Carrots Game Engine is Here

I have done some testing in a sandboxed environment, and the results are not encouraging.

Carrots engine is still using the GDevelop cloud services for login authentication and online build services. This is not a minor thing.

image1067×314 20.7 KB

I do not recommend anyone sign in using their GDevelop account on the Carrots Engine. This would be against terms of service as carrots is still using GDevelop cloud infrastructure to upload to it’s build service.

I would recommend, if anyone has indeed logged in with the GDevelop account on Carrots Engine, to immediately reset their password as a precaution.

Carrots engine is essentially spoofing the GDevelop servers as the requests would look like it is still coming from GDevelop.

Due to this fact alone I would not recommend anyone to use unless you want to compromise your own account.

Thank you for your observation.
Indeed, there are currently login traces in the engine and some services, but they are blocked and not visible to the user. So if you enter the engine now, you will not log in and will not need to. There is no store; it is completely blocked.
Anything specific, like building for iOS, cannot be used.
It has an effect on the code, but it is not available to the user. A GDevelop user can use our engine with all its features without logging in or entering personal information, because it will not be requested in the first place.

Like I said, previously. I tested, and was able to successfully log in with a GDevelop account. It is not blocked, nor invisible to the user. I didn’t even have to try to get to these screens.

I used a temporary GDevelop account to test as I was not going to log in with my own account and it confirms my suspicions.

All these screenshots are from the Carrots engine.

image940×544 50 KB

image940×121 19.8 KB

After successfully logging in with a GDevelop account, this gives the software complete freedom to the account as login tokens are being stored and used. Even if you say login, etc is not exposed to the user (which it quite obviously is), this does not mean it is not a threat.

Bluntly, this software is a security nightmare.

image940×528 100 KB

This part is a huge risk as a user’s financial details can be hijacked the same way their account can be. Not to mention this is copyright infringement, and potential financial fraud.

image940×543 64.7 KB

Online cloud builds are there using the GDevelop build services and I was able successfully export a game using these services. So, saying this is blocked is false.

But to be honest, you have chosen a massive beast of an engine to fork and recreate as your own engine. There is over a decade worth of continual work that has gone into GDevelop and even with the help of AI, working with an engine with over a million lines of code is a monstrous undertaking.

To be clear, I am not suggesting malicious intent. Instead, I suspect this is genuine inexperience on the side of the Carrot Team developers, again, I mean no disrespect with this.

But you need to be aware that developing software in this matter, with little regard for security has the potential to do much harm.

You are claiming best intentions, and I’ll give you the benefit of the doubt there, but your efforts so far have shown that this product is not ready for public visibility as it can land you in trouble for the reasons I explained earlier about security, copyright infringement and the possibility of financial fraud by exposing untrusted payment method within the app.

Also, to be extra clear, removing the windows, and front end code that exposes these features to the user DOES NOT make the app any safer. The code is there, and it is exposed and it is not just your users you are putting at risk.

Thank you very much for your detailed observations and for pointing out these critical vulnerabilities. We are taking every point you mentioned very seriously and effectively.
To be completely honest, we admit that full-scale security was not within our initial comprehensive study. In our previous projects, we focused heavily on productivity and quality rather than high-level security, partly because we haven’t encountered such sophisticated security threats in our community before. We realize now that we are not yet at the required strength regarding security for a project of this magnitude.
Regarding the GDevelop systems, we have already removed what we could and hidden features we thought might be useful for the team later, while stripping old content and keeping only the interface and workflow. However, as you correctly noted, dealing with an engine of over a million lines of code is a monstrous undertaking. Even after auditing the code multiple times, there are still parts I haven’t been able to fully access or modify yet.
We are not making excuses; we are acknowledging our current limitations. We are planning to bring in security experts soon to handle these critical aspects and ensure the safety of our users and projects.
Since you clearly have a deep understanding of these risks, do you have any specific advice or resources that could help us improve our protection? We genuinely want to learn and fix these issues to avoid any potential harm or legal trouble.
We truly appreciate your professional approach and your willingness to give us the benefit of the doubt

