dcsimg
A Flash Developer Resource Site

Page 1 of 3 123 LastLast
Results 1 to 20 of 41

Thread: [disc] Flash Game Portection

  1. #1
    Senior Member youmex's Avatar
    Join Date
    Apr 2004
    Location
    Dortmund, Germany
    Posts
    176

    [disc] Flash Game Portection

    After reading the copyright thread started by tonypa I asked myself if anyone protects his flash games and which methods you use.

    Do you use any protection at all? If so, do you use a simple URL check or more advanced algorithms? Do you protect your fla-files?
    Be a worm and catch fruits in a parallax scenario:

    http://www.nibbly.com/flug.html

  2. #2
    Cubed Member Soccr743's Avatar
    Join Date
    Mar 2004
    Location
    Maryland
    Posts
    163
    I protect my files with a password...

    I am in the process of developing a component for protection...

    -----Soccr743-----

  3. #3
    Heli Attack! iopred's Avatar
    Join Date
    Jun 2003
    Location
    Sydney, Australia
    Posts
    923
    I dont use any portection.

    But to protect my games, I lock them to whatever URL they are going to be placed on.

    There is a way around it, but it stops 75% of the stealers.

  4. #4
    Senior Member pellepiano's Avatar
    Join Date
    Feb 2000
    Location
    Stockholm, Sweden
    Posts
    15,151
    Sometimes I make a textfile that has to be read in by the game. Anyone stealing the swf will have no idea that the textfile is needed.
    For people linking to the game from their own html at their sites I put a variable in the embed code . If the swf runs without the html at my site the game will display a "kidnapping" message.

    -Pelle Piano
    // Image Gallery
    www.studiobild.com
    // Photo Blog
    http://talesofthepixel.blogspot.com

  5. #5
    Start a Revolution al hack's Avatar
    Join Date
    Jan 2004
    Location
    Mexico
    Posts
    290
    I'll build my web site but i don't have protected my swf files yet, but what are all the methods to protect the files? i only know the password method.

  6. #6
    Member
    Join Date
    Apr 2004
    Location
    PA
    Posts
    65
    I just put a link to my site and my name at the top of my games so if people do decide to steal it then I still benifit by geting traffic.
    Time Consuming Productions Presents

    www.maxbag.net
    (in the works)

  7. #7
    Member
    Join Date
    Apr 2004
    Location
    PA
    Posts
    65
    I just put a likt to my site and my name at the top of my games so if people do decide to steal it then i still benifit by geting traffic.
    Time Consuming Productions Presents

    www.maxbag.net
    (in the works)

  8. #8
    Senior Member kendude's Avatar
    Join Date
    Sep 2003
    Location
    Hartford, CT USA
    Posts
    877
    I like PELLEPIANO's idea, but what if someone cracks open the swf( I do not use any protection, not even obfusaction(sp?))? Will they see they need the .txt and swipe that too?

    IOPRED, can you tell us how you lock it?

  9. #9
    Senior Member Kirill M.'s Avatar
    Join Date
    May 2002
    Location
    Toronto, Canada
    Posts
    712
    Reading a text file may not necessarily work,unless you use absolute urls. when the people download you game, they can see the game swf and all the files that were loaded into it.

    I protect my files by making a layer in the main timeline and putting an empty mc into it, then expanding that layer to cover every frame in the main timeline. Then I put this code on that mc:

    code:


    onClipEvent(load){
    //
    if(_level0!=_parent || _parent._parent!=undefined || (_parent._url.indexOf("http://www.suburbandesigns.com")==-1))
    _parent.unloadMovie();

    getURL("javascript: "+
    "if(top.location!=self.location){ "+
    "top.location=self.location; "+
    "}else if(location.href.indexOf('http://www.suburbandesigns.com')==-1){ "+
    "location.href='http://www.suburbandesigns.com/cgi-bin/iknow.cgi?url='+location.href; "+
    "}else if(location.href.indexOf('.swf')!=-1) "+
    "location.href='http://www.suburbandesigns.com'; "
    );
    }




    Sure it may not necessarily work, but it'll work enough times to warrant the game theif to possibly take the game down.

    edit: The as tags change the code by putting spaces in where they shouldn't be, like in "javascript". You have to take those out.
    Last edited by Kirill M.; 05-02-2004 at 11:55 AM.

