Hi,

I'm very new to Godot (just started yesterday). I tried to create and export some sample games, and found the "issue" that the PCK file format has almost no protection. The contents can be directly extracted or viewed in a hex editor.

I wonder whether it is possible to make the PCK format customizable (i.e. a user can define his/her own routine to read/write the file, e.g. xor the data with a mask, or apply some basic compression, etc.). The user should of course be responsible for the correctness and performance.

  • Why do I think this is doable?

I searched the whole source code for the references of PACK_HEADER_MAGIC (defined in file_access_pack.h). There are essentially two writing routines: one in EditorExportPlatform::save_pack, with two references, and one in PCKPacker::pck_start. There is essentially one reading routine: in PackedSourcePCK::try_open_pack. These routines look quite simple, as is the PCK file format.

If one can unify the two writing routines, then it should be easy to expose the reading/writing interfaces so that one can do extra prcessing before writing/after reading. With the current version, I can do it myself by manually inserting codes into these places, but I'm not sure whether these are the complete list of usages of this file format. Also I would have to do this for every new release.

---

  • Why is this useful?

One advantage is more protection of the resources. If the file format is specified by the engine, then one single depacker can depack all games created with the engine. Custom formats will not have this problem. Another advantage is the possibility to compress the data, even with a very basic algorithm, so that the file size can be reduced. For those who don't care about the format, the current PCK format could be the default option.

---

  • Why do we need protection?

Let me first mention that I have read through all the discussions in this post.

I think there are two different things here: security and protection. Security by obscurity is not really security. However, it provides some protection. The meaning of protection is two-sided. In my opition, this works more or less like a "spoiler" tag on some forums. It not only protects the content from being seen, but also protects the reader from seeing the content that they don't really want to see immediately.

There are games that don't hide their resources at all. The player may open a folder and see the picture of all enemies up to the final boss, or watch all the CG movies up to the ending. I don't think this is a plus to the game.

This has been discussed on the forums before but it's fine I'm sure it'll keep coming up again and again(ain't nobody going to search for the subject first :tongue: ).

Truth of the matter is that it makes sense to discuss it on the respective github issue since the developers will see it there, but this here is just the end-user forum really so don't expect discussing this in here to achieve much.

---

This discussion was caught in the moderation queue since you have not confirmed your account yet.
Upon creating your account you should have received an account verification email. The confirmation email may have been incorrectly flagged as spam, so please also check your spam filter. Without confirming your account, future posts may also be caught in the moderation queue. You can resend a confirmation email when you log into your account if you cannot find the first verification email.
If you need any help, please let us know! You can find ways to contact forum staff on the Contact page. Thanks! :smile: