Legend of Krystal Forums

[Hnyarly]

First, if this topic has been posting before, please delete it (I know how annoying is having several post about the same topic).

What funny games and other web sites are doing has been discussed in other posts. But I thought the topic should have its own, mainly to avoid writing lines and lines about it in other posts not actually related with.

I've found my work posted (not by me) in FG, and even russian and korean web sites. I've also found my work in 4chan saying that was done by Dirtyc101! (so I felt proud being confused with one of my flash idols ). Right now, I don't mind what they do, but I perfectly understand that other people are annoyed by this sites. I read a BlueLight's comment against those kind of sites that was excellently argued. Anyway, in a future I could change my mind and don't wanting my work in places I haven't post it.

So. I'd like us to share tips to avoid this kind of behaviours. The tips I've discovered that work are those:
- Insert links in you game thats directs players to your sites.
- Assure to make players needing guides of your game, so they have to find information about it in google.
- Compile to exe your flash, and so make more difficult the reverse engineering. I'm using MDM Zinc 3.0 (http://www.multidmedia.com/software/zinc/) because:
- you can download a free version.
- it allows encryption.
- it can generate executables for windows/mac/linux.

[BlueLight]

Ya i still got to fix a typo i made. "intelligible data". Anyways go here if you want to see what i posted
viewtopic.php?f=7&t=1241&start=480

Anyone that wants to comment on what i said there please quote it and bring it over also stating where you go it.

Also any argument with me better taken in to account these facts about me.

I don't care if i'm making money or not. I want the money.
I'm on a site where they make porn games and review them. I am not partnered with the website nor have i been ask in anyway to help it get popular.
Getting people on the site isn't even on the bottom of my todo list.
I am making a game because i want to.
Funny-games is causing copyright infringement and that is illegal under international law. Not US or Europe laws how ever US and internal laws were pushed to go in a European style so they are basically the same any ways.

[Renara]

Placing a prominent icon on your preloader and in other locations (such as menus) is really the best thing you can do realistically; make sure it has a hyperlink to a useful location (such as an official thread here), as well as a visual URL in case hyperlinks are disabled (as is the case on funny games). For example, you might put "LegendOfKrystal.com Forums" under your logo if this is the main centre for your development.

Requiring a guide, or making the game an executable rather than a .swf only makes things more difficult for your players. Other similar methods are things like requiring a code to play the game (funny games can easily just put that in their description), or using a script that stops the game working after a certain date, but any decompiler will make that easy to remove, and I think players can actually just change their clock depending on what time format you're using for the check.

Encryption is a misnomer; true encryption would require a password or valid third party security certificate before your game will work. I believe there are some services that can do this for you, but I'm not aware of any that accept adult content, and I've never been convinced that they're really effective anyway. Most "encryption" programs really just obfuscate your game's action script, making it extremely hard to read for a human. However, this won't stop a game being stolen unless part of the script prevents it from working on unauthorised web-sites; however it's not really that hard to remove such protection anyway, as the obfuscated code is still fully usable, it just has confusing layout or non-descriptive variable names, which doesn't really protect the game.


What Funny Games does is definitely illegal, as they happily accept content that they know isn't from the original author or is supposed to be paid-for, and don't respond to requests to take files down. Unfortunately though the illegality of it is no deterrent as often they're based in countries where it isn't strictly illegal, and few (if any) flash authors have the kind of money required to pursue legal options anyway.

I've a couple of interesting techniques in the work that I intend to try myself, but they're still far from ready to be tested, but I'll show people how to use them when they are.

[GolanTrevize]

I do the following, I make the flash and open it with dreamweaver so I created the javascript to prevent the frame, and then put on the label flashvars route, an example in which the flash head and is called the variable shipping mus is called:

<script type="text/javascript">
AC_FL_RunContent( 'codebase','http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0','width','760','height ','113','id','cabeza','align','middle','src','cabe za','quality','high','bgcolor','#ffffff','flashvars','mus='+document.location+'','name','cabeza','allowscriptaccess','sameDomain', 'pluginspage','http://www.macromedia.com/go/getflashplayer','movie','cabeza' ); //end AC code
</script>


