Anti rip/cheat

1

Hello reader.
I dont know if this all is really intrested for you and if its allowed to post it here, but I didnt know were else to post it, and Im sure this can be usefull to someone.

I made some silly little games, but everytime I had one finished, someone managed to “cheat” with the highscores.
This offcourse wasnt the meaning, so I started to think of a way to prevent this.

And YESS !! togetter with some help from sitemasters its now cheater’s safe ( I hope)
And best of all, it also is a way to protect youre externally loaded swf’s from being ripped.

Now before I get really happy, Idd like that you try to rip** this ** swf.
There is however one way to get to the file, but its a pretty heavy way, and you need a little more skill than a regular ripper, offcourse Im not gonna tell the way how to do it :wink:

Than for games and highscore cheat stuff, it works on the exact same way, I am not going to tell here the way how you can cheat with highscores (that er saved in a database) but its pretty easy, and Im sure the better webdevelloper knows how to cheat.
So for that I also made a little stupid something that you can find** here **(just read the comment on that page)

Now if any of you managed to rip or cheat, will you please tell me here how you did it, so maybe I can improve the script (whish is pretty small actually)
For the clock I would be happy if you could tell me the name from te externally loaded movie.
And for the “shoutbox kouch” I just like you to add more text than possible.

The reason Im not posting “the script” yet, is beqausse im not 100% sure yet if its safe or not, so thats why Im asking youre guys help to “hack” it.

If its not hacked in the near future I will post the script (if you like :P)

regards vintage

edit: oh, i forgot to tell this isnt flash only, but I made use of php too

**edit:for the people that thinks I check the strings on lenght or something
**
here I made this little silly game, try cheat on the highscore.
There are little progs the “simulate” mouse kliks, but that wont bring the score up to 50000 or something, now you make that same game, and i will cheat on it.

2

Just encript the .swf its not hard at all… There are sponsor links on the main page of kirupa.com. Something SWF______ and it should keep your file secure enough.

//edit, just saw the second one this is the dumbest thing ever just check its length with php and if its too long or breaks the rules say “sry there was an error sending data” or “hacker!”… really you should be testing your data with PHP for length issues/illegal characters.

3

you may decompile them, it wont help you :wink:

@ youre edit…no…

You can use this for excample for posting highscores.
Im sure i can cheat with 90% from all flashgames with the highscore, but you cant with this, pls try it
But if you like i can make a silly game and use it for the highscores, ill get back to this…
**
edit:here ** I made this little silly game, try cheat on the highscore.
There are little progs the “simulate” mouse kliks, but that wont bring the score up to 50000 or something, now you make that same game, and i will cheat on it.

4

couldnt i just use a simple hex editor?

5

Okay this forum is obviously not filled with rippers (GOOD!)

But Im sure that all of you is afraid to get his work ripped, if you worked on a swf, and 2 weeks later someone posts a showcase item with inthere a huge part of youre swf…than you wished you had tried to make it more secure.

Ofcourse you can use programs to do something with youre swf, but in no time the decompilers are updated, and of they go…

I know my way isnt 100% secure as well, but way more secure than just recompile the swf trough some antiDecompile thingy.(they just cant find it)

And as far as I know now, it makes it impossible to cheat with highscores (for example)

@bombsledder, I really dont know what a hex editor is/does, so I say, give it a shot :smiley:

6

tik.swf
tik.fla

7

:lol: yay… new code :smiley:

8

yo, that’s no joke. like this one time i made this bangin html and css site, and then somebody goes and rips it a week later! i’s like, “how’s you do that? you decompiled my html?” but they kept their mouth shut and didn’t say nothin. meanwhile, i look like a sucker b/c i didn’t protect my work from being copied.

ps. anyone know how to prevent my images from being printed, then scanned? thanx in advance.

9

:lol::lol:

[ot]vintage, the possessive “your” is not spelled “youre”[/ot]

10

:lol: well in html and css all you have to do is goto View>Source, Select All>Copy>Paste :wink: Flash is a little more intricate. It would really be nice though if there was a sure way to protect everyone’s work, abstinance is the best protection

11

don’t worry, i e-mailed microsoft about the bug and theys getting rid of it. good lookin out simp. respect.

