A Flash Developer Resource Site

Page 3 of 8 FirstFirst 1234567 ... LastLast
Results 41 to 60 of 148

Thread: -protecting your games-

  1. #41
    infidel! 0vidiu's Avatar
    Join Date
    Mar 2003
    Location
    ROmania
    Posts
    267
    hm... wierd.. anyway... maybe you can share the method via pm?
    tnx

  2. #42
    Senior Member
    Join Date
    Apr 2002
    Location
    Raleigh, NC
    Posts
    419
    I would also like to add a note here and direct you to MediaProtect.org, a service designed to help you protect your flash work. You register your games there (called artifacts on that site) and each time you do a release you register that as well. This creates an index of flash files for you. Then, when people want to know who made a flash file they can search that site and you will always come up as the author.

    Additionally, when our web crawler finds your game on the web it will let you know. All searches, both crawler and web form based, are able to find flash files based on similarity as well as exact matches. So if somebody decompiles your .swf and removes protection you try to put in the file it will still get found and you will still be notified when that game is used on other sites.

    Go to http://mediaprotect.org to learn more and register to take advantage of this great new service.

    -Lee
    pnFlashGames.com
    share your games with thousands
    MediaProtect.org - Helping you protect your work (In Development)

  3. #43

  4. #44
    Member
    Join Date
    Nov 2004
    Posts
    95
    Has anybody found a good way to protect Action Skript yet? Flash Encrypt seems to be not effective since there are several tools out there which can delete the junk bytes and even restore the original variable names. Also, ASO Lite just renames local variables etc. but not global ones and others parts of Flash, so that it's only a limited protection. Any tool I missed?
    Last edited by jebrael; 08-25-2005 at 10:00 AM.

  5. #45
    Senior Member tonypa's Avatar
    Join Date
    Jul 2001
    Location
    Estonia
    Posts
    8,223
    There is also secureSWF from http://www.kindisoft.net/
    But I believe they all (SWF Protect, SWF Encrypt, secureSWF) do basically same thing.

  6. #46
    Member
    Join Date
    Nov 2004
    Posts
    95
    Thanks, didn't heart of secureSWF before. secureSWF Lite does so, but only partially as ASO Lite does. Unfortunately there's no test version of the Personal or Professional Edition to see it's full potential before buying

    I agree, inserting junk bytes and doing other tricks isn't very helpful. I found tools which just strip them out. And if I found them very fast others will also, so I don't think this is a helpful protection. And for other tricks which work right now, I guess at the next release versions from Burak the protection is no more up to date.

    So, I am "just" in need of an Obfuscator / Renamer of local and global Variables, aswell as function names etc. Code pollution and junk byte tricks are not needed. Does anybody know of a tool like this?

  7. #47
    Senior Member Vector Media's Avatar
    Join Date
    Apr 2003
    Location
    Brazil - São Paulo
    Posts
    381
    I tried the SWF Encrypt from www.amayeta.com and it worked!

    I couldn't decompile the .swf with SWF Decompiler 2005...

    I heard someone talking about URL checking and stuff...

    It would be nice if we started a knowledgebase about how to protect your .swf and make it more difficult to crackers to steal your code... from url checking to encrypting programs...
    http://www.vectormedia.com.br
    Multimedia Designer

  8. #48
    Member
    Join Date
    Nov 2004
    Posts
    95
    Yes, you are right. SWF Encrypt works, as long as you don't use tools. There are tools out there which can strip the junk bytes from the protected SWF. After doing this you can see the code again, at least in ASV. Haven't tried it in SWF Decompiler yet.

    I also don't think URL check really does the job. You can just edit the code in ASV or other tools. I think the only way to make it really complicated for an attacker is to rename varibales, identifiers etc. All which can give a hint what this function does or is intended to do. This way you can still see the code, but it's really hard to understand. That way you can get rid of all script kiddies and 95% of all attackers. The 5% who understand what they are doing are at least so good, that they could have written the code by there own.

