[AS3] Another byteArray example to avoid stealing

**tonypa** · 05-22-2008, 12:16 PM

Try here:

http://www.tonypa.pri.ee/test/1.html

There are 2 swfs. 1 is the loader and 2 is your great game. For the sake of this test 2.swf only contains textfield with HELLO!. Now lets suppose you are one of those hackers using decompiler from "the company whos name shall not be said" and you are eager to change the content of the game (adding some code for your arcade plugin, removing name of author, removing url lock etc).

Can you break it and change the game file?

**felixters** · 05-22-2008, 01:46 PM

Yes, here are both swf files.

http://www.coregraphic.com/Rick/gameandloader.zip

I don't have a decompiler here, but I would venture to say having both of these files is all I need... Is that incorrect?

**tonypa** · 05-22-2008, 02:27 PM

Try to run 2.swf on its own or open it in decompiler.

**felixters** · 05-22-2008, 02:41 PM

Originally Posted by tonypa

Try to run 2.swf on its own or open it in decompiler.

I'll have to wait until later to decompile it. I did run 2.swf by itself and saw nothing, but I assumed that was because it doesn't know how to start itself, 1.swf does.

If I ran 1.swf in the same directory as 2.swf I saw the textfield message though, which means the logic is somewhere in those two files...

**tonypa** · 05-22-2008, 02:56 PM

The "game" is fully in the file 2 (currently represnted by text box). The idea is that you cant decompile it meaning if it would contain url checks etc it would not be possible to steal it.

**felixters** · 05-22-2008, 03:40 PM

I guess I'm missing the point then, because I have 2.swf (which has the logic) and a swf decompiler to look at it.

Doesn't that give me everything I need to steal your code?

**tonypa** · 05-22-2008, 04:13 PM

I sure hope you wont find decompiler that can open it.

**felixters** · 05-22-2008, 04:40 PM

I have no idea... I'm curious though, what makes 2.swf different than other swfs that can be decompiled?

Edit: I haven't tried to decompile it yet... I don't have one but a friends company does who will do it for me later this evening

**renderhjs** · 05-22-2008, 05:12 PM

the difference is that people can exchange it with their advertisement crap and their logo/title or graphics.
a good example of such is:
http://www.thepencilfarm.com/blog/20...ng_olympi.html

or some of the lately new threads about 'I have a new portal site...'

**realMakc** · 05-22-2008, 05:32 PM

now this is stupid. you removed 4 bytes. I added them back. now what? do I win a cookie?

**realMakc** · 05-22-2008, 05:35 PM

oh yeah,

Code:

package loadedswf_fla
{
    import flash.display.*;

    dynamic public class MainTimeline extends MovieClip
    {
        public var testing:Object;

        public function MainTimeline()
        {
            addFrameScript(0, frame1);
            return;
        }// end function

        function frame1()
        {
            testing = "1234567890";
            return;
        }// end function

    }
}

**nGFX** · 10-15-2008, 03:06 AM

You miss the point. It's not meant to be hacker safe. It's meant to prevent kids messing with your stuff.

(For all others wondering why I replied to a dead thread, read about something similar here).

nGFX

**renderhjs** · 10-15-2008, 05:16 AM

then put the link in the first place,- very odd way of posting a resoruce- nice link though

**nGFX** · 10-15-2008, 05:27 AM

because it's something I didn't want to post explicitly here in the first place ...

nGFX

Thread: [AS3] Another byteArray example to avoid stealing

Thread Tools

Display

[AS3] Another byteArray example to avoid stealing

Posting Permissions