Stop being curious 3 post guy :) Anyway, it won't matter much even though tony won't tell, 'cause someone on the net will come up with it anyway.Quote:
Originally Posted by dai_of
Printable View
Stop being curious 3 post guy :) Anyway, it won't matter much even though tony won't tell, 'cause someone on the net will come up with it anyway.Quote:
Originally Posted by dai_of
here is some easy flash code to help keep stuff protected
Article & code is linked here:
http://www.flashtreasures.com/Forum/viewtopic.php?t=2
The key is to make a couple small movies and burry them in your game. Then add the simple code. Its not 100% but you can make it a real pain in the butt for people to decomple and use your stuff.
Just the old,well know urlCheck inside a lot of movieClips
To anyone who has read the whole threads urlcheck in nothing new(and nothing usefull too)
So why post a help who has already been told to everyone before?
Your post sounds more like a spam
The new trick is to burry it and have it goto frame 1, so it makes it harder to disable. But again its just a simple trick, for people who are looking for easier ways to protect their work.Quote:
Originally Posted by Incrue
fact is there is no real way to protect the game against decompiling it, I coded a thing in C that makes it invisible and the script exists on EVERY SINGLE MOVIECLIP, it checks for a script in the _root (one) directly and if it's not there, it makes it invisible, that script is a URL check, it makes leechers have a rough life.
too bad it took me around 2 hours to write a script in C that reverse engineers it :(
Still, it's only a small minority of hackers who're willing to go beyond using a decompiler to steal something.
Inglor, what happens if you run the swf through an obfuscator before/after using your C program?
Let's say I don't want my work to appear on a certain website.
Using mpalma's code, I get:
// URL Checker
checkIt = this._url;
checkIt =checkIt.substring(0,29);
// Enforcer
if (checkIt = "(website we want to block content for)") {
//insert code to unload movie here;
}
I know that it'd probably be good to stick a getURL function in there to open up a page which states that the flash has been stolen, but I have no clue how to program it to unload the movie (...or if there's a better way, could someone point that out to me?)
I also saw this code on the first page:
hyperText = _url.substr(0, _url.indexOf(":"));
if (hyperText == "http") {
slash = _url.indexOf("//");
webSite = _url.substr(slash+2, _url.indexOf("/", slash+2)-slash-2);
webSite = webSite.toLowerCase();
if (webSite.indexOf("www.website.com") != -1) {
webSite = webSite.substr(webSite.indexOf("www.website.com")+ 4, webSite.length);
}
if (webSite.indexOf("(website I want to block)") != -1) {
stop();
myMessage = "Copyright Infringement! This movie has be disabled. "+"The following web address has been logged and the authorities will be notified: \n\n "+_url;
}
}
Where would I stick that? Could I slap it on a movie clip and hide it somewhere inside?
New code protection Idea!
Use really bad coding to really confuse the hell out of anyone trying to rip your stuff.
:D
hehe
Yup. That's what they call "obfuscation". ;-)Quote:
Originally Posted by mpalma
Thor: (I know his message is old) To disable a game once you've figured out it's not on a permitted site, use this: _level0.unloadMovie()
heh, thanks much
Actually, I'm not too sure if this has been brought up by anyone yet, but I did discover that you can decompile some Flash with a Mac and Flash MX alone. I discovered this as part accident and part curiosity. I kinda wanted to see under the hood of how a particular Flash worked (I wasn't planning on ripping someone off or anything, I was just curious.) So when I fired up the Mac, I double clicked on the swf to just look at it and try and figure it out by looking. Instead, it opened up in MX completely and it half-decompiled it. I can't see the code, but I can modify the graphics and things if I wanted to. So I closed everything up and moved to PC. It was really strange but I think you might want to be a little careful of this. (And if anyone knows the answer, why did Flash do this on a Mac and not on my PC? It was really weird! )
~Kamui.EXE
Ok, I've thought about this a lot, but I just can't see how it can work. What if the hacker FIRST visits the 'entrance' page where the cookie will be created and then goes about his/her usually hacking activities? That way the hacker has a valid session number and can go about.Quote:
Originally Posted by The Helmsman
Create a flash movie which acts as a preloader for your real game.
that movie could be decompiled, but the name of the movie it loads is not in it and the person would have no way to find it
Here's the trick
to do it, you would need to use a url rewriting capability on your server.
