dcsimg
A Flash Developer Resource Site

Page 1 of 8 12345 ... LastLast
Results 1 to 20 of 148

Thread: -protecting your games-

  1. #1
    Yes we can tomsamson's Avatar
    Join Date
    Sep 2001
    Location
    Team Titan Secret Lair
    Posts
    4,666

    -protecting your games-

    hey there,
    every few days-weeks i get pms on the same topic,which is how can a game be well protected.
    some are asking on how to avoid decompiling,others on how to avoid thieves using the game on their site.
    so it thought it´d be good to have a sticky and sum possible solutions up here.
    if you have something to add,please write in the headline if its regarding decompiling or regarding abusage on other websites.

    now to get this rolling:

    -regarding decompiling:
    i won´t name any decompilers as basically which one you use doesn´t matter a lot,most share the same functionality.
    generally its always possible to get all your media assets out of your swf file.
    on the code side its also always possible to get the code out of an swf file (in one way or the other). some decompilers bring it back in human readable form (the way you see it in the as panel in flash),others return the bytecode which needs a bit more understanding to be able to read it.
    there are tools which are meant to help to protect the code of a swf file,they basically obfuscate the code so decompilers crash or can´t read the file.those are normally additions and changes in the code which are ignored by the flash player but not the decompilers,so that they don´t know how to handle those.
    those ways of preventing are not ideal though,as once you add such obfuscation,a decompiler developer creates a new version of his app which gets around that crash reason.
    better obfuscation is the kind which actually changes all variable and function names so that those don´t make sense to the human reader even if he gets the code.
    both of these tool types/tool features are summed up under the common word obfuscator.
    most used obfuscators are
    aso (
    http://www.genable.com/aso/
    )
    and flashincrypt (
    http://www.flashincrypt.com
    )
    normally you just load a swf in such a tool and it obfuscates the swf in automatically.
    there´s also flasm (http://flasm.sourceforge.net/ ) with which you can change the code on byte code level for yourself (which needs some more work though and should only be done once your product is completely finished).
    to protect your content against theft,next to using obfuscators i´d suggest splitting your game up into several files
    that makes it more painful for thefts to recreate all files.
    (and to even understand the structure).


    -on abusage of your games on other sites:
    one possible solution:
    you could load files across servers,meaning you have your game (for example) on server a and some xml files on server b.
    if you attempt to load files like xml files from another server,flash will look on the server b if it features a crossdomain.xml which grants server a to load from it. if that isn´t the case,it won´t load on.


    -general:
    if you want to protect your swfs,that´s a good thing but keep in mind that there´s no 100% protection and therefore you should keep security related data outside of your swf,all we sum up here just makes the life way harder for thieves.

    okies,
    hope that´s a good start,would be cool if you add something to this so we get a good core base of solutions =)

  2. #2
    Senior Member
    Join Date
    Mar 2000
    Location
    Canada
    Posts
    133
    Add the following javascript to your html to break frames or iframes.

    <SCRIPT language="JavaScript">
    <!--
    if (parent.frames.length > 0) {
    parent.location.href = location.href;
    }
    // -->
    </SCRIPT>

    rsnail

  3. #3
    Member
    Join Date
    Nov 2004
    Posts
    95
    It's better in include the JavaScript directly in the FLA/SWF.

  4. #4
    Custom User Title Incrue's Avatar
    Join Date
    Feb 2004
    Posts
    974
    I sayd it in another topic,i mean, when comming to the thief catch the swf in cache, i have this weir idea, not sure if it will work,If it dont work, this words should have be deleted

    The swf sends and loads variables to a php
    Flash send:varcontent=1
    The php receives and echo another variables to send them to flash,ex:
    enemies=4;lives=3;leprechaun="iwanttoeatu";sizeofs quare=45
    Them swf receives those variables
    And,only when the swf knows he has received those variables,he goes send and load another variables to the SAMEphp
    He sends: varcontent=2
    The php receives,and,if varcontent=2, echos another variables to flash:
    enemies=0;lives=0;leprechaun="",sizeofsquare=0
    Flash will not do anything with those new variables, he already has put the old variables inside other variables and that will be the ones he will use to run the game
    And in the end, the thief will not find the php who send the variables in cache, and if he tries to run those php, the php will output the wrong content...
    obs:when i talked about variables, those are the variables essential for the game to run properly, without them it will not work rigth...

    Thanks to Razormedia,this is the way to make flash look for new content, rather them look for things in cache:
    http://www.flashkit.com/board/showth...hlight=caching

    And, thanks to Tiger, this is about how to make a php dont stay in cache
    http://www.flashkit.com/board/showth...hlight=caching

  5. #5
    cake! Skribble_Style's Avatar
    Join Date
    Jun 2002
    Location
    Australia
    Posts
    550
    This isnt my code, I just copied it from a thread I once saw here. Its a way to check if a game is being played on a certain website or not. If the website specified is the website that the swf is on, then it loads the game, if its not on the specified website, then it displays a msg displaying a copyright notice.

