Crypt-EX uses an external program for the encryption. The decryption process is performed by a DLL, which is called by the loader script found in the provided rgss archive. Precisely, the script evaluates a Gzip compressed, base 64 encoded string. Once evaluated, it returns several objects: - A Win32API object, in other words, the DLL exported function (said function has void as return value, by the way). - A method call, named RGSS.execute - it's defined within the DLL itself so it will do nothing unless the function has been called. - A Binding object (the top-level one, created by rgss_main). - A filename. Not sure what is it exactly, maybe a temp one. - A line number. Again not sure why it is needed. Need to disassemble the DLL to really know what happens but well, it's a pain in the ass and I hate assembly. And it's against Whiteflute's TOS anyways. EDIT: Actually, I think the RGSS object is defined by the .rgss3d file. EDIT2: Ok, guys, even without disassembling the DLL nor dumping the memory it took me just 10 minutes to retrieve an encrypted resource. And making an automated system to do it is trivial too unfortunately. Bottom line: the best protection is notoriety.