[Flashcoders] Obfuscation

2006-01-14 Thread will g 
Hello all,

My name is Will, and i've got an interesting question.  (or at least I
think it's interesting).  This question is about obfuscating your
action script.  I know there are software packages out there that will
rename your variables to single letter and number symbols to make the
script hard to read, and that there are programs  that will add
"logical impossibilities" to the tree structure inside the swf to make
decompilers crash...

But what i'd like to know is how to add these "logical
impossibilities" manually.  Is there a site that talks about how to do
this, or explains the structure and how it can be...  edited.

Any help is greatly appreciated.

Sincerely,


Will.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-14 Thread Adrian Lynch 
Great question! I've been meaning to find out mroe about this too.

Ade

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of will g
Sent: 14 January 2006 14:06
To: flashcoders@chattyfig.figleaf.com
Subject: [Flashcoders] Obfuscation


Hello all,

My name is Will, and i've got an interesting question.  (or at least I
think it's interesting).  This question is about obfuscating your
action script.  I know there are software packages out there that will
rename your variables to single letter and number symbols to make the
script hard to read, and that there are programs  that will add
"logical impossibilities" to the tree structure inside the swf to make
decompilers crash...

But what i'd like to know is how to add these "logical
impossibilities" manually.  Is there a site that talks about how to do
this, or explains the structure and how it can be...  edited.

Any help is greatly appreciated.

Sincerely,


Will.


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread urami_ 



will g wrote:

Hello all,

My name is Will, and i've got an interesting question.  (or at least I
think it's interesting).  This question is about obfuscating your
action script.  I know there are software packages out there that will
rename your variables to single letter and number symbols to make the
script hard to read, and that there are programs  that will add
"logical impossibilities" to the tree structure inside the swf to make
decompilers crash...

But what i'd like to know is how to add these "logical
impossibilities" manually.  Is there a site that talks about how to do
this, or explains the structure and how it can be...  edited.


All the obfuscation is dangerous and can stop your files from working.
An other techniques to prevent decompilation often result in invalid
bytecodes being put into the SWF file that just HAPPEN to work ok in
current players (but may well fail in the future).

Also note that it is impossible to protect swf from disassembly .. if it
runs, you can see the code. . period.

I did trial and encrypted a not-to-complicated example, and it does
some odd things, adding invalid tags to the file, setting incorrect
information in the swf file header etc. There is no guarantee that a SWF
like that will even run in future players.

What's worse, when I tried the encrypted version, the resultant 'secure' SWF
file did not play correctly (ie it introduced errors).

BE VERY CAREFUL WITH PRODUCTS LIKE THIS 

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread will g 
Dear urami,  thank you for your reply.  you seem to be very
knowledgeable about this subject.
If you could point me in the direction of where you have learned this
I would be forever grateful.

I am more than willing to take the risks of introducing the above
techniques into the swf file (and am probably prepared to deal with
them).

Hope you can help me and adrian out.

Will.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread will g 
A sidenote...

The reason why i'm asking about doing this manually is precisely due
to what urami mentioned.  Using software that's available causes the
file not to run properly (this swf is a bit on the long and
complicated side).  So i thought that maybe taking a manual approach
might give me more control over which techniques are used, and how...
and maybe the errors could be worked around.

I figured if someone can write a utility to do it... someone had to do
it manually first.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread bryan.rice 


On Jan 14, 2006, at 9:06 AM, will g wrote:


But what i'd like to know is how to add these "logical
impossibilities" manually.



Try Flasm.

blue skies,
bryan
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread will g 
any tutorials on doing that with flasm that you know of?
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-14 Thread GregoryN 
I've done a lot or search/research on this subject and here some
results:

1) there's no way to 100% protect your swf :-(

> --- bryan.rice wrote:
>Try Flasm.

2) Yes.
The only quite reliable way is to add bytecode that can't be generated
in Flash IDE. It doesn't have to be "logical impossibilities",
sometimes optimization with Flasm is enough to "obfuscate" the
decompiler. Besides, such optimization results in great improvemets in
performance and your knowledge too. Carefully read Flasm instructions
to start.
Unfortunately, I don't have access to all of most interesting
decompilers in which I'd like to test my "defense efforts" (first is
ASV, of course).
All I used to do in my experiments is adding some bytecode, testing
and then trying to decompile with Flare (free tool).

3) As to obfuscators themselves, I believe it's just a matter of time
to remove this from code with search/replace, if someone have a strong
desire to read your code.
Besides, if "obfuscated" and decompiled code is still working, it's not 
necessary to
make it "readable" in most cases.

4) Don't want to hurt anyone, but I'd not recommend using trial etc.
versions of obfuscation/encoding  programs .
>urami_ is right:
> All the obfuscation is dangerous and can stop your files from working.
As for me, I prefer use my own hands to have full control over my code.


It would be great to collaborate in this direction (dream :-).



-- 
Best regards,
 GregoryN

http://GOusable.com
Flash components development.
Usability services.

> --- will g wrote:
>
> But what i'd like to know is how to add these "logical
>impossibilities" manually.  Is there a site that talks about how to do
>this, or explains the structure and how it can be...  edited.


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-15 Thread John Hattan 
> From: will g [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, January 14, 2006 8:06 AM
> To: flashcoders@chattyfig.figleaf.com
> Subject: [Flashcoders] Obfuscation
> 
> Hello all,
> 
> My name is Will, and i've got an interesting question.  (or 
> at least I think it's interesting).  This question is about 
> obfuscating your action script.  I know there are software 
> packages out there that will rename your variables to single 
> letter and number symbols to make the script hard to read, 
> and that there are programs  that will add "logical 
> impossibilities" to the tree structure inside the swf to make 
> decompilers crash...
> 
> But what i'd like to know is how to add these "logical 
> impossibilities" manually.  Is there a site that talks about 
> how to do this, or explains the structure and how it can 
> be...  edited.
> 
> Any help is greatly appreciated.

I reviewed an SWF obfuscator a while back.

http://www.gamedev.net/features/reviews/productreview.asp?productid=565

 ---
John Hattan
The Code Zone - Sweet Software for a Saturnine World
www.thecodezone.com

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-15 Thread Sam Wootton 
Hello,

I am using the FileReference class to upload an image to a PHP script, nice
and simple.

In my PHP script i have:

$userfile= $_FILE['Filedata']['tmp_name'];

Which, should get the file.  But are there any other parameters in the _FILE
array i can access, because in a normal upload from an HTML form i can use:

$userfile_name= $HTTP_POST_FILES["userfile"]["name"];
$userfile_size= $HTTP_POST_FILES["userfile"]["size"];
$userfile_type= $HTTP_POST_FILES["userfile"]["type"];
$userfile_error= $HTTP_POST_FILES["userfile"]["error"];

Can i use these when using the FileReference class?

Another quick question:

Is it possible to send additional variables along with the FileReference
object?

Thanks for your help, it is very much appreciated.

Regards, Sam

On 15/01/06, John Hattan <[EMAIL PROTECTED]> wrote:
>
> > From: will g [mailto:[EMAIL PROTECTED]
> > Sent: Saturday, January 14, 2006 8:06 AM
> > To: flashcoders@chattyfig.figleaf.com
> > Subject: [Flashcoders] Obfuscation
> >
> > Hello all,
> >
> > My name is Will, and i've got an interesting question.  (or
> > at least I think it's interesting).  This question is about
> > obfuscating your action script.  I know there are software
> > packages out there that will rename your variables to single
> > letter and number symbols to make the script hard to read,
> > and that there are programs  that will add "logical
> > impossibilities" to the tree structure inside the swf to make
> > decompilers crash...
> >
> > But what i'd like to know is how to add these "logical
> > impossibilities" manually.  Is there a site that talks about
> > how to do this, or explains the structure and how it can
> > be...  edited.
> >
> > Any help is greatly appreciated.
>
> I reviewed an SWF obfuscator a while back.
>
> http://www.gamedev.net/features/reviews/productreview.asp?productid=565
>
> ---
> John Hattan
> The Code Zone - Sweet Software for a Saturnine World
> www.thecodezone.com
>
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-15 Thread bryan.rice 


On Jan 15, 2006, at 8:26 AM, Sam Wootton wrote:

Is it possible to send additional variables along with the  
FileReference

object?



