Okay, another brick in the wall to keep you from grabbing a swf (the old joyluckclub.com peg game from flashkit again - my version 4, I upgraded flash 5 as1 to flash 8, as2
http://jimbo.us/Games/jumpPeg/index.html In the interest of transparency, here is what I've put together so far: The goal is to have the best protection possible, while maintaining: (1) - zero code obfuscation (2) - technically easy enough for a n00b++ to implement (3) - Sharing/knowing the technique does not make it weaker To this end, since so many of you last grabbed the game so quickly, I've added some noise to the Herring, and I think I nailed shut the door that Eric Priou showed us (executing the php script directly from the browser address bar). Hopefully the number of folks that can grab the game is reduced?? Here is how it's done: Container swf (game.swf) holds a Red Herring faux game to keep the --n00bs busy, and a script loaded via smoke and mirrors - logo.gif is actually logo.swf - suffix changed after compiling - Flashplayer obviously doesn't use the dot-three suffix to determine what a file holds. None of this is necessary for the system to work, but is easy, fun and does no harm. The code in logo.gif checks to see that it is being loaded onto a trusted url, and if so loads the real swf via a php script that conceals the directory location of the real swf, and prevents caching. Here is the php file that does this: <?php $data = $_GET['data']; header("Expires: Thu, 01 Jan 1970 00:00:00 GMT, -1 "); header("Cache-Control: no-cache, no-store, must-revalidate"); header("Pragma: no-cache"); $content = file_get_contents("pathToRealSwf/$data"); echo$content; ?> The only change you make to the php file is to change the 'pathToRealSwf/' to your own relative or absolute path to the directory holding the real swf. I eliminated a line in the script that typed the data as a shockwave/flash file, and removed the dot three suffix from 'rainbow.swf' - the actual file. So now, when one runs the php script from the browser window, the browser doesn't know what it is opening, and just shows the bytecode. If anyone wants the system so far, write me offlist and I will send the source files for your examination. I'll also post the system online once all the doors are closed that can be closed. It's probably premature to do this yet, there are probably more doors to close, and more bricks to add to the wall, but as we go along, anyone is welcome to what I've done so far. If you have a suggestion for making the system stronger, I'd appreciate the help. So grab this version of the game, and let me know what other doors might be closed? Thanks for kicking at my wall, jimbo _______________________________________________ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
