5 Replies Latest reply on Jun 9, 2011 9:25 AM by Astraport2012

    protect a desktop air application

    kipper_bottle_num Level 1

      HI

       

      I currently use Zinc to wrap my swf and then add softlocker copy protection to that

      it all works ok.

       

      I would prefer to use an air application but need to know if is there is a way

      to prevent users just copying it onto other computers.

       

       

      cheers

       

      KBN

        • 1. Re: protect a desktop air application
          commadelimited Level 2

          Once the AIR file is downloaded, a user can copy it to another computer. However, you could potentially add an extra layer of protection by remotely checking IP address against the IP the user downloaded the app from. Just a thought.

          • 2. Re: protect a desktop air application
            Excel Software

            You'll need to create a protected air application with a computer specific activation process.  AirLicense is the easiest way to do that.

             

            www.excelsoftware.com/airlicense.html

             

            This paper should be helpful:

             

            www.excelsoftware.com/protect_air_application.pdf

            • 3. Re: protect a desktop air application
              JasonRiceMedia Level 1

              The method I use will allow you encrpyt most of your source code using a key that is unique to every computer.

               

              The initial download of my software is a simple air app that does not contain the actual program. It is more like a shell that first retreaves a list of the clients mac addresses and the user entered activation code that is created at time of purchase. This is sent to server and logged.  The activation code is saved to a file client side.  At the server the mac address and activation key are used to create the encryption key.  The bulk of the program code is then encrypted using that key, then divided into parts and sent back to the client.

              The client puts the parts back together and saves the encrypted file.

              At runtime the shell finds the mac address list and the activation key, then using same method as server gets the encryption key and decrypts the program file. Run simple check to make sure it loaded. For encyption i found an aes method that works in php and javascript.


              Next I use this code to load the program

              var loader = air.HTMLLoader.createRootWindow(true, options, true, windowBounds);
              loader.cacheResponse=false;
              loader.placeLoadStringContentInApplicationSandbox=true;
              loader.loadString(page);

               

              This method makes it very difficult to copy to another computer although since I wrote it i know there are some weeknesses in the security but to make it harder i obv. the shell code. It at least keeps most from pirating.

               

              However there are issues with this that I have found.

              First i was using networkInfo to get the list of mac address but this failed in a test windows XP computer.  When the wireless was off it did not return the MAC.  I was not able to recreate this in VISTA or 7.  Not sure if it could happen.  Was not tested on a mac computer.  To fix this (at least for windows).  I wrote a simple bat file that gets the MAC list, then converted it to an exe which is included.  This does force you to create native installers.  call the exe with this


              var nativeProcessStartupInfo = new air.NativeProcessStartupInfo();
              var file = air.File.applicationDirectory.resolvePath("findmac.exe");
              nativeProcessStartupInfo.executable = file;
              process = new air.NativeProcess();
              process.start(nativeProcessStartupInfo);
              process.addEventListener(air.ProgressEvent.STANDARD_OUTPUT_DATA, onOutputData);
              process.addEventListener(air.ProgressEvent.STANDARD_ERROR_DATA, onErrorData);
              process.addEventListener(air.NativeProcessExitEvent.EXIT, onExit);
              process.addEventListener(air.IOErrorEvent.STANDARD_OUTPUT_IO_ERROR, onIOError);
              process.addEventListener(air.IOErrorEvent.STANDARD_ERROR_IO_ERROR, onIOError);

               

              put the list  together in the onOutputData event using array.push

              and continue on the onExit event

               

              using the findmac.exe will return the same info every time (that i know of)

              beware thought that using the native install will break the standard application update process so you will have to write your own.  my updates are processed the same way as above.

              This is contents of the .bat file to get the mac list

              @Echo off
              SETLOCAL
              SET MAC=
              SET Media=Connected
              FOR /F "Tokens=1-2 Delims=:" %%a in ('ipconfig /all^| FIND "Physical Address"') do @echo %%b
              ENDLOCAL

               

              using this method makes it simple to implement at try before you by method.  at runtime if no activation code get try me version from server instead of full version.

              • 4. Re: protect a desktop air application
                JasonRiceMedia Level 1

                one last note.

                I found that one time the findmac.exe returned the exact same list only in a different order, so keep that in mind.

                • 5. Re: protect a desktop air application
                  Astraport2012 Level 1

                  JasonRiceMedia,

                   

                  Excellent information. Could you explain in more detail your method? Or give a detailed description or sample code?