The bold line in what it does is take the url and send the variable to the flash from the flash do for example:

if (_root.mus == "http://www.mypage.com") {
gotoAndStop (gameframe);
} else {
getURL("http://www.mypage.com", "_self");
}

[Renara]

While a good idea, any external source can be trivially spoofed, as I could simply do the following:

Code: Select All Code

<script type="text/javascript">
AC_FL_RunContent( 'codebase','http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0','width','760','height ','113','id','cabeza','align','middle','src','cabe za','quality','high','bgcolor','#ffffff','flashvars','mus=http://www.mypage.com','name','cabeza','allowscriptaccess','sameDomain', 'pluginspage','http://www.macromedia.com/go/getflashplayer','movie','cabeza' ); //end AC code
</script>

i.e - I just remove document.location with whatever URL you're expecting, which is easy enough to find out by decompiling the .swf and looking for references to "mus".

A more reliable method would be to use the loaderInfo value like:

Code: Select All Code

var swfFile:File = new File(root.loaderInfo.loaderURL); // Get reference to .swf's location
if ((swfFile.url.indexOf("http://legendofkrystal.com") == 0) || // Hosted at LoK.com
    (swfFile.url.indexOf("file://") == 0)) { // Hosted locally (on the user's machine)
    // Do some stuff
}

The above should work for files on these forums, which are accessed via download/file.php, so the call to swfFile.parent.parent should pull out to the /forum folder for easy checking.

The advantage here is that the check is performed by the user's Flash player, which can't be comprised by a malicious site (well, so long as Adobe is quick with security fixes). However, even this method isn't that hard to workaround though, as any search in the .swf's code for .url or .loaderURL will soon locate the parts to change. Also, you'll want to include a check to determine if the Flash is running locally,


A combination of the simpler methods could certainly deter attackers though, as the more complex it is to get a stolen flash to run, the less likely a flash thief is to actually bother.

[BlueLight]

So i got a question but i only program with java and i'm new to it.

Why can't you make a string and make the link equal the string and then you scan for character in something else and the string and if they don't equal then it locks the game out.

you could also have it where letters in the URL string and are also in chat text will be drawn from the string and placed in the story. I'm guess there is something in the API where you can pick 1 character in a string and where it is.
Anyways if it's not correct then it mess up the text annoying the players.

You could also run a check to see if words in the chat equal a string if you used above idea.


Now this is pure based off ideas coming from a newbie programmer who has seen some stuff like this in the java API and doesn't know squat about Action script API.

[Renara]

Basically, your two options for link-checking are:

• External API (get values from Javascript or run Javascript function(s)) - this is unfortunately easy to circumvent by providing dummy javascript functions that just return the expected values rather than performing the checks. The checks inside the .swf itself are also fairly easy to find and remove, removing the need to "hack" the javascript parts at all.
• Internal checking of the .swf's host location - this is a bit more secure, but is also fairly easy to remove from the .swf's code.

The root problems here are that ActionScript in a .swf, and Javascript in a web-page are both stored as source-code, so anything you put into them, a malicious user can simply find and remove.

you could also have it where letters in the URL string and are also in chat text will be drawn from the string and placed in the story. I'm guess there is something in the API where you can pick 1 character in a string and where it is.
Anyways if it's not correct then it mess up the text annoying the players.

You mean, for example, that if dialogue in the game reads "Good Luck", and the L in luck is retrieved as the first character of the URL (l in legendofkrystal.com in this case), then when hosted on Funny Games it'd end up reading "Good Fuck"?
A novel idea, however, tying it to a URL in this way would penalise users who downloaded the game to play offline; so if you want people to be able to download the game, you wouldn't be able to use that method as they'd be running it from a different (local) URL. Also, it shares the same issue as URL checking; a malicious user can simply find where you're getting the URL (very easy to search source for), and just manually enter the correct URL such that the text would appear normally.

As I say, the best strategy is really just to accept that the file may end up on one of these sites, but ensure you have a prominent logo that users can use to find the real source of the game, at this point all you have to do is protect the logo. Obfuscation is fine for the extra layer of difficult in order to try and make things more difficult for malicious content thieves, but all of the methods of protecting your game will either make things awkward for your users, or rely on one of only a handful of actual methods, which are easily enough "hacked" by anyone with a Flash decompiler.

