Company: Kindisoft
Product: SecureSWF
Price: From $99

Kindisoft’s SecureSWF is the latest Flash obfuscator to go under the microscope (SWF Protector 2 and SWF Encrypt are reviewed elsewhere), so as the most expensive of the three (when considering the luxury versions), how does it stack up in terms of interface, functions, usability and stability?

Having downloaded the .zip file from the website, the first thing you notice is that there’s no installer. SecureSWF comes in a .zip file ready to extract and use without installation which has both pros and cons, though the benefits do outweigh the drawbacks. You can stick SecureSWF straight onto a USB drive like a portable app without worrying about whether or not it will run (assuming Java VM 1.5 is installed on the target machine), though if you believe in consistency you’ll have to manually stick the folder in your Program Files directory and create the relevant shortcuts in your Start Menu or favourite application launcher. As I said, the benefits do outweigh the drawbacks and I’m not suggesting that this is an issue – it’s just an observation.

So, after settling on where you’re going to run SecureSWF from, the next thing you notice after running the application is the number of options available. Compared to the other two solutions, there is a lot going on here (even the entry level SecureSWF has more options than both SWF Encrypt and SWC Encrypt combined), and it does seem a little daunting at first, but you quickly come to realise that it’s actually not that bad.

There are five tabs along the top – four of which contain settings and the last one is a status summary page. The fourth tab is just a rules page that overrides some of the options on the previous tabs, so in reality you have just three options tabs to familiarise yourself with rather than the initially anticipated five.

The first tab is the lightest on the options with just a SWF selection area, a list of presets to choose from and somewhere to specify the output location. You can select multiple files to import from the file browser (SWF, SWC and AIR formats – the others can only do SWF), though unfortunately there is no recursive import. There are five presets to choose from ranging from most- to least- aggressive, and a custom option should you want to tweak any of the presets yourself.

The second tab gets into more detail, allowing you to completely customise the level to which identifiers are renamed. Everything including local identifiers, labels, instance names, global variables and class members can be renamed to your exact requirements, and there’s even a tree structure that allows you to go in and select individual values. While this is great for offering the maximum level of obfuscation and the ability to make slight adjustments in the case of too many changes causing problems, I probably wouldn’t spend too much time here as it’s far easier to just let the presets take care of it all. Still, if I was in a situation where the maximum protection was available to me apart from one little identifier somewhere causing a problem, it’s nice to know that I can go in there and make the necessary change without having to sacrifice the security of the rest of the SWF.

The third tab offers code transformation, obfuscation, encrypted domain locking, SWF optimisation and literal strings encryption. The domain locking worked as expected, preventing my SWF from running anywhere other than this website and also from being run locally on my computer. Because I can only tell how well the other features are working by running them through a deobfuscator, I’m reserving those for another article that I’m working on which will be coming shortly.

Obfuscating a test SWF of 1,115kb, SecureSWF delivered a file of 1,156kb on maximum settings and 1,111kb on minimum settings – yes, it was actually smaller than the original. Obfuscation time was quick and on par with the others, and I experienced no crashes or freezes from the software no matter how hard I tried.

SecureSWF is a feature-packed obfuscator that not only works on Flash SWF files, but also SWC and AIR files as well. As the only obfuscator that works with these alternate file types, SecureSWF is really your only option when working with these formats. With regards to SWF files, the level of detail with which SecureSWF allows you to customise its obfuscation is significantly higher than that of SWF Protector 2, and an order of magnitude higher than that of SWF Encrypt.

One issue that always seems to come up in SecureSWF reviews is price. Yes, the fully-fledged bells-and-whistles version costs $400 which is significantly higher than either SWF Protector 2 or SWF Encrypt. However, the obfuscating methods, options and features available in this package – not to mention the fact that it will also protect your Flash components and AIR files – mean that you are getting a lot more here so naturally the cost is going to reflect that. I don’t really want to start comparing SecureSWF with its competitors here because this is supposed to be a review – not a comparison – but when one of the factors that could potentially put people off SecureSWF is its price when compared to its competitors, it’s difficult not to get sucked into such a comparison.

The bottom line is that SecureSWF starts at just $99, which is $151 less than SWF Encrypt and SWC Encrypt combined, but it offers more features than those two and does everything better. In light of that, even if price is an issue for you then SecureSWF blows SWF Encrypt out of the water having beaten it on options, features and price. Where things start to get interesting is when you compare SecureSWF to DComSoft’s $39.95 SWF Protector 2, but for that you’ll have to wait for my Versus feature which is coming soon.