I have not found a way to do it through the file POST itself, but you  
can add a query string to the URL of your file upload script.


fileupload.php?yourVar=yourValue

And then access it from that location with your script.  Not perfect,  
but gets you part way there.


blue skies,
bryan
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-15 Thread Sam Wootton 
Yeah, thanks, was just working on that - saw it posted on a forum
somewhere.  Your help is much appreciated.



On 15/01/06, bryan.rice <[EMAIL PROTECTED]> wrote:
>
>
> On Jan 15, 2006, at 8:26 AM, Sam Wootton wrote:
>
> > Is it possible to send additional variables along with the
> > FileReference
> > object?
>
>
> I have not found a way to do it through the file POST itself, but you
> can add a query string to the URL of your file upload script.
>
> fileupload.php?yourVar=yourValue
>
> And then access it from that location with your script.  Not perfect,
> but gets you part way there.
>
> blue skies,
> bryan
> ___
> Flashcoders mailing list
> Flashcoders@chattyfig.figleaf.com
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-15 Thread Scott Hyndman 
> 1) there's no way to 100% protect your swf :-(

There's no 100% to protecting anything...nothing to be sad-faced about, it's 
just the way it is. The objective in security is to have any attacker jump 
through hoops to reach his goal. If these hoops are too numerous, or too high 
off the ground, or on fire...or something...he won't bother. The cost of 
success will outweigh the benefit.
 
Scott
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-15 Thread GregoryN 
> --- Scott Hyndman wrote:
>> 1) there's no way to 100% protect your swf :-(
> There's no 100% to protecting anything...nothing to be sad-faced about, it's 
> just the way it is. The
> objective in security is to have any attacker jump through hoops to reach his 
> goal. If these hoops are too
> numerous, or too high off the ground, or on fire...or something...he won't 
> bother. The cost of success
> will outweigh the benefit.

Can't agree more (and thanks for moral support). :-)
Some problem is that we're building/raising these hoops manually, but
ASV is jumping through them with computer-aid...
  

-- 
Best regards,
 GregoryN

http://GOusable.com
Flash components development.
Usability services.


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-15 Thread will g 
allright boys and girls.  i've come back baring news.

first and foremost.  i agree obscurity is not security.  therefore... 
hoops will have to be a distant second best.

second... read below.

http://www.gotoandplay.it/_articles/2004/04/swfProtection.php

if anyone has any further coherent information or personal experience
with obfuscating by hand (ie not using someone else's software)...  i
would be more then happy to hear from you.  once i actually achieve
any results i will report back.

i'm benchmarking against asv and sothink 2005 build 5.whatever.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread zwetan 
>
> if anyone has any further coherent information or personal experience
> with obfuscating by hand (ie not using someone else's software)...  i
> would be more then happy to hear from you.  once i actually achieve
> any results i will report back.
>
> i'm benchmarking against asv and sothink 2005 build 5.whatever.


One thing that people don't consider is that
You don't need to obfuscate if people can not access the SWF
In the first place


1) use SSL + prevent caching in the HTTP header
   -> no SWF in the browser cache

or

2) instead of pointing to foobar.swf in the Object/Embed tag
   point to getBinary.php /getBinary.asp / whatever
   + prevent caching in the HTTP header
   -> no SWF in the browser cache


It's complicated to put in place, but the result is
No SWF in the browser cache to decompile

2) off course is still not 100% safe against people being able
to detect a SWF stream with a HTTP sniffer

but the solution 1) well.. almost unbeatable

zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-16 Thread Steve Webster 

zwetan,


if anyone has any further coherent information or personal experience
with obfuscating by hand (ie not using someone else's software)...  i
would be more then happy to hear from you.  once i actually achieve
any results i will report back.

i'm benchmarking against asv and sothink 2005 build 5.whatever.



One thing that people don't consider is that
You don't need to obfuscate if people can not access the SWF
In the first place


1) use SSL + prevent caching in the HTTP header
   -> no SWF in the browser cache

or

2) instead of pointing to foobar.swf in the Object/Embed tag
   point to getBinary.php /getBinary.asp / whatever
   + prevent caching in the HTTP header
   -> no SWF in the browser cache


It's complicated to put in place, but the result is
No SWF in the browser cache to decompile

2) off course is still not 100% safe against people being able
to detect a SWF stream with a HTTP sniffer

but the solution 1) well.. almost unbeatable


Neither of your 'solutions' is even remotely unbeatable. I can get  
around both of them with the wget command-line tool, which is a  
standard install on most flavours of linux. There are others that do  
the same thing, and any download accelerator program for Windows will  
also be able to download the file.


Obfuscation is the only way to protect your code, and even then I  
wouldn't consider it 'almost unbeatable'.


--
Steve Webster
Head of Development

Featurecreep Ltd.
www.featurecreep.com
14 Orchard Street, Bristol, BS1 5EH
0117 905 5047


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread zwetan 
>
> Neither of your 'solutions' is even remotely unbeatable. I can get
> around both of them with the wget command-line tool, which is a
> standard install on most flavours of linux. There are others that do
> the same thing, and any download accelerator program for Windows will
> also be able to download the file.
>

I can block wget with just JavaScript ;)

http://www.gnu.org/software/wget/faq.html#3.6

" Wget doesn't feature JavaScript support and is not capable of performing
recursive retrieval of URLs included in JavaScript code.

In fact, it is impossible to extract URLs from JavaScript by merely parsing
it. Web clients need to actually execute it, and Wget can't do that since
it's not a GUI browser. "


> Obfuscation is the only way to protect your code, and even then I
> wouldn't consider it 'almost unbeatable'.
>

I still think obfuscation is not the only way...


zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-16 Thread Steve Webster 

Hi zwetan,


Neither of your 'solutions' is even remotely unbeatable. I can get
around both of them with the wget command-line tool, which is a
standard install on most flavours of linux. There are others that do
the same thing, and any download accelerator program for Windows will
also be able to download the file.



I can block wget with just JavaScript ;)


Fair enough, but then you also block all your regular visitors who  
have JavaScript disabled from accessing your SWF file. Anyway,  
ultimately the swf file will be loaded from somewhere (via physical  
file or script) and I can just point wget at that file instead.  
Safari's Activity window will show me all URLs loaded as part of the  
page, so I just just copy it from there.



Obfuscation is the only way to protect your code, and even then I
wouldn't consider it 'almost unbeatable'.


I still think obfuscation is not the only way...


I think we'll probably have to agree to disagree here. Since the  
Flash file *has* to be downloaded to the client for playback, it can  
be downloaded to the client for de-compiling.


I wouldn't normally mind people protecting their own stuff using the  
methods you described, but when you're advising others it's important  
to make sure the advice you're giving out is sound. Either that, or  
tell people of the potential problems with your solution rather than  
just saying that it's 'almost unbeatable'.


Sorry if I sound confrontational, but security is a bugbear of mine.