12

pwned, where’s vintage now? :sigh:

13

Im here, and im impressed, to bad 999 didnt mention how he did it.

I have to say Im impressed, so he probably got the adres (tik.swf) by using a sniffer tool. (Ethereal or smth)
This was the only (known) way how to detect it.
If not, than Im really reallyyyy impressed :wink:

With a sniffer tool you can capture alle packets that are send trough tcp/ip. (theres no way (exept using https to avoid this sniffer thing)
But than again its harder to get “it”. (for an avarage ripper).

If its not done in this way, than tell me pls how you did it, Im sure there’s a way how i can stop it.

sidenote, sorry for my bad english (/me is dutch, so here and there I could scew up big time)

@bwh2 html and css are parsed client side.
So in other words, you can not prevent the source being viewed.
About the images, you could consider use a waterstamp or something for “unregistred users” …like a big “copyright” through youre images.
Also you can disable the right mouse button with javascript, but than again, if you view the source …

14

…or C:\Documents and Settings\Username\Local Settings\Temporary Internet Files ik.swf

pretty advanced stuff. haha.

yeah dude, i know. i was joking. stop by the client-side or server-side forums some time and you’ll see my name frequently popping up.

anyway, it’s actually for that reason you’re basically hosed on protecting your swf source. regardless, your swf ultimately has to end up on the user’s machine to be run. so the file can be found and looked through, regardless of what you do. i could open your swf in a text or hex editor and go through it, probably find some workarounds and decompile it. realistically, decompiling it probably isn’t going to be very difficult. one thing i’ve learned in my line of business is that basically everything that’s digitalized can be undigitalized.

15

AFTER you clicked the link 999 give you its cashed yeah

about the html stuff
you can also (noob way) prevent youre html by scramble the source

here you can find a “generator” to scramble

final edit and why are allot off people so sarcastic/denegrating about this topic, Im just trying to do smth usefull for the flash community, okay so what if I fail, at least i tried hard…really hard

16

no. actually, i never even looked at 999’s link. and then just in case, i cleared my cache before clicking your link. how about a screenshot…

17

pwned

18

@vintage a hex editor is a tool that recieves the address of variables etc… and you can change them :P, so say the score of something on your game is 234532, i could do a search for something of that sort and get the address, therefore i can change it, or on a game if i find the address of say the lives i can freeze it so you can have infinite lives, so anything in internet explorer, mozilla will have an address

19

everyone understands you’re trying to do something useful for the community. but you should understand that when you challenge people, they will mess with you a little if they beat you. in this case, you got beat, so what? it’s not a big deal, everybody takes it on the chin once in awhile.

20

Hi

I realize that others have already figured out how to rip the externally loaded .swf file you had.

But I thought you might be interested in another way to do it.

On a Mac in Safari (Macs default web browser) when you view a web page you can open a window called ‘Activity’ (menu>window>activity)

In the activity window it lists [U]everything[/U] thats loaded or being view on the web page, including swf files being loaded into other swf files.

Heres a screenshot of the activity window

All you have to do is double click one of the files listed in that window, and it’ll open up in a new browser window by itself.

And as you can see you can see the URLs for each of the files.

Thats one way to do it.

Another way is by using a application (may be mac only)

called “Web Devil”

With it you could enter the URL say… http://kirupa.com

And web devil will download [U]EVERYTHING[/U] thats not nailed down I:E not behind password protected areas (but if you know the password then you can tell web devil it and just breeze on in) Web devil can turn absolute links into relative while its downloading all the files for you, so that when your done you get an exact working replica of the website on your hard drive that you can view locally, or upload to your own web server.

I use web devil often when I get clients who are changing web designers and can’t get the files from the previous web designer, because there too busy or upset that the client decided that 8 months is too long to wait for their new phone number to be updated.

Anyway hope this helps a bit.

-Lem