DCOMsoft SWF Protector 2
Company: DCOMsoft
Product: SWF Protector 2
Price: From $39.95
Note: This review is for an outdated product. For a review of SWF Protector 3, see here.
About a week ago, DCOMsoft emailed me to ask if I’d be interested in trying out their SWF Protector 2 product and posting my thoughts in exchange for a licence. I’d like to stress that in no way does providing a license obtain a favourable review for any old product – I always approach a product objectively and will post both positive and negative findings whether the review is commissioned or not.
So, on with the review. On installing the application it came to time to register it. I copied and pasted in the serial and hit the Enter button without noticing that I hadn’t selected the serial number properly before copying and had missed off the last digit. The little registration window closed and gave me no feedback, so it wasn’t until I tried to run the application again and found that it wasn’t yet registered that I noticed that the registration had failed. I tried again, this time re-selecting the serial number and making sure I had it all in there, and it then gave me a message confirming registration. For instances where a mistake like this can happen, it would be worth having a message to say “Registration failed” or “Incomplete serial number”, but that’s a minor gripe.
Once registered, the application’s interface is very clean and quite minimalist. The first thing I noticed – and with some excitement – was an “Add folder recursively” button which, I’m pleased to say, works a treat. The application adds all of the SWFs contained within a parent and all child folders, tells you their protection status and offers the ability to open each one if you need to make sure you’re looking at the right file here.
As opposed to SWF Encrypt which shows you all the SWFs in a directory and asks you to select all of the ones you want to obfuscate, SWF Protector 2 assumes you’ll want to protect everything by giving you just one “Protect all” button. This makes sense, because if you didn’t want to protect your SWFs then chances are you wouldn’t be using the application in the first place. If there are any SWFs in there that you don’t want to protect however, you can simply remove them individually from the list before hitting the “Protect all” button. Alternatively, if you do only want to protect a single file, you can right-click on that file and select “Protect one file” from the menu.
Having had SWF Encrypt crash on me a few times after trying to obfuscate a file that was currently open inside the Flash IDE, I was curious to see what SWF Protector would do in this case. It didn’t disappoint, prompting me with a message stating that it could not overwrite the file – a much more elegant solution that simply crashing unexpectedly!
When my target file wasn’t open inside Flash’s IDE, SWF Protector 2 further impressed by renaming the original file “example_original.swf” and creating an obfuscated version with the original file’s name. This eliminates the issue I outlined in SWF Encrypt’s case where you either have to rename all your files manually or change all of your file links on your server to take into account the different name of the protected file. Bonus.
I also wanted to see what SWF Protector 2 did when revisiting a previous project – would it remember the last location or would I have to navigate to the project all over again? It actually remembered my previous location, and did so even when I closed the application without protecting any files. Excellent.
Also available at the top of the screen is an Advanced option which lets you configure the level of obfuscation – either on a per-class basis or you can set the level for the entire file. I took an unprotected SWF that was 518kb in size and ran it through the obfuscator at minimum settings and the output was also 518kb. I ran the same file again at maximum settings and this time the output came out at 555kb, so obviously the level of protection is such that it can make anywhere between 0% and 10% difference to the file-size – exactly how much protection you apply is up to you, so you can balance protection against file-size depending on the exact needs of your specific project. This is another feature that is missing from SWF Encrypt.
One bug that I did notice in SWF Protector 2 though was that after protecting a file in Advanced mode, the “Protect all” button would not become re-enabled for me to run another pass despite me selecting a new, unprotected file. To get the button back I either had to switch to Simple mode or restart the application and switch back to Advanced mode. This isn’t a deal-breaker, as you won’t be re-protecting files with different levels of security one after the other very often (if at all), and I only noticed it because of the test I was running. However, to get top marks an application does need to be bug-free, so I’ll have to take this and the failure to notify on a failed registration into account when coming up with a score.
The fact that SWF Protector 2 not only does what it says on the tin but does so with much more thought towards usability and thus efficiency of use does make it a better product than SWF Encrypt. I’m sure DCOMsoft will endeavour to resolve the two small issues I experienced with the application as soon as they read this post, whereas from past experience (here, here and here) I know that Amayeta is unlikely to even care about SWF Encrypt’s bugs, let alone fix them. Being a better product is one thing, but being a better product that costs only a third of Amayeta’s price (the personal license costs just £25, though you’ll probably want the business license at £39 to be able to use it commercially) is just great and easily makes it a recommended product.
8/10
Coming soon: A review of how these SWF protectors stack up against SWF decryption tools.
Dear Gareth,
In the name of DComSoft I would like to thank you for such interesting review and of the bugs you found. Want to assure you and you readers that the bugs will be fixed in next build of SWF Protector!
Regards,
Alexandre Chevalier
DComSoft, Inc.
Sorry, forgot to mention that the 1st bug is actually some kind of security system which makes a cracker to do not try crack the software. It is difficult to explain and I deem no need to do this, but it is related to Cracker mentality.
Regards,
Alex
Hi Alex
Thanks for the comments.
I know it’s common practice to not tell a cracker which field is incorrect (rather than say, “your password was wrong” or “your username was wrong”, you say “your login was wrong”) and this keeps them guessing.
However, I’m not sure I see how quitting without any error message at all is any worse than simply saying “registration details were incorrect”. You wouldn’t be telling the cracker exactly what is incorrect so they’d still be guessing, but you’d still be telling legitimate users that there’s a problem with the registration.
It seems DComSoft does not understand the word obfuscate well. I wrote a small app that reverses their “obfuscation” over the weekend. It literally took me less than an hour to figure it out. I don’t think anyone will need a free copy of SWF Protector after you see http://www.swfdecrypt.com/
Check it out, it works for Amayeta’s SWF Encrypt too. Use it on your own files only to verify if the protection solution you paid for really works.