In its own right, SecureSWF is a very impressive tool that is bursting with options and features. Due to the extreme levels of flexibility, it should be possible to tune every possible SWF file so that it’s protected as securely as possible without breaking any functionality. The fact that it allows obfuscation of everything from function names to labels and global variables to class members means that SWF files will be that much closer to being totally secure.

Out of 10, the usability and features on offer here have to command top marks, but I think the price of the professional edition could possibly push the application slightly out of reach for some lone developers. Yes, the Personal Lite Edition is only $99 but if you’re buying SecureSWF then you want the best version. Bearing the price of the professional edition in mind and the fact that a portion of its features are found in a product that only costs 1/10th as much, I’ve got to take a mark off. However, the wealth of additional options and features that you get for your money, their importance and the extra protection they bring to your work – plus the additional format support of course – mean that it’s just a single mark.

9/10

Coming soon: A review of how these SWF protectors stack up against SWF decryption tools.

Not happy with the transfer rates I get with my Thecus N4100Pro, I decided to look into what could possibly be the problem. It turns out that with overheads, the maximum transfer rate I’ll get from it is around 8-10mb/sec – if I’m lucky. Since I deal with large files on a regular basis, this has already gotten to the point where it’s beyond doing my head in, so I decided to upgrade my router (which doubles as a switch for 3 devices) to a gigabit model. That way I could expect transfer rates more along the lines of 70mb/sec, apparently*.

* I say apparently because while the maths behind that increase ratio does make sense, the maths also predicts transfer rates of more like 12.5mb/sec on a 100mbit line – so to be getting 8-10mb must mean there’s quite an overhead involved…

Anyway, after looking around I settled on a D-Link Xtreme N Gigabit DIR-655 and promptly searched for some prices on Google Products.

PIXmania was the first name that I’d heard of before (and bought from previously), so although they weren’t quite the cheapest I decided to go with them – the power of brand recognition working a treat. PIXmania had it for £79.90 including VAT, so I went to the site, added it to my basket and went to checkout. Just then Firefox crashed, so when it loaded back up I manually navigated to PIXmania’s site and searched for the router. To my amazement the router was now £96.98 including VAT! That’s a 21% increase in price, with the only difference being that on the first occasion I was referred from Google Products and on the second there was no referral.

I went back to Google Products and did the search again from there. Sure enough, the router came up again for £79.90, so this time I went in and bought the router from there. I checked out, paid via PayPal and now have an email receipt for £79.90.

It would seem that PIXmania is slashing prices on price comparison websites to make themselves more competitive, yet hiking them up again to non-referrals who are unlikely to have compared their prices before making a purchase. The moral of the story here is to always use price comparison websites whenever you’re making a purchase online!

I noticed a lot of traffic coming from the SWF Decrypt blog so I decided to take a look and see what was going on over there. It appears that Magus, the blog’s admin and author of the above named software has gotten pretty excited about DComSoft and Eltima being the same company. The reason for this is supposedly because both companies sell competing software – a SWF obfuscator and a SWF deobfuscator respectively, though an additional reason I think would be that for a few weeks now Magus has had a bee in his bonnet having broken DComSoft’s SWF protection and he no doubt sees this as a way of sticking the boot in.

To be honest though I wouldn’t at all be surprised if they were the same company:

• From correspondence I’ve had with reps from both companies, English is not their first language despite the USA being their registered addresses.
• When reviews of software from both companies go up on this blog, it’s Ukrainian traffic that comes for a look in both cases – not American.
• In all the correspondence I’ve had with these reps, their writing style is very similar.
• Products from both companies use the same activation tool and, as it would seem, the same EULA.
• Lastly, Eltima contacted me to offer me a review sample the *same day* that the DComSoft SWF Protector 2 review went up.

The thing is, who cares if they are the same company? Hundreds (if not thousands) of companies all around the world sell products that compete against each other – it’s known as a Multibrand Strategy or Multiple Branding and is defined below:

Marketing of two or more mutually competing products under different brand names by the same company. The motive may be that the company wishes to create internal competition to promote efficiency, or to differentiate its offering to different market segments, or to get maximum mileage out of established brands that it has acquired.

Source: http://www.brandchannel.com

One example would be BT, the UK’s telecommunications giant offering one phone number for recipients to tell who just called (1471), and another number to prevent this service from working if the caller doesn’t want the recipient to know who they are (141). Another would be that the same cosmetic companies offer both nail varnish and nail varnish remover. This really isn’t anything new.

In fact, you could even argue that a company that makes one product would be the best choice for a competing product – after all, the best lock-pickers are all lock-smiths.

Perhaps DComSoft’s/Eltima’s mistake is making themselves look suspicious by denying the link – or at least failing to acknowledge it – when accepting the link would have been no big deal to anyone with even a basic understanding of the markets.