    Just replace all of the "www.website.com" strings with the website of your choice. Note: You only need to put in the domain, not the exact URL.

    Hope this helps out everyone.

    Code:
    hyperText = _url.substr(0, _url.indexOf(":"));
    if (hyperText == "http") {
    	slash = _url.indexOf("//");
    	webSite = _url.substr(slash+2, _url.indexOf("/", slash+2)-slash-2);
    	webSite = webSite.toLowerCase();
    	if (webSite.indexOf("www.website.com") != -1) {
    		webSite = webSite.substr(webSite.indexOf("www.website.com")+4, webSite.length);
    	}
    	if (webSite.indexOf("www.website.com") != -1) {
    		//load the game
    	} else {
    		stop();
    		myMessage = "Copyright Infringement! This movie has be disabled. "+"The following web address has been logged and the authorities will be notified: \n\n "+_url;
    	}
    }
    Skribble

    Its not that im lazy, I just dont care.

  6. #6
    Custom User Title Incrue's Avatar
    Join Date
    Feb 2004
    Posts
    974
    You can also put your swf inside a director file
    But lots of people doenst have the director plugin, and you may loose some performance
    But if you just want to show a beta version to very few people and not yet release the final version of the game to the whole public, this may help

  7. #7
    Unregistered User dnalogic's Avatar
    Join Date
    Feb 2001
    Location
    UK
    Posts
    146
    what about..

    have a lot of variables that are XORed on the url name or something. or a session variable or server time and IP.

    eg..

    var x=XOR(_root._url , "abcdefghikjshfksjdhfjkdshsdfsdfdsfsdfsdf");

    that sort of thing.
    in order to get the correct value of x for the game to work, you would have to go through all the variables and work out the result of the function XOR on "skdhgahdhsadhasdhasd" or whatever encoedd value it was. obviously that is crackable, but if you had one of those functions at every point when a variable was called (in places where it wouldnt slow the game down), then it would be quite a lot of effort to unravel it.

    bottom line is that.. ive made games that havent had any protection .. google "trampoline trickz" for example. or games that have had a little bit of protection - "half pipe" (cant remember what it was called exactly), and the ones with a little bit of protection (even though its not 100%) havent been stolen, and the other ones have been stolen in hundreds of different places.
    nothing is 100%, but if it requires enough effort then people wont steal it. I suppose if you can make a game that requires so much effort to decode that the person doing it might aswell rewrite it from scratch, then its as theft proof as its going to get. right?

  8. #8
    Custom User Title Incrue's Avatar
    Join Date
    Feb 2004
    Posts
    974
    You know what; when i look to miniclip.com it was a good surprise to see that the second most view game was runescape (java) and that at a lot of time, robotrage was the first one(director)
    To me, this is a evidence that people who like to play games dont care about wich plugin runs your game
    So, that story "only 70% have the director plugin", when comes to games, it is not the whole story...when they make those numbers they arent looking only for those who like to play games

  9. #9
    smile for the camera! jesserules's Avatar
    Join Date
    Dec 2004
    Location
    a dark place where people have trouble in flash
    Posts
    720
    Here is something one could do, if their .swf is put in an iframe on another site:
    have a .htm page to load the .swf, in a different directory from the .swf, and have the .swf try to load a .txt file that is in the same directory as the .htm file, and if it can't it will redirect the user.
    this way to use an iframe the thief will have to load the .htm file into the iframe, not the .swf.
    on the .htm page it could say that if it is not played on a certain website it's stolen.
    My site
    The Current Project is RoboRace.
    Screens Public Beta Coming Soon!

  10. #10
    Junior Member
    Join Date
    Jun 2005
    Posts
    2

    Secure Media

    Check out http://flo.neodelight.com/securemedia - it's an advanced open source solution against hotlinking of swf (or other) files... I think it's really safe, as it's based on cryptography and works with session like keys for each user... check it out...

  11. #11
    The next Squaresoft
    Join Date
    Sep 2004
    Location
    Zanarkand
    Posts
    215
    but isnt it that it is possible to change your SWF file into
    another diferent projector file...(if you would look at miniclips.com)

    their flash works have a different projector...

    so wouldnt it be safe from decompilers?
    "Are those gummy worms? Can I have some?"

    "Nevermind, I just saw one move by itself..."

  12. #12
    Junior Member
    Join Date
    Jun 2005
    Posts
    2
    Can you tell me the name of one of these special projectors games ? I've never seen one, yet, but I'm eager to find out what they did...