--
Steve Webster
Head of Development

Featurecreep Ltd.
www.featurecreep.com
14 Orchard Street, Bristol, BS1 5EH
0117 905 5047


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-16 Thread Nathan Derksen 
1) Create a web page of your own with a regular link pointing to  
the .swf file.

2) Right-click, save as...
3) Profit!

Proxy sniffers are also easy to come by, easy to use, and give you  
the option to save any of the files locally.


Nathan
http://www.nathanderksen.com


On Jan 16, 2006, at 2:21 AM, zwetan wrote:



if anyone has any further coherent information or personal experience
with obfuscating by hand (ie not using someone else's software)...  i
would be more then happy to hear from you.  once i actually achieve
any results i will report back.

i'm benchmarking against asv and sothink 2005 build 5.whatever.



One thing that people don't consider is that
You don't need to obfuscate if people can not access the SWF
In the first place


1) use SSL + prevent caching in the HTTP header
   -> no SWF in the browser cache

or

2) instead of pointing to foobar.swf in the Object/Embed tag
   point to getBinary.php /getBinary.asp / whatever
   + prevent caching in the HTTP header
   -> no SWF in the browser cache


It's complicated to put in place, but the result is
No SWF in the browser cache to decompile

2) off course is still not 100% safe against people being able
to detect a SWF stream with a HTTP sniffer

but the solution 1) well.. almost unbeatable

zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-16 Thread GregoryN 
> - zwetan wrote:
> I still think obfuscation is not the only way...

Also, SWF in a web page isn't the only one to protect...

IMO, protecting something with the aid of server-side of any kind is
quite different subject.  And main question there is about file
storage, headers, cache etc rather than AS or SWF bytecode itself.

Yes, using some server-side solution can beat 90% of amateur
"thieves". But, as mentioned above, it's only about web page.
  

-- 
Best regards,
 GregoryN

http://GOusable.com
Flash components development.
Usability services.


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread Dave Watts 
> " Wget doesn't feature JavaScript support and is not capable 
> of performing recursive retrieval of URLs included in JavaScript 
> code.
> 
> In fact, it is impossible to extract URLs from JavaScript by 
> merely parsing it. Web clients need to actually execute it, 
> and Wget can't do that since it's not a GUI browser. "

While this is true for wget, there are engines that will execute Javascript
to extract URLs, then fetch those URLs. Texis' Webinator does this. It's
also relatively easy to do this using Windows Script functionality. I ended
up writing scripts for exactly this purpose - to fetch Javascript URLs.

In addition, as others have mentioned, it's very easy to capture anything
through a proxy. SSL doesn't prevent this, either. 

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread zwetan 

protecting something is all about making hard to access

so imho anything that can make a SWF hard to get is good

so to make a big answer to everyone point by point

Gregory wrote:
> Yes, using some server-side solution can beat 90% of amateur
> "thieves". But, as mentioned above, it's only about web page.
>

As obfuscation can beat 90% of amateur "joe-user-using-a-decompiler"

But not the 10% rest of user who gonna either be motivated or skilled
enougth to unobfuscate the code...


steve wrote:
> Fair enough, but then you also block all your regular visitors who have
> JavaScript disabled from accessing your SWF file.

For me someone who does not want to execute JavaScript also does not
want to execute plugins

and how many users gonna do that ? like 0,001% ?


> Anyway, ultimately the swf file will be loaded from somewhere
> (via physical file or script) and I can just point wget at that file
> instead.

That can be obfuscated too


Nathan wrote:
> Proxy sniffers are also easy to come by, easy to use, and give you
> the option to save any of the files locally.

Yes, for you
Not everybody find a sniffer that easy to use, or even would have the idea
to use one just because they didn't even know that something like that
exists


Dave wrote:
> While this is true for wget, there are engines that will execute
> Javascript to extract URLs, then fetch those URLs. Texis' Webinator
> does this. It's also relatively easy to do this using Windows Script
> functionality. I ended up writing scripts for exactly this purpose - to
> fetch Javascript URLs.

Yes ok, but are you considering yourself as a lambda user ?
I think not :)


> In addition, as others have mentioned, it's very easy to capture
> anything through a proxy. SSL doesn't prevent this, either.

Yes I know that, others people on this list know that,
But are lambda users know that or have the skill to do that ?



Protecting something is all about numbers

a) foobar.swf
   no protection, no obfuscation, nothing
   accessible in the browser cache

b) how many % of users will just know that they can
decompile the SWF with some tools as ASV or others ?

c) how many % users will want so bad the source code of the SWF to
actually buy the tool to decompile it ?

d) add obfuscation
   how many % of users will be motivated and skilled enougth
   to reverse the obfuscation ?

e) add SSL + prevent SWF caching
   how many % users will be motivated and skilled enougth
   to set up and use a proxy and/or a HTTP sniffer ?

etc.

the more you add, the more you reduce the % of users
who will actually go all the trouble to get the SWF, decompile it, etc.

you will never obtain 100% code protection
but if the goal is to protect the code with "tricks"
any tricks are good, even the dumb one as renaming
extensions *.swf to *.gif

and honestly I was just mentioning another trick, no more

zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread Dave Watts 
> Yes I know that, others people on this list know that, But 
> are lambda users know that or have the skill to do that ?

I'm not familiar with the phrase "lambda user", so I can only presume it
means a non-technical user. But are those the people who you're concerned
about? I think it's worthwhile to mention that you might have different
goals and expectations with regard to obfuscation than others might. My
point was simply that you can't guarantee that your Flash code can't be
reverse-engineered. If you're willing to accept that limitation, you might
want to implement all the things you mentioned. But that's still a very big
limitation. There are certain things that, for security reasons, you simply
wouldn't want to do within your Flash code for this reason - shopping cart
engine functionality comes to mind. You wouldn't want your server-side
application to blindly accept inputs from Flash for obvious reasons.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/

Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-16 Thread Nicolas Cannasse 

Protecting something is all about numbers

a) foobar.swf
   no protection, no obfuscation, nothing
   accessible in the browser cache

b) how many % of users will just know that they can
decompile the SWF with some tools as ASV or others ?

c) how many % users will want so bad the source code of the SWF to
actually buy the tool to decompile it ?

d) add obfuscation
   how many % of users will be motivated and skilled enougth
   to reverse the obfuscation ?

e) add SSL + prevent SWF caching
   how many % users will be motivated and skilled enougth
   to set up and use a proxy and/or a HTTP sniffer ?


Personaly I think that if someone can bypass the obfuscation, (not "jump 
tricks" but *real* obfuscation by variable renaming/hashing - see 
http://tech.motion-twin.com/obfu ) then there is no need for additional 
protections because the user is motivated enough to bypass them as well.


I think that you need to protect from two things :
a) internal attacks, by obfuscating the SWF
b) external attacks, by obfuscating the protocol
This is not *real* security - it should just be called "tricks" to get 
rid of people without enough free time or technical background.


Nicolas
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread zwetan 
>
> I'm not familiar with the phrase "lambda user", so I can only presume it
> means a non-technical user.

Yes indeed

> But are those the people who you're concerned about?
> I think it's worthwhile to mention that you might have different
> goals and expectations with regard to obfuscation than others might. My
> point was simply that you can't guarantee that your Flash code can't be
> reverse-engineered.

I don't think I said something different with
"you will never obtain 100% code protection"

Here for example a goal you can not reach with obfuscation:
- you have an online game in flash
  Goal: you want to avoid to have your SWF copied all around on different
site

Here the obfuscation will be not really usefull


> If you're willing to accept that limitation, you might
> want to implement all the things you mentioned.
> But that's still a very big limitation.
> There are certain things that, for security reasons, you
> simply wouldn't want to do within your Flash code for this reason -
> shopping cart engine functionality comes to mind.
> You wouldn't want your server-side application to blindly accept
> inputs from Flash for obvious reasons.
>

Humm but this is a different thing

You got the "security" of the source code, the SWF, etc...