  10. #10
    Senior Member lapo73's Avatar
    Join Date
    Jun 2003
    Location
    italy
    Posts
    395
    nice suggestion Kirill !
    putting such Javascript snippet directly into the SWF (instead of having it in the html page) sounds like a good move

    Here's something interesting about decompilers and swf protections >> http://www.gotoandplay.it/_articles/...Protection.php

    Lapo
    www.gotoandplay.it
    Flash game developers community
    www.smartfoxserver.com
    Multiplayer Flash Server

  11. #11
    Senior Member Kirill M.'s Avatar
    Join Date
    May 2002
    Location
    Toronto, Canada
    Posts
    712
    Very nice article, lapo. Scary too.

    Edit: My code isn't really aimed at protecting the game against theifs with decompilers. Unfortunately as your article says it's very difficult to do. But at least it protects against non-savvy theifs who try to download the swf and put it on their site or link to the swf from your host. It also has frame protection, but it's kinda shaky. I had about a million versions of these codes all of which had defects or didn't work in some browser or another. Hopefully this one is better.

    Edit: Just checked and this code is more browser friendly than the ones before it. Works in IE, Mozilla and Opera. Don't know about Safari.
    Last edited by Kirill M.; 05-02-2004 at 02:18 PM.

  12. #12
    Senior Member youmex's Avatar
    Join Date
    Apr 2004
    Location
    Dortmund, Germany
    Posts
    176
    @lapo73

    I'll have to agree, nice article but very scary! I think it's also tricky that by now no professional protection tool for SWF files exists, in opposit to dozens of decompilers and cracking tools.

    @Kirill M.
    A very good script!
    I ever try to avoid using javascript since people might have deactivated it or don't play the swf in a browser. If my check fails I load a fullscreen-movie from a absolute url in level 99. In this way it covers all the screen and you can do in the swf what you want. For example covering the screen with an empty button so it get's totally useless and display a "you're a thief" message.

    In combination with a "call come" script you know very who manipulates your script. Sometimes this calling component is also time delayed so people think it works well, put it online and when the swf call's home you have their url and sometimes aswell the ip-adress.

    But reading lapos article can only make you cry if you put a lot of work into a game and see it being ripped by some strange people.
    Be a worm and catch fruits in a parallax scenario:

    http://www.nibbly.com/flug.html

  13. #13
    Senior Member Kirill M.'s Avatar
    Join Date
    May 2002
    Location
    Toronto, Canada
    Posts
    712
    I do that in that script.

    The initial check checks that the movie isn't loaded into a level or an mc as well as checking if the url of the swf is ok. If not it just unloads the movie, because that's the safest thing to do in that case, rather than displaying a thief message. Because if it happened and the swf doesn't unload, the container swf can make that theif message go away.

    Then it goes into running that javascript to actually check the url of the page and for someone else's frames. Of course if a person has JavaScript turned off then it won't do anything. But I imagine that the vast majority of web users don't bother turning JavaScript off (or probably don't even know what JavaScript is), and for now at least the theif can't turn off JavaScript himself in the user's browser.

  14. #14
    Professional Air Guitarist Frag's Avatar
    Join Date
    Dec 2002
    Location
    Brain, Body, Clothes, Computer Chair, Room, House, Neighborhood, City, State, Country, Continent, World, Galaxy, Universe, and on?
    Posts
    811
    Hey pelle,

    I saw your kidnapping message, but played anyway with crtl+click Play. You should always add Stage.showMenu = false; to prevent it =)

  15. #15
    Untitled-2.fla
    Join Date
    Jul 2002
    Posts
    391
    always use fscommand("trapallkeys",true) - if not people can simply use Ctrl+-> to skip through frames

  16. #16
    Senior Member pellepiano's Avatar
    Join Date
    Feb 2000
    Location
    Stockholm, Sweden
    Posts
    15,151
    Its an old Flash 4 game so I just made a goto previous frame after the message. Seems to work.

