One of their producs, Mochi Live Update Service, claims to help secure games by providing an extra layer of encryption to protect against decompiling. I was interested to see if this intellectual property protection scheme can be extended to other Flash-base applications. Of course, the best way to test this protection scheme is to see if I can break it easily.
I start by uploading a simple game that I wrote to the Mochi Media website. Then I set out to see if I can retrieve the original SWF from the encrypted version that I received from Mochi Media. The most logical place to start is to pass the SWF through a decompiler. I was half expecting the decompiler to crash, but to my surprise, it decompiles perfectly.
As you can see, there is a Preloader class, where all the magic happens. Scroll down a few lines and you will see the heart of the protection scheme - a simple encryption-based loader. It's just like any other Actionscript protection scheme published on the web. The original SWF is encrypted by a simple symmetric cipher; in this case, it looks like a modified ARC4-like stream cipher. The encrypted SWF is embedded as a ByteArray, which is decrypted by the Preloader and is then loaded onto the stage by Loader.loadBytes.
In the end, it took me about 5 minutes to retrieve the original SWF from the encrypted version. I must say I am rather disappointed. I think an 80 million dollar company could do a better job than using such generic protection scheme. If you are planning to use the Mochicrypt to protect your next big Flash game, consider yourself warned.
Could you tell me what decompiler you are using? I am trying to remove sitelock from BTD5.
ReplyDelete