And

You got the security of your application

And this, the SWF being accessible or not,
Being decompiled or not
You can secure it using data encryption

Dumb exemple:
User login on his shopping cart
The flash can have a MD5 Function to hash
its password before sending it to the server
etc.

an external "attacker" can access as much as he want the
MD5 hash function code, this will not break the security
of the hash.

The weakness in a hash function is the hash function algorithm itself,
Not the fact that you can access its implementation in code.

( and yes I know MD5 is broken, and few others too, cf
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html )

zwetan




___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

RE: [Flashcoders] Obfuscation

2006-01-16 Thread zwetan 
>
> Personaly I think that if someone can bypass the obfuscation, (not "jump
> tricks" but *real* obfuscation by variable renaming/hashing - see
> http://tech.motion-twin.com/obfu ) then there is no need for additional
> protections because the user is motivated enough to bypass them as well.
>

Yes but who knows in which order the user gonna
try to bypass the protection(s) ?


> I think that you need to protect from two things :
> a) internal attacks, by obfuscating the SWF
> b) external attacks, by obfuscating the protocol
> This is not *real* security - it should just be called "tricks" to get
> rid of people without enough free time or technical background.
>

Yep


And to get back on topic here a little list of papers for these kind of
"tricks"

- JAurora
  http://wwwhome.cs.utwente.nl/~oord/
  see the paper
  "Stealthy obfuscation techniques misleading the pirates"

- Gleb's Naumovich's publications
  http://cis.poly.edu/gnaumovi/publications.html
  some interesting papers as
  "Obfuscation of Design Intent in Object-Oriented Applications"
  "Preventing Piracy, Reverse Engineering, and Tampering"

- Christian Collberg, Clark Thomborson, Douglas Low

http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson
Low98a/
  "Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs"


zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: [Flashcoders] Obfuscation

2006-01-17 Thread Latcho 

common' man-> firefox->page-info->media->whatever.swf -> save as

One thing that people don't consider is that
You don't need to obfuscate if people can not access the SWF
In the first place


1) use SSL + prevent caching in the HTTP header
   -> no SWF in the browser cache

or

2) instead of pointing to foobar.swf in the Object/Embed tag
   point to getBinary.php /getBinary.asp / whatever
   + prevent caching in the HTTP header
   -> no SWF in the browser cache


It's complicated to put in place, but the result is
No SWF in the browser cache to decompile

2) off course is still not 100% safe against people being able
to detect a SWF stream with a HTTP sniffer

but the solution 1) well.. almost unbeatable

zwetan



___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

  


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

[Flashcoders] obfuscation swf !

2006-05-07 Thread [EMAIL PROTECTED] 
Is there any good way or method for obfuscation a Flash file so that swf
works fine after obfuscation and also prevent any one to understand the
code easily . Few common softwares for obfuscation are just not that good
as swf stops working after using them . Of if not obfuscation is there any
other method to prevent swf to be decompiled to fla . help will be really
appreciate . 

Thx 

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jim Berkey 
If the viewer cannot get your swf, they cannot decompile it: 
http://jimbo.us/swf_protect/


- Original Message - 
From: "Bart Wttewaall" <[EMAIL PROTECTED]>

To: "Flashcoders mailing list" 
Sent: Sunday, May 07, 2006 8:10 AM
Subject: Re: [Flashcoders] obfuscation swf !


http://www.amayeta.com/software/swfencrypt/
This doesn't obfuscate, but really encrypt your swf's. I've tried
every swf decoder I could find to check if it works, and it does. All
you get is rubbish when decompiling.

2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:

Is there any good way or method for obfuscation a Flash file so that swf
works fine after obfuscation and also prevent any one to understand the
code easily . Few common softwares for obfuscation are just not that good
as swf stops working after using them . Of if not obfuscation is there any
other method to prevent swf to be decompiled to fla . help will be really
appreciate .

Thx

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2007-07-17 Thread Eric Priou 

Isn't all the swf content in that url ?
http://jimbo.us/Games/mahJongg/advert.php?data=content

so :
$ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content
$ mv advert.php?data=content ad.swf
$ swfdump -a ad.swf

Interesting content.
Is this trick so hard to find ?
Le 17 juil. 07 à 18:06, Jim Berkey a écrit :

If the viewer cannot get your swf, they cannot decompile it: http:// 
jimbo.us/swf_protect/


- Original Message - From: "Bart Wttewaall"  
<[EMAIL PROTECTED]>

To: "Flashcoders mailing list" 
Sent: Sunday, May 07, 2006 8:10 AM
Subject: Re: [Flashcoders] obfuscation swf !


http://www.amayeta.com/software/swfencrypt/
This doesn't obfuscate, but really encrypt your swf's. I've tried
every swf decoder I could find to check if it works, and it does. All
you get is rubbish when decompiling.

2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
Is there any good way or method for obfuscation a Flash file so  
that swf
works fine after obfuscation and also prevent any one to  
understand the
code easily . Few common softwares for obfuscation are just not  
that good
as swf stops working after using them . Of if not obfuscation is  
there any
other method to prevent swf to be decompiled to fla . help will be  
really

appreciate .

Thx

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


---
Eric Priou aka erixtekila
Dev notes : http://www.v-i-a.net/inprogress
Oregano XMLSocket server forum : http://www.v-i-a.net/forum


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2007-07-17 Thread Sunil Jolly 
Yeah - looks like it to me!

And what's with all the secrecy about the technique? :)

Sunil

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Priou
Sent: 17 July 2007 17:26
To: flashcoders@chattyfig.figleaf.com
Subject: Re: [Flashcoders] obfuscation swf !

Isn't all the swf content in that url ?
http://jimbo.us/Games/mahJongg/advert.php?data=content

so :
$ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content
$ mv advert.php?data=content ad.swf
$ swfdump -a ad.swf

Interesting content.
Is this trick so hard to find ?
Le 17 juil. 07 à 18:06, Jim Berkey a écrit :

