|
|
You're in the
flash actionscript
group:Copy protection with Flash / Actionscript
flash actionscript:
This is an honest response: my reaction when I hear this kind of question is to ask what people are doing in Flash that's so original that it won't be protected with the usual mechanisms of copyright or patent. In terms of code I've seen very few things in Flash, decompiled or not, that strike me as unique or original acts of software engineering. And it seems like most visual art and design is properly protected by copyright statutes. Personally I think it's healthy that Flash instances can be decompiled, that clients can know exactly what they're paying for, that code can be analyzed for weaknesses, and that up-and-coming developers who are so inclined can "view source" as a learning exercise. Just MHO - I respect yours. -KF [quoted text, click to view] "Robert Sorrells" <rsorrellsU@KNOWmindspring.com> wrote in message news:cqqhn2$qjj$1@forums.macromedia.com... > Hello, > > Is there any way to copy protect a Flash SWF file? I ran across a tool > that allow you to reverse-engineer any SWF file to a FLA file and preserve > every line of code. > > With ASP and other server-based technologies, all of the "secret magic" is > on the server. Even with Java, I recall that the Class files (or JAR files > or something like that) could be downloaded, but not reverse engineered, and > they could be made to look for a license file hidden on the server. > > I've stopped all Flash development until we figure out how to "dumb down" > what we put into Flash. > > Bob > >
Hello,
Is there any way to copy protect a Flash SWF file? I ran across a tool that allow you to reverse-engineer any SWF file to a FLA file and preserve every line of code. With ASP and other server-based technologies, all of the "secret magic" is on the server. Even with Java, I recall that the Class files (or JAR files or something like that) could be downloaded, but not reverse engineered, and they could be made to look for a license file hidden on the server. I've stopped all Flash development until we figure out how to "dumb down" what we put into Flash. Bob
I will definitely check them out. I wish Macromedia could come up with a
way to securely encapsulate and encrypt the code, or to be able to do some type of function calls to a server so the intellectual property can be on the server instead of on the client's computer. Bob [quoted text, click to view] "MCLMXXV" <webforumsuser@macromedia.com> wrote in message news:cqqjah$rmu$1@forums.macromedia.com... > The obfuscator from http://www.genable.com/aso/ seems to work well for most of > the swf files I have created but does not work when I tried to obfuscate a > Flash Communication Server sample: sample_videoconference.swf ? dunno, got hte > latest version from http://www.genable.com/aso/ and this did improve since the > font color combo box now properly displays the colors as opposed to some > hexadecimal values. There does not seem to be many other products out there to > do obfuscation.......... anyone know an alternative? if not I ''l have to wait > for http://www.genable.com/aso/ to fix the bug. > > Regards > Mario > >
I wouldn't run any sort of connection that truly demands secure
communications across the wire in unencrypted form. I'm not a security guy -- in my line of work, we +want+ people to take our information -- but the party line is that "security through obscurity" is not a good assumption to make. Remember that even though the client may be open, the internals of your server setup can be as closed as you like. The database is a good place to enforce security diligently, and the last time I checked there was no source freely available for MS SQL Server. Remember also that many "secure" clients are totally open source -- the fact that people can probe the working of the client doesn't mean the mechanism itself is insecure. I'm not a crunchy-gronola open source advocate, but for script and programming that's basically duplicative of stuff that's been done a billion times before by smarter folks, I don't see the moral imperitive of trying to obscure it, and I don't think MACR's business interests are served by locking down their source. I know that maybe 1% of my learning has come from Macromedia's efforts at documentation, 25% from good books I've bought, and the rest from the goodwill and genorosity of a commuinity that thrives on the free flow of information. Tell me: where would most of us be without "View Source"? Would the nascent web development community of 1995 have been served by obfuscated HTML and encrypted assemblies? If someone can learn useful things from something I've done, I'm happy if they go to the bother of decompiling it. If