I suspected that you would leave the most complex features (cloud projects, multiplayer, and leaderboards) implemented by the original and receive money for them!
I also didn’t fully believe ZeroX4 when only two new users appeared, but the third user seemed very suspicious. The third user was a fabrication.
The fake account already caused a loss of trust, and the author had been banned multiple times + what distorts the information why he was banned + did not mention the original + use of other people’s services and get paid for it.
They no longer need help, they are ruining their own reputation.

By the way, Rax (the second newcomer in a row who defended the author) seems to me to be similar in conversation to the author, and is probably fake.

I guess this company doesn’t have a good understanding of programming, because they would have used a neural network. And neural networks don’t help you create and embed viruses. I have fewer suspicions, and I might try it out.
This is the worst thing you can imagine. The inspector section covers almost the entire event group, the “export” button covers some sections, the event nodes don’t work at all, and there are about 40 other errors (I just entered the engine and there were already so many errors).
I don’t recommend creating a forum right now (and it’s better not to download it yet) because it’s a disaster!!!
The interface is very inconvenient, and the translation into Russian is half-hearted (it’s not easy to understand the meaning because it’s written in English and Russian in the same sentence).

GOOD LORD

They told you again n again it ain’t a virus, yet u keep insisting it is. What’s with you and virus?? Did you just learned that word???

I seen this too, and my guess is having Gdevelop n this engine carrot, it thinks there’s too apps of it n thus causing this, though im not 100% sure

Ever heard of, it’s still new n it ain’t lots of folk working on it? Plus, it’s still being worked/fixed as we talk.

For crying out loud, stop being so negative at every element

You keep making claims without providing a single piece of real evidence. If there are actually errors, then send them, screenshots, logs, steps to reproduce. Otherwise, this is just noise.

Right now, you’re dismissing every user who tries the engine as fake and throwing accusations in every direction. That’s not criticism, that’s baseless speculation.

It’s clear that you’re not interested in programming fundamentals or real development, your focus is just on bringing the project down. Keep doing that if you want, it won’t affect the engine.

We only accept real feedback that actually helps us improve and is backed by evidence. Like what another user did earlier when they raised concerns about security, and we appreciated that because it helped us improve.

If you have real issues with the engine, present them clearly and I’ll fix them. That’s how development works. Otherwise, you’re not contributing anything useful, you’re just being negative.

At this point, I’m not going to waste more time on unsupported claims. Bring proof or move on.

OMG
Are we there yet?
We reached that point?
Or did we go to infinity and beyond?
Cause i am really not sure how far did we reach?

image1265×298 24.3 KB

Do we have someone here claiming that cause someone on internetz said its not a virus it mean it is not?
Like i think i am even unable to came up with better joke about it than it is on its own

BTW
Any World of Tanks players here?
I found a way to get free gold and it 100% works

image1082×285 52.1 KB

Im telling you this is just free gold for you to take
No scam no viruses no account stealing
100% works even 100000% works
I tell you time and time again it works so it does
Seriously guys free gold FREE 100% works

Anyway
Aside from the fact no one said it is a virus but just pointed out it could be
I really start to believe IQ tests should be required to post here
That would solve a lot

And mr carrot studio
You did not prove ANYTHING
85 messages NOTHING being proven by you
You did not show any evidence/screenshot/links proving someone was wrong or just straight up lie

I would say please
But in fact i am really begging you
I am on my knees
Keep doing what you are doing and don’t stop

I have to say this in a calm way, not as an attack.

Sometimes it feels like you come across as if you’re always right, and that other people’s perspectives don’t really matter.

I’ve noticed that on discord when conversations don’t go your way, you block people, and it looks like things get cut off instead of being talked through. You also say you don’t like arguing, but at times it seems like you still end up continuing it when the opportunity is there.