[numb3694]

I am sure that it must be realy anoying to se your games end up on funny games and other sites but i would never have found this forum if i hadn´t found some of your games on FG

[urielmanx7]

One thing that should be pointed here, its that there will always be ways of decompiling something, and always be people posting your stuff on other sites, so instead of naming this thread "How avoid your work to be stolen"n it should be "How reduce your work to be stolen".
In another note, i tried the program hnyarly mentioned, but i stopped using it, cause all the people that tried my game compiled in it got an error and couldn't play it, but its a very good way to prevent people to stealing, hell if the people that were MEANT to play it, couldn't, just think the ones that aren't, lol.

[WonderGamer]

I can understand the concern to protect your work, but like numb3694, I also wouldn't have found this site if it weren't for content posted on other sites. I'm not saying that's a reason to leave your work out in the open, but it does gain you more web recognition if you provide a link to this site. Perhaps embedding a link to your site would be a better idea.

With that aside, there are a number of ways to protect your work, one of the most common ways being URL keys. What this would do is check the URL of the source page. If the source URL does not include the URL key, then you can have the flash do a number of things:

• The flash will not work & will just appear to continue loading (one of the more common ones I've seen).
• The flash will return a demo version of the game rather than allowing you to play the full version, in many cases providing a link to your site to play the full version.
• The flash will display a "This flash has been stolen!" message, not allowing you to see anything.

In any case where you are using URL keys, you are going to need to keep the source code for your flash handy in case you need to make changes to the URL key or make an alternative version for another site. In some cases, the URL that you will need to use will be different than from the site that you are posting the information on (NewGrounds being one example).

[worms]

I can understand the concern to protect your work, but like numb3694, I also wouldn't have found this site if it weren't for content posted on other sites. I'm not saying that's a reason to leave your work out in the open, but it does gain you more web recognition if you provide a link to this site. Perhaps embedding a link to your site would be a better idea.

With that aside, there are a number of ways to protect your work, one of the most common ways being URL keys. What this would do is check the URL of the source page. If the source URL does not include the URL key, then you can have the flash do a number of things:

• The flash will not work & will just appear to continue loading (one of the more common ones I've seen).
• The flash will return a demo version of the game rather than allowing you to play the full version, in many cases providing a link to your site to play the full version.
• The flash will display a "This flash has been stolen!" message, not allowing you to see anything.

In any case where you are using URL keys, you are going to need to keep the source code for your flash handy in case you need to make changes to the URL key or make an alternative version for another site. In some cases, the URL that you will need to use will be different than from the site that you are posting the information on (NewGrounds being one example).

yeah, me too but the people think that we specialy posting unfinished games

[Renara]

With that aside, there are a number of ways to protect your work, one of the most common ways being URL keys.

All the same issues for any kind of URL checking exist with this method as well unfortunately; if the thief gets the game from a legitimate source but later find it doesn't work on their site, then all they have to do is look at the valid URL to see what data is being fed in, and copy it into the Javascript or ActionScript function that does the checking.

Also, this method can have the unwanted side-effect of causing the game to break on sites that distributed servers; I don't know if Newgrounds still does it, but some sites have copies of the files on one or more machines, or move the files around in order to load-balance the machines (so that all popular files aren't being loaded from the same server). This has the effect that for many such services, the URL that your game is loaded from may differ, requiring you to actively monitor the situation and frequently update your game with new URLs which isn't really feasible as everyone moves onto something else eventually, at which point you may start forgetting to update the game, causing it to stop working for regular users.

As I say, any form of URL checking is relatively easy to circumvent, and only makes your game prone to failure in unexpected situations (a legitimate URL change, or a user downloading the game to play offline), which only causes problems for your players.

[ixwq]

There are two kinds of user: There is the large group who couldn't care less. No need to protect against them.
Then, there is the group who really wants to see how you did it. There is no way to protect against them. They have all the tools and the knowledge to circumvent any protection you could come up with. You could use obfuscation but that's going to cost you money and time, so in the end, you can only lose.
Create a great product plus offer good support and people will be willing to pay for it. Castle building didn't work well in the past (lot of effort and it took just a couple of stones to tear them down) and it surely doesn't work today.
If you're afraid that your ideas are going to be stolen, then look for a new job, because they will be and there's nothing you can do.