Finally, it’s worth pointing out that however unlikely it is that this is all coincidental, it’s not an absolute impossibility that these two companies are independent. While we can all speculate I think we should wait to hear from a rep from either company before making such conclusions.

I signed into YouTube to watch one of those “Downfall” parodies and to my surprise noticed that one of my sisters, Gwenan, was being recommended as a subscription feed.

I decided to check out her video stream and whilst I was initially disappointed to see that she had uploaded just one video, that video would turn out to be quite funny. Here it is:

So girls, what’s the next challenge going to be?

Yesterday I was reading through my RSS feeds, catching up with the world’s news and this one about the iPhone 4G on Engadget caught my eye. Engadget had some (slightly blurry) images of what was supposed to be the latest version of Apple’s best-selling iPhone, reportedly found left behind at a bar in a 3G case. The whole article was written in a sceptical tone and an update at the bottom confirmed that the phone was indeed a fake. The update linked to a Twitter page that seemed to be home to several independent sources claiming the phone was a cheap Chinese knock-off. The tone of the update was pretty bullish because they had apparently been offered time with the phone for $10,000, but had decided not to proceed because they suspected it wasn’t a genuine item. They then took great pleasure in informing the rest of the internet that in their wisdom they had not been fooled by any of it – and that pity should be bestowed upon anyone who had.

Well, what a difference a day makes!

The same phone has now turned up on Gizmodo, and not only do they have lots of hi-res photographs of it but they’ve also examined it inside and out to confirm that yes, it is genuine.

I thought Engadget’s smug proclamation of wisdom and (in this case unfounded) self-belief would look pretty stupid now, so I headed back over there to see how they’d taken the news that they had done a “Decca Records” and passed up the real deal. I arrived at the site to discover that Engadget has removed ALL references to this phone being a fake! They’ve re-written the update at the bottom of the page to say merely that the phone looks like a Chinese knock-off, but the smug proclamation is gone. Not only that, but on another post dated today Engadget has the brass neck to declare “Well, we told you so. The fourth-generation iPhone prototype that leaked its way out into the world over the weekend has found its way to Gizmodo, and they’ve examined it exhaustively, erasing any doubt that it’s real.”

“We told you so”?! Umm, no Engadget, what you actually said was that the phone was a fake! And I guess Gizmodo got the hands-on and photographs because they were “stupid” enough to pay up the $10,000, right?

I’m sorry guys, but I think you had quite an audience when you slipped on that banana skin.

Company: Eltima Software
Product: Flash Optimizer
Price: From $99.95

I’ve been given a few more applications to review over the next couple of weeks, and the first one is Eltima’s Flash Optimizer. Eltima claim that this is the “most powerful SWF compressor available today” and that it is possible to reduce a file’s size by “up to 60-70%” without any loss of quality. Bold claims indeed. So how did it perform when tested?

First, the interface. The application loads up to reveal an interface that is made less daunting to new users by including easy-to-follow numbered instructions within the interface itself:

1. Select the Flash movie to compress.
2. Select the output destination.
3. Enter the desired output name (appending “_opt” to the name is the default behaviour).
4. Select your compression level (and tailor it to your specific needs if required).
5. Click on Preview or Compress.

When you import your Flash movie the interface changes to give you a preview window and some file properties, which include a breakdown of the file’s assets and the percentage of the total file size that each is responsible for. You can then make your compression choice and preview the results before exporting the final version as a new SWF. One thing that I noticed here (thanks to the game’s repetitive title screen music that quickly gets annoying), is that it’s sadly not possible to turn this preview off and the only escape from the audio was to turn down my computer’s volume. I’d recommend either being able to disable the preview, or at least be able to mute the audio for such cases.

Anyway, underneath the preview window is a list of presets (“best”, “good”, “basic”, “medium” and “sprite”) to choose from, which all affect specific optimisation options differently and to a different degree. The “best”/”good”/”basic” settings suggest a sliding scale from most- to least aggressive, so I thought it was odd that the next setting after “basic” was “medium”. However, while “basic” does turn some of the compression settings down a little from “medium” (and disables others completely), it also increases some of the other compression options and so it probably wouldn’t be accurate to suggest that “basic” is less aggressive than “medium” in all cases – it’s just different. I suppose you need to play with each option to see which is best for you and your particular project, but that’s obviously why there’s a preview window included.

So, how did Flash Optimizer perform? For the test I used Santa’s Parcel Drop, a game that Quak Multimedia was commissioned to develop a few years back. The game features jpeg, PNG and vector graphics, along with dynamic and static text and embedded audio – so a pretty good all-round test subject.

