Thanks Ian, your ideas look promising . . .
Thanks Frederic, that's on the same vein as Mark's link to Kerckhoffs'
assumption - btw, I think I can defeat the way you found it, Frederic, with
one more layer of php . . . maybe . . . (you got to 'path' but not to
'rainbow' - hmmm)
Seems we can protect from the casual swf grabber/decompiler, but as long as
swf's are delivered in some manner to the player as one complete file, I can
prevent it from caching on the users machine, I can hide the location of the
file, but it can still be captured, even if it isn't a proper swf file when
it hits the player . . .
. . . I'll be back . . . :~)
jimbo
----- Original Message -----
From: "Ian Thomas" <[EMAIL PROTECTED]>
To: <flashcoders@chattyfig.figleaf.com>
Sent: Wednesday, July 18, 2007 9:47 AM
Subject: Re: [Flashcoders] RE: obfuscation swf !
Hm. Just a side thought on that - again, making it difficult rather
than impossible. Use the same FP9 idea - loading via a binary socket -
but instead of using Blowfish or something heavyweight to decrypt,
just split the source .swf into chunks on the server, load each chunk
seperately, reassemble and loadBytes on the client side.
Easy to get around if you know what's going on, granted. But no longer
just a case of lifting a cached file from somewhere and renaming it to
SWF. Particularly if you're clever about how the chunks are ordered.
Just a thought. :-)
Ian
On 7/18/07, Jon Bradley <[EMAIL PROTECTED]> wrote:
The most difficult method I am aware of is by using FP9 (AS3) and
Loader.loadBytes (combined with ByteArray). You could use a secured
socket connection and load binary data, decrypted through ByteArray
and a client-server handshake (say Blowfish as the encryption method
- it'll just take forever to decrypt the data).
That still won't protect you. All one needs is a packet sniffer to
get the data (including any keys or other information) and use the
SWF that loaded the data in the first place to decrypt it. It'll take
a bit longer to get the file (a long time if implemented properly)
but you can still get the file.
http://www.bytearray.org/?p=32
good luck.
- jon
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
