Unusual question: Flash security? Best practices?

12 posts

Flag Post

So I finished reading the flash game programming for dummies book and have a few questions about the nature of flash and some best practices questions.

What exactly then is a swf file? In the book it says it is a compressed fla file. but if that is the case what is to stop someone from downloading my swf from kongregate, uncompressing it and opening it up changing the credits and selling the game as theirs? I hope that swf is actually more of an executable (like .exe) where the code is compiled and you can’t really go back to the original. (Trust me reverse engineering from executables is not fun.)

As well the for dummies book showed me how to make little external class files (I guess these are ActionScript classes?) and then I can call them from inside the fla. I like that idea so I can create a generic object type that excends the movieclip object (I think it was movieclip anyways) and have all my physics and functions and what not in there. (and then adjust the instance variables if I am creating a space game, car game, boat game etc..)

Now I am thinking about trying to create things in 3d. The book mentioned that there is some support for layer depth and z values, but it seems like most flash games are 2d. I was thinking about making a 3d pong/table tennis game. Using the layering depths and geometry to simulate 3d. Is this even possible? is there a game on Kongregate that is even sorta 3d?

Finally, I do have an idea on how to simulate 3d lighting effects. But the for dummies book only mentioned a few paragraphs on movieclip objects with multiple states (a ship with thrusters, and left right thrusters), and there is info on rotating a movie clip. Aside from having a bit more info about the actual animating of a movie clip, Is there a way I can dynamically resize a movie clip? (so.. if I can rotate, resize, and give it multiple states.. that’s 3D)

 
Flag Post

There are flash decompilers around. I’ve never tried using one so I don’t know how good they are.

Class files are great. I usually end up with 20 odd classes by the time I’ve finished a decent sized game. Makes coding so much neater and easier to get around compared to coding on frames or MovieClips themselves.

Quasi 3d is easy enough to do with a mixture of scale and depth management. I’ve actually seen pong games done like this before, but don’t have any links sorry.
I don’t know what version of AS you’re using, but as3 makes this sorta stuff easier. The depth management in as3 is much better than as2.
In as2 you use _xscale, _yscale and _rotation for that stuff, or in as3 scaleX, scaleY and rotation. Or, look in the flash help files about a movieclip’s transformation.matrix property. You can really get stuck into that if you can get your head around matrix maths.
Of course that sort of rotation is only 2d. Any sort of ‘roll’ that you want your stuff to be able to do will have to be done with different frames of the MovieClip.

 
Flag Post

Thanks Moonkey, Btw.. I will defeat your Hexiom game. (onto 30 now..)

So, SWF would then seem to be a compiled FLA file. That is good. The fact that there are decomplilers sucks, but I would have to expect that such things would exist. Atleast I can take solice in the fact that I know reverse engineering a compiled app is often more trouble then it is worth.

Is matrix transforms only available in AS3? or is it in AS2? I was planning on coding in Flash 8 with AS2.. but I guess I can look at AS3. (It will depend on when the Kong boys get done with the AS3 highscore and challenge api.) I think matrix transforms can do all of it. It will just come down to performance and my ability to handle brain aneurisms. (I did ‘pass’ my 2nd year Matrix course.. and I do have people who can help me on graphics..)

So are there any good 3d games on kong that I can look at? (to figure out the angles and such) I figure I would do calculations bouncing a ball in a virtual cube with a light at -5,-5 and just inside the screen. What I plan on doing is have various frames in the movie clip from being lit in the centre (the ball is at 0,0 and the back of the cube) to the side of the ball. (the ball is right up front) From there it is a bit of SOHCAHTOA to figure out the _rotation. The problem for me is figuring out how to draw the cube the ball will bounce in (angles), and figuring out the percentage of size reduction (which would be the _xscale, _yscale values?) ….. HHmm.. if I keep the percentages linear.. and DON’T draw a cube….. Nah, I think atleast it would be good to visually have that info.. atleast at first.

I’m thinking about a stage size 640,480 (which actually the dummies book never said how to set those values.. I’m sure I can.. I’ll look it up online later) the cube would be 480,480,480 which would give me 160,480 to play with on the side for scores, tips, pictures of naked llamas, whatever.

 
Flag Post

The transform stuff is available in both as2 and as3.
With your lighting, I’d suggest also looking at transform.colorTransform. With that you can set multipliers and offsets for the rgba in your movieclip. It won’t be able to help with making the light look like its coming from a different angle, but you can use it for the intensity/distance of the light.

In general if you’re going for a perspective look, you can just divide the x/y distance from the center of the screen by the depth. You apply that principle to _x and _y values as well as just dividing the _xscale and _yscale of the movieclip by the depth. As long as you aren’t wanting to have a turning camera, it should just be that simple.

