Topic awaiting preservation: my flash has been reverse engineered !?!? (Page 1 of 1)

so, its the last day of november and therefore i just checked the webstats of my site (www.embege.com) to see what enormous hitcount it got this time.

interestingly it got a lot of referers from this url: http://www.vnfx.com/ipb/index.php

it seems to be a flash discussion forum in some (strange) language.
(anyone knows which one it is or can translate it?)

so, after i figured out what button is for searching that board i could search for "embege" and found this thread:
http://www.vnfx.com/ipb/index.php?showtopic=3933

to me it looks like somebody has asked about how the flash works on my site and some other guy provided him with code from my flash movie!
(the code posted there even uses the same variable names)

furthermore he also posted a zipped *.fla file that is basically a copy of mine (but not exactly the same).


now i knew it was possible to reverse engineer flash movies, but i didnt know its even possible to get variable names.


what do you think?
(oh, and if anybody would be able to translate that to me, i would be very grateful!)



(Edited by GRUMBLE on 12-01-2004 01:47)

Have you tried to extract the script with FLARE ?

quote:

---

GRUMBLE said:

(oh, and if anybody would be able to translate that to me, i would be very grateful!)

---

Tricky one - its Vietnamese. There are probably inmates who can possibly translate or you could ask a favour from this guy who posted a couple of times at the GN:

www.gurusnetwork.com/discussion/thread/2720/

-------------
Oh and some Flash reverse-engineering products:

www.kinesissoftware.com

www.eltima.com/products/flashdecompiler/

www.handyarchive.com/free/decompile-flash-movie/

___________________
Emps

The Emperor dot org | Justice for Pat Richard | FAQs: Emperor | Site Reviews | Reception Room

(Edited by Emperor on 12-01-2004 02:19)

(Edited by Emperor on 12-01-2004 02:59)

Actually I've known this about flash for a while now. It's no more secure than a webpage.



.:[ Never resist a perfect moment ]:.

thanks guys!

still quite surprising to me that its possible to extract so much from an *.swf! (even variable names!!!)

luckily i'm not saving any mysql-passwords directly in the swfs anymore but have switched to xml. =)

Well, Flash uses a version of Javascript, doesn't it? It therefore must be interpreted (or converted to some sort of bytecode, but interpreting is the easier way to go), and so it makes sense that your source code would sit in there somewhere, doesn't it?

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

It seems some people didn't went to the page of FLARE to notice FLASM and its explanation of the Flash virtual machine.

Aha, I see. Well, forgive my ignorance.

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

the question remains: is it legal?

wasnt there this DMCA or UCITA which prohibits reverse engineering?

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

quote:

---

Sorry, I really don't think you can prevent people from flasming, or java-reverting for that matter.

---

exactly so. btw, here is another article about flash insecurity. (and an explanation how to ) http://www.thoughtsabout.net/blog/archives/000010.html

B | T | E | P | L

hehe

ok, I do not want to take actions here. i don't really care about this special case, cause the flash code i did there is nothing special.

but i was wondering about the legal situation in general. afaik everything an individual produces and puts on the web is copyrighted. but is this copyright also true for reverse engineering?

seems they were using
sothink decompiler

http://www.sothink.com/flashdecompiler/index.htm

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

if some guy i dont know gets over to my car and dismounts it, that is not illegal?

? dismounting my car is illegal. you can copy a software before you dismount it. so the the owner doesnt get "damaged".
but no one can copy a car. if someone dismounts it, its not useable when i need it --> i got damaged. illegal.

(Edited by mas on 12-02-2004 18:45)

I suppose, if you don't want people to easily reverse engineer your code, you could always obfuscate it...

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling