Registry access for flash projector files

Okay here is the deal:
I've created a standalone program using flash 5 that i plan on distributing. Right now I've compiled it as a projector file (.exe), because I want it to seem similar to any other program that would have been created in VB or any other language.

In any case distribution requires security, and that would mean writing to the registry the users name and personalized keycode/serial number (that I would provide.) And then each time the program runs it reads from the registry to make sure it is valid.

Now I've been reading on these forums and found some third party software that allows registry access (swf studio, flash studio ...)

But before I talk about that I would need some help with this idea of mine: I'm good at programming in Visual Basic, and I was wondering if I could use my flash program to execute a Visual Basic program that writes and reads from the registry, and then that VB program would send some data back to the flash program (essentially a true or false) to determine if the user's registry has the proper key code, and if so then the flash program will continue operations. Now the problem with that lies in how do i get flash wait for and accept the reply from the vb program, and how would vb send the code back to flash?

If that idea is not possible/or unsafe/unsecure, then I suppose my alternative is to use swf studio, or flash studio or something to build the registry access/encryption algorithm right into the flash program itself. (I'm only avoiding this because of the extra costs, I'm a small time programmer and don't stand to make much off the software i've created anyways.) SWF studio seems to be popular here (and the support seems good, and they're canadian, so would be nice to support my local economy) ... however flash studio seems like it will serve my purpose of registry access just fine as well and a little cheaper. I also need whatever program I use to be royalty free, and I need any modifications (if required) for flashplayer to recognize these thirdparty software's to be free for download/distribution.

Okay so does anyone have suggestions on my vb/flash interaction method of security. Or would they recommed going the swf studio or flash studio route instead?
And as a general question: is a simple registry entry security method safe? (obviously nothing is hack free, and honestly i don't need extremely strong security either, just something that keeps the everyday person from finding a way around the security.)

I know this is a long post, thank you for reading it, and thank you for any help you can provide. I hope to hear from the third party software makers too, so maybe they could show me how i would implement their software for my purposes. (but please no off topic insulting of other software makers...)

Thank you

I've written a couple of simple VB apps to show how you can make Flash and VB "talk". You can download them from my web site and if you have any questions about them, just fire off an email to [email protected]

http://www.northcode.com/misc/fscommand.zip
http://www.northcode.com/misc/flashvb.zip

Note: These examples just show the mechanics of Flash/VB communications, you still have to do all the other "hard" work like registry I/O etc. in VB :)

Quote:

---

Originally posted by sticks
I hope to hear from the third party software makers too, so maybe they could show me how i would implement their software for my purposes.

---

Using Flash Studio, you only need one line of code to save data to the registry. For example, a simple data entry would be:

on (release) {
fscommand("flashstudio.savetoreg", "regkey,regvalue");
}

where "regkey" is the name of the Registry key, and "regvalue" is the data that corresponds to that key. You can then use exactly the same method with the loadfromreg fscommand to retrieve the stored data. More complex data can also be stored by passing specific strings.

You can download a sample exe which demonstrates how to use the save/load registry commands at:
http://www.multidmedia.com/fls/flashstudio_sample.exe


and the Source code for the sample:
http://www.multidmedia.com/fls/flash...ple_source.fla


Flash Studio is available at: http://www.multidmedia.com/fls

Hope this helps.

If you have the skills to wrap your Flash piece in another language (like VB) then do it that way. If you put the key/ password code in Flash it is visible to products like AS Viewer. You can make it a lot harder for people to circumvent your security if you keep the code out of Flash.

Quote:

---

But before I talk about that I would need some help with this idea of mine: I'm good at programming in Visual Basic, and I was wondering if I could use my flash program to execute a Visual Basic program that writes and reads from the registry, and then that VB program would send some data back to the flash program (essentially a true or false) to determine if the user's registry has the proper key code, and if so then the flash program will continue operations. Now the problem with that lies in how do i get flash wait for and accept the reply from the vb program, and how would vb send the code back to flash?

---

You can do this easily with Flash 'N Pack since it allows you to run ActiveX Control inside Flash, visit http://www.flashnpack.com to get a FREE Trial Version, Don't forget to visit the Developers Link for more information, if you want to see a Sample VB Source Code that will show how to Communicate Back and Forth with Flash trough ActiveX, send an E-Mail to [email protected] and I’ll send you the SDK.... it's easy to use, very easy.....

