6 Replies Latest reply on Jun 10, 2008 5:39 AM by Newsgroup_User

    Protection of dcr files; shockwave

    1serg1
      I am still fairly new to Director. Currently using Mx2004. I am concerned about how to protect a movie, such as an interactive lesson or game, from being copied. Can someone, say in China, download the contents and copy? I've found this article: http://www.robotduck.com/content/articles/director/net/dcrProtection/

      but don't know if it's dated. I recall seeing a posting which said Director was safe but Flash was not. Any truth to that? thanks in advance for your expert advice!
        • 1. Re: Protection of dcr files; shockwave
          Level 7
          First of all, nothing is safe. Ever. There are varying degrees of
          safeness, but bear in mind that a talented hacker who wants to copy your
          stuff can. Evidence for this is simple. Look at Windows. MS spends
          millions on securing their OS and applications, but somehow there is a
          crack on or before release day. Every major video game publisher tries
          to prevent piracy, but their stuff always ends up on Pirate Bay. Anyone
          who tells you they can protect your stuff 100% is lying or selling
          something... or both.

          That said, there are things you can do to make it so at least the casual
          pirate will have too hard a time to bother. And Director is excellent
          for that purpose. It is not hard to make something in Director that is
          very very difficult to copy. Since you can publish your projector as an
          encrypted dxr file, it is quite difficult right there for anyone to get
          anything out of it. Flash uses a public and open swf format that is very
          easy to decompile. Added to that, there are built in techniques to
          prevent debugging during runtime. You can easily set up an external
          authentication system with a server running PHP and MySQL (or whatever
          database/language you like) and communicate with Director.

          In fact, I just finished designing a security system for an application
          I have been working on, and I must say, if anyone can hack their way
          through it, they deserve it. It uses some various heavy encryption
          schemes, server authentication, active piracy lookouts, and all sorts of
          fun stuff. It took about a week to set up.

          If you are using online shockwave as your delivery platform, you can
          make it so the game only plays if it is hosted on your server. So,
          someone can copy it, but if it isn't on your server, it won't start.

          It is definitely easier to secure Director stuff than Flash stuff. But
          bear in mind that you do have to actively set up the security. Just
          simply making something in Director is not inherently more secure than
          Flash... but Director has tools to make things much more secure if you
          use them.
          • 2. Re: Protection of dcr files; shockwave
            Level 7
            It's relatively easy to extract cast members from dcr files.
            It's highly unlikely (see Mike's post) for someone to decompile your
            scripts.
            If what worries you is someone downloading your files and using them at
            their own sites, all you have to do is include a line of code that will
            check if the movie is running from a specific site. Long as no dcr
            decompiler exists, that should be enough.


            "1serg1" <webforumsuser@macromedia.com> wrote in message
            news:g2k694$3lq$1@forums.macromedia.com...
            >I am still fairly new to Director. Currently using Mx2004. I am concerned
            > about how to protect a movie, such as an interactive lesson or game, from
            > being
            > copied. Can someone in China download the contents and copy? I've found
            > this
            > article:
            > http://www.robotduck.com/content/articles/director/net/dcrProtection/
            >
            > but don't know if it's dated. I recall seeing a posting which said
            > Director
            > was safe but Flash was not. Any truth to that? thanks in advance for
            > your
            > expert advice!
            >
            >



            • 3. Protection of dcr files; shockwave
              1serg1 Level 1
              Thank you Mike and Alchemist for your replies.



              "In fact, I just finished designing a security system for an application
              I have been working on, and I must say, if anyone can hack their way
              through it, they deserve it. It uses some various heavy encryption
              schemes, server authentication, active piracy lookouts, and all sorts of
              fun stuff. It took about a week to set up."


              Were these strictly of your design or are there prebuilt "programs" for doing this stuff?

              Since some server-side system needs to be put in place, I guess CD-Roms are even less secure?

              • 4. Re: Protection of dcr files; shockwave
                Level 7
                It was all pretty much custom coded by me in Lingo. I used a lot of
                preexisting libraries for things like encryption and server
                communication, but the login and flow of the system was done by me.
                Someone else set up the PHP and the online database and I wrote the code
                to talk to it. It makes up registration numbers that are specific to
                the username and the computer it is on, so even if you know a serial
                number it won't work except on the original machine. And the database
                administrator can activate or deactivate any machine code at will. It
                can handle situations where the computer has no internet access (or is
                firewall blocked) and has backups and failsafes so no matter what, folks
                can get in and we never give out a code that will work for anyone but
                the one person requesting it.

                It is probably a whole lot more secure than my client actually needs.
                but it was fun to write.

                CD-ROMs are no more or less secure than any other medium. It is not the
                shiny disc that defines the security, it is the code on the program.
                This one I'm talking about is a downloadable application, but the same
                things would apply if it was delivered on CD.

                There are prebuilt programs that you can use as wrappers around your
                application, and some of them are probably quite good. I have never used
                one, since I prefer to do it myself. If I find a bug, I want to be able
                to fix it, not have to call tech support and wait to get in touch with
                someone who can help... There is enough freely available code on the
                web at places like mediamacros and director-online to piece together
                some pretty good stuff.
                • 5. Re: Protection of dcr files; shockwave
                  Level 7
                  Hey Mike, can we talk off-list?
                  at rtr dot gr, < info.

                  "Mike Blaustein" <mblaustein@gmail.com> wrote in message
                  news:g2kgmm$e62$1@forums.macromedia.com...
                  > It was all pretty much custom coded by me in Lingo. I used a lot of
                  > preexisting libraries for things like encryption and server communication,
                  > but the login and flow of the system was done by me. Someone else set up
                  > the PHP and the online database and I wrote the code to talk to it. It
                  > makes up registration numbers that are specific to the username and the
                  > computer it is on, so even if you know a serial number it won't work
                  > except on the original machine. And the database administrator can
                  > activate or deactivate any machine code at will. It can handle situations
                  > where the computer has no internet access (or is firewall blocked) and has
                  > backups and failsafes so no matter what, folks can get in and we never
                  > give out a code that will work for anyone but the one person requesting
                  > it.
                  >
                  > It is probably a whole lot more secure than my client actually needs. but
                  > it was fun to write.
                  >
                  > CD-ROMs are no more or less secure than any other medium. It is not the
                  > shiny disc that defines the security, it is the code on the program. This
                  > one I'm talking about is a downloadable application, but the same things
                  > would apply if it was delivered on CD.
                  >
                  > There are prebuilt programs that you can use as wrappers around your
                  > application, and some of them are probably quite good. I have never used
                  > one, since I prefer to do it myself. If I find a bug, I want to be able
                  > to fix it, not have to call tech support and wait to get in touch with
                  > someone who can help... There is enough freely available code on the web
                  > at places like mediamacros and director-online to piece together some
                  > pretty good stuff.


                  • 6. Re: Protection of dcr files; shockwave
                    Level 7
                    No problem. You can email me direct if you want.
                    mblaustein<AT>gmail<DOT>com