A Flash Developer Resource Site

Results 1 to 5 of 5

Thread: Hack a .swf file

  1. #1
    Junior Member
    Join Date
    Apr 2001
    Posts
    18
    Message Body:

    I want an area of a Flash website to be restricted by a password request using a script like this:

    on (release) {
    password = password.toLowerCase();
    if (password=="mits") {
    gotoAndPlay ("Scene 2", 1);
    } else if (password=="baz") {
    gotoAndPlay ("Scene 3", 1);
    }
    }

    What I want to know is how easy it would be to hack the .swf file and get the password(s)?

    Thanks,

    JB


  2. #2
    Registered User
    Join Date
    Feb 2001
    Posts
    13,041
    Hi,

    open swf file in, e.g. notepad, and search for words like user, pass, ... - likely variable names for a user/pass entry form. If you cannot find them, scan the "text" for sections of readable words in between all the gibberish. Even if the programmer has renamed the text boxes, it is quite likely that the names of these boxes and the expected content appear close together.
    In case you dont know where to look for the swf - check temporary internet files or netscape cache folder after you have viewed the site for the first time or sort these files by date... the name may have changed, but it will still be a swf file

    Musicman

  3. #3
    Senior Member
    Join Date
    Mar 2001
    Posts
    246
    If you want to make it a little harder for people to hack your swf you can convert the passwords to sequences of keycodes (with String.charCodeAt) and then check something like:
    if (password==String.fromCharCode(keycodesequence)) { ...
    that hides your passwords from people using notepad.

    But I guess you're still not safe from people using things like actionscript-viewer.

    hc

  4. #4
    Junior Member
    Join Date
    Apr 2001
    Posts
    18
    Originally posted by headgonenumb
    If you want to make it a little harder for people to hack your swf you can convert the passwords to sequences of keycodes (with String.charCodeAt) and then check something like:
    if (password==String.fromCharCode(keycodesequence)) { ...
    that hides your passwords from people using notepad.

    But I guess you're still not safe from people using things like actionscript-viewer.

    hc
    Thanks, for the replys. Is Actionscript viewer a common piece of software?

  5. #5
    Senior Member
    Join Date
    Mar 2001
    Posts
    246
    Don't know how many people have access to it/use it. Never tried it myself. You can read more about it here: http://buraks.com/asv/

    If you want something that's closer to 100% safe you'll probably need some kind of serverbased password verification instead.

    hc

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center