From the outside, it can feel like your perspective is the only one that really matters. I might be wrong, but that’s how it comes.

Take it however you want—even joke about it if you like.

I’m still being genuine when I say it.

The Engine fork itself looks neat, but the whole conflict happening regarding this is very entertaining to watch lol

OW MAIN GWAD
Mods please don’t close this topic
This is like my dream come true
Everything i ever was missing in this community is just here (and a lot more)
Aside from it being great fun
A lot we can learn
Like i just learned i said something i never actually did hahahhaha
(My dream world was just shattered - 8 hours wait time
Oh well i knew this fun would not last forever)

The amount of incompetence i see here is just staggering

image1306×198 27.8 KB

WELLLLLLLLLL
https://forum.gdevelop.io/search?q=i%20love%20to%20argue

Da-Just
I blocked you long time ago on discord and forums and just cause friend told me what you wrote i was able to know about it

I block ppl when they stop making sense
Not cause i am mean not cause they don’t agree with me or cause i don’t like them
But cause they fail to follow any kind of logic
And what they do and say makes no sense

And yes that is subjective

And i genuinely think you should be banned
Not cause i don’t like you
Not cause you don’t agree with me
But some kid could see you say that someone repeated its not a virus then its not

You implying its ok cause someone said its ok
Not to mention that this someone have shady history and was banned several times for a reason

Imagine that kid would go download some app or game or whatever from some site or wherever cause he learned from you its ok if someone says its ok (especially if it looks ultra shady)
And in the process lose his idk discord acc or even worse
I can’t even say anything insulting here cause your behavior here makes it so its impossible to top it with anything

And you are so blinded you even failed to read what i say (not to mention check it)
I love to argue and you will nowhere find me say i DON’T like to argue

I don’t need to win argument i want to argue and that does not mean i need or want to humiliate any1
And i repeated it many times i am very open to someone convince me to other point of view
Just do it with logic and arguments build on facts

And please like next time think few times before you write something

image1265×298 24.3 KB

Cause
“From the outside, it can feel like your perspective is the only one that really matters. I might be wrong, but that’s how it comes.”

It seems we are sailing same boat ahhahahahah

Point is we all think we are right and to us our opinion is most important
That is common across all humans
And you just used it as argument to make me look bad
Like i am doing something evil
Sad you know so little yet you have so much to say

I am for sure not example of someone who will try to solve everything politely
But i would NEVER even try to justify/legitimize anything or any1 that can be potential danger
Imagine mr carrot studio would shove in some virus later on into his fork
And a lot of ppl will tell you they would be afraid it could happen not cause its something new and not tested well
But cause of his shady past behavior and actions

Any1 can say i am mean or that i am bad person or that i even am vile
Cause any1 have right to not know how i really am and everybody have perfect right to draw their own conclusions and make their ow opinion

BUT NO ONE will ever be able to call me what they will call you
And this is reason why

image1265×298 24.3 KB

You literally just justified something that can be malicious by claiming its ok cause someone said its ok

IDK do you have no shame or you didn’t think before you write something

Either way
Consider this being last chat between us

@kotiks IQ test is not to measure if you are smart or not
But to measure how well your analytic skills are
Thus how well you can deduce something just from fraction of information and produce in the process correct conclusion that makes logical sense

I think you are talking about 2 different things.

When someone say it’s risky to run an exe from someone who doesn’t have any big reputation to loose, they are not accusing anyone of giving viruses.

The fact that there is a virus or not doesn’t matter. People should be warned about the risk to make their own decision and use safety tools.

A 2nd risk is also to use an engine that may not be 100% compatible with GDevelop and may corrupt projects.

It’s good to experiment, but it’s important to be aware of the risks.

Nah, wasn’t my intend to make ya look like, Nikko Jenkis.

However and i’ll say this, if it’s a virus or malware, GOD knows. Yeah ofc you gotta let folk know the truth i understand that, slang the heat. Viruses and malwares can be hidden pretty well n infect ya later.