Let's say the loader flash file is located at "http://www.games.com/x/y/asd/game1.swf" (or something that could not be easily guessed)...
now let's say the page for this file is in:
http://www.games.com/x/y/asd/game1.html
you give that page a new (fake, rewritten) address like http://www.games.com/games/game1.html
(everyone will only see the fake address and won't even know that its fake)
viewing the source for that page would only reveal 'game1.swf' with no real info. on where it is on the server
so... here's the big thing
inside the flash movie, you will use the _url property to find out where the flash file is located. This property will give you the real address on the server from where the movie came -- you send that value to a php page which returns to you the name and location of the real game file...but only if the address you sent it is "http://www.games.com/x/y/asd/" (or wherever the real file may be.
So now, in order to find out what you called the game file, a person would have to find out where you really placed the loader swf file
which i don't think is possible if you rewrite the url
tell me what you think
please excuse the double post...
...my finger is faster than my browser
Can decompilers steal class files?
Is there any way to protect .as files?
class files and .as files only exist while developing . When creating swf they are all compiled into swf like normal actionscript code.Quote:
Originally Posted by 691175002
sure the files are imported and then the code gets merged into the swf´s other code but just to clear things up,class files are restored by most decompilers
As far as I see there is still a big interest in this thread. Therefore I decided to explain my idea a little bit better and give people here some direction on how to protect SWF files from copying to another websites and execution them offline. I don’t pretender to teach anyone here, cause there are plenty coders all around which code better then me :)Quote:
Originally Posted by PattyvD
On picture no.1 we can see typical SWF protection of our days:
http://ss55.shared.server-system.net.../tmp/pic_1.gif
Now let’s describe all elements. First of all the content on client and on server is almost identical. Then the first request for game.html on web server brings back html file itself + all associated content including (css, js, swf and other files) to client’s cache. After all elements of page will be downloaded the game swf file will executes some request for URL before playing and if validation will be successful the game will start playing. The third request is not actual request but I put it here to illustrate further ideas.
As we can see, the thin place here is URL check itself, cause all content game needs to play located inside SWF and if the user can find a way on how to fake validation or remove URL check the game can be executed anywhere w/o any restrictions. Obviously today it can be done easily using tools like SWF Decompiler or ASV or FLASM.
Now let’s see picture no.2:
http://ss55.shared.server-system.net.../tmp/pic_2.gif
Here we have almost the same situation except one thing. Not all content the game needs to play located inside SWF file. Therefore, the file still can be executed locally but the user needs internet connection to play and the game file executed on other server must refer to the original server for game content in order to play. Still not perfect but looks better. Here we prevent game to run locally and make SWF decompiling tools obsolete.
Now let’s mix both ways, see picture no.3:
http://ss55.shared.server-system.net.../tmp/pic_3.gif
Here we’ve added some check based on the session id of the original ASP or PHP file that holds our game (SWF file). Her I want to stay a little bit to make things clear. Lets suppose we have 3 files on server:
1. landing.php
2. getData.php
3. game.swf
First of all after the user makes request for the landing.php file our server performs php processing in order to create html content which will be passed to client. During this processing the html file client gets contains some session ID which is unique and defines client. Then when the game was loaded the SWF file makes further request to server for game data using session ID as a key to tell server that the game is played from the original page and not from the other website. Then the getData.php file when processed on server to provide game data check ID it got from flash opposite to ID server has for this client. And in case when they identical (which means the flash file runs on appropriate page on original webserver) it return game data.
Somebody can say that it will work to completely protect game from running locally, but there is still some security breach when thief executes file on another webserver.
You are right. The thin place here is ID we pass to game as a key. We’ve said it is session ID, then the attacker can make fake landing.php page which will go to our server to get a key and then pass it to Flash. It is possible, but we go further. What will be if we use some key which can’t be faked? For example we can add some logic to our server when the key will contain the client’s IP and game level and in case when there are several requests from the same IP for other game levels we’ll block IP because it can’t be client (assuming that playey can’t be on level 1 and level 99 in the same time).
There are many other tricks can be found in order to make thief life harder as hell. Finally I want to post some small game as an illustration for all of above. Your can compile it as stand along game as well as protected one which can be run on server simply by changing #include directive. I hope it will help to understand better the main idea.
The game can be found here:
http://ss55.shared.server-system.net.../tmp/pic_4.gif
And all sources here
My idea is to go to this MM site and tell Adobe you want something to protect your SWF from bad guys in Flash 9. If you don't know it by now, this is their "wish list" site where we tell them what we'd like in the next Flash.
weblogs.macromedia.com/flashteam/ archives/2005/09/its_that_time_a.cfm
It can be begginning of the end for the SWF format as an open format. There are plenty amount of tools that can create SWF files on server dynamically upon request, some of them open source some of them is Macromedia property but it is possible because SWF is an open format. When you ask to implement mechanisms to protect AS inside SWF files its means it will never be open anymore. Think about it.Quote:
Originally Posted by strodgers