[thelist] Flash Protection

John Dowdell jdowdell at macromedia.com
Fri Apr 12 19:08:01 CDT 2002 

At 7:03 AM 4/10/2, Jason Lotito wrote:
> Does anyone have any information regarding protecting flash
> from reverse engineering. Essentially, I want to prevent people
> from being able to get the flash source and action scripts
> from flash that they view on my website.

Sorry, as other folks noted, SWF is a publicly described format. We can
request that other applications not take apart certain files, but we can't
enforce it.

(It's similar to the Dmitry case, where their reader did not respect the
"don't copy" bits inside the PDF file after decryption.)

Keeping any valuable info behind your own server is still the good practice.



> We have actual games online (www.infinitecasino.com) that we have
> actually seen people place on their site.  The benefit is that the
> flash client itself is as dumb as possible, with all the actual
> game logic being handled by PHP, so the 'stealer' would still
> need to create the game logic server side, though that isn't
> difficult.

This is a different problem, then.

If most of the cost is on the server end, then there wouldn't be much to do
in the dumb interface. You could always have the Flash applet check its
_url property, or request data from a particular nearby XML file, but none
of these "where am i?" checks are unhackable.



> We have proof that they have in fact stolen the actual source
> (it has been modified.

I'm not sure how they got your source FLA file, but one thing you may
consider doing in the future is adding a *subtle* timebomb... maybe load in
another SWF whose content needs to change appropriately within the month or
else it will send erroneous data to the server, things like that.

(Rephrased, it's one thing to make something just plain not work if
misused, but if you know someone is ripping you off it may be more
effective to have them incur large expenses for doing so.)


jd





John Dowdell, Macromedia Developer Support, San Francisco CA US
Search technotes: http://www.macromedia.com/support/search/
Offlist email risks capture by the spam filters. I may not see your
email if it's not on the list. Private one-on-one email options are
available via Priority Access: http://www.macromedia.com/support/

More information about the thelist mailing list