squidder.com » Uncategorized

Auto-Encrypt Assets for Flash

Jon — Fri, 23 Apr 2010 17:22:02 +0000

We here at Squidder often work on sites that tease new information and images through a cool flash interface. You know: you’ve got to unlock x by doing y and then you get rewards z.

One of the biggest challenges we run into when doing those sites is how to keep people from getting that information before we’re ready for them to. Sure we could just load all that junk into swfs and hope that people don’t decompile it. But that’s runs counter to how we usually like to develop things: lots of little, external files, loaded on demand.

But of course, that presents it’s own problem: You, the clever public, can just look in your activity monitor and access the files directly without jumping through all of our cool little hoops.

The solution: ncrypt our external assets and then decrypting them after we’ve loaded the byte data into the flash. Well, that’s easy enough to write a encrypt/decrypted tool using something like as3crypto. But we here at the big S like to be a little lazier. We don’t want to have to decrypt our xml files (or our images, for that matter) to edit and them and then reencrypt them when we’re finished. We’d just rather make the changes and have the encryption only appear on demand when you’re accessing the file from a web browser…

That’s why we were so excited when we found this article over at Zedia Flash Blog, which provides an easy way to encrypt something via PHP and decrypt it via Flash (or the other way around).

So you’re thinking “Ok that’s easy, I’ll just make a php script that gets passed a file via GET or POST that returns the encrypted file like this one”:

 init( "TESTTEST" );
echo $crypt->encrypt( file_get_contents( $_GET[ "fileToEncrypt" ] ) );
?>

Then I’ll just request all my assets like this “encrypter.php?fileToEncrypt=info.xml”.

But that only takes us so far. Sure, you could post that variable, but users could still easily figure out where the “fileToEncrypt” file lives and access that directly.

So that’s where our last ingredient comes in: our friend the .htaccess file:

RewriteEngine On
RewriteCond %{REQUEST_URL} ^/.*xml$
RewriteRule ^(.+)$ encrypter.php?fileToEncrypt=$1 [L,QSA]

As you can see, the server takes all requests for xml files and routes them through the encrypter.php file, which returns the encrypted php file.

As far as the user can tell, the file is well and encrypted on the server. But you, the site owner, can go and make changes to your hearts desire and not worry for a moment about having to re-encrypt anything.

Finally, what makes this the business is that you can auto-encrypt ANYTHING. Swfs, jpgs, pngs, xml, whatever. If you’re loading byte data, all you need to do is load them in via a URLLoader and the use Loader.loadBytes. All you need to do is modify the .htaccess as so:

RewriteEngine On
RewriteCond %{REQUEST_URL} ^/.*xml$ [OR] %{REQUEST_URI} ^/.*jpg$ [OR] %{REQIEST_URI} ^/.*swf$
RewriteRule ^(.+)$ encrypter.php?fileToEncrypt=$1 [L,QSA]

Obviously this puts more of a strain on your server. So it really only makes sense for things that are constantly changing. And of course, someone can just decompile your flash and grab the private key. But if someone’s doing that, well, then we’ve already engaged them in the teaser more than we could have possibly hoped.

Enjoy responsibly.

FreshAirApps.com: a breath of fresh, uh, air.

Jon — Wed, 14 May 2008 01:11:13 +0000

A lot of people really haven’t figured out the best use for AIR apps yet, and we at squidder are no different. Most of time, an online app will let you get away with most everything that you want to do. Personally, I think the infatuation with AIR comes from a desire for flash developers to feel more like ‘real’ developers (zing!).

No, seriously. One of the best ways to see what to do (and what not to do) is to just take a look at what other people are doing. And there may be no better place to do that than at freshairapps.com. Regular expression checker anyone?

And yes, I feel bad for writing that headline.

New 3d platform: so beautiful, should have sent poet.

Jon — Fri, 25 Apr 2008 18:43:17 +0000

The new Alternativa3D platform needs to be seen to be believed.

This kind of stuff makes me love flash and at the same time never use it again. Excuse me while I go weep quietly to myself.

Handiest. MovieClip. Ever.

Jon — Fri, 11 Apr 2008 00:36:14 +0000

One of the best things that has come out of my time with papervision has almost nothing to do with papervision itself. Indeed, it is the little frame rate bar that sits in the upper left hand corner of some of the example files. I use it for EVERYTHING. Just slap it on the root of the timeline and you’ve got a live frame rate reading, easy as pie cake (which is more delicious). I have no idea who wrote it originally, but if it was you, seriously, thank you. Geggy Tah style.

You can pull it down along side the papervision examples. I’ve also packaged it up separately and added it to our google code page. Long term, we at squidder would like to expand on this and include memory usage as well.

Yeah, that’s right, I referenced that Geggy Tah song. Bet you hadn’t thought of that song in like, what, 10 years?

If only Roc was our GarbageCollector…

anguyen — Tue, 08 Apr 2008 23:07:11 +0000

You guys are probably privy to this but here’s a nice write up from The Man himself on garbage collection in as3.

We’re going to start taking care of things here in NY by providing a standard method in (almost) all the swf’s we generate that will take care of killing itself (stopping Timers, tweens, etc) and generally cleaning up its p00p. Of course, this will ultimately depend on ass-tight documentation since we all like to play resource musical chairs on projects…

Finding affordable flash media hosting.

Jon — Tue, 08 Apr 2008 18:46:04 +0000

CDN/Streaming services, like Akamai Stream OS and Limelight, are great. And if you’re going to have a ton of traffic, streaming live events and more, they are indispensable. But what if you have a small project? Or you’re just looking to experiment?

Chances are, if you have a small need, Akamai will just point you to one of their partners that they basically resell bandwidth to. There are many of these partners and, in my experience, probably the best thing is to just call Akamai and ask they direct you to a partner that fits your needs.

But there’s a big difference when you’re calling from a big agency and when you’re calling as a freelancer with a small client.

I’ve experienced both and will say that the latter can often be disheartening. But there are alternatives, which is where Influxis comes in. Don’t let the 1992 green on black design fool you. Starting as low as 10 bucks a month, they are perfect if you’re just looking to get to know flash media server. At the same time, I’ve also used them for much larger scale projects (30k+ server connects in 5 days) and they performed wonderfully.

When big CDNs are overkill, remember that there are reasonable alternatives. I’m sure there are hundreds of other companies like Influxis and if you’ve had a good experience with one, definitely let us know.

Security update may break existing flash, hearts.

Jon — Tue, 08 Apr 2008 17:18:45 +0000

The April 2008 security update for the flash plug-in is coming. And it looks mean, especially if you do a lot of communication between flash and the browser in the form of javascript. While it shouldn’t effect those of you already using allowScriptAccess=”always”, its still worth checking against any flash applications you have out in the wild.

More information, strait from the horse’s mouth.