy will generate signuture keys when you run the game for the first time.

And if the save is modified, if the user accepts it, it will recreate these keys.

Maybe save edit will generate new keys when changing a save, so that the user replaces the original keys, but between us, I don't think it's necessary.
Thanks for the reply, but as I stated, the two times I've ran into this I was not able to get the modified saves to load even when clicking the "YES" (trusted) option. I used both the online editor and the Save editor (installed on my computer with me doing the modification). So I am wondering if the dev has to enable the process in some way or am I missing something?
 

OldHiccup

Our Home DEV
Donor
Game Developer
Jan 29, 2021
610
1,855
Thanks for the reply, but as I stated, the two times I've ran into this I was not able to get the modified saves to load even when clicking the "YES" (trusted) option. I used both the online editor and the Save editor (installed on my computer with me doing the modification). So I am wondering if the dev has to enable the process in some way or am I missing something?
Sorry, I didn't quite understand the question.
As far as I've noticed, no action is required on the part of the developer.

I'm programming using the latest version of renpy, and well, everything worked without having to make any changes.

I went to read the documentation here, and it seems that it will only accept if the keys were on the computer.

 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Donor
Respected User
Jun 10, 2017
10,862
16,006
So, I am curious if anyone has found a way to defeat this check?
There is, but it would totally defeat the security purpose behind the check.


Also, creators should be aware of this new option
They are aware of this. I mean, they read before switching to a new version, right ?


and enable the "YES" or "NO" options...or not.
Once again, it would defeat the whole purpose of this check.


But one of the reasons Ren'Py is so popular is the ability to [...]
... "use the console in order to alter any value without the need to edit the save files".

Console that can be enabled this way. You can even copy past a bit of, like that one, to have a bit more than the console, or use one of the already made file.
 

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
Sorry, I didn't quite understand the question.
As far as I've noticed, no action is required on the part of the developer.

I'm programming using the latest version of renpy, and well, everything worked without having to make any changes.

I went to read the documentation here, and it seems that it will only accept if the keys were on the computer.

Thanks for that link! In it is the following line:

Persistent data is loaded if it's from the current computer, or a computer with an accepted token.
I'm curious as to why that is not working in my case. All Ren'Py games are played on the same computer, yet the two games that I've played that are using the new version will not load an edited save. I could see this more likely to happen when using saveeditonline.com, but, at least in my case, also happens with my local copy of Ren'Py save editor.

Ok, well thanks again and I'll keep digging.
 

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
Because you edited the file, period.
Ok, then. So Ren'Py Save Editor and saveeditonline.com are now obsolete for Ren'Py games going forward? If that's the case, I will certainly look forward to a jailbreak of the Ren'Py save token code that would allow these tools to be used again.
 

OldHiccup

Our Home DEV
Donor
Game Developer
Jan 29, 2021
610
1,855
Ok, then. So Ren'Py Save Editor and saveeditonline.com are now obsolete for Ren'Py games going forward? If that's the case, I will certainly look forward to a jailbreak of the Ren'Py save token code that would allow these tools to be used again.

It will take a while for games to start using recent versions of renpy, until then someone will definitely create a way around this, as I said, tinkering with the SDK will already allow you to work around this parameter. I wouldn't worry about this in general, as most games just turn on developer mode and adjust variables through the console.

This feature and new ones have just been released, it's only a matter of time before a more elegant workaround emerges. Unlike JailBreak which comes from a company where the source code is restricted, remember that Renpy is completely opensource.

There are dozens of universal mods here, which put all game variables in one interface, so you can edit without using tools to modify a save.
 
  • Like
Reactions: WuzzyFuzzy

Meaning Less

Engaged Member
Sep 13, 2016
3,539
7,170
Most likely your save editors are deprecated, that's why they are actually corrupting saves and making them not work even after accepting the message saying your save has been edited.

So either wait until they update those saveeditors or learn how to use the console yourself.
 
  • Like
Reactions: sakuzuda

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
Most likely your save editors are deprecated, that's why they are actually corrupting saves and making them not work even after accepting the message saying your save has been edited.

So either wait until they update those saveeditors or learn how to use the console yourself.
No problem waiting now that I'm in the loop. And as I stated earlier, I use the console frequently, but there are times the save editors are simpler. Either way, I'll get by. ;)
 

BOH56

Member
May 27, 2017
252
153
If the source that changes the save is reliable, there's nothing to worry about!
THe problem is that the 'check' utterly ignores you trying to say 'yes, I trust this'. I can appreciate the added security check to cover their ass if something goes wrong, but the check seems to be bugged, and if its not a bug that it utterly igores you trying to say yes then its bullshit and I can't wait for it to get circumvented
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Donor
Respected User
Jun 10, 2017
10,862
16,006
THe problem is that the 'check' utterly ignores you trying to say 'yes, I trust this'.
It don't ignores it, it's just that it doesn't mean what you think.

When you ask Ren'Py to load the file because you trust it, it will still perform a last constancy check ; some kind of "the save file don't come from your computer, but at least is it coherent" ultimate control. And it happen that this check fail.

After, should Ren'Py do this last check or not, I don't know, it's not really my place to judge it.
 

BOH56

Member
May 27, 2017
252
153
It don't ignores it, it's just that it doesn't mean what you think.

When you ask Ren'Py to load the file because you trust it, it will still perform a last constancy check ; some kind of "the save file don't come from your computer, but at least is it coherent" ultimate control. And it happen that this check fail.

After, should Ren'Py do this last check or not, I don't know, it's not really my place to judge it.
...So its trash that needs to be circumvented. Got it.
 

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,560
3,166
...So its trash that needs to be circumvented. Got it.
I think there's a place for it as some gullible soul can get their machine taken down by trading save files from some nefarious evildoer. But what grabs me is it won't let me tweak my own save. It's a nuisance more than a huge problem, though. I either pop open the code to find the variables, or use the save editors to find them, then change them with console commands. A bit more trouble, but doable.
 

derfirm

Newbie
Jan 9, 2021
34
103
Hello, I have a quick workaround for this
Here is a python script that can use your local tokens and overwrite the save signature to unlock it

How-to-use it

0) Make sure you have python3 installed and it accessible from console + install ecdsa using 'pip install ecdsa'
1) Unpack python script into your test folder.
2) You need to find your save location and copy "security_keys.txt" to folder with your script
3) copy savegame (1-11-LT1.save for instance into location with Your script)
4) run script 'python3 repack-savefile.py security_keys.txt 1-11-LT1.save' (where first should be your tokens textfile, second is name of savegame). Path can be absolute or relative - should work in both cases.
5) copy savegame file back to savegame location, override it.
Be Aware! this script override "signature" file in your savegame, please make backup before use it.


Just open and follow the instruction

UPD: Wow, now support automatic RenPy repack (paid feature), we just need to have a subscription, log in to the site, upload a file with tokens and now all files will be automatically signed when saved!
Tested on BigBrother and using
 
Last edited: