IMPORTANT! How to protect your games against sites like minijuegos.com!

[T1ger]

(Please correct me if I'm wrong)

This method will protect your games or flash-experiments from being ripped by sites like minijuegos.com. Just place this code snippet in the first frame of your swf:

code:

---

function verify(address) {

	stop();

	//skip http://, so 7 is our start

	domain = _url.substr(7, address.length);

	if (domain != address) {

		getURL("http://"+address);

	} else {

		play();

	}

}

// example if your game is located at http://www.domain.com/game/game.swf,

//and should be accessed through http://www.domain.com/game/:

verify("www.domain.com/game/");

---

Add this code between the <head></head> tags in your html-file to prevent sites from showing your game in a frame:

PHP Code:

<script>
<!--
if (window!= top)
top.location.href=location.href
// -->
</script> 


you can find an example at www.aleksanderstrand.com/secure/ . the swf-address is www.aleksanderstrand.com/secure/index.swf . Try to save the source on your computer and try viewing it locally. You will be redirected.

The only way to play your game at another location is to reverse-engineer the swf, but your bandwidth is completely safe

Add this to every single swf-file you show here at flashkit forums, and any other forums as well, because we know that people from minijuegos.com are reading and ripping games posted here.

Please add tips on how to further protect games.

Xander.

(Mods: Could this marked as a sticky?)

[murraymint]

Hi,

Here are two ways to steal your file, one of them undermining you _url security posted above. Just view source on the two pages.

Your bandwidth is easily leeched via this method:

Nothing is bullet proof t1ger

And sorry to pee on your bonfire tiger, here is another little trick to get round your url code. sorry

(decided not to post this link as I have never seen this workaround implemented yet so I do not want to show potential thieves how to hack it. Trust me though t1ger it was very easy to bypass your _url check.) (if you PM me t1ger I will send you the link and you can see how I got around it)

I'm afraid the _url is low level security but that said all measures are worth implementing. It may stop an inexperienced webmaster

[kendude]

edit:

http://www.kendude.com/stopthief/stopthief.html

Dude, it keeps looping. Where did I screw up?

code:

---

function verify(address) {

	stop();

	//skip http://, so 7 is our start

	domain = _url.substr(7, address.length);

	if (domain != address) {

		getURL("http://"+address);

	} else {

		gotoAndStop(2);

	}

}

// example if your game is located at http://www.domain.com/game/game.swf,

//and should be accessed through http://www.domain.com/game/:

verify("www.kendude.com/stopthief/stopthief.html");

---

It looks like it is saying hte url is www.kendude.com/stopthief/stopthief.swf as opposed to .html. How should I correct this?

[murraymint]

Ken,

It looks like your url is never matching, so it is constantly opening your site.

check your url.
make a text box with a variable _url, upload it and see what it says.

make sure your are verifying the right adddress.

try:

code:

---

verify("www.kendude.com/stopthief/stopthief.swf");

---

[T1ger]

address does not have to be the full address, it can even be just "www" to check that it it being played from the web =)

code:

---

verify("www.kendude.com/stopthief/");

---

should be enough.

change

code:

---

getURL("http://"+address);

---

to

code:

---

getURL("http://"+address+"stopthief.html");

---

to redirect directly to that page, and not the folder.

BUT, as minijuegos bypasses this method, I'm on to something new, which will be very hard to brake, even when decompiling

Will post as soon i finish it.

[sherif79]

hi guys,

the problem isn't in those who steal our swf files and put them on their websites, the main problem is those who use decompilers, so they only need your swf file and they convert to the original fla file then they change some of the design or make minor changes.. and then your work is theirs.. simple as cake

have any1 of you found a solution for that?? if u have please post it, coz we all need it

thanx guys.. ce ya

[metanet]

hey,
i'd say the main problem is that anyone with google will be able to bypass your protection unless you stop telling them what you're doing. not that i'm not curious.. it just seems to undermine the whole thing to publish it.

raigan