So minijuegos.com stole my half finished flash

[>flashl!ght<]

hmmm... how does it work? im really slow at comprehending other peoples code(which is exactly how we want them to feel)

[tonypa]

Only way to be sure your game doesnt get stolen, is not to release it at all. If you put it in any page, it can be stolen, cracked, hacked, copied, taken apart, re-coded etc.

[>flashl!ght<]

tony

absolutely, a halfway compitent Flasher could hack anything, but the idea is
1) almost all these game thieves dont do any hacking, they just steal and rip
2) if its difficult enough, your game will be left alone

a real principle in security is simply to make things difficult enough that the potential offender will go elsewhere for the same/similar goods, rather than tangle with your system

[Squize]

"ok, i forgot to say dont recompile. If you dont recompile, it's pretty hard to bypass... an easy way to protect against not-decompiling rippers"

As Vex stated, once a cracked version is out in the public domain, that one will be used.
You've really got to protect against decompilers as it's painfully easy to remove protection with them.

[hijack]
Vex, yeah byte-code does bring back the memories of the good ol' days, although it's a zillion times harder than assembler used to be with the stack being used so much.

Tom: Get you arse on icq, it's been too long since we put the world to rights

mMint: Yeah daddy's home Just need to catch up on a zillion mails and then I can have some fresh blog action.
[/hijack] - Sorry.

Squize.

[>flashl!ght<]

truth is, if you *really* want your Flash secure, you need to use a projector with 3rd party sofware, not put in online. which is ashame, because thats the whole point of Flash games. And even then, large companies with multi thousand dollar software products haven't been able to create invincible security; it simply isnt possible. if it was made to be accessible to someone, then anyone can access with the right methods.

i remember when discreet released 3dsmax with a physical hardware lock. i was 12 or 13 and got it for free. nothings invincible.

[Rrrufusss]

thehumanchimp,

Would you like that hosted or leeched? Take your pick.

-Rufus

[UnknownGuy]

I'm just wondering what do you mean by using ASV code?

[T1ger]

Clever. Very clever. My guess is a while(true) loop in the php file. Am i right? If not, would you please share by pm?

[thehumanchimp]

ugh, damn you Rrrufusss
could you pm me how you did it so i can sort it out. plus if you do actually want that gmail invite, just give me your email address to send it to, or i can pm back the URL to go to. Your choice.

[slight]

Originally posted by yellowman

Ok, one way to do it, the easiest I think.. get Microsofts Web application stress tool ....... but I don´t think anyone have solved it, or have you?

Thanks klas!
The problem for me is I didn't know about the software like that or artmoney until I ask about them in places like these. Now that I do know, I can take measures to make each method much more difficult using various checks and obfuscations. Since 'real' scores will never make an incorrect entry, I can safely add IPs to a ban list as soon as any incorrect attempt is attempted, I think that will stop 99.99% of punters.

[T1ger]

Yellowman and everybody else who posted the url OR name for that tool, could you please edit your posts and call the tool yellowmantool and remove the urls?? Please.

We dont want everybody to know how to do that, as it bypasses most checks.

Thanks.

Xander

[krustryjoe]

Idea on how to stop crackers-

Maybe you could put either an invisible button on ur game somewhere that you know or u could just put it anywhere that anyone can access it.

anyways.... im not sure if this would work....... Im having doubts as i type it but i think i should give it a shot...

anywayz... as u click the buttona text box appears.... there u type in a password and if u type the right one, it will corrupt the SWF on the page it is on....

i not sure how this would be done... either by attaching a certain virus hosted on a website or by any other methods IM not sure.

Anywyaz... I think something like that would be pretty neat as if u saw ur swf on someone eles website.... just terminate it....
lol


ps: please dun criticize me.... im just suggesting ... i know theres alot of things that can be done in flash and other programs that i dun know about and iwas hoping that that was it.

[kendude]

They will just diasable the code on the invisible button. Damn that ASV.

[StreetRacerX]

one way I sort of know is make it look for a specific var or externally load the script on your domain by using current _url and appending something like /test/test.as

And if it cant load that file from there then it wont play. Thats the hardest thing to bypass I think. Lets face it if all content is loaded from externals no way they can steal it especially if it loads them by using _url as part of a source....

I know a way to bypass it, but thats a difficult way and most will just give up.

Otherwise do what I do, put somewhere your name on a game and a site you host it on. Say on front page "created by.... on http://mydomain.com". Or for fun you can put your picture into it as a part of a game, in my game I have a picture which you can access by pressing specific key after game is paused.

[leason]

I know its not foolproof, but I've been playing with another method that both protects from stealing and from highscore tampering.

Well - I was going to post the URL but my site is wiggin out. I'll try back later. Basically i try to pass authorization codes for each period between score saving. So a user loads the page and the game gets an authkey. When it saves a score it sends the authkey for verification. The server generates a new authkey and sends that with the score saving confirmation. Next time the game sends a score it has to send the right authkey or the score is not saved. I'm trying to keep as much server side as possible.

Sorry if this is too off-topic, btw. I just figured we were on the protection thing so might as well post it.

-Lee

[leason]

Crap... I hate when it I type out a good post and something freaks out and it gets lost when I submit it...

Okay, once more. I think my site is okay now, so you can try to hack the scores on this game.

So my anti-leeching idea. I'd like to be able to stream the swf rather than specify its source location in the object tag. For example, a good anti leech method for images using PHP works like this: You have your image tag look like this

Code:

<img src="getimage.php?id=4">

. So rather than specify where the image is located, you pass an image id and the script streams the image. If we could do that for swf's it would be great, but so far I have not been able to pull that off. I think it has something to do with the different ways that the browser can look at an Object tag vs an img tag.

[T1ger]

Leason, test this. Try to find the name of the swf file =)

http://www.aleksanderstrand.com/phpsecure/

(cant get it to work in IE, maybe its just my comp, i dunno. Works in Opera at least)

[thehumanchimp]

your idea of using a php file to serve the .swf is what i used to protect my earlier version. However, as rufus pointed out - its very easy to hack. However, Version 2 is out.

Yes, Version 2...well, if anybody can leech this new (".swf goes here") swf or download it and host it on their site: http://members.lycos.co.uk/humanchim.../movieLock.php
I would be very intrigued. Im pretty sure this would stop 90% of hackers if not more.

And you get 3, yes 3 brand new, shiny gmail invites if you do. theyre going for $5 on ebay, (http://cgi.ebay.com/ws/eBayISAPI.dll...102126075&rd=1)
well i suppose you get 10 for $5 whereas here you get only 3. Oh well

[thehumanchimp]

T1ger, if all you did was make the PHP load the SWF with a Content Header, it is easy to find out where it came from with a program (which is how rufus found out the location of mine), i just can't be bothered to install the program.

[yanuart]

wow.. but i must say with software such as ******* and actionscript viewer, there's nothing much you can do about it..
isn't there something we can do to stop activities such as minijuegos ??