The spoilered script at the end is a rushed first public version of my personal file to run rpgmaker games on linux. Usually wrong capitalization of file names is a problem and the original intend of the script is to fix that issue at runtime.
However the approach used (monkeypatching) can be used to neuter or sanitize functions used by malware.
The security in this first version is very basic and a dedicated hacker has still lots of functions left to run harmful scripts but for now my target is stopping malware which does not expect any resistance yet. The script is also very overzealous so false positives can happen too.
For now this script is intended for people willing to test it.
In the future this could be a script added by distributors to RPGMaker MV/MZ games by default to secure users against hidden malware.
I would be graeful about any feedback how bad or well this script workson windows, android and mac.
Copy attached script to www/js/bootstrap.js (or js/bootstrap.js if www does not exist)
Add the following line to package.json (there might be a second one inside he www directory and I am not sure which is important when using Game.exe)
"inject_js_start": "www/js/bootstrap.js",
Run game.
The game should create a game-log.txt file with helpful output in case of problems.
game-log.txt example of an infected game:
Game window stayed black (never displayed main menu). Using the web console gives better info (like a stack trace to help locating the injected malware in pixi.js
Yeah, the reporting to the user is bad but it stopped malicious code from running. If there is no malware then the game should run without problems.
However the approach used (monkeypatching) can be used to neuter or sanitize functions used by malware.
The security in this first version is very basic and a dedicated hacker has still lots of functions left to run harmful scripts but for now my target is stopping malware which does not expect any resistance yet. The script is also very overzealous so false positives can happen too.
For now this script is intended for people willing to test it.
In the future this could be a script added by distributors to RPGMaker MV/MZ games by default to secure users against hidden malware.
I would be graeful about any feedback how bad or well this script workson windows, android and mac.
Copy attached script to www/js/bootstrap.js (or js/bootstrap.js if www does not exist)
Add the following line to package.json (there might be a second one inside he www directory and I am not sure which is important when using Game.exe)
"inject_js_start": "www/js/bootstrap.js",
JSON:
{
"name": "01",
"main": "index.html",
"js-flags": "--expose-gc",
"window": {
"title": "",
"toolbar": false,
"width": 1280,
"height": 720,
"icon": "icon/icon.png"
},
"inject_js_start": "js/bootstrap.js",
"chromium-args": "--enable-webgl --ignore-gpu-blacklist --disable-setuid-sandbox --force-gpu-rasterization --enable-gpu-memory-buffer-video-frames --enable-native-gpu-memory-buffers --enable-zero-copy --enable-gpu-async-worker-context --disable-password-generation"
}Run game.
The game should create a game-log.txt file with helpful output in case of problems.
game-log.txt example of an infected game:
Code:
[2025-08-24T22:26:40.794Z] [LOG] gameRoot: /mnt/games/072 Project_ Amelie falls over and over again/www
[2025-08-24T22:26:41.014Z] [WARN] Error: [SECURITY] Access to 'https' is denied. Possible malicious intent.Yeah, the reporting to the user is bad but it stopped malicious code from running. If there is no malware then the game should run without problems.
You don't have permission to view the spoiler content.
Log in or register now.