Ren'Py New Ren'Py Token Check (when creating a save)

WuzzyFuzzy

Well-Known Member
Jan 23, 2020
1,559
3,163
small question, how about people who using joiplay to play renpy games that doesn't had android version?
I have not used Joiplay, but my guess is the behavior would be the same (although I could be wrong). If you find out otherwise, please let us know.
 

Nickpros20

Member
Oct 31, 2021
173
145
my solution was this:




In the game file, where you can find the exe. There is a other file "renpy".
Open it, search for the "savetoken.py" open it with the simple texteditor, and then look for this:


def verify_data(data, signatures, check_verifying=True):
"""
Verifies that `data` has been signed by the keys in `signatures`.
"""

for i in signatures.splitlines():
kind, key, sig = decode_line(i)

if kind == "signature":

if key is None:
continue

if check_verifying and key not in verifying_keys:
continue

try:
vk = ecdsa.VerifyingKey.from_der(key)
if vk.verify(sig, data):
return True
except Exception:
continue

return False



chance the last entry to "True" save , restart the game and then your edited save will work. Testet this with the
The Builder [Ep.5 B2] [LewdRobotics]
Yall this works
 

sakuzuda

Member
Nov 24, 2021
129
134
my solution was this:




In the game file, where you can find the exe. There is a other file "renpy".
Open it, search for the "savetoken.py" open it with the simple texteditor, and then look for this:


def verify_data(data, signatures, check_verifying=True):
"""
Verifies that `data` has been signed by the keys in `signatures`.
"""

for i in signatures.splitlines():
kind, key, sig = decode_line(i)

if kind == "signature":

if key is None:
continue

if check_verifying and key not in verifying_keys:
continue

try:
vk = ecdsa.VerifyingKey.from_der(key)
if vk.verify(sig, data):
return True
except Exception:
continue

return False



chance the last entry to "True" save , restart the game and then your edited save will work. Testet this with the
The Builder [Ep.5 B2] [LewdRobotics]
idk, man. I didn't found it on renpy folder. and how to read this? I got it after editing the save file...
 
  • Thinking Face
Reactions: rKnight

Pinsel

Active Member
Dec 25, 2019
821
729
Sry, i dont know Joiplay. But in my experience, usualy if ther is no "savetoken.py" then the editet savefile works anyway. And what program did you use for editing the file? I use this:



Or you could try this:

It is the savefile, wich you have changed. Just "unblock" the file. But of some weird reason it dosent work everytime.
 
Last edited:

Seeps

New Member
Jan 3, 2020
3
17
im sorry since im kindof a noob but where is the "security_keys.txt" ?... i cant find it in my game directory
I went to "C:\Users\<YOUR USERNAME>\AppData\Roaming\RenPy", searched for "security_keys" and made the adjustment after saving a copy, you know, just in case.

Now that document just says
signing-key
verifying-key
I've had no issues since.

PS: If you can't see your AppData folder, it's because you need to unhide hidden documents. Google it in case you need help, it's quite straightforward.
 

Unkoep

Newbie
Jun 10, 2018
56
46
my solution was this:




In the game folder, where you can find the exe. There is a other folder "renpy".
Open it, search for the "savetoken.py" open it with the simple texteditor, and then look for this:


def verify_data(data, signatures, check_verifying=True):
"""
Verifies that `data` has been signed by the keys in `signatures`.
"""

for i in signatures.splitlines():
kind, key, sig = decode_line(i)

if kind == "signature":

if key is None:
continue

if check_verifying and key not in verifying_keys:
continue

try:
vk = ecdsa.VerifyingKey.from_der(key)
if vk.verify(sig, data):
return True
except Exception:
continue

return False



chance the last entry to "True" save , restart the game and then your edited save will work. Testet this with the
The Builder [Ep.5 B2] [LewdRobotics]
Thanks bro here i thought i had to learn how to code with all these different tutorials and stuff :)
 
  • Like
Reactions: Cream304 and Pinsel

imzahai

Active Member
Apr 19, 2019
938
1,272
If the keys are what's bothering, you can solve it in a few steps.
Beware it permanently revokes security keys. Do at your own risk
Buckle-up it might be rocket science for some.