  9. #49
    Senior Member Vector Media's Avatar
    Join Date
    Apr 2003
    Location
    Brazil - São Paulo
    Posts
    381
    Quote Originally Posted by jebrael
    Yes, you are right. SWF Encrypt works, as long as you don't use tools. There are tools out there which can strip the junk bytes from the protected SWF. After doing this you can see the code again, at least in ASV
    What tools are you talking about?
    http://www.vectormedia.com.br
    Multimedia Designer

  10. #50
    Senior Member Vector Media's Avatar
    Join Date
    Apr 2003
    Location
    Brazil - São Paulo
    Posts
    381
    I have a question about .exe files

    I work with educational games and I'll sell my games to schools...
    It'll be played offline...

    Is it possible to run the .swf inside some application created with C++ or something like that?

    I wanted to develop my games with Flash and then get a programmer to "publish" my .swf game inside a secure .exe and create an installer with serial checking...

    Is that possible?
    http://www.vectormedia.com.br
    Multimedia Designer

  11. #51
    Senior Member tonypa's Avatar
    Join Date
    Jul 2001
    Location
    Estonia
    Posts
    8,223
    Quote Originally Posted by Vector Media
    I have a question about .exe files

    I work with educational games and I'll sell my games to schools...
    It'll be played offline...

    Is it possible to run the .swf inside some application created with C++ or something like that?

    I wanted to develop my games with Flash and then get a programmer to "publish" my .swf game inside a secure .exe and create an installer with serial checking...

    Is that possible?
    There are commercial applications for that or you could use screenweaver which has been released as open source:
    http://osflash.org/doku.php?id=screenweaver
    So you get nice exe file from your swf (plus it has more options).

    As for installer, there are several free options, use google to find which you like best.

  12. #52
    Member
    Join Date
    Nov 2004
    Posts
    95
    Well, there is no secure use or capsulation of SWF files. Even if you use projectors there are several tools out there to extract the SWF from them.

    We use here SWFKIT ( www.swfkit.com ), a very cool tool including handling of serial numbers etc. and a superb support

    There are also several other tools like Zinc, one from Northcode, Jugglor etc. Just have a look at the projectors forum here at Flashkit.

    However, there is now secure way to run SWF files. Only a nearly secure way of installation. In this way we use SWFKIT to produce EXE-files, then the Nullsoft-Installer with LZMA compression and after that another exe-Compressior like cexe or mew. UPX is the most common one. You can also produce installation skripts, that first the serial numbers is verified and then the real exe is decrypted. Depends on what you want.

    Hope that helps a bit.

  13. #53
    Senior Member Vector Media's Avatar
    Join Date
    Apr 2003
    Location
    Brazil - São Paulo
    Posts
    381
    If I publish my game generating an .exe with Zinc... is it possible to extract actionscript with decompilers as easy as any .swf ??

    If I put my .swf inside a Director file? Is it possible to use SWF Decompilers?

    what is better: SWFKit, Zinc or Screenweaver?
    Last edited by Vector Media; 08-27-2005 at 05:29 PM.
    http://www.vectormedia.com.br
    Multimedia Designer

  14. #54
    Member
    Join Date
    Nov 2004
    Posts
    95
    Yes, it is possible to extract ActionScript from an Exe, not in every case, but it can be done. Mostly the extension tools extract the SWF to a temporary directory. If the attacker finds this directory he has also access to your SWF.

    If you put your SWF in a Director file this is up to now pretty safe, but the speed decreases. All traditional SWF decompilers fail at this. I don't know of any tool which can extract or decompile a SWF in a Director file. Maybe someone else does?

    It depends an what you are looking for and which features you need, how much file size matters etc. For our needs, SWFKIT does the job best, but it doesn't mean it's also the best tool for you. I guess you have to test your favorites and make test-builds.

    Security for all should be nearly the same.

  15. #55
    Senior Member The Helmsman's Avatar
    Join Date
    Aug 2005
    Location
    _root
    Posts
    449
    I think that the common problem of all game developers, that they tried to protect simple (tetris like) games. In case when the game engine is simple, no matter which protection is used - they can be decompiled/ cracked/ disabled if the game thief have enough qualification to do it.

    But lets say you are going to protect some really big project. For example you've made RPG game. In this case, the AS code is really huge and complicated, so if you use even simple Obfuscator to protect your code, it will take a big amount of time to attacker to understand it in order to remove your protection when you made simple URL location check.

