As regular readers will know, we've been done over with a hacked version of "Law of the West". Instead of just bitching about it, we've decided to be pro-active.
This is going to take a number of forms, one of which is SICO, or "Source In, Crap Out".
We looked at what encryption and obfuscator software there is out at there, and came across irrFuscator. It looks pretty cool, and at 69 euros isn't going to to break the bank, but it also looked like it was something we could do ourselves without too much effort.
Where SICO fails compared to irrFuscator is that from what I can tell it takes the whole project and messes it up, so public functions ( And therefore getters / setters ) get screwed with too, whereas our project just takes one file and so has to leave anything which could be called from a different class alone.
Also it converts strings, but it looks costly. Looking at the example on their page, "end" gets converted to irrcrpt(23, "uzd."). That kinda looks like a static class is added to the project with a method called irrcrpt, which takes the first value as the "key", and I guess it's just a simple XOR with the string value.
Fine for scrambling a filename, but I think it would be too harsh [ In performance terms ] to do that to every string in the game, so it's easy enough to just add a method in like that by hand for your filenames / passwords / cheat codes etc.
( In case this reads like I'm just bashing irrFuscator, I'm really not. It's better than SICO, I'm just pointing out the differences ).
So what can our baby do ? Here's the loader class we use for it:
package Classes {
import flash.events.Event;
import flash.net.URLLoader;
import flash.net.URLLoaderDataFormat;
import flash.net.URLRequest;
public class IO {
//---------------------------------------------------------------------------------------
// Properties
//---------------------------------------------------------------------------------------
private var loader:URLLoader;
private var callBack:Function;
//---------------------------------------------------------------------------------------
//Constructor
//---------------------------------------------------------------------------------------
public function IO(){
/*
Null constructor, we don't need to do anything here
*/
}
//---------------------------------------------------------------------------------------
// Public
//---------------------------------------------------------------------------------------
public function toString():String {
return "IO";
}
//---------------------------------------------------------------------------------------
public function loadScript(filename:String,callBackArg:Function):void{
callBack=callBackArg;
loader = new URLLoader();
loader.dataFormat=URLLoaderDataFormat.TEXT;
loader.addEventListener(Event.COMPLETE, xmlLoaded);
var request:URLRequest = new URLRequest(filename);
loader.load(request);
}
//---------------------------------------------------------------------------------------
// Private
//---------------------------------------------------------------------------------------
private function xmlLoaded(eventArg:Event):void{
var source:String=eventArg.target.data;
callBack(source);
}
//---------------------------------------------------------------------------------------
}
}
And here's what it looks like after being run through SICO:
package Classes {
import flash.events.Event;
import flash.net.URLLoader;
import flash.net.URLLoaderDataFormat;
import flash.net.URLRequest;
public class IO {
private var _V64K0q:URLLoader;
private var _87qjufb1lsM:Function;
public function IO(){
}
public function toString():String {
return "IO";
}
public function loadScript(M85u8En4i:String,_87qjufb1lsMArg:Function):void{
_87qjufb1lsM=_87qjufb1lsMArg;
_V64K0q = new URLLoader();
_V64K0q.dataFormat=URLLoaderDataFormat.TEXT;
_V64K0q.addEventListener(Event.COMPLETE, _v1zr6rD62q);
var kDu541CN2C5:URLRequest = new URLRequest(M85u8En4i);
_V64K0q.load(kDu541CN2C5);
}
private function _v1zr6rD62q(_wVl6q:Event):void{
var n1XScOB03y:String=_wVl6q.target.data;
_87qjufb1lsM(n1XScOB03y);
}
}
}
Pretty mashed up. There are still some quirks to it which need ironing out, and it's not got a list of reserved words or anything that cool, but that code is nasty once run through it.
Next we need to actually make some sort of front-end for it, ideally using Air to get to play with that, more possibly with Zinc to make it easier, and then decide what to do with it. It won't ever be for sale, it may be a case of we just give it to friends and let it spread gradually like that, we're not sure yet, but it will be given away. There's no point bitching about hacking, and then coming up with something that makes our stuff safe and screw everyone else.
And that's part 1 ( Or 0.5 ) of our push to try and get the community as a whole being a bit more protected, there is more to come. Olli and I have had some long chats the past couple of days. We both came to the conclusion that yeah, having hacked games floating around sucks, but there are some things which are more acceptable than others.
If LoW had been hacked to use the hi-score component of the system it's been hacked for ( Some "shovelware portal in a box" system ) and everything else had been left intact, then we can swallow that. Just. The game gets spread so the sponsors happy, we get our credit out so it's not too bad for us, the ad gets seen etc. It's not that bad. It's only when the game is just ripped of everything like that we get pissy.
Part of this process of stopping it is to actually get involved with the boards that link these games, for fear of sounding like a politician, it's about education. A lot of sites with hacked games on are run by decent people, just trying to make a couple of quid, and not really knowing about any harm they could be causing 'cause they never ever have any contact with a developer.
Flash games are percieved as such a throw away commidity that the line between IP theft and hosting becomes very blurred. A lot of people who run boards wouldn't dream of hosting mp3's, but see Flash in a totally different light.
We really fucking resent having to spend time on things like this, but if we're in the position of toying with ads and sponsorship as well as the client based work, then we need to protect our IP. Like we all do.
There's more coming,
Squize.