I am currently using SendAndLoad to submit scores from my flash game to the
server's high score list. Since flash can be readily decompiled, someone could
easily discover the url and variables names that I am using and submit fake
scores.

I have already considered encrypting the values sent to the server, but this
encryption mechanism could also be discovered and faked.

Is there anyway to prevent flash from being decompiled, or at least protect
the portion that communicates with the server.

What do other people do to verify that the data they are receiving is from a
valid flash client?

If you've got Flash MX 2004 Pro you should now be able to protect your code by
building compiled components. So if you're encrypting with MD5 etc the key may
be better protected. I've just made my first one so we'll see how long it stays
protected....

I tried this, but its not working. I turned my movie clip into a compiled
clip. My library now consists of a single compiled clip and my timeline is 1
frame with one instance of this clip.

If I decompile this using Eltima's decompiler it can see everything inside my
compiled clip.

Any other ideas for protecting my action script?

Hi,

A 'compiled component' is what you need to make.

I have made it a compiled component, and it is still decompileable.

My method for converting a movie clip to a compiled component is to first use
the Component Definition menu to setup the parameters. Then I select, "Convert
to Compiled Clip". If this is not the correct way to do this, I would
appreciate some advice.

Thanks,
Jake

You can also look in the Flash Help system under 'Creating Components'. If you
are looking for a quick and easy 'How To' I don't have one for you. I've
pointed my finger to the right road, it's not the only road but it's the one I
took. Now you have to walk it on your own.

I am doing it exactly as you are suggesting and as the documentation describes.


You might want to look into the security of your own components. From my
research it seems that compiled components are just normal components that are
put into a zip-like file. It does not protect the code from decompiling.

From you earlier posts it sounds like you are still making compiled clips.....
To export a SWC file: * Select the movie clip in the Library panel and
right-click (Windows) or Control-click (Macintosh), and then select Export SWC
File.

Yes they are zip files but when I have tried to decompile the swf file in that
zip file I got an error. The decompiler I used couldn't do anything with it and
decided the swf file was corrupt. The decompiler I used worked just fine with
a normal swf..... so draw your own conclusions....

Thanks for the info on how to export the component. I wasnt doing this
correctly.

So, now I exported a SWC file. I then placed this swc file in the proper
place on my computer (HD>Applications>Flash>Configuration>Components) so it
would show up in my Components list. Then I dragged this into an empty movie
and exported this as a .swf file. I then decompiled this swf file and was able
to see all my source code.

Oh well.

I really hope Macromedia figures out a way to make the flash source code
secure from hackers. As far as I can tell its impossible to have secure
communication with a server if your source code is readable.

-Jake

Welll, there's a little more to creating components than simpy exporting a clip
as an SWC file. Try decompiling some of the SWC files that come standard with
Flash you'll then see this message a lot in ETIMA's decompiler: Error. This
tag contains erroneously written Actionscript, which cannot be decompiled.