Closed Thread Icon

Topic awaiting preservation: my flash has been reverse engineered !?!? (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=24246" title="Pages that link to Topic awaiting preservation: my flash has been reverse engineered !?!? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: my flash has been reverse engineered !?!? <span class="small">(Page 1 of 1)</span>\

 
GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-01-2004 01:36

so, its the last day of november and therefore i just checked the webstats of my site (www.embege.com) to see what enormous hitcount it got this time.

interestingly it got a lot of referers from this url: http://www.vnfx.com/ipb/index.php

it seems to be a flash discussion forum in some (strange) language.
(anyone knows which one it is or can translate it?)

so, after i figured out what button is for searching that board i could search for "embege" and found this thread:
http://www.vnfx.com/ipb/index.php?showtopic=3933

to me it looks like somebody has asked about how the flash works on my site and some other guy provided him with code from my flash movie!
(the code posted there even uses the same variable names)

furthermore he also posted a zipped *.fla file that is basically a copy of mine (but not exactly the same).


now i knew it was possible to reverse engineer flash movies, but i didnt know its even possible to get variable names.


what do you think?
(oh, and if anybody would be able to translate that to me, i would be very grateful!)



(Edited by GRUMBLE on 12-01-2004 01:47)

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 12-01-2004 02:11

Have you tried to extract the script with FLARE ?

Emperor
Maniac (V) Inmate

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 12-01-2004 02:14
quote:
GRUMBLE said:

(oh, and if anybody would be able to translate that to me, i would be very grateful!)



Tricky one - its Vietnamese. There are probably inmates who can possibly translate or you could ask a favour from this guy who posted a couple of times at the GN:

www.gurusnetwork.com/discussion/thread/2720/

-------------
Oh and some Flash reverse-engineering products:

www.kinesissoftware.com

www.eltima.com/products/flashdecompiler/

www.handyarchive.com/free/decompile-flash-movie/

___________________
Emps

The Emperor dot org | Justice for Pat Richard | FAQs: Emperor | Site Reviews | Reception Room

(Edited by Emperor on 12-01-2004 02:19)

(Edited by Emperor on 12-01-2004 02:59)

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 12-01-2004 02:32

Actually I've known this about flash for a while now. It's no more secure than a webpage.



.:[ Never resist a perfect moment ]:.

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-01-2004 10:12

thanks guys!

still quite surprising to me that its possible to extract so much from an *.swf! (even variable names!!!)

luckily i'm not saving any mysql-passwords directly in the swfs anymore but have switched to xml. =)

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted posted 12-01-2004 15:02

Well, Flash uses a version of Javascript, doesn't it? It therefore must be interpreted (or converted to some sort of bytecode, but interpreting is the easier way to go), and so it makes sense that your source code would sit in there somewhere, doesn't it?

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

InI
Maniac (V) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 12-01-2004 15:15

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 12-01-2004 15:35

It seems some people didn't went to the page of FLARE to notice FLASM and its explanation of the Flash virtual machine.

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted posted 12-01-2004 15:47

Aha, I see. Well, forgive my ignorance.

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-01-2004 20:07

the question remains: is it legal?

wasnt there this DMCA or UCITA which prohibits reverse engineering?

InI
Maniac (V) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 12-01-2004 21:03

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

mas
Maniac (V) Mad Librarian

From: the space between us
Insane since: Sep 2002

posted posted 12-01-2004 21:21
quote:
Sorry, I really don't think you can prevent people from flasming, or java-reverting for that matter.


exactly so. btw, here is another article about flash insecurity. (and an explanation how to ) http://www.thoughtsabout.net/blog/archives/000010.html

B | T | E | P | L

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-01-2004 23:20

hehe

ok, I do not want to take actions here. i don't really care about this special case, cause the flash code i did there is nothing special.

but i was wondering about the legal situation in general. afaik everything an individual produces and puts on the web is copyrighted. but is this copyright also true for reverse engineering?

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-02-2004 15:36

seems they were using
sothink decompiler

http://www.sothink.com/flashdecompiler/index.htm

InI
Maniac (V) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 12-02-2004 16:23

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 12-02-2004 16:31

if some guy i dont know gets over to my car and dismounts it, that is not illegal?

mas
Maniac (V) Mad Librarian

From: the space between us
Insane since: Sep 2002

posted posted 12-02-2004 18:44

? dismounting my car is illegal. you can copy a software before you dismount it. so the the owner doesnt get "damaged".
but no one can copy a car. if someone dismounts it, its not useable when i need it --> i got damaged. illegal.

(Edited by mas on 12-02-2004 18:45)

Iron Wallaby
Paranoid (IV) Inmate

From: USA
Insane since: May 2004

posted posted 12-02-2004 21:31

I suppose, if you don't want people to easily reverse engineer your code, you could always obfuscate it...

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke
"Any sufficiently arcane magic is indistinguishable from technology." -- P. David Lebling

« BackwardsOnwards »

Show Forum Drop Down Menu