  13. #13
    The next Squaresoft
    Join Date
    Sep 2004
    Location
    Zanarkand
    Posts
    215
    umm its in the tutorials link here....

    i think its the one with the "projector link"
    "Are those gummy worms? Can I have some?"

    "Nevermind, I just saw one move by itself..."

  14. #14
    Senior Member fantasio's Avatar
    Join Date
    May 2000
    Location
    at the progress bar
    Posts
    409
    hi there!

    well i used flashincrypts follower SWF Encrypt 3.0 now for some projects
    and i have to say, that it works fine against decompilers.
    the only drawback is the bug hunting... especially in complex swf files their can be some awkward behaviour, so you have to make sure that you test thouroughly after the encryption.

    for bandwidth stealing and hotlinking, well their are lots of possibilities
    so thanks for the link to the new stuff, Flow Motion.

    also i just tend to relax and try to get some peace of mind, knowing that everything can be stolen

  15. #15
    Junior Member
    Join Date
    Jul 2005
    Posts
    2
    hey tomsanson...thanks so much dude for the tips! THEY EXTREMELY HELPED ME!

  16. #16
    Junior Member
    Join Date
    Jan 2005
    Posts
    5
    Well, i wrote something like this on stickpage about 5 months back. It includes i think two ways you haven't mentioned yet but then again you might have anyway. Hree is the link: Link to tutorial

  17. #17
    Junior Member
    Join Date
    Jul 2005
    Location
    San Francisco, CA
    Posts
    27
    I think everyone has very clever ways of protecting your games, but like tomsamson said, "there´s no 100% protection" against Flash Pirates.

    I've been dealing with this problem and have listened to friends gripe about this problem for many years now. We finally got fed up and decided to build a free tool called MochiBot (http://www.mochibot.com) that tracks how many times your game is played and what websites your game ends up on. We've had a lot of people use it in their games and other Flash content with great success. Miniclip.com is also using MochiBot in some of their games.

    We'll be adding a lot more features to help you better understand where your games end up and who's playing them.

    I hope that MochiBot helps put your mind at ease when launching a new game.
    Last edited by JamesonH; 08-05-2005 at 05:30 AM.
    Jameson
    Mochi Media

    MochiAds : The Ad Network for Flash Games
    MochiBot : Flash Tracking & Analytics
    MochiKit : Making JavaScript Suck Less

  18. #18
    Junior Member
    Join Date
    Aug 2005
    Posts
    4
    Stealing flash games/flash movies has almost nothing at all to do with the flash file itself but the HTML surrounding it. All you need to do is encrypt it! Most browsers and softwares won't be able to detect it. Let me give you an example,

    Lets say that your movie is called fish.swf. normally the html surrounding it is "<EMBED src="fish.swf" quality=high bgcolor=#CCCC99 WIDTH="550" HEIGHT="400" NAME="s_6" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>

    All you do now is select and copy that code and put it through the html encryptor at http://www.designerwiz.com/ad-framer...cryptHTML1.htm
    and you should and up with something like this "<script>
    <!--
    document.write(unescape("%3CEMBED%20src%3D%22fish. swf%22%20quality%3Dhigh%20bgcolor%3D%23CCCC99%20WI DTH%3D%22550%22%20HEIGHT%3D%22400%22%20NAME%3D%22s _6%22%20ALIGN%3D%22%22%20TYPE%3D%22application/x-shockwave-flash%22%20PLUGINSPAGE%3D%22http%3A//www.macromedia.com/go/getflashplayer%22%3E%3C/EMBED%3E"));
    //-->
    </script>



    I hope this was useful

    hI-Q

  19. #19
    Senior Member UnknownGuy's Avatar
    Join Date
    Jul 2003
    Location
    Canada
    Posts
    1,367
    The hacker can still looks in his cache to find the .swf and go on from there. Even in the 'encryped' code, you can still pretty easily see fish.swf, or even if its some weird name, .swf.
    Quote Originally Posted by hI-Q
    <!--
    document.write(unescape("%3CEMBED%20src%3D%22fish.swf%22%20quality%3Dhigh%20bgcolor%3D%23CCCC99%20WIDTH %3D%22550%22%20HEIGHT%3D%22400%22%20NAME%3D%22s_6% 22%20ALIGN%3D%22%22%20TYPE%3D%22application/x-shockwave-flash%22%20PLUGINSPAGE%3D%22http%3A//www.macromedia.com/go/getflashplayer%22%3E%3C/EMBED%3E"));
    //-->
    </script>
    It is not that hard do work around.

  20. #20
    The next Squaresoft
    Join Date
    Sep 2004
    Location
    Zanarkand
    Posts
    215
    i dont get it....

    why would anybody go through all that trouble stealing flash?

    can any1 tell me the possible things that flash stealers wanna do?

    i mean...its just a flash game...
    "Are those gummy worms? Can I have some?"

    "Nevermind, I just saw one move by itself..."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center