Loading ...
Sorry, an error occurred while loading the content.

Re: [FlashLite] Re: Encrypt Flashlite

Expand Messages
  • Martin Selva
    I use SWF Protect 1.6 but you can chkout *Amayeta™ SWF Encrypt™ 5.0 too. ... I use SWF Protect 1.6 but you can chkout Amayeta™ SWF Encrypt™ 5.0 too. On
    Message 1 of 8 , Jun 8, 2008
    View Source
    • 0 Attachment
      I use SWF Protect 1.6 but you can chkout Amayeta™ SWF Encrypt™ 5.0 too.

      On Sun, Jun 8, 2008 at 11:46 PM, miuprint <miuprint@...> wrote:

      Thanks for the reply.
      My concern is the encryption. How do I protect my flashlite work from
      the decompiler?

      --- In FlashLite@yahoogroups.com, "Martin Selva" <martinselva@...> wrote:
      >
      > *>>Will "SWF Encrypt" encrypt the flashlite(swf) well? *
      > *- Yes why not.*


      > *>> Or is there any alternative I could look to.*
      > *- Is encryption your concern or the Software to encrypt?*
      >
      > On Sun, Jun 8, 2008 at 3:57 PM, miuprint <miuprint@...> wrote:
      >
      > > Will "SWF Encrypt" encrypt the flashlite(swf) well?
      > > Or is there any alternative I could look to.
      > >
      > > Thanks
      > >
      > >
      > >
      >


    • naz
      ... from ... Yeah, I was wondering about the same thing guys. Decompilers rip out your code so easily that protection from client spoofing is a serious concern
      Message 2 of 8 , Jun 8, 2008
      View Source
      • 0 Attachment
        > > Thanks for the reply.
        > > My concern is the encryption. How do I protect my flashlite work
        from
        > > the decompiler?

        Yeah, I was wondering about the same thing guys. Decompilers rip out
        your code so easily that protection from client spoofing is a serious
        concern if you're sending something like a high score from a flash
        lite game to a server.

        And no matter what encryption or hash checking you do to garble the
        data you send out (to be decrypted server-side then checked for hash
        matching), if the attacker can decompile your Flash Lite SWF and rip
        out the actionscript, he can easily duplicate your FL SWF with a fake
        one that sends out cheated high scores that will pass the server-side
        checks.

        So there, big big big concern.

        Now as far as SWF encryptors and actionscript obfuscators, almost all
        of the tools out there are meant for the browser versions of SWFs and
        not Flash lite ones.

        This being the case and with Flash Lite SWFs having subtle
        differences from their browser equivalents, would Actionscript
        obfuscators and SWF encrypters work on FL SWFs without breaking their
        functionality?

        Thanks.

        -Naz
        http://www.zengraffiti.com
        http://www.object404.com
      • d c
        we use a solution where we burn a public key into every flash file client side, for every download of the game. the score is then encrypted against this, and
        Message 3 of 8 , Jun 8, 2008
        View Source
        • 0 Attachment
          we use a solution where we burn a public key into every flash file
          client side, for every download of the game. the score is then
          encrypted against this, and decrypted against the private key server
          side. so the protocol is protected and also if any cheating happens it
          can only happen once at most.

          this does require a heavy investment in server-side flash though and
          still is not safe from brute force attacks. i heard even debian's ssh
          keys were compromised recently...

          /dc

          On Mon, Jun 9, 2008 at 3:20 PM, naz <naztafarian@...> wrote:
          >> > Thanks for the reply.
          >> > My concern is the encryption. How do I protect my flashlite work
          > from
          >> > the decompiler?
          >
          > Yeah, I was wondering about the same thing guys. Decompilers rip out
          > your code so easily that protection from client spoofing is a serious
          > concern if you're sending something like a high score from a flash
          > lite game to a server.
          >
          > And no matter what encryption or hash checking you do to garble the
          > data you send out (to be decrypted server-side then checked for hash
          > matching), if the attacker can decompile your Flash Lite SWF and rip
          > out the actionscript, he can easily duplicate your FL SWF with a fake
          > one that sends out cheated high scores that will pass the server-side
          > checks.
          >
          > So there, big big big concern.
          >
          > Now as far as SWF encryptors and actionscript obfuscators, almost all
          > of the tools out there are meant for the browser versions of SWFs and
          > not Flash lite ones.
          >
          > This being the case and with Flash Lite SWFs having subtle
          > differences from their browser equivalents, would Actionscript
          > obfuscators and SWF encrypters work on FL SWFs without breaking their
          > functionality?
          >
          > Thanks.
          >
          > -Naz
          > http://www.zengraffiti.com
          > http://www.object404.com
          >
          >
        • mhishami@gmail.com
          Tend to concur with you Sifu. Being a heavy-footed guy, it s a bit difficult to change the habit ;-) ... - original message - Subject: Re: [FlashLite] Re:
          Message 4 of 8 , Jun 9, 2008
          View Source
          • 0 Attachment
            Tend to concur with you Sifu.
            Being a heavy-footed guy, it's a bit difficult to change the habit ;-)

            --- Sent with System SEVEN

            - original message -
            Subject: Re: [FlashLite] Re: Encrypt Flashlite
            From: "d c" <lister@...>
            Date: 09/06/2008 06:49

            we use a solution where we burn a public key into every flash file
            client side, for every download of the game. the score is then
            encrypted against this, and decrypted against the private key server
            side. so the protocol is protected and also if any cheating happens it
            can only happen once at most.

            this does require a heavy investment in server-side flash though and
            still is not safe from brute force attacks. i heard even debian's ssh
            keys were compromised recently...

            /dc

            On Mon, Jun 9, 2008 at 3:20 PM, naz <naztafarian@...> wrote:
            >> > Thanks for the reply.
            >> > My concern is the encryption. How do I protect my flashlite work
            > from
            >> > the decompiler?
            >
            > Yeah, I was wondering about the same thing guys. Decompilers rip out
            > your code so easily that protection from client spoofing is a serious
            > concern if you're sending something like a high score from a flash
            > lite game to a server.
            >
            > And no matter what encryption or hash checking you do to garble the
            > data you send out (to be decrypted server-side then checked for hash
            > matching), if the attacker can decompile your Flash Lite SWF and rip
            > out the actionscript, he can easily duplicate your FL SWF with a fake
            > one that sends out cheated high scores that will pass the server-side
            > checks.
            >
            > So there, big big big concern.
            >
            > Now as far as SWF encryptors and actionscript obfuscators, almost all
            > of the tools out there are meant for the browser versions of SWFs and
            > not Flash lite ones.
            >
            > This being the case and with Flash Lite SWFs having subtle
            > differences from their browser equivalents, would Actionscript
            > obfuscators and SWF encrypters work on FL SWFs without breaking their
            > functionality?
            >
            > Thanks.
            >
            > -Naz
            > http://www.zengraffiti.com
            > http://www.object404.com
            >
            >

            ------------------------------------

            Yahoo! Groups Links
          Your message has been successfully submitted and would be delivered to recipients shortly.