Thank you all for replying, each one was quite useful.

I looked at the demo of flash studio and it seems very useful, and easy to use.

However northcode brought up an issue that i had never even thought about, and that was of being able to see the actionscript through ASViewer. That would actually be quite unsafe for me, and so I guess tools such as swf studio, flashnpack and flash studio would all be unsafe in that all the actionscript code (including my encryption algorithm used to scramble the registry key's) would be visible to anyone with ASviewer. Am I correct in assuming this?? Or do swf studio and flash studio, encrypt their outputs so that ASViewer can NOT decompile the swf? I know that swf studio and flash studio provide projector files (.exe), but couldn't someone extract the swf from the .exe, and then open the swf in ASViewer???

Also thanks northcode for the vb/flash examples. I was already considering this idea, however the only reason it wasn't attractive to me was because that would mean the swf would have to be provided separtely. Where as swf studio and the others compiled an exe which meant the swf was contained in it, hence i wasn't providing the swf separtely. Is there a way in VB to actually embed the flash file (not simply reference the external swf file),and then compiled VB exe would simply be self contained?

My other option if that is not possible is to do this (northcode's examples got me to think of all these possiblities, so i thank you..). What i was thinking is the following, have a shockwave control in my VB program. And in my flash program have a boolean variable (isRegistered). And when the VB program starts, it first reads the registry, checks the keycode to make sure it's registered, then opens loads the swf into the VB project (like you did in the examples). And then VB sets the variable of isRegistered (in the flash file) to true or false.
--> This would mean that the encrytion algorithm, and registry access would all be contained in the VB exe, and means that if the someone were to open the swf in ASViewer, they wouldn't see the encryption algorithm or the registry accessing that's going on.
--> the only problem I see with that is, what is someone opens the swf that is refernced by VB, and they see a variable called isRegistered. And they see that this is the variable that determines if the flash file can continue. It would be quite easy then for someone to create THEIR OWN VB program that simply loads the swf and sets the isRegistered variable to true.
--> this again would mean providing the swf is unsafe :(

So hopefully this outlines my concerns with all the of possiblities that have been presented.
In an ideal world what i need is a program that actually embeds the swf into the vb program, and provides a single output .exe from which the swf would not be able to be extracted, and from which ASViewer would not be able to see the actionscripting.

Again thanks for all your help, and I hope to hear some suggestions on ways to protect my software. Thanks.

Quote:

---

However northcode brought up an issue that i had never even thought about, and that was of being able to see the actionscript through ASViewer. That would actually be quite unsafe for me, and so I guess tools such as swf studio, flashnpack and flash studio would all be unsafe in that all the actionscript code (including my encryption algorithm used to scramble the registry key's) would be visible to anyone with ASviewer. Am I correct in assuming this?? Or do swf studio and flash studio, encrypt their outputs so that ASViewer can NOT decompile the swf? I know that swf studio and flash studio provide projector files (.exe), but couldn't someone extract the swf from the .exe, and then open the swf in ASViewer???

---

Flash 'N Pack will not be infected with this if you use your Own VB ActiveX, because nothing will be in the Swf all your Encryption will be done in VB so basically your user will Enter the Name and Password in Flash then FNP will transfer it from flash to VB and VB will take the info and do it's work then send back whatever you want to flash for example "true" or "False" as you can see nothing will be in the .Swf.... also with Flash 'N Pack you can make stand alone Royalty free .exe files.....

Now you said:

Quote:

---

Is there a way in VB to actually embed the flash file (not simply reference the external swf file),and then compiled VB exe would simply be self contained?

---

and :

[/Quote]
In an ideal world what i need is a program that actually embeds the swf into the vb program, and provides a single output .exe from which the swf would not be able to be extracted, and from which ASViewer would not be able to see the actionscripting. [/Quote]

Yes you can do this right in VB and here is how:

Open your VB Project in Visual Basic Add the Flash ActiveX to your VB Program now double click on it a new window will pop up (flash ActiveX Properties) then type the path to your .swf in the URL Part (Ex: c:\jay.swf) now in that window Check Embed click OK That's it. Compile and Distribute.. Your .swf will be inside the .exe and it will not be Extracted at runtime.. This might solve your problem....instead it will be used from Memory and treated like a resource File....
[Edited by Flash 'N Pack on 06-27-2002 at 07:44 PM]

Just wanted to say thanks to all of you. I finally fiqured out how to embed the swf into the exe. I kept trying to do it by making the movie property field read: app.path & "filename.swf". --> I wasn't realizing that the source was getting embedded so doing something like that was not necessary in the property field (only when i'm opening it at runtime.)

