The only method I can think of that might do what you're looking for is to have some of the actual code work on the server. So for example you'd do something that has a fundamental effect in the game, but you make its code run on your server instead of on the client and just return the result (not that different from making a multiplayer game with server-side scripting and a dumb client).
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Jim Berkey > Sent: 23 July 2007 15:44 > To: Rákos Attila; [email protected] > Subject: Re: [Flashcoders] swf obfuscation - new challenge > > Thank you Rákos, > > I see now how one can get the data from Fiddler, I got it > quite easily without knowing or seeing the location of the > file online, just saving the response was enough. > > Of course, now with Amaral's input on the php file, it is > easily readable, so the location can be easily found. > > more work, . . . I must move outside another box somehow. > > Thanks, > jimbo > > ----- Original Message ----- > From: "Rákos Attila" <[EMAIL PROTECTED]> > To: "Jim Berkey" <[email protected]> > Sent: Monday, July 23, 2007 9:49 AM > Subject: Re: [Flashcoders] swf obfuscation - new challenge > > > > > > http://www.tengerstudio.com/public/jumppeg2/ > > > > That was not harder than previous ones :) I think you are going on a > > wrong way - hiding the real games source URL and preventing the user > > from downloading is simply impossible. If I use some kind > of a traffic > > monitoring stuff everything is visible (personally I use > Fiddler - not > > for cracking Flash games :) just for debugging my applications). > > > > Attila > > > > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =-=-=-=-=-=-=-=-= > > From: Jim Berkey <[EMAIL PROTECTED]> > > To: Flashcoders mailing list > <[email protected]> > > Date: Monday, July 23, 2007, 1:50:09 PM > > Subject: [Flashcoders] swf obfuscation - new challenge > > > --====----====----====----====----====----====----====----==== > ----====----===-- > > Okay, another brick in the wall to keep you from grabbing a > swf (the old > > joyluckclub.com peg game from flashkit again - my version > 4, I upgraded > > flash 5 as1 to flash 8, as2 > > > > http://jimbo.us/Games/jumpPeg/index.html > > > > In the interest of transparency, here is what I've put > together so far: > > > > The goal is to have the best protection possible, while maintaining: > > (1) - zero code obfuscation > > (2) - technically easy enough for a n00b++ to implement > > (3) - Sharing/knowing the technique does not make it weaker > > > > To this end, since so many of you last grabbed the game so > quickly, I've > > added some noise to the Herring, and I think I nailed shut > the door that > > Eric Priou showed us (executing the php script directly > from the browser > > address bar). Hopefully the number of folks that can grab > the game is > > reduced?? > > > > Here is how it's done: > > > > Container swf (game.swf) holds a Red Herring faux game to > keep the --n00bs > > busy, and a script loaded via smoke and mirrors - logo.gif > is actually > > logo.swf - suffix changed after compiling - Flashplayer > obviously doesn't > > use the dot-three suffix to determine what a file holds. > None of this is > > necessary for the system to work, but is easy, fun and does no harm. > > > > The code in logo.gif checks to see that it is being loaded > onto a trusted > > url, and if so loads the real swf via a php script that > conceals the > > directory location of the real swf, and prevents caching. > Here is the php > > file that does this: > > > > <?php > > $data = $_GET['data']; > > header("Expires: Thu, 01 Jan 1970 00:00:00 GMT, -1 "); > > header("Cache-Control: no-cache, no-store, must-revalidate"); > > header("Pragma: no-cache"); > > $content = file_get_contents("pathToRealSwf/$data"); > > echo$content; > > ?> > > > > The only change you make to the php file is to change the > 'pathToRealSwf/' > > to your own relative or absolute path to the directory > holding the real > > swf. I eliminated a line in the script that typed the data as a > > shockwave/flash file, and removed the dot three suffix from > > 'rainbow.swf' - the actual file. So now, when one runs the > php script from > > the browser window, the browser doesn't know what it is > opening, and just > > shows the bytecode. > > > > If anyone wants the system so far, write me offlist and I > will send the > > source files for your examination. I'll also post the > system online once > > all the doors are closed that can be closed. It's probably > premature to do > > this yet, there are probably more doors to close, and more > bricks to add > > to the wall, but as we go along, anyone is welcome to what > I've done so > > far. If you have a suggestion for making the system stronger, I'd > > appreciate the help. > > > > So grab this version of the game, and let me know what > other doors might > > be closed? > > > > Thanks for kicking at my wall, > > jimbo > > _______________________________________________ > > [email protected] > > To change your subscription options or search the archive: > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > > Brought to you by Fig Leaf Software > > Premier Authorized Adobe Consulting and Training > > http://www.figleaf.com > > http://training.figleaf.com > > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =-=-=-=-=-=-=-=-= > > > > _______________________________________________ > > [email protected] > > To change your subscription options or search the archive: > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > > Brought to you by Fig Leaf Software > > Premier Authorized Adobe Consulting and Training > > http://www.figleaf.com > > http://training.figleaf.com > > _______________________________________________ > [email protected] > To change your subscription options or search the archive: > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > Brought to you by Fig Leaf Software > Premier Authorized Adobe Consulting and Training > http://www.figleaf.com > http://training.figleaf.com > > _______________________________________________ [email protected] To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
