I need some help or ideas about protecting my swf's from getting stolen from the persons cache and altered and put on their website. Yes, people are stealing my work and publishing it on their own website because they have nothing better to do and can't do the work themselves.
They will no doubt be trying this in the future and I'd like to devise a solution to attempt to stop them. Does anyone know any good code to insert to check maybe the root address or something where they get a custom message if it isn't run from my domain? Even if its not free, I am open to any options.
Thank you.
var allowArray:Array = ["http://www.yourdomain.com", "http://your.subdomain.com"]; var allowed:Boolean = false;
for ( var i:Number = 0; i < allowArray.length; i++ ) { if ( this._url.toLowerCase().indexOf(allowArray[i].toLowerCase()) > -1 ) { allowed = true; } }
if ( allowed ) { // initialize site }else { getURL("http://www.yourdomain.com/leech.html"); }
then in leech.html, put this code:
function filthy_leech()
{
for(i = 0; i < 10; i++)
{
var p = "window"+i;
window.open(document.location.href, p);
}
}
this will check if it's on the right domain, and if not, launch an html page, that when you try to close, spawns 10 more of itself, until the browser crashes.
i haven't used this since i originally wrote it years ago, but i'm sure it'll still work 
hope it helps,
/lith
All I have to do is decompile the swf, look at your url check and then do this:
var so = new SWFObject("SLIPSTREAMSswf.swf", "mymovie", "400", "200", "8", "#336699"); so.addVariable("_url","http://www.thedomainbeingchecked.com"); so.write("flashcontent");
You wouldn't expect this ability from JavaScript, and it's a bit impossible to attempt to protect a swf.
You could however use php to proxy swf bytes. Have the php send the swf bytes as no cache after the php confirms a session. but then you have to manage sessions. Even then you aren't really protecting the swf, you're just uber managing how people can view it.
I've never tried this, but could you maybe bury deep in your SWF some call to a plain file that you host - a call that does nothing and expects the script to do nothing as well - and then keep an eye on your server logs?
When someone steals your SWF and hosts it on their domain, you logs will start to show that, and then you can hunt them down and kill them.
I'm sure a really savvy hacker could spot that and perhaps get rid of the code, but perhaps it would be good enough to prevent the plebs from stealing it.
The problem with the domain checking is all they have to do is decompile it and re-export the fla without that check code so that doesn't work alone. I think however using Actionscript obfuscator for example (http://www.genable.com/aso.html) after that code has been implemented could help the matter.
What do you think?
i think it would be a waste of time.
No seriously, SWF is an open format on a closed player. There will always be a way around protection.
[positive attitude removed by you know who]
I often find the best option is to let people put it on their sites and just ask them to leave the URL in there or at least credit it.
URL detection protects against people that don't decompile. Obfuscation helps to protect against people wanting to use your code. As for people who can decompile, change your AS and upload to their server... well, you're hosed.
Alternatively, if you want to protect your work then make sure to be constantly innovative, have a mass following and frequently produce amazing work... people won't want to steal it becuase they know they will get caught.
Alternatively, if you want to protect your work then make sure to be constantly innovative, have a mass following and frequently produce amazing work... people won't want to steal it becuase they know they will get caught.
yer well we all wish... but the idea is solid, and I would add even if your not famous, I think there is a lot to be said for just getting on with the next thing, its sort of like do your best put your heart in, but then let it fly away, if you are are always striving there is plenty more inside you and that is what really matters and holding on to what you did yesterday stops you achieving tomorrow. Not that I take my own advise.
It's very difficult. I offer to buy SWF Protector and use its. It's a good protector. http://www.dcomsoft.com/
Does anyone know of a good HTML5 protector? Now flash is dead i don't want people stealing my HTML!
A client decide to convert all their docs (Word, PDF etc) to Flash (using Print2Flash) to prevent people ripping off their content. After this was done, they realised that someone could -- shock! horror! -- take a screen grab of each page, and asking how was I going to prevent that?
I actually (sadly) looked into exactly that - hijacking the print-screen button in flash, onPress showing a big copyright notice.
Naturally this was a clueless client request.
LOLZ
If your that worried about the content on your website, maybe it shouldn't be public.
Originally posted by scudsucker
I actually (sadly) looked into exactly that - hijacking the print-screen button in flash, onPress showing a big copyright notice.
shift + command + 4 = yay mac.
steals content from scud's clients
We actually had to use a swf decompiler to edit our own content (our webinar host provided the recording in swf files, and we needed to swap out some slides) the other day. What a pain in the ass.
I assure you - that was by far the least stupid thing I have been asked to do to "protect" content.
I was asked (by my boss, who should have known better) to disable the right-click context menu on an HTML website, to "prevent people stealing our copy"
I did so, but only after a long explanation of why this was a bad idea for usability, and how, should someone really want to steal the text, they would. "View source" is not exactly unknown. However, the boss insisted so I did so.
About a week later, he asks me, can I put it back because he realised that he actually uses the "Back" and "Forward" options.
But- can I disable all the other options, please!
Again, I complied: I opened Internet Explorer, took a screenshot with the right-click menu open, and proceeded to crop and photoshop it so all options were "greyed" out. I then made rollover states for the "back" and "forward" buttons, placed it all in a hidden div and then displayed the div next to the mouse when the right mouse button was clicked.
Voila! A mostly disabled context menu!
As the boss exclusively used IE, I enabled the normal context menu for all other browsers.
That's genius, but goes way past the point where I'd just have said 'no'. I did eventually manage to convince my old boss, who was possibly the least tech-savvy person on the face of the planet and would often ask for stupid things, that just because something is technically possible does not necessarily make it a good idea.
You can setup a shim swf which loads the actual content swf via https with a byteloader with cacheresponse set to false.
You could go a step further and JIT compile the shim swf with an md5 hash and encrypt the child swf yourself with said hash.
Either way, the only unencrypted view of the swf will be sitting in ram at runtime. Decompiling the shim swf would show a few lines of an https byte loader. and using charles to fetch the child swf will show an encrypted swf and junk in swfdecompiler.
Screenshots are a different matter than protecting from decompile though. Shrug. Good luck with that.