Well after I fixed that, realizing my mistake from flash n' pack's post, I was set :)

Anyways just wanted to say thanks to all of you, and I'm very glad to see people like yourselves who would rather help then simply push their own products.

Quote:

---

Originally posted by sticks
Just wanted to say thanks to all of you. I finally fiqured out how to embed the swf into the exe. I kept trying to do it by making the movie property field read: app.path & "filename.swf". --> I wasn't realizing that the source was getting embedded so doing something like that was not necessary in the property field (only when i'm opening it at runtime.)

Well after I fixed that, realizing my mistake from flash n' pack's post, I was set :)

Anyways just wanted to say thanks to all of you, and I'm very glad to see people like yourselves who would rather help then simply push their own products.

---

umm.. do you mean you got to embed flash in VB? Coz our VB programmer is dying to know how.. care to share how you achieved this? He wants to put my flash banner in his VB programs.. and maybe even use flash as VB GUI..

You can embed the SWF in a VB form (so it becomes part of the FRX file) by setting the EmbedMovie property to True. The user will still need to have the Flash OCX on their system, including that in your VB will require a little more work (but you can always include it in the setup package you're using for your VB app).

Thanks north!

PS
Where can I get the Flash Player/Flash OCX???
That's the player installer right? Well, seems like you can only download it from the site.. and you cant download the installer.. where do I get the installer?

Go here:

http://www.macromedia.com/support/sh...g/license.html

Read the License and follow the link...
Once you apply you will receive the Link to download the player for distribution..

The License is free all you have to do is Apply..

Flash 'N Pack: Yes you can embeded the swf in the VB program, therefore you don't have to distribute the swf with the .exe that VB creates. As northcode said just set the embedMovie Property to True. Also set the Movie propterty to point directly to the filename to embed. Don't do anything like what I was trying to do which was trying to set it dynamically. (Also DO NOT set the properties at runtime - in the code -, this won't work either --> I should know :)

About the OCX, well the new flash players (6 and future ones i suppose) use flash.ocx, while the older ones (5 and below) use swflash.ocx. Therefore when you are creating your VB program make sure you create it for what your customer will be using (or just make it for flash.ocx and ask then to download the latest version of flash.)

I have created a small little tutorial that shows how to embed it, and just a little on about using FSCommand (since you'll have to program them yourselves.) I suppose all of you know already know about it, since you've already created much larger programs that do all this, but i guess it's good for anyone that wants to learn. you can downlad from the link at:
http://www.geocities.com/sticksbs/

or you can append the player to the end of the exe, and get vb to copy it to the player location.

Quote:

---

Originally posted by Gambini

Quote:

---

Originally posted by sticks
I hope to hear from the third party software makers too, so maybe they could show me how i would implement their software for my purposes.

---

Using Flash Studio, you only need one line of code to save data to the registry. For example, a simple data entry would be:

on (release) {
fscommand("flashstudio.savetoreg", "regkey,regvalue");
}

where "regkey" is the name of the Registry key, and "regvalue" is the data that corresponds to that key. You can then use exactly the same method with the loadfromreg fscommand to retrieve the stored data. More complex data can also be stored by passing specific strings.

You can download a sample exe which demonstrates how to use the save/load registry commands at:
http://www.multidmedia.com/fls/flashstudio_sample.exe


and the Source code for the sample:
http://www.multidmedia.com/fls/flash...ple_source.fla


Flash Studio is available at: http://www.multidmedia.com/fls

Hope this helps.

---

I've been tryin for 2 days now to get this function to work.


on (release) {
fscommand ("flashstudio.savetoreg", "HKEY_CURRENT_USER/SOFTWARE/office.wissen.de/ShowGuidedtour,"1");
}

I import it into Flashstudio and it just refuses to work. I've gone through the process step for step and it still fails, throwing an unknown error back at me which is a bit irritating.
Does this not function with the Demo version?

Anybody any ideas?
Desperate...

on (release) {
regkey = "myKey";
regvalue = "myKeyValue";
fscommand("flashstudio.savetoreg", "regkey,regvalue");
}


Simply replace the myKey and myKeyValue with your own values. There is no need to put in a direct path to the registry, it will automatically create a new Registry Key with the name you provide in "myKey".

