New Website

[r6_philly]

That kinda doesn't make sense.

To get all technical...
Once I request the HTML page, the browser/HTML code will request the embedded Flash.. I can see ANY and ALL requests from my browser, since I have a proxy software.

So going on that.. once I have the Flash file in my browser window (loaded) then to make any communication back to the server it has to send a request... well guess what.. I'll see that request.

So once that original Flash file is loaded in my browser.. there's no way out :)

and to clarify, I wouldn't care if you see the request or not, I care when you can't figure out how to generate the response output based on the request.

so unless you go and try out every possible request and then record all the possible response, then embed them directly into the movie.

I guess in the end it can still be defeated, but it would heck lot harder!!!

[ecumike]

OK .. I see what you're getting at, but that's not how a browser works.  The browser can send data via POST or GET (which I can also see in my log window :)) or request a file, then the server returns a file. That's it.  You can't send 'instructions' to the browser. The only thing a browser receives is a file.

So you can't 'really' have the server send only instructions.. it can only send the browser a new file.

And I hear ya with that static crap.  PHP is my new vise :)

[r6_philly]

OK .. I see what you're getting at, but that's not how a browser works.  The browser can send data via POST or GET (which I can also see in my log window :)) or request a file, then the server returns a file. That's it.  You can't send 'instructions' to the browser. The only thing a browser receives is a file.

So you can't 'really' have the server send only instructions.. it can only send the browser a new file.

And I hear ya with that static crap.  PHP is my new vise :)

don't fool yourself, you can receive stream of text "instructions" or code by your flash movie on the client side since Flash 4...

a file is a stream of text characters, what to with the http response is up to the browser, or what is loaded in the browser.

a java app or a flash movie can NOT replace whats already loaded in the browser with the new received http response. rather it can respond based on what has been received.

in another words. you can set info back and forth between the loaded flash movie and the server without ever refreshing the page.

[r6_philly]

and by instruction, I mean text streams that can be parsed by the loaded flash movie to use within itself.

I am not talking outta my a$$ I have done it many times before. I have been building web or intranet based apps for almost 10 years.

[r6_philly]

like you can play a flash game online, then send your score, then have the ranking sent back after the server queries the db...

one of the earliers project I did in Flash 4 was make a game that display various things based on what is sent back from the server each time the movie needed a new phrase...

that was along time ago too... you wouldn't be able to duplicate that movie because you wouldn't know which phrase will get sent.

[ecumike]

Oh, I'm not calling your bluff, I'm just a little hyper right now (just took a Ripped Fuel) and feel like debating. :)
Yea I know, load a .txt file.. BUT.. all you're doing is telling the .SWF to play or do something.. so it's still the same .SWF movie. It doesn't matter how big it is, once I have it, I can see the whole thing. Make sense?

So if you pass in some sorta secret code that tells the current SWF file to go get a new one.. then I'm gonna see that new file request. :)

[ecumike]

Like you can have a game that starts with an intro screen, and you can tell it not to start until it receives some sorta secret code from the server in the form of a file called 'code.txt'

So you import the .txt file and if the code is correct, then 'start the game' ....Well... it's still the same Flash movie.. so all you would be doing is like '_root.gotoAndPlay("Begin");'

So my point being.. it's all 1 big flash movie, so I can see it all, actions and frames. If you have an action in there to POST var code="1234".. then I'll see that button action.  As well as if/when data gets passed back to that movie.. there has to be an action to evaluate that data. So I'd be able to see what the secret 'code' is supposed to be.

[r6_philly]

Oh, I'm not calling your bluff, I'm just a little hyper right now (just took a Ripped Fuel) and feel like debating. :)
Yea I know, load a .txt file.. BUT.. all you're doing is telling the .SWF to play or do something.. so it's still the same .SWF movie. It doesn't matter how big it is, once I have it, I can see the whole thing. Make sense?