> If the viewer cannot get your swf, they cannot decompile it: http:// 
> jimbo.us/swf_protect/
>
> - Original Message - From: "Bart Wttewaall"  
> <[EMAIL PROTECTED]>
> To: "Flashcoders mailing list" 
> Sent: Sunday, May 07, 2006 8:10 AM
> Subject: Re: [Flashcoders] obfuscation swf !
>
>
> http://www.amayeta.com/software/swfencrypt/
> This doesn't obfuscate, but really encrypt your swf's. I've tried
> every swf decoder I could find to check if it works, and it does. All
> you get is rubbish when decompiling.
>
> 2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>> Is there any good way or method for obfuscation a Flash file so  
>> that swf
>> works fine after obfuscation and also prevent any one to  
>> understand the
>> code easily . Few common softwares for obfuscation are just not  
>> that good
>> as swf stops working after using them . Of if not obfuscation is  
>> there any
>> other method to prevent swf to be decompiled to fla . help will be  
>> really
>> appreciate .
>>
>> Thx
>>
>> Max
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2007-07-17 Thread Frederic Caron 
(eval("_root.shad_" + (numbc - 49) + "._visible") == true && numbc 
>= 118 && numbc <= 123 && (eval("_root.shad_" + (numbc - 50) + "._visible") == 
false || eval("_root.shad_" + (numbc - 48) + "._visible") == false))
{
tellTarget("_root.br_" + (numbc - 49))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numb - 29) + "._visible") == true && numb >= 
124 && numb <= 127 && (eval("_root.shad_" + (numb - 30) + "._visible") == false 
|| eval("_root.shad_" + (numb - 28) + "._visible") == false))
{
tellTarget("_root.br_" + (numb - 29))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numbc - 29) + "._visible") == true && numbc 
>= 124 && numbc <= 127 && (eval("_root.shad_" + (numbc - 30) + "._visible") == 
false || eval("_root.shad_" + (numbc - 28) + "._visible") == false))
{
tellTarget("_root.br_" + (numbc - 29))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numb - 27) + "._visible") == true && numb >= 
128 && numb <= 131 && (eval("_root.shad_" + (numb - 28) + "._visible") == false 
|| eval("_root.shad_" + (numb - 26) + "._visible") == false))
{
tellTarget("_root.br_" + (numb - 27))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numbc - 27) + "._visible") == true && numbc 
>= 128 && numbc <= 131 && (eval("_root.shad_" + (numbc - 28) + "._visible") == 
false || eval("_root.shad_" + (numbc - 26) + "._visible") == false))
{
tellTarget("_root.br_" + (numbc - 27))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numb - 25) + "._visible") == true && numb >= 
132 && numb <= 135 && (eval("_root.shad_" + (numb - 26) + "._visible") == false 
|| eval("_root.shad_" + (numb - 24) + "._visible") == false))
{
tellTarget("_root.br_" + (numb - 25))
    {
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numbc - 25) + "._visible") == true && numbc 
>= 132 && numbc <= 135 && (eval("_root.shad_" + (numbc - 26) + "._visible") == 
false || eval("_root.shad_" + (numbc - 24) + "._visible") == false))
{
tellTarget("_root.br_" + (numbc - 25))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
    } // end if
if (eval("_root.shad_" + (numb - 23) + "._visible") == true && numb >= 
136 && numb <= 139 && (eval("_root.shad_" + (numb - 24) + "._visible") == false 
|| eval("_root.shad_" + (numb - 22) + "._visible") == false))
{
tellTarget("_root.br_" + (numb - 23))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if (eval("_root.shad_" + (numbc - 23) + "._visible") == true && numbc 
>= 136 && numbc <= 139 && (eval("_root.shad_" + (numbc - 24) + "._visible") == 
false || eval("_root.shad_" + (numbc - 22) + "._visible") == false))
{
tellTarget("_root.br_" + (numbc - 23))
{
enable = true;
gotoAndStop(2);
} // End of TellTarget
} // end if
if ((numb == 140 || numbc == 140) && (_root.shad_128._visible == false 
|| _root.shad_130._visible == false))
{
tellTarget("_root.br_129")
{
if (_root.shad_129._visible == true)
{
enable = true;
gotoAndStop(2);

RE: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jesse Graupmann 
"Check it out, and see if you can 'steal' this game - it is yours for the
taking:"

Instead of "Alert!" you should have wrote, "Congrats! This game is yours!"


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frederic
Caron
Sent: Tuesday, July 17, 2007 9:32 AM
To: flashcoders@chattyfig.figleaf.com
Subject: RE: [Flashcoders] obfuscation swf !

I've just save as and uncompile .. I don't get where's the revolution? 

"message = "Alert! This movie\'s copyrights are being infringed! A message
is being sent to the author that you have copied his work. \nOffending
website path: " + _url;"

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jim Berkey 
Instead of answering every note that claims to have 'taken' the game, don't 
write a note - prove it -


You do not have the game, you have a nearly empty container file :) You have 
the game? Congrats - upload it to your site and show us!


jimbo

- Original Message - 
From: "Jesse Graupmann" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, July 17, 2007 12:46 PM
Subject: RE: [Flashcoders] obfuscation swf !



"Check it out, and see if you can 'steal' this game - it is yours for the
taking:"

Instead of "Alert!" you should have wrote, "Congrats! This game is yours!"


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frederic
Caron
Sent: Tuesday, July 17, 2007 9:32 AM
To: flashcoders@chattyfig.figleaf.com
Subject: RE: [Flashcoders] obfuscation swf !

I've just save as and uncompile .. I don't get where's the revolution?

"message = "Alert! This movie\'s copyrights are being infringed! A message
is being sent to the author that you have copied his work. \nOffending
website path: " + _url;"

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jim Berkey 
So you are telling me that the game content is ad.swf? I don't think so . . 
.
- Original Message - 
From: "Eric Priou" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, July 17, 2007 12:26 PM
Subject: Re: [Flashcoders] obfuscation swf !


Isn't all the swf content in that url ?
http://jimbo.us/Games/mahJongg/advert.php?data=content

so :
$ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content
$ mv advert.php?data=content ad.swf
$ swfdump -a ad.swf

Interesting content.
Is this trick so hard to find ?
Le 17 juil. 07 à 18:06, Jim Berkey a écrit :

If the viewer cannot get your swf, they cannot decompile it: http:// 
jimbo.us/swf_protect/


- Original Message - From: "Bart Wttewaall" 
<[EMAIL PROTECTED]>

To: "Flashcoders mailing list" 
Sent: Sunday, May 07, 2006 8:10 AM
Subject: Re: [Flashcoders] obfuscation swf !


http://www.amayeta.com/software/swfencrypt/
This doesn't obfuscate, but really encrypt your swf's. I've tried
every swf decoder I could find to check if it works, and it does. All
you get is rubbish when decompiling.

2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:

Is there any good way or method for obfuscation a Flash file so  that swf
works fine after obfuscation and also prevent any one to  understand the
code easily . Few common softwares for obfuscation are just not  that 
good
as swf stops working after using them . Of if not obfuscation is  there 
any
other method to prevent swf to be decompiled to fla . help will be 
really

appreciate .

Thx

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


---
Eric Priou aka erixtekila
Dev notes : http://www.v-i-a.net/inprogress
Oregano XMLSocket server forum : http://www.v-i-a.net/forum


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2007-07-17 Thread Frederic Caron 
Why don't you explain us what's the technique, cause for me that isn't a game 
anyways that's only weird blocs.

- F  

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jim Berkey
Envoyé : July 17, 2007 1:21 PM
À : flashcoders@chattyfig.figleaf.com
Objet : Re: [Flashcoders] obfuscation swf !

Instead of answering every note that claims to have 'taken' the game, don't 
write a note - prove it -

You do not have the game, you have a nearly empty container file :) You have 
the game? Congrats - upload it to your site and show us!

jimbo

- Original Message - 
From: "Jesse Graupmann" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, July 17, 2007 12:46 PM
Subject: RE: [Flashcoders] obfuscation swf !


> "Check it out, and see if you can 'steal' this game - it is yours for the
> taking:"
>
> Instead of "Alert!" you should have wrote, "Congrats! This game is yours!"
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Frederic
> Caron
> Sent: Tuesday, July 17, 2007 9:32 AM
> To: flashcoders@chattyfig.figleaf.com
> Subject: RE: [Flashcoders] obfuscation swf !
>
> I've just save as and uncompile .. I don't get where's the revolution?
>
> "message = "Alert! This movie\'s copyrights are being infringed! A message
> is being sent to the author that you have copied his work. \nOffending
> website path: " + _url;"
>
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2007-07-17 Thread Mark Winterhalder 

On 7/17/07, Jim Berkey <[EMAIL PROTECTED]> wrote:

So you are telling me that the game content is ad.swf? I don't think so . .




