I recently came across another commercial intellectual property protection tool for the Flash platform. I realize it has been a while since I reviewed one of these tools, so it's time to see how much the field has evolved, if at all.
The AssetProtector is designed to protect your external assets, like images, music, and XML files, by encryption. Your Flash application will need to use a special loader, an extension of the Loader Class, to load and decrypt the protected assets at runtime. This tool may be useful for game developers, who wish to prevent others from stealing their graphics or modifying the game files.
The AssetProtector contains three separate entities - 1) the Protector Machine, an offline encryption tool that works on your external assets; 2) the Asset Loader, a dummy SWC library that allows you to interact with the special loader via actionscript; and 3) the Protector Agent, an SWF file that you will need to deploy along with your main SWF and encrypted assets. It is obvious that the Protector Agent is the heart of this intellectual property protection scheme as it contains that actual implementation of the special loader class. The main task, therefore, is to understand how the Protector Agent works.
Monday, October 24, 2011
Monday, May 2, 2011
Mochicrypt Secret Sauce Revisit
I was reviewing this blog the other day when I discover that the most popular post of all time is the article on Mochicrypt. I find this quite surprising. First of all, most Mochicrypt-protected games are available for free, so are people really so annoyed by the ads that they must find a way to decrypt the games? Second, the Mochicrypt encryption mechanism is really rather simple, it's a puzzle why the internet isn't already flooded with Mochicrypt decryption tools.
In any case, I have decided to release a simple script to help with the process. Simply compile the following script as an Adobe AIR project and you got yourself a Mochicrypt decryption tool. Now head on to mochimedia.com, download your favorite game, and extract the main SWF file from the zip package. Run the decryption tool and you are done!
In any case, I have decided to release a simple script to help with the process. Simply compile the following script as an Adobe AIR project and you got yourself a Mochicrypt decryption tool. Now head on to mochimedia.com, download your favorite game, and extract the main SWF file from the zip package. Run the decryption tool and you are done!
Labels:
Mochicrypt
Monday, April 18, 2011
Deactivate Zarqon Active License Control
Today, we tackle yet another commercial licensing system for Flash applications by reviewing the Zarqon Active License Control System from Futurescale.
While the name Zarqon may be unfamiliar to most developers, anyone who has spent some time in the field of RIA development should recognize the name Futurescale. This is the company that gave us the wildly popular and incredibly powerful PureMVC framework. PureMVC is a highly mature product and is used by developers from all over the world. The original codebase has been ported to many languages, including AS2, AS3, Java, Javascript, HaXe, C#, Coldfusion, and PHP.
The Zarqon Active License System is different from the other systems that we have reviewed by the fact that the server components (nothing more than a collection of encrypted license files) are hosted on your own Amazon S3 account. There is no server logic involved in the licensing system. The advantage is that you have complete control over your data servers and that you only have to pay Futurescale a one-time fee to purchase the licensing system.
It should be pointed out that the Zarqon licensing system is not dependent on the PureMVC framework. Yet given the fact that it is developed by the same folks at Futurescale, can we expect the same performance and reliability from Zarqon as we do from PureMVC?
While the name Zarqon may be unfamiliar to most developers, anyone who has spent some time in the field of RIA development should recognize the name Futurescale. This is the company that gave us the wildly popular and incredibly powerful PureMVC framework. PureMVC is a highly mature product and is used by developers from all over the world. The original codebase has been ported to many languages, including AS2, AS3, Java, Javascript, HaXe, C#, Coldfusion, and PHP.
The Zarqon Active License System is different from the other systems that we have reviewed by the fact that the server components (nothing more than a collection of encrypted license files) are hosted on your own Amazon S3 account. There is no server logic involved in the licensing system. The advantage is that you have complete control over your data servers and that you only have to pay Futurescale a one-time fee to purchase the licensing system.
It should be pointed out that the Zarqon licensing system is not dependent on the PureMVC framework. Yet given the fact that it is developed by the same folks at Futurescale, can we expect the same performance and reliability from Zarqon as we do from PureMVC?