    -Pelle Piano
    // Image Gallery
    www.studiobild.com
    // Photo Blog
    http://talesofthepixel.blogspot.com

  17. #17
    Senior Member X-Tender's Avatar
    Join Date
    Jun 2003
    Location
    Germany
    Posts
    507
    @token 3 & @Frag: YOU'RE MY HEROS! i asked everywhere about a function to disable that ... and finally i found it =D ..

  18. #18
    Senior Member
    Join Date
    Mar 2002
    Posts
    249

    Re: [disc] Flash Game Portection

    Originally posted by youmex
    Do you use any protection at all? If so, do you use a simple URL check or more advanced algorithms? Do you protect your fla-files?
    as the linked article says, you cannot truly protect your SWF files.

    However, you can make it troublesome for people to access. And, if it is too much trouble, they may just move along and grab someone else's code that is easier to access. Use a combination of techniques.

    - I disagree with the article's author on using the protect from import option. It costs you nothing to use this option and I'd guess that it will deter 75% or more of the potential copiers out there. So use it but don't stop there...

    - check that your SWF is being run from your URL only and abort if not

    - load variables from text files that enable or disable the game depending on whether they are found or not

    - break your code up into several movieclips that load and unload at runtime

    - when you have finished your project save a master copy of the FLA. next, take the FLA intended for distribution and, being careful not to change its functionality, convert it to bad code. remove all comments, remove all white space, change variable names to non-intuitive ones. add a few loops and code constructs that do nothing. maybe add a few comments that incorrectly document your code. this does a couple of things, 1) it makes your code very difficult to decipher and reuse and 2) it makes your code very easy to identify in the event you find someone stealing it.

    - run portions or all of your actionscript through an obfuscator. unfortunately, there are no up-to-date actionscript obfuscators currently available. if your code is Flash 5 (or you simply avoid MX and MX 2004 coding) you can use one of the following to so some obfuscation for you. alternately, you can code portions of your project for Flash 5 and only obfuscate that portion.

    http://www.genable.com/aso/preview.html

    http://www.debreuil.com/vs/
    (their forum suggests using "test" as the username and "password" as the password)

    you can search Google for "actionscript obfuscator" but I did not find anything new there.

  19. #19
    jtnw's Avatar
    Join Date
    May 2002
    Posts
    1,328

    Re: Re: [disc] Flash Game Portection

    Originally posted by XcVbSdRw
    - when you have finished your project save a master copy of the FLA. next, take the FLA intended for distribution and, being careful not to change its functionality, convert it to bad code. remove all comments, remove all white space, change variable names to non-intuitive ones. add a few loops and code constructs that do nothing. maybe add a few comments that incorrectly document your code. this does a couple of things, 1) it makes your code very difficult to decipher and reuse and 2) it makes your code very easy to identify in the event you find someone stealing it.
    The only thing that'd make a difference is adding the useless code. Comments don't exist in swfs, neither does formatting.

    jtnw

  20. #20
    Adventurer,Futurist, Egomaniac
    Join Date
    Feb 2002
    Location
    Back in Canada, for now
    Posts
    66
    Can you load Actionscript from a database? Would that do anything? Can a theif intercept variables (or code blocks) that are passed in this way? Is it easy?

    What about moving some of your more important, but not time sensitive functions server side?

    This should even protect from decompiled swfs, yeah? Even if they know what you are doing, can't flash only access a server from the same domain or someting like that? I'm sure I'm missing something obvious here.


    Dolemite

    EDIT: I should have read the gotoandplay.it article first.
    Last edited by tripledolemite; 05-02-2004 at 08:31 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center