7 minutes. Sorry.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2006-05-07 Thread Bart Wttewaall 

http://www.amayeta.com/software/swfencrypt/
This doesn't obfuscate, but really encrypt your swf's. I've tried
every swf decoder I could find to check if it works, and it does. All
you get is rubbish when decompiling.

2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:

Is there any good way or method for obfuscation a Flash file so that swf
works fine after obfuscation and also prevent any one to understand the
code easily . Few common softwares for obfuscation are just not that good
as swf stops working after using them . Of if not obfuscation is there any
other method to prevent swf to be decompiled to fla . help will be really
appreciate .

Thx

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2006-05-07 Thread jim 
I've used SWFEncrypt a couple of times and it works ok.

Jim

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 07 May 2006 12:10
To: flashcoders@chattyfig.figleaf.com
Subject: [Flashcoders] obfuscation swf !

Is there any good way or method for obfuscation a Flash file so that swf
works fine after obfuscation and also prevent any one to understand the
code easily . Few common softwares for obfuscation are just not that good
as swf stops working after using them . Of if not obfuscation is there any
other method to prevent swf to be decompiled to fla . help will be really
appreciate . 

Thx 

Max




mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2006-05-08 Thread John Hattan 
I wrote up a review here.

http://www.gamedev.net/features/reviews/productreview.asp?categoryid=35&prod
uctid=565

A couple of the commentors talked about how it's absolute crap, but I
haven't yet found a SWF-decryptor that can bring the encrypted SWF back to
something resembling its original form.

I probably should've embedded some hidden source-code and challenged the
naysayers to present it to me :) 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Bart Wttewaall
> Sent: Sunday, May 07, 2006 7:10 AM
> To: Flashcoders mailing list
> Subject: Re: [Flashcoders] obfuscation swf !
> 
> http://www.amayeta.com/software/swfencrypt/
> This doesn't obfuscate, but really encrypt your swf's. I've 
> tried every swf decoder I could find to check if it works, 
> and it does. All you get is rubbish when decompiling.
> 
> 2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> > Is there any good way or method for obfuscation a Flash 
> file so that 
> > swf works fine after obfuscation and also prevent any one to 
> > understand the code easily . Few common softwares for 
> obfuscation are 
> > just not that good as swf stops working after using them . 
> Of if not 
> > obfuscation is there any other method to prevent swf to be 
> decompiled 
> > to fla . help will be really appreciate .
> >
> > Thx
> >
> > Max
> >
> >
> >
> > 
> > mail2web - Check your email from the web at http://mail2web.com/ .
> >
> >
> > ___
> > Flashcoders@chattyfig.figleaf.com
> > To change your subscription options or search the archive:
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >
> > Brought to you by Fig Leaf Software
> > Premier Authorized Adobe Consulting and Training
> > http://www.figleaf.com
> > http://training.figleaf.com
> >
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> 
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
> 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2006-05-08 Thread Burak KALAYCI 

Hi John,

I wouldn't say SWF Encrypt is absolute crap - though it took just minutes 
for us to bypass their initial 3.0 version.


As per requests from our customers, we have been deliberately not bypassing 
it (but we gave no promises).


Recently, it turned out it broke some of our applications (namely UAE and 
ASR) because our software does not preserve the tag order when saving a SWF 
file and the obfuscation moves real actionscript bytecode to other tags. We 
had to move the scripts back and though we didn't add even a single line of 
code to bypass the obfuscation, it turned out some of the scripts can now be 
decompiled. I'm sure SWF Encrypt guys can fix this quickly (or they already 
may have) because we are not actively trying to bypass the obfuscation.


Current release version of ASR can show the script in fish_secure.swf, with 
the right options selected. We will have the same option with the ASV update 
(as it also uses the same decompiler engine), which will be released in 10 
days (We hope to have it released by ASVs 6th anniversary - May 16).


I'd agree that SWF Encrypt is currently a good choice.. But, one must not 
depend on it too much.


Also, I'd suggest identifier renaming ( like 
http://www.genable.com/asolite.html ) in addition to any other obfuscation, 
as it will be non-reversible even in theory. It may require more work and 
care but I think it's worth it.


Best regards,
Burak
www.asvguy.com

Burak KALAYCI, Manitu Group
http://www.buraks.com
http://www.manitugroup.com


- Original Message - 
From: "John Hattan" <[EMAIL PROTECTED]>

To: "'Flashcoders mailing list'" 
Sent: Monday, May 08, 2006 18:36 PM
Subject: RE: [Flashcoders] obfuscation swf !



I wrote up a review here.

http://www.gamedev.net/features/reviews/productreview.asp?categoryid=35&prod
uctid=565

A couple of the commentors talked about how it's absolute crap, but I
haven't yet found a SWF-decryptor that can bring the encrypted SWF back to
something resembling its original form.

I probably should've embedded some hidden source-code and challenged the
naysayers to present it to me :)



___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2006-05-08 Thread [EMAIL PROTECTED] 
We tried all these but it breaks our swf app .

Max

Original Message:
-
From: John Hattan [EMAIL PROTECTED]
Date: Mon, 8 May 2006 10:36:26 -0500
To: flashcoders@chattyfig.figleaf.com
Subject: RE: [Flashcoders] obfuscation swf !


I wrote up a review here.

http://www.gamedev.net/features/reviews/productreview.asp?categoryid=35ͧ
9;
uctid=565

A couple of the commentors talked about how it's absolute crap, but I
haven't yet found a SWF-decryptor that can bring the encrypted SWF back to
something resembling its original form.

I probably should've embedded some hidden source-code and challenged the
naysayers to present it to me :) 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Bart Wttewaall
> Sent: Sunday, May 07, 2006 7:10 AM
> To: Flashcoders mailing list
> Subject: Re: [Flashcoders] obfuscation swf !
> 
> http://www.amayeta.com/software/swfencrypt/
> This doesn't obfuscate, but really encrypt your swf's. I've 
> tried every swf decoder I could find to check if it works, 
> and it does. All you get is rubbish when decompiling.
> 
> 2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> > Is there any good way or method for obfuscation a Flash 
> file so that 
> > swf works fine after obfuscation and also prevent any one to 
> > understand the code easily . Few common softwares for 
> obfuscation are 
> > just not that good as swf stops working after using them . 
> Of if not 
> > obfuscation is there any other method to prevent swf to be 
> decompiled 
> > to fla . help will be really appreciate .
> >
> > Thx
> >
> > Max
> >
> >
> >
> > 
> > mail2web - Check your email from the web at http://mail2web.com/ .
> >
> >
> > ___
> > Flashcoders@chattyfig.figleaf.com
> > To change your subscription options or search the archive:
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >
> > Brought to you by Fig Leaf Software
> > Premier Authorized Adobe Consulting and Training
> > http://www.figleaf.com
> > http://training.figleaf.com
> >
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> 
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
> 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com



mail2web - Check your email from the web at
http://mail2web.com/ .


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] obfuscation swf !