decompilers expose script rip-offs, reveal substandard work, or discourage proprietary locks on methods and tools, I think it's generally a benefit to the developer community ... a kind of evolutionary pressure that discourages complacency and exploitative relationships. Again, if you have a different point of view, I welcome it and I respect it. I'm piping up because I've heard many complaints about decompilation on the forums and at every FlashForward I've attended, and I think it's worthwhile to consider an alternative point of view. -KF [quoted text, click to view] "pudrocker" <webforumsuser@macromedia.com> wrote in message news:cqqrvc$4cm$1@forums.macromedia.com... > I'm all for open source, sharing and what have you; however, this ability to > decompile is possibly the reason why trying to use remoting securely for logins > and account management has become so difficult. Trying to convince corporations > to adopt this technology for RIA's while swf's can still be freely decompiled > is next to impossible with their paranoid views towards security. Sure, you > should always call remote AS files from a secure server location anyway - > question is: Why should we have to? I believe that open source should be > given, not taken. At least give us the option to share or not to share. > > thoughts anyone? > > pud >
The obfuscator from http://www.genable.com/aso/ seems to work well for most of
the swf files I have created but does not work when I tried to obfuscate a Flash Communication Server sample: sample_videoconference.swf ? dunno, got hte latest version from http://www.genable.com/aso/ and this did improve since the font color combo box now properly displays the colors as opposed to some hexadecimal values. There does not seem to be many other products out there to do obfuscation.......... anyone know an alternative? if not I ''l have to wait for http://www.genable.com/aso/ to fix the bug. Regards Mario
About ever other day somebody asks this on these forums. The swf format is open
source by design. There is no way to protect a file AND make a file that can be executed. There might be an obfuscator or two that seem to work, but the next time Macromedia updates the player there is a very real chance that you file might not work. Also any obfuscator that becomes popular will probably be cracked in fairly short order. Good luck, but that way lies madness.
I'm all for open source, sharing and what have you; however, this ability to
decompile is possibly the reason why trying to use remoting securely for logins and account management has become so difficult. Trying to convince corporations to adopt this technology for RIA's while swf's can still be freely decompiled is next to impossible with their paranoid views towards security. Sure, you should always call remote AS files from a secure server location anyway - question is: Why should we have to? I believe that open source should be given, not taken. At least give us the option to share or not to share. thoughts anyone? pud
That's certainly a fair concern, Bob. I'll offer one idea which may or may
not be helpful for your needs. Consider if it's possible for the most proprietary aspects of your application to be embedded in the logic of your database (e.g. SQL Server stored proc) or a COM component. Depending on what you're doing, the Flash movies could hit the propreitary "magic box" that resides on your server for essential processing, and you would maintain a lock on things. Most of us are using Flash, of course, because Flash has become what client-side Java was promised to be. -KF [quoted text, click to view] "Robert Sorrells" <rsorrellsU@KNOWmindspring.com> wrote in message news:cqrm63$qq9$1@forums.macromedia.com... > Hi Ken, > > I think a lot of us are very surprised at how easy Flash is to reverse > engineer, and extract every line of code, even the formatting. I think this > is a revelation to many people. > > Without going into details, my application is fairly unique in my industry. > The biggest advantage I have now over my competitors thanks to my hidden ASP > code is the barrier to entry. It would be very difficult for someone to > recreate. Not so with Flash. They would have all of my important > algorithms, and have those "so that's how he did it" things that took me 2 > years to develop. Also, defending a patient or copyright is beyond the > resources of most small businesses. > > I'm surprised that Flash isn't as secure as Java. I'm going to have to take > a second look at Java. > > Bob > > "Ken Fine" <kenfine@u.washington.edu> wrote in message > news:cqqopl$286$1@forums.macromedia.com... > > > > This is an honest response: my reaction when I hear this kind of question > is > > to ask what people are doing in Flash that's so original that it won't be > > protected with the usual mechanisms of copyright or patent. > > > >