But to bling of this, i’m wrong and imma take the L, glady on all this.

@davy indeed

I accidentally sent the last post when I didn’t finish writing it.
@Da-Just, Why do you believe anyone? Even the ad I saw (You’ve won $4,404,253.23. Click OK and get your money) because someone wrote that it was safe, just click and get your money for nothing?
And @ZeroX4, I think you need to be a little kinder !
(@Taco2009, this is a circus, a verbal war, and even I agree with ZeroX4, which means a lot if someone agrees with him. I had a good laugh at ZeroX4’s last post!)
This is really some kind of comedy!
The opinions of @ZeroX4 and @kotiks are very similar! @Da-Just claims for the first time that this is not a virus because someone said something! Such a dispute broke out that the break between messages jumped from 2 hours to 8 hours (and soon to 32 hours). @samibrahim is further damaging his reputation and creating fake accounts! 3 newcomers in a row praise the engine (the original probably didn’t try)!
By the way, I didn’t say it was a virus, but I did warn that it might be a virus (because the author is very suspicious!).
And I’m going to tell you why I downloaded it.
I’m blocking the app from accessing my home internet network.
Windows constantly alerts me about the app’s actions, and I can decline them.
There’s nothing for it to steal! I don’t have any card numbers here.
And I have two antiviruses that keep an eye on it!

What is this?
@KarenDev this is a fake account.
@Veteris there’s something strange in his profile.
@Rax is under suspicion!

All these disagreements and discussions about the engine should not create a divide in the mutual respect we have for each other as people.

It’s completely natural and even healthy not to trust everything you see at first and to question it. However, I am against assuming the worst simply because something is new or because someone is promoting it as “the worst thing ever.”

I have no personal issues with anyone. If others have personal issues, I have already tried to understand and communicate. Everyone has the right to express their opinions as long as no harm is done.

Regarding the accusations of stealing, I did not steal anything. What happened was simply inspiration from a small piece of code to understand the concept and build something much more advanced from it, such as a full toon shader system. Features like Rim Light, Half-tone style, and the Toon Shader were developed by me after research and refinement. The original work did not include what I created, and my implementation is not a copy but an independent development inspired by an idea.

I also want to emphasize that discussions should remain respectful. We are not enemies. @ZeroX4 , you are significantly older than me, and I respect that. Even if we disagree, respect is still important.

I never intended to harm anyone or deceive users. I simply share the engine so that those who are interested can try it and benefit from it.

At this point, I see no value in continuing this unproductive argument, so I am ending it here. It was a pleasure discussing the engine, security, and other topics with you. I hope we can move away from non-constructive debates and focus on the project itself.

For anyone interested in reviewing the code, understanding it better, or reporting issues and suggestions, you are welcome to check the repository:

I hate when i need to be serious
I genuinely believe we should come here help others or ask for help and joke around and leave this place with a smile
Life is to serious for us to be serious

Davy you are right but at the same time you are very wrong
To all of you here
I genuinely believe it would make NO logical sense for mr carrot studio to put anything even close to virus into his engine
Like clearly he want for it to succeed so why to sabotage it?

But at the same time i would NEVER trust someone who is behaving like him
His engine could cure cancer and i would still not want to try it
Cause i have no trust in someone who have no respect for other ppl and is pushing himself into places from which he is actively removed and not wanted there

Davy you are right it does not matter is there a virus or not and no one is saying there is just that there can be

But all of you think of it like imagine Davy have brother
Who would be on gdevelop discord
And mr carrot studio jumped in and insulted Davy brother like called him the worst or whatever you name it like literally made his brother not better than trash

NOW i see mr carrot studio advertising his engine
I would not have ballz to not even speak to Davy but also to look in his eyes if i would even try to appeal to mr carrot studio
Someone who insulted someone close to someone else

