Skip navigation
Currently Being Moderated

password protecting a swf: effective or not?

Feb 15, 2012 2:08 AM

Tags: #password_protection

hi.

I've created a password variable w/input text on the first frame of a swf to enable private viewing of a swf; so if you dont know the password you cant procedd to frame 2, to see the whole thing.

 

Is this effective?

 
Replies
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 15, 2012 7:46 AM   in reply to minimalcomfort

    no, your swf can probably be decompiled.

     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 15, 2012 10:43 PM   in reply to minimalcomfort

    yes, it's ok to use decompilers (especially on your own swfs).  sothink is the best of them and is not free.  (but a trial may be free.)

     

    a decompiler lets you see the code (and everything else) used to make the swf.  sothink's can often re-create the fla from the swf.

     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 16, 2012 6:40 AM   in reply to minimalcomfort

    if your swf can be played in a user's web browser, the user already "has" your swf on their harddrive.  they just need to find it.

     

    what's your url?  i'm pretty sure i can get your swf and password (if it's in the swf) in less than 5 minutes.

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 16, 2012 1:50 PM   in reply to minimalcomfort

    Hi,

     

    write yourself a little html page with a link

    a href="http://foreignsite.com/movie.swf"

    (you can use "view source" on the site to find the swf name), view that html from your hard disk and then right-click the link.to download the swf - that definitely is not hacking ... just using the elements of a website other than the author intended

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 16, 2012 11:15 PM   in reply to minimalcomfort
     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 17, 2012 7:18 AM   in reply to minimalcomfort

    open your swf with sothink and navigate to the part of your swf that you want to keep private (without using your password).

     

    and swfencrypt is notorious for breaking your swf so be careful with it.  you'll need to have users with different flash player versions/browsers try your swf to see if it's broken for them. 

     

    also it's not 100% effective.  it makes cracking more difficult so most people, that's good enough.  but nothing like financial info should be protected with it.

     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 18, 2012 8:02 AM   in reply to minimalcomfort

    the flv will be downloaded and in the users cache just like your swf unless you're using a streaming server like redhat or flash media server.

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 19, 2012 5:38 AM   in reply to minimalcomfort

    Hi,

     

    some ineresting stuff to read: http://jpauclair.net/2009/12/11/flash-player-security-advanced-walkthr ough/

     

    downloading: I am pretty sure I can download flv from your site once I know its path ... and in order to find path, I probably just need to use firefox dev tools while viewing the swf

     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 20, 2012 8:01 AM   in reply to minimalcomfort

    it's already on your hard-disk if you view the flv in a browser (unless you're viewing from streaming server) that has its cache enabled.

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 21, 2012 1:09 AM   in reply to minimalcomfort

    Hi,

     

    did you try my suggestion to write a local html file and right-click the link?

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 22, 2012 9:33 PM   in reply to minimalcomfort

    Hi,

     

    pretty simple: create a html file on your computer that only says something like

    <a href="http://somesite.com/media/movie.flv">movie to get</a>

     

    View that html file in the browser and right-click the link. You should be able to save the file

     
    |
    Mark as:
  • Currently Being Moderated
    Feb 26, 2012 5:49 AM   in reply to minimalcomfort

    using something as simple as notepad or something as elaborate as dreamweaver....

    With notepad, be sure to change "text files" into "all files"

     
    |
    Mark as:
  • kglad
    72,235 posts
    Jul 21, 2002
    Currently Being Moderated
    Feb 27, 2012 6:49 AM   in reply to minimalcomfort

    you're welcome.

     
    |
    Mark as:
  • Currently Being Moderated
    May 8, 2012 9:23 PM   in reply to kglad
     
    |
    Mark as:
  • Currently Being Moderated
    May 9, 2012 11:02 PM   in reply to bisguard

    Hi bisguard, I wanted to try your tool, but no luck... So may I ask you

    a) cross-platform: is Air required to play to protected file, or just to add the protection?

    I am asking this, because Adobe has cancelled Air for Linux some time ago, and the latest version available is 2.6 (and even that does not install - the installer leaves the "helpful" message that it could not find the runtime it was supposed to install)

    b) while I believe that your tool can prevent people trying to "understand" code or utilize embedded media, would it also help against people trying to sniff and forge data on the internet connection?

     
    |
    Mark as:
  • Currently Being Moderated
    May 10, 2012 4:00 AM   in reply to birnerseff

    Adobe AIR just to add protection. Protected swf need only Flash player or player plugin.

    Flash Antidecompiler was thoroughly tested on Linux Suse, RedHad, Oracle and some

    others both for 64 and 32 bit and for Adobe AIR 1.5 and 2.6. I think you have problem

    with installation. There are useful links:

    http://helpx.adobe.com/air/kb/install-32-bit-air-linux.html

    http://helpx.adobe.com/air/kb/install-air-2-64-bit.html

    What Linux distro do you use?

     

    1. Flash Antidecompiler is a cross-platform. This means that swf protected on Mac can be

    used on any Linux or Windows and vice versa.

    2. Answer on your b) is, generally saying, yes, but clarify please what do you mean by

    "to sniff and forge data on the internet connection"?

     
    |
    Mark as:
  • Currently Being Moderated
    May 12, 2012 3:55 AM   in reply to bisguard

    Hi,

     

    I will try on windows, one day or the other. I had a look at the linux documents ... and first thing I noticed that on one distro it said superuser, but not on the other.

    In any case I tried following the procedure, and got a readable message about something expected but not present on my system

     
    |
    Mark as:
  • Currently Being Moderated
    May 30, 2012 1:17 AM   in reply to minimalcomfort

    do you encounter with any problems when dealing with swf files on mac?swf editor for mac is a tool that can edit swf files directly.  http://www.swfdecompilerformac.com/swf-editor-for-mac.html

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points