1 - Open the security_keys.txt (%appdata%\roaming\renpy\tokens) and remove both the keys contents (not their header, only the characters string).
2 - Save
3 - make the file read-only (right-click, properties, read-only checkbox, OK).
5 - Run your game and load your savegame
6 - Facepalm (optional)
7 - Enjoy
i will of course have to frequently use option 6, thank you!!
 
  • Like
Reactions: Lewd Kingdom

Falkfisch

Member
Aug 10, 2018
127
145
my solution was this:




In the game folder, where you can find the exe. There is a other folder "renpy".
Open it, search for the "savetoken.py" open it with the simple texteditor, and then look for this:


def verify_data(data, signatures, check_verifying=True):
"""
Verifies that `data` has been signed by the keys in `signatures`.
"""

for i in signatures.splitlines():
kind, key, sig = decode_line(i)

if kind == "signature":

if key is None:
continue

if check_verifying and key not in verifying_keys:
continue

try:
vk = ecdsa.VerifyingKey.from_der(key)
if vk.verify(sig, data):
return True
except Exception:
continue

return False



chance the last entry to "True" save , restart the game and then your edited save will work. Testet this with the
The Builder [Ep.5 B2] [LewdRobotics]
Can someone please pin this solution to the top?
 

Netgear

Active Member
Jul 25, 2018
615
651
... "use the console in order to alter any value without the need to edit the save files".

Console that can be enabled this way. You can even copy past a bit of, like that one, to have a bit more than the console, or use one of the already made file.
Why not enabling the developer console directly in the game's files ? (renpy/common/00library.rpy ?)
From there, you can see the variable in the game and change them with the commande console all in one place.
 

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Donor
Respected User
Jun 10, 2017
10,833
15,945
Why not enabling the developer console directly in the game's files ? (renpy/common/00library.rpy ?)
Firstly because you don't need to enable it directly from the core. Secondly because the developer mode do more than enabling the console. Among other things, it will treat as fatal some errors that, without it, Ren'Py wouldn't care too much about. It will also switch the default background from full black to checked, what will mess with some transition and effect.
 
  • Yay, new update!
Reactions: Derek's Brother

JoyfulDancer

New Member
Nov 1, 2023
1
0
Hello, I have a quick workaround for this
Here is a python script that can use your local tokens and overwrite the save signature to unlock it

How-to-use it

0) Make sure you have python3 installed and it accessible from console + install ecdsa using 'pip install ecdsa'
1) Unpack python script into your test folder.
2) You need to find your save location and copy "security_keys.txt" to folder with your script
3) copy savegame (1-11-LT1.save for instance into location with Your script)
4) run script 'python3 repack-savefile.py security_keys.txt 1-11-LT1.save' (where first should be your tokens textfile, second is name of savegame). Path can be absolute or relative - should work in both cases.
5) copy savegame file back to savegame location, override it.
Be Aware! this script override "signature" file in your savegame, please make backup before use it.

Tested on BigBrother and using
I appear to be somewhat stumped. How does one unpack the python script? Google has proven to be surprisingly unhelpful in finding clear, simple instructions on the matter. Also, do we use the original save game then slap that into the editor? Or do we use the edited save file for this? Apologies for the hassle.
 

derfirm

Newbie
Jan 9, 2021
34
102
I appear to be somewhat stumped. How does one unpack the python script? Google has proven to be surprisingly unhelpful in finding clear, simple instructions on the matter. Also, do we use the original save game then slap that into the editor? Or do we use the edited save file for this? Apologies for the hassle.
Hello, your question is absolutely normal! I receive a lot of questions and the solution I proposed is not the best. I think in the coming days I will be able to add more detailed information and another more convenient solution without scripts.