2006-05-09 Thread John Hattan 
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Burak KALAYCI
> Sent: Monday, May 08, 2006 11:57 AM
> To: Flashcoders mailing list
> Subject: Re: [Flashcoders] obfuscation swf !
> 
> Hi John,
> 
> I wouldn't say SWF Encrypt is absolute crap - though it took 
> just minutes for us to bypass their initial 3.0 version.
> 
> As per requests from our customers, we have been deliberately 
> not bypassing it (but we gave no promises).
> 
> Recently, it turned out it broke some of our applications 
> (namely UAE and
> ASR) because our software does not preserve the tag order 
> when saving a SWF file and the obfuscation moves real 
> actionscript bytecode to other tags. We had to move the 
> scripts back and though we didn't add even a single line of 
> code to bypass the obfuscation, it turned out some of the 
> scripts can now be decompiled. I'm sure SWF Encrypt guys can 
> fix this quickly (or they already may have) because we are 
> not actively trying to bypass the obfuscation.
> 
> Current release version of ASR can show the script in 
> fish_secure.swf, with the right options selected. We will 
> have the same option with the ASV update (as it also uses the 
> same decompiler engine), which will be released in 10 days 
> (We hope to have it released by ASVs 6th anniversary - May 16).
> 
> I'd agree that SWF Encrypt is currently a good choice.. But, 
> one must not depend on it too much.
> 
> Also, I'd suggest identifier renaming ( like 
> http://www.genable.com/asolite.html ) in addition to any 
> other obfuscation, as it will be non-reversible even in 
> theory. It may require more work and care but I think it's worth it.

Big thanks for the info. I've heard loads of FUD about flash encryption
versus decompilers, but very little real information.

---
John Hattan
[EMAIL PROTECTED]
Gamedev.net - more 1's and 0's than you can shake a stick at 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2006-05-09 Thread Andy Bueler 

Hi,

is there a way to protect flash components?
Unfortunalty encrypting breaks the components, but is there a tool
to at least obfuscation them?

Kind Regards,
Andy

On 5/10/06, John Hattan <[EMAIL PROTECTED]> wrote:


> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Burak KALAYCI
> Sent: Monday, May 08, 2006 11:57 AM
> To: Flashcoders mailing list
> Subject: Re: [Flashcoders] obfuscation swf !
>
> Hi John,
>
> I wouldn't say SWF Encrypt is absolute crap - though it took
> just minutes for us to bypass their initial 3.0 version.
>
> As per requests from our customers, we have been deliberately
> not bypassing it (but we gave no promises).
>
> Recently, it turned out it broke some of our applications
> (namely UAE and
> ASR) because our software does not preserve the tag order
> when saving a SWF file and the obfuscation moves real
> actionscript bytecode to other tags. We had to move the
> scripts back and though we didn't add even a single line of
> code to bypass the obfuscation, it turned out some of the
> scripts can now be decompiled. I'm sure SWF Encrypt guys can
> fix this quickly (or they already may have) because we are
> not actively trying to bypass the obfuscation.
>
> Current release version of ASR can show the script in
> fish_secure.swf, with the right options selected. We will
> have the same option with the ASV update (as it also uses the
> same decompiler engine), which will be released in 10 days
> (We hope to have it released by ASVs 6th anniversary - May 16).
>
> I'd agree that SWF Encrypt is currently a good choice.. But,
> one must not depend on it too much.
>
> Also, I'd suggest identifier renaming ( like
> http://www.genable.com/asolite.html ) in addition to any
> other obfuscation, as it will be non-reversible even in
> theory. It may require more work and care but I think it's worth it.

Big thanks for the info. I've heard loads of FUD about flash encryption
versus decompilers, but very little real information.

---
John Hattan
[EMAIL PROTECTED]
Gamedev.net - more 1's and 0's than you can shake a stick at

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2006-05-10 Thread GregoryN 
Andy,

What kind of encryption have you tried?
I use bytecode manipulations (Flare+manually). Some tricks, indeed,
break the component (v.2), but others work OK.

I don't think it depends on what your component does, rather the
encrypting technique itself.
  

-- 
Best regards,
 GregoryN

http://GOusable.com
Flash components development.
Usability services.

> - Andy Bueler   wrote:
> 
> Hi,
> is there a way to protect flash components?
> Unfortunalty encrypting breaks the components, but is there a tool
> to at least obfuscation them?
> Kind Regards,
> Andy


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] obfuscation swf !

2006-05-16 Thread Andy Bueler 

Hi Gregory,

sorry for the late reply. I have tried SWF Encrypt from Amayeta.
I can really recommend it for swf encryption but as I wrote before,
it breaks v2 components.

Kind Regards,
Andy

On 5/11/06, GregoryN <[EMAIL PROTECTED]> wrote:


Andy,

What kind of encryption have you tried?
I use bytecode manipulations (Flare+manually). Some tricks, indeed,
break the component (v.2), but others work OK.

I don't think it depends on what your component does, rather the
encrypting technique itself.


--
Best regards,
GregoryN

http://GOusable.com
Flash components development.
Usability services.

> - Andy Bueler   wrote:
>
> Hi,
> is there a way to protect flash components?
> Unfortunalty encrypting breaks the components, but is there a tool
> to at least obfuscation them?
> Kind Regards,
> Andy


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread R�kos Attila 

Well, just for you:

http://www.tengerstudio.com/public/mahjong/

It took no more than 5-10 minutes :)

  Attila

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From:Jim Berkey <[EMAIL PROTECTED]>
To:  flashcoders@chattyfig.figleaf.com 
Date:Tuesday, July 17, 2007, 7:21:17 PM
Subject: [Flashcoders] obfuscation swf !
--===--
Instead of answering every note that claims to have 'taken' the game, don't 
write a note - prove it -

You do not have the game, you have a nearly empty container file :) You have 
the game? Congrats - upload it to your site and show us!

jimbo

- Original Message - 
From: "Jesse Graupmann" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, July 17, 2007 12:46 PM
Subject: RE: [Flashcoders] obfuscation swf !


> "Check it out, and see if you can 'steal' this game - it is yours for the
> taking:"
>
> Instead of "Alert!" you should have wrote, "Congrats! This game is yours!"
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Frederic
> Caron
> Sent: Tuesday, July 17, 2007 9:32 AM
> To: flashcoders@chattyfig.figleaf.com
> Subject: RE: [Flashcoders] obfuscation swf !
>
> I've just save as and uncompile .. I don't get where's the revolution?
>
> "message = "Alert! This movie\'s copyrights are being infringed! A message
> is being sent to the author that you have copied his work. \nOffending
> website path: " + _url;"
>
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re[4]: [Flashcoders] obfuscation swf !

2007-07-17 Thread R�kos Attila 

Frederic and Sunil already got your game - the little modification to
jump over the URL checking and upload to a different site is nothing :)

  Attila

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From:Jim Berkey <[EMAIL PROTECTED]>
To:  flashcoders@chattyfig.figleaf.com 
Date:Tuesday, July 17, 2007, 8:05:07 PM
Subject: [Flashcoders] obfuscation swf !
--===--
Congratulations, I obviously have more holes to plug, my methods are no 
good. I will continue trying . . .

jimbo
- Original Message - 
From: "Rákos Attila" <[EMAIL PROTECTED]>
To: "Jim Berkey" 
Sent: Tuesday, July 17, 2007 1:48 PM
Subject: Re[2]: [Flashcoders] obfuscation swf !