    Then, this is a simple appearence. Now let's say all game quests, maps and other useful data is separated from flash engine and located in DB. Each time user finish some map, game engine goes to DB in order to load new map, each time user comes up to quest game engine goes to DB to load texts, images other staff.

    In this case, simple decompiling isn't enough. The attacker must to play all the game in order to get all data pieces and then he must simulate server side logic by writing his own script and build his own DB and make other things It isn't so simple .

    Now, when SWF will be copied in other place, it will go to our server to load data and we can make server check where request comes from.

    Now, the more important question for protection is how hard it can be cracked. I can realize that any protection can be removed, it's only the matter of time. But the paradox that there is no need to make perfect lock for your SWF. You can ask why? The answer is simple. Every piece of code you write, will be obsolete sometime. Any piece of software developed now will be obsolete tomorrow. The only improtant thing is the life cycle of your code.

    Let me give you example. In the gaming world, the game when it comes out to market lives 2 or 3 month, when it's popular and brings money (traffic).

    If it is not cracked during this period of time - you 're lucky and made your job good. Then, there can be two options for some dirty AD agencies or companies that copies flash games and use them illegally on theirs web site to increase traffic.

    One way for them to steal it and run it as is on the site. Other way to develop there own copy of the same software. That what was happened to beJeweled game for example.
    Last edited by The Helmsman; 08-29-2005 at 10:04 AM.

  16. #56
    Member
    Join Date
    Nov 2004
    Posts
    95
    I totally agree. And that's the reason why I think that for our bigger projects a Obfuscator is enough of protection.

    If you calculate a lot of collisions and physiques it's damn hard to understand if you don't get a hint by the name of the variable. Therefore it takes a lot of time to rebuild the code. If this takes long enough I am pleased. So, the only thing that is missing is a strong Obfuscator

    I hope ASO Standard will do the job when it's out soon.

  17. #57
    Custom User Title Incrue's Avatar
    Join Date
    Feb 2004
    Posts
    973
    Quote Originally Posted by The Helmsman


    Then, this is a simple appearence. Now let's say all game quests, maps and other useful data is separated from flash engine and located in DB. Each time user finish some map, game engine goes to DB in order to load new map, each time user comes up to quest game engine goes to DB to load texts, images other staff.
    When a swf talks to a DB, the data have to be passed through a php or asp program for the swf will be able to read the variables, and this php file ends up in the cache too, and can easily be found too
    I was talking about this before,about how to hide this php, but nobody seems to understand me
    ------------
    I dont understand the point on big projects, the thief doesnt have to understand to whole code to make the game work, all he haves to do is to throuw out the junk bites and find the url check
    Besides, its more realistic not to think on big projects, who needs a big team
    -----------
    Flash inside director doesnt works fine with classes, and i think flash 8 files will need a Xtra to run inside director
    ----------
    Now what?Now nothing.I just want one more line.

  18. #58
    Senior Member Vector Media's Avatar
    Join Date
    Apr 2003
    Location
    Brazil - São Paulo
    Posts
    381
    nobody is protected!
    all big companies have their software cracked someday!
    anything public can be hacked by an expert!

    all you gotta do is to make it difficult to "normal people" decompile and/or steal your project.

    and I still think we should create a knowledgebase for "protecting" flash stuff.
    http://www.vectormedia.com.br
    Multimedia Designer

  19. #59
    Senior Member The Helmsman's Avatar
    Join Date
    Aug 2005
    Location
    _root
    Posts
    449
    No need to hide this php.
    It don't need to be protected.

    The first time you come to some PHP file contains Flash game, we're opening session and write session number in cookie on client side.

    Then any time i need to load something from DB, first thing my Flash engine does is read client side cookie to get session number and then pass it with request to DB through some other php file wich checks the session id and then, if it's ok goes to DB in order to get requested data.

    So, every time user plays the game, game engine uses session id stored in cookies as an identifier that the Flash played on the right side.
    Last edited by The Helmsman; 08-30-2005 at 09:17 AM.

  20. #60
    Custom User Title Incrue's Avatar
    Join Date
    Feb 2004
    Posts
    973
    Let me see if i get it
    The php only outputs if the request cames with the rigth cokie
    But, AFTER he outputs, he still can be found in cache, doenst it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center