You need just to re-sign edited save file
 
  • Thinking Face
Reactions: Twistty

Pinsel

Active Member
Dec 25, 2019
821
729
I appear to be somewhat stumped. How does one unpack the python script? Google has proven to be surprisingly unhelpful in finding clear, simple instructions on the matter. Also, do we use the original save game then slap that into the editor? Or do we use the edited save file for this? Apologies for the hassle.
Well you want the edited save to work. So... Try one of this:

If the keys are what's bothering, you can solve it in a few steps.
Beware it permanently revokes security keys. Do at your own risk
Buckle-up it might be rocket science for some.

1 - Open the security_keys.txt (%appdata%\roaming\renpy\tokens) and remove both the keys contents (not their header, only the characters string).
2 - Save
3 - make the file read-only (right-click, properties, read-only checkbox, OK).
5 - Run your game and load your savegame
6 - Facepalm (optional)
7 - Enjoy
I failed to mention this earlier, but another good tool to manipulate your variables and play around in game without using a save editor is 0x52's Universal Ren'Py mod. It can be found here: Universal Ren'Py mod

Thanks for all the replies.
my solution was this:




In the game folder, where you can find the exe. There is a other folder "renpy".
Open it, search for the "savetoken.py" open it with the simple texteditor, and then look for this:


def verify_data(data, signatures, check_verifying=True):
"""
Verifies that `data` has been signed by the keys in `signatures`.
"""

for i in signatures.splitlines():
kind, key, sig = decode_line(i)

if kind == "signature":

if key is None:
continue

if check_verifying and key not in verifying_keys:
continue

try:
vk = ecdsa.VerifyingKey.from_der(key)
if vk.verify(sig, data):
return True
except Exception:
continue

return False



chance the last entry to "True" save , restart the game and then your edited save will work. Testet this with the
The Builder [Ep.5 B2] [LewdRobotics]
 

zmeydoom

Newbie
Jan 2, 2018
62
39
There is, but it would totally defeat the security purpose behind the check.




They are aware of this. I mean, they read before switching to a new version, right ?




Once again, it would defeat the whole purpose of this check.




... "use the console in order to alter any value without the need to edit the save files".

Console that can be enabled this way. You can even copy past a bit of, like that one, to have a bit more than the console, or use one of the already made file.
In my personal opinion, this whole check is paranoid nonsense. If you are afraid to catch a virus, don't use/Download/etc. But forbid me to do anything in MY HOUSE and on MY PC? HERESY! They want to cover your ass from accusations and lawsuits - their right. But to deprive the user of the right to choose is idiocy. And this is a very mild expression of what I think.
 
Last edited:

anne O'nymous

I'm not grumpy, I'm just coded that way.
Modder
Donor
Respected User
Jun 10, 2017
10,833
15,945
[...] they want to cover your ass from accusations and lawsuits - their right.
:ROFLMAO:

I really would love to see the idiot who would sue PyTom because he was enough of a dumb ass to download a corrupted save file from an unknown source. It's been more than twenty years that justice consider that software developers only have an obligation of means when it come to security, not an obligation of results, and that one is the main responsible for his own computer security. Therefore, even without this security net, the instant your own behavior put you at risk he wouldn't be held responsible.


But to deprive the user of the right to choose is idiocy. And this is a very mild expression of what I think.
You aren't deprived of your right to choose (please, where is this right defined ?) since it's possible to still load a save file that don't come from your computer. It's not Ren'Py fault if you use a third party service that do shit and leave you with a save file that clearly and openly looks corrupted.
Because it's the issue here. If saveEditor was doing its job correctly, there would be no issue. You would say to Ren'Py that you trust the source and it would load the save file. But like saveEditor didn't cared (yet ?) to update its code in order to take the new security feature into consideration, it return you shit that you can't load. And like an idiot you blame the software warning you that it's shit, and not the one who made the shit...