>
> Well, just for you:
>
> http://www.tengerstudio.com/public/mahjong/
>
> It took no more than 5-10 minutes :)
>
>  Attila
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> From:Jim Berkey <[EMAIL PROTECTED]>
> To:  flashcoders@chattyfig.figleaf.com 
> 
> Date:Tuesday, July 17, 2007, 7:21:17 PM
> Subject: [Flashcoders] obfuscation swf !
> --===--
> Instead of answering every note that claims to have 'taken' the game, 
> don't
> write a note - prove it -
>
> You do not have the game, you have a nearly empty container file :) You 
> have
> the game? Congrats - upload it to your site and show us!
>
> jimbo
>
> - Original Message - 
> From: "Jesse Graupmann" <[EMAIL PROTECTED]>
> To: 
> Sent: Tuesday, July 17, 2007 12:46 PM
> Subject: RE: [Flashcoders] obfuscation swf !
>
>
>> "Check it out, and see if you can 'steal' this game - it is yours for the
>> taking:"
>>
>> Instead of "Alert!" you should have wrote, "Congrats! This game is 
>> yours!"
>>
>>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Frederic
>> Caron
>> Sent: Tuesday, July 17, 2007 9:32 AM
>> To: flashcoders@chattyfig.figleaf.com
>> Subject: RE: [Flashcoders] obfuscation swf !
>>
>> I've just save as and uncompile .. I don't get where's the revolution?
>>
>> "message = "Alert! This movie\'s copyrights are being infringed! A 
>> message
>> is being sent to the author that you have copied his work. \nOffending
>> website path: " + _url;"
>>
>> ___
>> Flashcoders@chattyfig.figleaf.com
>> To change your subscription options or search the archive:
>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>>
>> Brought to you by Fig Leaf Software
>> Premier Authorized Adobe Consulting and Training
>> http://www.figleaf.com
>> http://training.figleaf.com
>
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] Obfuscation... Was: SWF Decompilers

2005-10-29 Thread JOR 

I had an idea.  Not sure if it's a good one.

Flash is pretty good with optimizing all local var names to shorter ones 
like _1 and _2 which does make decompiled code a bit tougher to read.


What if I took it just a step further and in one or two of my main 
classes I added something like this:


/**
 * Fake function to deter decompiling
 * Function not actually used by class.
 **/
public var handleComputations () {
  // Maybe 10 or 20 lines of nonsensical but compileable
  // code using the local vars so that variable
  // names appear to be used inside this function but
  // this function isn't actually ever called by the class.
  // Maybe use uncommon routines with some bit shifts
  // and complex mathmatical equations to make it look scary.
}

Overall it might make the swf 1KB or so bigger but might be worth it if 
it added a frustrating day or two to a decompiler especially if they 
don't figure out right away that the function is never called.


Any thoughts?

JOR


___
===  James O'Reilly
===
===  SynergyMedia, Inc.
===  www.synergymedia.net




Mike Duguid wrote:

yep still works

On 10/28/05, Gregory <[EMAIL PROTECTED]> wrote:




Question:
BTW, anyone knows if __bytecode__() is supported in Flash 8 (I'm still
using MX 2004 Pro)?





___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Re: Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jim Berkey 
Congratulations, I obviously have more holes to plug, my methods are no 
good. I will continue trying . . .


jimbo
- Original Message - 
From: "Rákos Attila" <[EMAIL PROTECTED]>

To: "Jim Berkey" 
Sent: Tuesday, July 17, 2007 1:48 PM
Subject: Re[2]: [Flashcoders] obfuscation swf !




Well, just for you:

http://www.tengerstudio.com/public/mahjong/

It took no more than 5-10 minutes :)

 Attila

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From:Jim Berkey <[EMAIL PROTECTED]>
To:  flashcoders@chattyfig.figleaf.com 


Date:Tuesday, July 17, 2007, 7:21:17 PM
Subject: [Flashcoders] obfuscation swf !
--===--
Instead of answering every note that claims to have 'taken' the game, 
don't

write a note - prove it -

You do not have the game, you have a nearly empty container file :) You 
have

the game? Congrats - upload it to your site and show us!

jimbo

- Original Message - 
From: "Jesse Graupmann" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, July 17, 2007 12:46 PM
Subject: RE: [Flashcoders] obfuscation swf !



"Check it out, and see if you can 'steal' this game - it is yours for the
taking:"

Instead of "Alert!" you should have wrote, "Congrats! This game is 
yours!"



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frederic
Caron
Sent: Tuesday, July 17, 2007 9:32 AM
To: flashcoders@chattyfig.figleaf.com
Subject: RE: [Flashcoders] obfuscation swf !

I've just save as and uncompile .. I don't get where's the revolution?

"message = "Alert! This movie\'s copyrights are being infringed! A 
message

is being sent to the author that you have copied his work. \nOffending
website path: " + _url;"

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread Frederic Caron 
Download the FLA here 

http://www.the-flash-files.com/download/game.fla


-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Rákos Attila
Envoyé : July 17, 2007 1:48 PM
À : Jim Berkey
Objet : Re[2]: [Flashcoders] obfuscation swf !


Well, just for you:

http://www.tengerstudio.com/public/mahjong/

It took no more than 5-10 minutes :)

  Attila

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From:Jim Berkey <[EMAIL PROTECTED]>
To:  flashcoders@chattyfig.figleaf.com 
Date:Tuesday, July 17, 2007, 7:21:17 PM
Subject: [Flashcoders] obfuscation swf !
--===--
Instead of answering every note that claims to have 'taken' the game, don't 
write a note - prove it -

You do not have the game, you have a nearly empty container file :) You have 
the game? Congrats - upload it to your site and show us!

jimbo

- Original Message - 
From: "Jesse Graupmann" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, July 17, 2007 12:46 PM
Subject: RE: [Flashcoders] obfuscation swf !


> "Check it out, and see if you can 'steal' this game - it is yours for the
> taking:"
>
> Instead of "Alert!" you should have wrote, "Congrats! This game is yours!"
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Frederic
> Caron
> Sent: Tuesday, July 17, 2007 9:32 AM
> To: flashcoders@chattyfig.figleaf.com
> Subject: RE: [Flashcoders] obfuscation swf !
>
> I've just save as and uncompile .. I don't get where's the revolution?
>
> "message = "Alert! This movie\'s copyrights are being infringed! A message
> is being sent to the author that you have copied his work. \nOffending
> website path: " + _url;"
>
> ___
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread Jon Bradley 

On Jul 17, 2007, at 2:05 PM, Jim Berkey wrote:

Congratulations, I obviously have more holes to plug, my methods  
are no good. I will continue trying . . .


You can't do it Jim - there aren't any holes to plug.

It's just technically impossible.

cheers,

- Jon

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread Dave Burnett 

Now his failure is complete.

- D. Vader


From: "Frederic Caron" <[EMAIL PROTECTED]>
Reply-To: flashcoders@chattyfig.figleaf.com
To: 
Subject: RE: Re[2]: [Flashcoders] obfuscation swf !
Date: Tue, 17 Jul 2007 14:05:41 -0400

Download the FLA here 

http://www.the-flash-files.com/download/game.fla


_
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: Re[2]: [Flashcoders] obfuscation swf !

2007-07-17 Thread Mark Winterhalder 

On 7/17/07, Jon Bradley <[EMAIL PROTECTED]> wrote:

You can't do it Jim - there aren't any holes to plug.

It's just technically impossible.


Agreed, it is impossible to defend an attack by somebody determined
and competent. But that doesn't mean it can't be made very difficult,
especially with the new VM. You could push it to the point where it
would take so much effort that it's just not worth it for the usual
cheater or guy who steals random Flash games.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

[Flashcoders] obfuscation swf, and client demands

2007-07-18 Thread Alan MacDougall 
There's a constant demand for SWF obfuscation -- any good application, 
especially things like standalone games, is a ripe target for theft and 
rebranding. *cough ebaumsworld cough* And business clients are often 
afraid of plagiarism by real or imagined rivals: if they didn't want to 
be the first and the fanciest, they wouldn't be hiring us, right?


Personally, I figure that if someone copies directly, it's obvious, and 
does them no credit; if they borrow ideas or even code concepts, good: a 
fellow programmer or designer is learning from my work. But clients 
don't always think that way -- and we have to keep them happy -- so this 
avenue of experiment is valuable and important. We always have to tell 
the client that absolute protection is impossible... but we can also 
tell them that we've put plenty of obstacles down. Code-hiders and 
code-crackers, play on!


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com