And mr carrot studio insulted A LOT of users just like that it was was one of the reasons he was banned
He most likely insulted ppl you like
You wanna to have anything to do with such person? Then go ahead
I for sure not and i never will

We can all agree that we see here screenshot of eye appealing stuff from that engine
But still good cover does not make good book
Even worse
If writer is claiming other ppl work as his own and being shady then amount of trust to such person is next to zero

Most of you heard about that sponsor blocks on youtube where they promote SomeVPN to secure your data
That is ultra scammy and was exposed many times
JUST cause someone says on internet something is ok does not make it ok
Heck even something more simple
Fake reviews on amazon “good product” “high quality item i love it”
ALL made from new accounts looks so suspicious idk who would even fall for that
Does not matter if its real user or alt acc
The fact alone mr carrot studio used you guys like clowns to defend his engine make me question who looks more stupid in such situation
That is every single RED FLAG you would consider anywhere else as clear sing for yourself to stay away from such product cause everything around it is ultra shady
Yet some of you wanna justify it?
WELL i cannot stop you
But for sure i will make it clear for everyone how it looks and what it is

And now mr carrot studio is talking about respect
How about i will punch you in the face and after that we will be respectful for each other eh?
You show respect up front
And not start by insulting ppl and have change of heart after you realize that will backfire into whatever you are doing
NEVER i would insult someone then pretend like i am kind and polite person
You lucky here mods removed your messages cause otherwise i would spam this topic with screenshot of what you actually said to other ppl and how you treated them
And we would have much more different conversation here in regard how respectful you really are

And to rest of you
I just want you to be aware
I saved this whole page as PDF
I will be more than happy to show it to other ppl on every single occasion just to let them know who you support and defend
So they can be aware how creditable you are

Most of you should be ashamed of yourself for trying to legitimize this person
How you are not is beyond me

End of being serious
In 8 hours we gonna have some fun <3

I treat everyone with respect in general, but I do not hide my beliefs.

I do not support homosexuality. From a logical and natural standpoint, it goes against human nature as created by God. The natural reaction from healthy humans toward what deviates from that nature is often disgust. I openly dislike homosexual behavior and I have zero respect for Zionist Jews who kill innocent people.

As for the rest of people, I respect them normally.

Do not claim that I disrespect everyone just because a femboy got upset with how I treated him. He is mentally ill, and his anger does not define my character or my respect toward others.

The idea that I should be respectful toward everyone no matter what they do or believe is not something I accept. I show basic respect to normal people, but I will not pretend to respect behaviors and ideologies I consider deeply wrong or harmful.

Furthermore, I have never stolen anyone’s work as claimed, and I have never insulted anyone unless they directly contradicted my beliefs. I did not and will never respect a femboy or any homosexual, no matter what — even if offered millions in return. I follow human nature (fitrah) and my Islamic faith, which respects all people but clearly condemns what is wrong. We follow a clear path of sound natural disposition.

this looks way too ai generated

A lot of first time posters on this forum… guess it’s time to throw my hat in as well.

I will say this to start, if you cannot trust a developer, you cannot trust their tools. Period. End of discussion. This entire thread has just screamed out to the world why you are to not be trusted.

Your horrendous remarks have no place in this community. You may have your beliefs, but so do others. You expect yours to be respected while you trample on others, all while claiming to have respect. You have none. No respect, and no honor. I have seen your stolen work before Sam. I have seen how you have treated people in the past. Your actions, time and time again, prove that you are a man who lacks a spine and character.

Your own arguments against other beliefs can easily be flipped using your own logic. If all of this is a mental illness, and a sickness, then your same arguments can go to cancer patients, or other people struggling with lifetime illnesses, such as myself with my auto immune issues.

You live in an eco chamber where you are told you have to think this way, or a world of shame and pain upon you.
I don’t know about you, Sam, but I prefer to not choose to oppress myself, and live life with love towards others. We’re all human. We all have a right to be here. Just because we don’t agree, doesn’t mean we can’t coexist.