post icon

Flash Application Security Tips

Here is some scripts that can be useful to mess with that evil person that decompiles your .swf’s and tries to copy your Flash applications. Although these won’t completly stop your enemy from getting your .fla file and using it in there own project, it can help the frustration process for them, which would lead them to just trashing your files and moving on.

First way:
use a this._url and != to your own swf file.

myURL = this._url;
if (myURL != "http://yourdomain.com/your.swf") {
 do {
  //give em an infinite loop!
 } while (true);
}

Second way:
using a infinite loop would only tell the evil doer that there is something screwy with you file (would only take about 15 seconds before displaying a message) and with any skills would probably go searching through your scripts right away. So throw them off with an interval that slows there player down like crazy.

myURL = this._url;
setInterval(slowFlashPlayer, 1);
function slowFlashPlayer() {
 for (i = 0; i < 15000; i++) {
  x = Math.random();
 }
}

Third way:
if your application uses multiple swf’s loaded into different levels, why not hide the security script in one of those levels to make the process of finding the code a little harder.

function mess() {
 clearInterval(m);
 var myURL:String = _level0._url;
 if (myURL != "http://yourdomain.com/your.swf") {
  do {
   //do the infinite loop every 3 seconds
  } while (true);
 }
 var m:Number = setInterval(mess, 3000)

}
Fourth way:
give that evil customer a real test. Create some random variables that mean nothing and hide them in different parts of your application. Then use a getDate(); and only run the statement on certain days! You could point there application to a bad site ie: porn or something similar. If they used your file for a client job they would not likely see this problem. But you can be sure the client will see it. If your not the badass type you could just point them back to your site making them scratch there head, while giving your site some publicity.

var u:String = this._url;
var s:String = "http://yourdomain.com/your.swf";
var d:Date = new Date();
var z:Number = 4;
if (d.getDate() == z) {
 if (u != s) {
  getURL("http://sendthemsomewheresweet.com"); //this could be getURL(s); for your domain
 }
}
23. Feb, 2007

No comments yet.

Leave a comment