Hi Magus
I’ve allowed one of your messages through (this one since it was the first) but all the others have been deleted. Please don’t flood my comments board like that again or I’ll have to ban you permanently. Thanks.
I tried your application on a protected SWF I had readily available and it gave me an error message. I then spotted that it’s only claimed to work for AS3 files, whereas my test SWF as AS2. I’ll try it on an AS3 file later.
@Magus,
I have tested your tool and it really works. It removes “Protect” algorithm, which called to crash SWF Decompilers… Next my test was Obfuscation, yes it de-obfuscate as well… but after I have compared the sources I found that not all values had been de-obfuscated. So looks like your tool is working but not that good way like you said.
Additionally want to say that there was a huge promotion of this software in different software catalogs, twitter, blog comments, etc… Pretty much for FREE software… ha? Pretty much for some guy who just decided to open eyes for Flash Community and spend a few hour on weekend for this)))).
This is very suspicious.
Also it does not work with AS2. Why? AS2 is still popular! Can you please spend few more hours to make de-obfuscation tool for AS2 as well. ))
So who are you? whom do you work on?))
I did not mean to de-obfuscate anything. But some function parameters might be removed (not de-obfuscated) if SWF Decrypt had a problem reading them. You can think of this as an obfuscation feature ;)
If a twitter account, a blog, a 2 pages website, and 2 comments on other’s blog posts is a huge promotion campaign, then maybe I should leave coding and switch to marketing :) … Your other questions are answered on my FAQ page.
@Gareth, I’m sorry about the multiple comments, I was a bit over excited about this.
Hi Magus
That’s fine.
So you’re nothing to do with this then? It’s a job posting from Kindisoft asking for someone who works with the technologies that you have used with your application, and I see that one of the obfuscators you recommend on your site is SecureSWF.
2 + 2 = 4?
;)
Gareth,
Kindisoft is not related in any way to Swf Decrypt or Magus.
I don’t understand how we could have hired someone after the 17th of March (check the job post date, less than a month ago). And they could, within two weeks, write and publish an application that makes two well known products, that have been selling for years, absolute. This does not make any sense. And, by the way, we just started interviewing the applicants 2 days ago. Didn’t make a hire yet.
Most people recommend secureSWF. Ask that on any forum, and almost everyone will recommend secureSWF.
Hi Ammar
While I’m flattered that the CEO of Kindisoft himself would feel the need to wade in on a conversation made up of idle speculation, I think it’s clear for anyone to see that my post was just that – playful speculation – and nothing more. The “2 + 2 = 4″ bit at the end for instance is a nod to the “adding 2 and 2 together and coming up with 5″ saying, and if you look closely there’s also a winking face right there at the bottom.
I wouldn’t have even attempted to put it to anyone that my suggestion was grounded in any kind of reality without seeing some real proof beforehand – not that it particularly bothers me even if it was true. I must admit though, that I find it quite bizarre that Kindisoft’s CEO should make the time to rubbish such a suggestion mere hours after it was made if it really didn’t contain any truth.
I’m also not sure I’d agree with you that it “does not make any sense” that one could think you might have hired someone 28 days after you advertised for the job. I mean, 28 days to interview and hire a good candidate who isn’t currently subjected to a notice period is plenty of time. If that person also had a decompiler that he’d been working on for a few months but no finance for marketing then what better way to make a splash with his new employer than to bring it along to the party? I really don’t see what’s so confusing about that to be honest – such things happen all the time.
Still, “a guilty conscience needs no accuser”, as they say! ;)
The follow-up notification does not work.
I do not work for KindiSoft or Ambiera. I recommended their products because they rely on renaming classes and variables. Which I think cannot be reversed at all. As Roy pointed out, SWF Decrypt does not de-obfuscate function parameter names renamed by SWF Protector.
You can think of SWF Decrypt as a cleaning software :) . It cleans the few junk instructions software like SWF Protector and SWF Encrypt add to your SWF file. BTW, it can also remove some of SecureSWF’s protection. Namely the protection Dynamic code wrapping option adds in SecureSWF. Check it out!
@Magus
I think the follow-up feature only works when someone is specifically replying to your post. When someone merely adds to the discussion without specifically replying to a particular post, that’s not counted.
At least, I hope that’s the case because if not I have a broken plug-in!
On a different note, thanks for clearing everything up.
@Alexandre
The bug which closes the program with no warning at all when entering a registeration key incorrectly?
That’s bloody pathetic, hate it when companies care more about keeping themselves safe than their legit customers.
I recently purchased this program and received my registration key, but it’s not working – the program just closes but it should be a legit key considering it came from the official E-Mail, but no – they gave me a defect and I’m not sure if it works or not because the program just closes. That’s extremely awful GUI design.
@NotSoHappyCustomer
I’d agree that the way the application simply closes without warning on an invalid key gives a poor user experience. DCOMsoft seem sure that this is the intended behaviour, but it’s either a bug or a really stupid design choice in my opinion. A simple error message would have been enough to alert a legitimate customer to the error without giving crackers any help.
On a different matter, I see you’ve commented on the review for version 2.0 of the software – is that what you’re using? Version 3.0 was released last week and is reviewed here.
Hi
I will purchase Flash Secure Optimizer from eramsoft.com can you review product it is secure for my flash games?
Thanks.
Hi Javid
Unfortunately I don’t have much time for reviewing Flash obfuscators and decompilers these days! You should be able to find other reviews on the product on the internet or if you want to go with something that I know works well, there’s SecureSWF by Kindisoft. It’s more expensive, but it has several features not seen in the others.
Gareth