Labels:
Zarqon
Thursday, April 7, 2011
Taking Adobe InMarket Out
Adobe InMarket is a brand new Adobe AIR application distribution and monetization service from Adobe. Developers can publish and manage their applications in multiple app stores through the InMarket Portal for free (for now). Adobe takes care of credit card processing, hosting, and marketing, in exchange for 30% of the sales revenue.
By far coolest aspect of Adobe InMarket is its shockingly simple licensing API. The integration process is as simple as downloading the licensing.swc and adding five lines of code into your application.
Here is an example from the InMarket documentation:
By far coolest aspect of Adobe InMarket is its shockingly simple licensing API. The integration process is as simple as downloading the licensing.swc and adding five lines of code into your application.
Here is an example from the InMarket documentation:
Labels:
InMarket
Monday, November 22, 2010
Nullify the Sharify Scheme
Since it seems like we are on the roll, I decide to give another commercial Flash application protection scheme a try. This time our candidate is a tool called Sharify. For the record, Sharify is NOT marketed as an intellectual protection scheme. Instead, it is a license management system that claims to turn any Adobe Air applications into a shareware.
My goal is to see if one can easily bypass the licensing scheme. After all, if you were to depend on Sharify to protect your revenue stream, you may want to know if it actually works. In this example, I use the sample application included with the Sharify library.
My goal is to see if one can easily bypass the licensing scheme. After all, if you were to depend on Sharify to protect your revenue stream, you may want to know if it actually works. In this example, I use the sample application included with the Sharify library.
Labels:
Sharify
Tuesday, November 16, 2010
What is in Mochicrypt Secret Encryption Sauce?
I stumbled upon Mochicrypt recently in a news article announcing the purchase of Mochi Media by Shanda Games. For those of you who are not familiar with Mochi Media, it is a California-based company that provides game developers with tools to monetize and distribute Flash-based games.
One of their producs, Mochi Live Update Service, claims to help secure games by providing an extra layer of encryption to protect against decompiling. I was interested to see if this intellectual property protection scheme can be extended to other Flash-base applications. Of course, the best way to test this protection scheme is to see if I can break it easily.
One of their producs, Mochi Live Update Service, claims to help secure games by providing an extra layer of encryption to protect against decompiling. I was interested to see if this intellectual property protection scheme can be extended to other Flash-base applications. Of course, the best way to test this protection scheme is to see if I can break it easily.
Labels:
Mochicrypt
Friday, October 8, 2010
Homebrew Flash Intellectual Property Protection Scheme
My search for an ideal intellectual property protection tool that could be used for protecting my Flash projects. After spending months to test out dozens products (and eventually break all of them), I begin to wonder if it's worth developing one from scratch myself.
I normally would advise my clients against implementing any homebrew security schemes, since most of us are not experienced cryptographers and security experts. In addition, there are so many open-source and thoroughly tested security schemes available online, it's just doesn't make a lot of business sense to waste resources on research and development. Unfortunately, securing a Flash application is a bit trickier than securing a password. Since the SWF specification is open to the public, any text, pictures, and logic embedded in an SWF file can be extracted by anyone with a decompiler. Furthermore, developers have essentially no control over the runtime environment (the Flash Player), any custom security scheme must eventually comply with the normal operation of the Flash Player.
I normally would advise my clients against implementing any homebrew security schemes, since most of us are not experienced cryptographers and security experts. In addition, there are so many open-source and thoroughly tested security schemes available online, it's just doesn't make a lot of business sense to waste resources on research and development. Unfortunately, securing a Flash application is a bit trickier than securing a password. Since the SWF specification is open to the public, any text, pictures, and logic embedded in an SWF file can be extracted by anyone with a decompiler. Furthermore, developers have essentially no control over the runtime environment (the Flash Player), any custom security scheme must eventually comply with the normal operation of the Flash Player.
Labels:
Announcement,
Flash
Subscribe to:
Posts (Atom)