So if you pass in some sorta secret code that tells the current SWF file to go get a new one.. then I'm gonna see that new file request. :)

no not to get a new one, but how to play the current one. Or how to generate a symbol, or how to tween the existing symbols.

the point I am trying to make is that a movie does NOT have to be premade to pay. It can be completed AFTER it loads in your browser.  and just because you can hack my front movie doesnt mean you can get the parts that comes to the movie after its starts playing.

for example.

I make a stock ticker movie. each time you load it on my page, I stream stock info to the movie. But if you take the swf file, and place it on your desk top, my server will refuse to stream you the info, then it is useless.

I can stream the text instructions (not premade) on how to make ANY vector symbol in the main movie after you start the front movie and gets authenticated as being in-session.

so you can monitor the info sent to and from the movie. So you would have to try every possible request the movie can make and see what the response the server will return. Then you would have to make a server, or embed all the possible responses in to the swf to make it server independent. It can be done, but will take a very long time.

and then I will just encrypt the info being sent to and front the movie, then you have to figure out how to crack the encryption...

as in anything that has to deal with IT security. NOTHING is truly secure. But I can make it darn difficult that its not worth the time to crack it  :P

[r6_philly]

Like you can have a game that starts with an intro screen, and you can tell it not to start until it receives some sorta secret code from the server in the form of a file called 'code.txt'

So you import the .txt file and if the code is correct, then 'start the game' ....Well... it's still the same Flash movie.. so all you would be doing is like '_root.gotoAndPlay("Begin");'

So my point being.. it's all 1 big flash movie, so I can see it all, actions and frames. If you have an action in there to POST var code="1234".. then I'll see that button action.  As well as if/when data gets passed back to that movie.. there has to be an action to evaluate that data. So I'd be able to see what the secret 'code' is supposed to be.

you are thinking too simple. you are thinking that all the data that the movie needs to play comes with you inital download. and I am just going to activate it.

well I am telling the the data movie needs to play, is not going to come through the main movie. it will come when and however I choose to. and once you end session, you don't get it anymore. So unless you sit around and make sure you get every bit of the movie after how many long it takes, then  you can probably make it run off your site.

if you click the button that says "new box". request is sent to the server, servers returns the coordinates needed to draw the new box. But... this is important. Each time you request it, the server will responde a little different. So the box may have a different color, or different shape, whatever. Some random/dynamic is added to it.

so basically you can never duplicate the movie. Maybe some part of it. But not all of it.

the point is to withhold data. And have the symbols drawn instead of pre-made.

[ecumike]

But... this is important. Each time you request it, the server will responde a little different. So the box may have a different color, or different shape, whatever. Some random/dynamic is added to it.

so basically you can never duplicate the movie. Maybe some part of it. But not all of it.

the point is to withhold data. And have the symbols drawn instead of pre-made.

Right.. I agree with you, and sure, you wouldn't be able to 'duplicate/replicate' the movie exactly, but I would be able to see how you are making it and could make a spin off of it, or use that snippet in my own movie.

It doesn't reverse-engineer the SWF exactly and totally correctly, but it does pretty close, and does allow you to see the actions used. Which is mainly what I would use it for.  If I see something cool that I wanna be able to use.. I can look in the SWF and see how it was done.

Say for in your example.. I don't know how to do it, dynamically, as you did. I could just look at you actions and see how, then edit for my own use.

I'm not trying to replicate/duplicate movies, but rather to use/look at the symbols or actions or whatever.

[ecumike]

I make a stock ticker movie. each time you load it on my page, I stream stock info to the movie. But if you take the swf file, and place it on your desk top, my server will refuse to stream you the info, then it is useless.

Right.. and 'suppose' I didn't know how you made that ticker... I could look in the SWF file and see that you import a data file and parse the variables from it.  OK, so now I can use that same 'action' but feed in my own data for whatever I wanted to feed into.

My point being, that I can see HOW you made the movie, symbols used, actions used, etc. Not that I can duplicate it exactly.