Bug #1626

Client-Side Save File Manipulation Exploit

Status:	Open
Priority:	High
Added by:	geekgaming3443 on June 6, '26
Assigned to:	Unassigned
Due date:
Reported for:	S06.04 Auto

Steps to Reproduce

1. Locate the Deep Rock Galactic save file stored locally on the player's computer.
2. Create a backup of the save file.
3. Open the save file using a publicly available save-editing tool such as Save Editor Online.
4. Modify progression-related values such as player level, promotions/prestiges, resources, or other statistics contained within the save data.
5. Save the modified file and replace the original save.
6. Launch Deep Rock Galactic and load the edited save.
7. Observe that the modified values are reflected in-game without apparent validation preventing the changes.

Explanation

Exploit Report: Client-Side Save File Manipulation
Summary

I would like to report a potential exploit affecting Deep Rock Galactic. The issue appears to stem from player progression data being stored locally on the player's computer, allowing users to modify their save files and alter in-game statistics.

Description

Players are able to access and modify their local save files using readily available save editors, file editing tools, or manual modifications. By changing values stored within these files, users can alter various aspects of their account progression, including but not limited to:

Player level
Class levels
Promotions/Prestiges
Resources and currencies
Unlocks
Performance statistics
Other progression-related data

Because the data is stored and trusted on the client side, modified save files can potentially be loaded into the game without sufficient validation.

Potential Impact

This exploit may have several negative effects:

Unfair progression advantages over legitimate players.
Reduced integrity of progression systems.
Potential disruption of public multiplayer sessions.
Inaccurate player statistics and achievements.
Loss of trust in progression-based accomplishments.
Reproduction Steps
Locate the Deep Rock Galactic save files on a local machine.
Create a backup of the save data.
Open the save file using a save editor or file modification tool.
Modify progression-related values such as levels, promotions, or resources.
Save the modified file.
Launch the game and load the edited save.
Observe that the altered values are reflected in-game.
Suggested Mitigations
Implement additional server-side validation for progression data.
Verify save file integrity using checksums or signatures.
Detect abnormal progression changes and flag suspicious accounts.
Store critical progression information on trusted servers where feasible.
Add consistency checks when loading save data.
Additional Notes

This report is submitted in good faith to help improve the integrity and fairness of the game. I have not included any tools, modified files, or detailed instructions that would facilitate abuse of the issue.

Thank you for your time and consideration.

Watchers

Watch