Accessing Environment Variables in flash

0
votes

I know I cannot access environnment variables directly in Flash.

My project is a local swf file, run from flash player and not through browser. The goal is to protect the SWF to be played from an unauthorized PC. (this is my client requirements).

My idea was to embed it into an EXE (made in Delphi for instance) as activeX. I am not sure it is the best solution.

I think AIR is even more complex to be done.

Besides, how to forbid the access of the SWF directly ? Maybe embedding the swf any way ?

Any suggestions, tips are welcome.

regards

1
apache-flexflash
how to you define an unauthorized PC?divillysausages
this is one who has no environment variable called "authorized" for instance.yarek

1 Answers

1
votes

I'm going to preface this by saying that I don't think there's a 100% way to stop unauthorised access - if there was, there'd be no such things as pirated copies of windows, or flash. The best you can do is make it hard to hack.

Some suggestions:

  • You can actually access environment variables, by calling an external process in AIR, using NativeProcess (this link has a quick writeup: http://www.tikalk.com/js/get-windows-environment-variables-air-application) - but it's trivial to hack the .bat or add the env var
  • You can implement your own serial key system and give out keys to legitimate users. It would ideally need to be verified by a server call
  • You can code a "phone-home" server call - the app won't work without it. How you identify your users is really up to you; you could try via IP, but it's not perfect
  • You could disable local execution (check out SecureSWF), and run it online, behind a login wall
  • You could disable local execution, and run it via an intranet, so people in a company can use it, but not the general public
  • Depending on your app, on startup, you can download necessary files (content) from the web. This can either necessitate a login, or you can block unauthorised IPs. This is how Ubisoft DRM works on some of their games.
  • In a similar vein, you can download other SWF files that contain the actual logic of your application. These SWFs would only be stored in memory, never saved to disk

With all of these, the app can eventually be hacked open and modified (e.g. your server-check code could be removed, so the phone-home never happens). At the very least, run your SWF through something like SecureSWF (http://www.kindi.com/) to obfusticate the code before any public release.

It all comes down to how much effort you want to put into tackling the issue. For all the of suggestions that involve the internet, if the network is down, you won't be able to use your app, which understandably will cause frustration. For all of the suggestions that don't involve the internet, you will never know if it was successful or not.