Hi Ken,
I think a lot of us are very surprised at how easy Flash is to reverse engineer, and extract every line of code, even the formatting. I think this is a revelation to many people. Without going into details, my application is fairly unique in my industry. The biggest advantage I have now over my competitors thanks to my hidden ASP code is the barrier to entry. It would be very difficult for someone to recreate. Not so with Flash. They would have all of my important algorithms, and have those "so that's how he did it" things that took me 2 years to develop. Also, defending a patient or copyright is beyond the resources of most small businesses. I'm surprised that Flash isn't as secure as Java. I'm going to have to take a second look at Java. Bob [quoted text, click to view] "Ken Fine" <kenfine@u.washington.edu> wrote in message news:cqqopl$286$1@forums.macromedia.com... > > This is an honest response: my reaction when I hear this kind of question is > to ask what people are doing in Flash that's so original that it won't be > protected with the usual mechanisms of copyright or patent. >
Considering the relentlessness with which crackers have infiltratrated
advanced copy protections on PC software, any standard like Flash or Java is going to have a very hard time. Autodesk had their dongle hardware key and that was easily bypassed. Half-Life authenticates via the Internet on start; that protection was compromised in days. Macromedia has a tough job here, and I respect that every time I've heard the question asked at FlashForward and whatnot, they've basically said, "we're aware of the issue, we're looking at it, but good luck trying to keep client code locked up." If you haven't done COM: it sounds mysterious and hard but setting it up in basic form is actually a snap. Since ASP is on its way out, you can get used/remaindered books off of Amazon very cheaply. Wrox Press's "Beginning Components for ASP" is a good start, and you should be able to buy it for just a few bucks. -KF [quoted text, click to view] "Bob Sorrells" <rsorrellsYouKnowWhatToDo@mindspring.com> wrote in message news:cqs292$8sc$1@forums.macromedia.com... > Hi Ken, > > Thank you Ken. I also googled "Java Decompiler" and Java has the same > issue. I see now that that's just the nature of client-side stuff. > > Your suggestion of using a stored procedure or a COM component is an > excellent one, and that's the approach I will take. That will allow me to > balance having the rich controls and interaction that Flash offers, and to > keep some of the calculations and image processing on the server. That > will definitely work. > > Its not as bad as I originally thought. ;) > > Thanks! > Bob > > > > "Ken Fine" <kenfine@u.washington.edu> wrote in message > news:cqrq6p$16k$1@forums.macromedia.com... > | That's certainly a fair concern, Bob. I'll offer one idea which may or may > | not be helpful for your needs. Consider if it's possible for the most > | proprietary aspects of your application to be embedded in the logic of > your > | database (e.g. SQL Server stored proc) or a COM component. Depending on > what > | you're doing, the Flash movies could hit the propreitary "magic box" that > | resides on your server for essential processing, and you would maintain a > | lock on things. > | > | Most of us are using Flash, of course, because Flash has become what > | client-side Java was promised to be. > | > | -KF > | > | "Robert Sorrells" <rsorrellsU@KNOWmindspring.com> wrote in message > | news:cqrm63$qq9$1@forums.macromedia.com... > | > Hi Ken, > | > > | > I think a lot of us are very surprised at how easy Flash is to reverse > | > engineer, and extract every line of code, even the formatting. I think > | this > | > is a revelation to many people. > | > > | > Without going into details, my application is fairly unique in my > | industry. > | > The biggest advantage I have now over my competitors thanks to my hidden > | ASP > | > code is the barrier to entry. It would be very difficult for someone to > | > recreate. Not so with Flash. They would have all of my important > | > algorithms, and have those "so that's how he did it" things that took me > 2 > | > years to develop. Also, defending a patient or copyright is beyond the > | > resources of most small businesses. > | > > | > I'm surprised that Flash isn't as secure as Java. I'm going to have to > | take > | > a second look at Java. > | > > | > Bob > | > > | > "Ken Fine" <kenfine@u.washington.edu> wrote in message > | > news:cqqopl$286$1@forums.macromedia.com... > | > > > | > > This is an honest response: my reaction when I hear this kind of > | question > | > is > | > > to ask what people are doing in Flash that's so original that it won't > | be > | > > protected with the usual mechanisms of copyright or patent. > | > > > | > > | > > | > | > >