Hope this helps.

After banging your head over your computer desk for several hours trying to get that to work, you might want to try this instead: :)

Code:

---

on (release) {
regkey = "myKey";
regvalue = "myKeyValue";
fscommand("flashstudio.savetoreg", regkey add "," add regvalue);
}

---

I hope this helps...

Gambini probably has a pretty good idea how his own product works! The example code he posted matches the code in his example FLA and that probably worked before it got posted...

It's pretty easy to pick up the value from the variable name and that's actually easier than passing literals (especially if the value contians a ","). By passing variable names, there's no need to escape the data you pass to the fscommand.

Ooops :) sorry about that guys ... scratch the above post then.....

You are right I just looked at his example and it looks like he is loading the value from flash internally instead of relying on the user to pass it...

and Thank you NorthCode for catching the error in my post! :)

Thanks a bunch for the advice/solutions guys.

Unfortunately it still doesn't seem to work.

This is the exact Actionscript I used.

on (release) {
regkey = "HKEY_CURRENT_USER\\Software\\officewissen\\showto ur";
regvalue = "1";
fscommand ("flashstudio.savetoreg", "regkey,regvalue");
}

I've gone through a variety of variants but none seem to function.
Any ideas??

I've posted the fla, swf and exe produced for the process.

Any feedback would be hugely appreciated. I'm using FlashStudio (trial version) to produce this.

It's a simple button function in a guided tour that the user need only click once to indicate that they've already taken the tour.

http://www.punchbear.com/regtest_01a.swf
http://www.punchbear.com/regtest_01a.fla
http://www.punchbear.com/regtest_01a.exe

Cheers again, you guys have been very forthcoming and helpful (not to mention patient!)


[Edited by punchbear on 07-23-2002 at 06:54 AM]

I wanted to download the demo again to try this, but the FlashStudio site seems to be down right now and Gambini isn't around.

I tried to grab their contact info out of the WHOIS database so you could call them and find out what's going on but the phone number is a dummy and the only useful info was...

Sohal, Jaspal [email protected]

Next, I tried looking them up in the wayback machine at http://www.archive.org but they aren't listed. They're either too new or they're using a robots.txt file to kill crawlers.

Not to be defeated, I searched Google and found that http://www.jssmedia.com had a reference to www.multidmedia.com.

This is the online portfolio for Jaspal Sohal (see WHOIS entry above) and it has a phone number. That's the best I can do for you until Gambini pops back in or you decide to try SWF Studio :)


[Edited by Northcode on 07-25-2002 at 11:06 AM]

Ok here is how it works:

on (release) {
regkey = "test";
regvalue = "1";
fscommand ("flashstudio.savetoreg", "regkey,regvalue");
}

Basically Flash Studio doesn't give you the option to choose where you want to save you registry keys but instead it automatically saves them under HKEY_CURRENT_USER\software\"Flash Studio Title name" by default is "My Flash Movie" so basically the above code will create a string Key Named "Test" under HKEY_CURRENT_USER\software\My Flash Movie\ and will put a value of 1 to see the result open you registry using regedit and go to HKEY_CURRENT_USER\software\ then look for My Flash Movie click on it and voila....

Also I noticed that Flash Studio creates another empty key directly under HKEY_CURRENT_USER called "My Flash Movie" hmmm don't know why..

To sum it up I don't think the current version of flash studio will do what you want (according to your code) so you will have to go and try the other third party software like Flash 'N Pack or swf studio ......


if you need help with Flash 'N Pack please let me know and i'll be glad to help you.. [email protected]

Hi, sorry for not being able to answer myself, I've not been able to check the fk boards for a few days. Thanks to both Northcode and Flash'n'Pack for helping out in my absence.

Flash'n'pack is right, you're currently unable to specify where in the registry you wish to save your data with the current version of Flash Studio. We're always updating, so as soon as we add this feature, I'll let you know.

Northcode, could you kindly delete the whois info from your last post - for some reason, they seem to have registered a resident address and not a businness address. Something else to add to todays "to do" list! :D

Done. Ya gotta keep an eye on them WHOIS buggers. Sometimes updates go through magically fast, other times it's a slow boat to nowhere. It took me months one time to get my phone number changed.