 
Flag Post

There are flash decompilers around. I’ve never tried using one so I don’t know how good they are.

I routinely use a decompiler in my work as a professional Flash developer making Web applications. Sometimes we will be missing the source code for a particular project (aaarrggh!) so I will need to decomplile a .swf file and look at the code. The one I use is called SoThink Swf Decompiler, and just for kicks I decided to test it on one of my games (P.O.D.) to see just how good it worked on large, complex files.

It turns out that the decompiler did get all of my code, although it screws up the formatting and it ends up changing a lot of variable names. Unfortunately also, the decompiler effectively doubles the library size by creating a ton of unnecessary symbols and eliminates any organization and naming of library items. The code re-compiled with no errors, but the formatting was awful. One thing it did well however was re-create all of the external .as class files I use in the project. In the end, the game re-compiled and played like normal, but actually a few graphics were missing, so it wasn’t quite 100%.

Also, I think it would be difficult to make any meaningful changes to the game based on decompiled code, unless you really put a lot of effort to it, although it would be quite easy for me to decompile a game and change the credits text… although that seems unlikely to happen much.

If you’re trying to protect your .swfs from being decompiled, then you’ve got to encrypt it somehow, or try to compile it to a true .exe using an application like Zinc. Because the .swf architecture is open and because Flash AS is an interpreted language (it does not compile to machine code), it’s relatively easy for people to hack, if they have a mind for it.

 
Flag Post

Apparently swf files are easily decompilable, pretty much back into the original code.

You can do one of two things:

  1. (1) Encrypt. This relies on flexibility of the bytecode interpreter. There are several of these available. I’ve not used any of them but essentially they are in an arms-race with the decompilers, so your data won’t be fully protected for long.
  2. (2) Obfuscate (and booby-trap the code, so it can’t be trivially altered). Basically the variables all get renamed to random garbage. This is good; because information is thrown away it can’t be recovered. However, it doesn’t protect the other assets.

See this site about Actionscript Obfuscator. I’ve tried out the free version, and it works with a few wobbles. The commercial version isn’t that expensive ($85 USD), I’m planning to get this.

 
Flag Post

Whoa quadruple?

The problem with SWF is that it is an open format. And also, it is not compiled into a native machine code, but to bytecode. So that makes it 10 times easier. So ultimately, there is no foolproof way of protecting your code unfortunately. So your best bet really is

1) Make it really hard to read the code.
2) Decoys
3) And try your best to make its hard to decompile and put together. Have different classes, put your resources in external files. Create extra dependencies.
4) Its also possible to make your swf run ONLY on a particular domain. This means that stopping short of hacking the code, they wouldn’t be able to run it on their computer, nor their own domain. Of course, this may backfire, sooo you may not want to do this.

Just my 2p

 
Flag Post

Fixed the quadruple. Caimbul, ArcaneCoder is working on AS3 api support for us right now — I expect that’ll be done before you finish this game.

 
Flag Post

Righto, Thanks Moonkey, and Indi. (Indi! We named the dog Indi!)
Lysis and Dazzer.

Actually Dazzer, that was what I was thinking about next. I am thinking about figuring out a way so that the game will only run in a window on the kongregate.com site.. Of course I expect that there will likely be problems depending on which browser the player is using.

and Thanks Emily, I guess I’ll go straight to AS3 then. Does Kongregate support encrypting swf files? (I assume that would mean you guys would spend more cpu time) It’s too bad there is no two way communication between the swf files and Kongregate. (I’m still hoping for a save game API, so I won’t lose my scores everytime I use a different computer)

 
Flag Post

Ben did quite a bit of work on a saved game API a while back but we ended up abandoning it because there were a lot of problematic corner cases, particularly if we were having server problems. We decided that unless we could make it as or more reliable than using Flash shared object that it would cause problems for more people than it would help for now. We haven’t given up hope on it yet though.

 
Flag Post

In my experience, encryption is the best way to go. Another easy step but one that can prove useful is the “protect from import” option under your publish settings. Apperently some decompilers will have to type in the password you set because they “import” the file. I’m not sure if it works for all decompilers though. Another route is to set up the game to only run on your website, though if an advanced coder see’s that part of the file when the decompile it… the can remove it. But you never know!
I will respond later with a link to a tutorial on how to make the game run on a specific website or sites. (Can’t find it in my favorites! Gahhh)
~Matt

 
Flag Post

How do you site-lock a game? Is there some way to getUrl then
if url ! www.kongregate.com {
goToAndStop(“stolenNotice”);}

Might that work? Yes, I am an ActionScript 2 beginner.