Hi Ken,
Thank you Ken. I also googled "Java Decompiler" and Java has the same issue. I see now that that's just the nature of client-side stuff. Your suggestion of using a stored procedure or a COM component is an excellent one, and that's the approach I will take. That will allow me to balance having the rich controls and interaction that Flash offers, and to keep some of the calculations and image processing on the server. That will definitely work. Its not as bad as I originally thought. ;) Thanks! Bob [quoted text, click to view] "Ken Fine" <kenfine@u.washington.edu> wrote in message | That's certainly a fair concern, Bob. I'll offer one idea which may or maynews:cqrq6p$16k$1@forums.macromedia.com... | not be helpful for your needs. Consider if it's possible for the most | proprietary aspects of your application to be embedded in the logic of your | database (e.g. SQL Server stored proc) or a COM component. Depending on what | you're doing, the Flash movies could hit the propreitary "magic box" that | resides on your server for essential processing, and you would maintain a | lock on things. | | Most of us are using Flash, of course, because Flash has become what | client-side Java was promised to be. | | -KF | [quoted text, click to view] | "Robert Sorrells" <rsorrellsU@KNOWmindspring.com> wrote in message | > Hi Ken,| news:cqrm63$qq9$1@forums.macromedia.com... | > | > I think a lot of us are very surprised at how easy Flash is to reverse | > engineer, and extract every line of code, even the formatting. I think | this | > is a revelation to many people. | > | > Without going into details, my application is fairly unique in my | industry. | > The biggest advantage I have now over my competitors thanks to my hidden | ASP | > code is the barrier to entry. It would be very difficult for someone to | > recreate. Not so with Flash. They would have all of my important | > algorithms, and have those "so that's how he did it" things that took me 2 | > years to develop. Also, defending a patient or copyright is beyond the | > resources of most small businesses. | > | > I'm surprised that Flash isn't as secure as Java. I'm going to have to | take | > a second look at Java. | > | > Bob | > [quoted text, click to view] | > "Ken Fine" <kenfine@u.washington.edu> wrote in message | > >| > news:cqqopl$286$1@forums.macromedia.com... | > > This is an honest response: my reaction when I hear this kind of | question | > is | > > to ask what people are doing in Flash that's so original that it won't | be | > > protected with the usual mechanisms of copyright or patent. | > > | > | > | |
| Actually, this is possible with flash remoting and server-side
actionscript. | The problem is that there will always be a delay when a remote method is | called... Thanks Soma, Some things, such as a user dragging and moving an image around the screen, will have to be done on the client, but with most other things that I do, a 1 or 2 second delay for some actions would not be a problem for me, so this is feasible. I'll have to check out Flash Remoting and server-side actionscript. Thank you. That's very helpful. Bob
"Robert Sorrells" <rsorrellsU@KNOWmindspring.com> wrote...
8< [quoted text, click to view] > or to be able to do some > type of function calls to a server so the intellectual property can be on > the server instead of on the client's computer. Actually, this is possible with flash remoting and server-side actionscript. The problem is that there will always be a delay when a remote method is called... ..soma
another way of looking at it, one raised on flashkit already, if people
stealing swfs - such as flash games - and putting them on other websites without the owner/creator's permission. if there was a method of securing flash content it would surely be easier for developers to impliment than court proceedings based on copyright and patent. how does the COM component work? do you mean storing sections of actionscript on a server so that there are called by flash at runtime? if so, how do you stop other people being able to grab the same scripts, if they can look inside your swf and see where the information is stored and how you're calling it?
obfuscators won't really help .. you can still decompile obfuscated code.
it might just add a bit of time to those wanting to work out what your code does
Don't see what you're looking for? Try a search.
|
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
January 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |