Gizmo

Prerequisites & Requirements

• Godot Engine Architecture:
  • Understanding how Godot compiles and packages games. Specifically, knowing that game assets and scripts are often bundled into a .pck (Package) file, which can be embedded inside the .exe or sit alongside it.
• GDScript Fundamentals:
  • Familiarity with GDScript , the proprietary, Python-like scripting language used by Godot.
  • Ability to read high-level code syntax to understand game logic, variable assignments, and player movement mechanics.
• Asset Extraction Concepts:
  • Understanding the difference between compiling to machine code (like C++) and bytecode/interpreted scripts. Recognizing that interpreted game scripts can often be recovered in near-original form.

What will you learn?

• Game Engine Reconnaissance:
  • Identifying the technology stack of a target application ( e.g ., recognizing the Godot icon or file structure).
• PCK Unpacking & Decompilation:
  • Learning how to reverse the packaging process of Godot games.
  • Extracting the raw assets from the compiled binary to access the filesystem designed by the developers.
• Source Code Auditing:
  • Navigating through extracted game assets to locate relevant script files (like PlayerMovement.gd ).
  • Analyzing source code to find Hardcoded Secrets , such as flags or credentials, hidden within variable definitions or comments.

Tools

• gdsdecomp (Godot Decompiler):
  • The primary tool used for Reverse Engineering .
  • It parses the executable or .pck file and extracts the internal resources.
  • Crucially, it decompiles the bytecode back into readable GDScript (.gd) text files, allowing you to read the game's logic as if you were the developer.
• Text Editor (VS Code / Notepad++):
  • Used to inspect the recovered PlayerMovement.gd file to read the source code and locate the flag string.