First, here are the file sizes of each of the games published, starting with the original game and then each unmodified preset:

Original game: 680kb
Best: 244kb
Good: 339kb
Basic: 668kb
Medium: 531kb
Sprite: 582kb

Unfortunately each of the presets attempted to compress fonts for me, and as you’ll see in the screenshots this resulted in the HUD totally disappearing from the game which pretty much broke it. I disabled the compression of fonts and for each preset the file size went up around 10kb. It’s worth noting that there are separate tick-boxes and sliders for pretty much every aspect of a SWF that can be compressed, so if you do find something looks unsatisfactory in your SWF after compression you can either scale back the level of compression for that aspect or disable it entirely.

You’ll also see from the screenshots however that some of the more aggressive settings were quite unkind to the jpeg images. They became incredibly blocky, and although this look can be quite fetching (Darwinia, 3D Dot Game Heroes etc), I don’t think that it’s intentional in this case. The vector graphics fared much better, but again I couldn’t be too aggressive with the settings if I wanted to maintain an appreciable level of detail.

The only compressed version of the game that didn’t distort the title screen’s buttons was the “best” setting, which was surprising as I would have assumed this to be the most aggressive from both the way it compressed the jpeg background and its name. I could see from the application that although aggressive in several other respects, “best” doesn’t attempt to delete any unnecessary shapes and morphs whereas the others do.

Even the “basic” preset distorted the title screen buttons (notice the upper left and lower right corners in particular) and the in-game plane and houses (the white lines on the plane’s wing and the window frames of the houses), yet when the fonts were included for the sake of the HUD it only saved me 2kb from the original game.

At this point I wondered if Santa’s Parcel Drop was just being particularly unfriendly to this compressor. I tried Name that Note which is again a mix of jpeg, PNG and vector graphics in the hope of seeing better performance. The results were the same – unusable assets from the most aggressive settings, and assets that had minor but noticeable imperfections on the less aggressive settings but no significant saving in terms of SWF file size.

One thing I did spot that could be useful was a “force to jpeg” option for images, and this could shave a few kb off a file when used properly but only on PNGs that don’t use the alpha channel which, if your graphic designer is doing his/her job properly will already have been done in the FLA anyway.

Due to the nature of compressors detail is going to be lost somewhere along the line no matter what you do, but when detail is so blatantly sacrificed for the sake of a few kb it’s hard to recommend as a process. Some SWFs will perform better of course, with some vectors in particular lending themselves to the compression process more favourably than others (these SWFs tend to be the kind used as examples on compression product websites to show the benefits of using the product), but in the real world such SWFs are few and far between and most of us work with vectors, jpegs, PNGs and even bitmaps.

There is the matter of audio, which obviously isn’t apparent here because the results are presented as static images but there was a saving in terms of file-size there – but again at the cost of quality and as I had already set the mp3 to the bit-rate that I felt was a fair trade-off between quality and size, I didn’t have any room to play with here either.

Sadly, Eltima’s claims that files could be reduced in file size by 60-70% without any loss of quality isn’t even within sight on Santa’s Parcel Drop, let alone within reach.

I haven’t used a SWF compressor since Optimaze! (long since dead, last updated in 2002) back in the Flash 5 days, so I really wanted to like Flash Optimizer and hoped it would be the answer to squeezing a few more kb out of my existing SWFs. Based on the results from Santa’s Parcel Drop however, they just aren’t there to be squeezed. Since the days of Flash 5, Flash’s compression has been tweaked and tightened to the nth degree and as long as you don’t do anything stupid like embed PNG files that are several times larger than they need to be, or embed simple sound effects at 320kbps, a published SWF’s size is already quite minimal.

The extreme loss of quality on the aggressive settings and the negligible file size savings of the less aggressive settings mean that in this case at least, compressing a SWF further simply wasn’t worth the time it took to do so.

It’s difficult to come up with a score for this product because the problem here isn’t so much with the product itself but with what it’s trying to do. The application itself seems very well done, very polished and offers a lot more options and settings than Optimaze! ever did, and yet it’s unlikely that I’d use it on any of my SWFs because I suppose there just doesn’t appear to be any fat to trim in the first place. In trying to cut out some of the non-existent amounts of fat in my SWF, Flash Optimizer is cutting out some legitimate meat. As such, Flash Optimizer seems to be a solution without a problem.

Giving this application a low score feels like giving a professional cleaner a low score for not finding much dirt in one of Intel’s semiconductor labs – justified if I’m marking on productivity, but unfair because there just isn’t anything there to find. In the end though, I have to mark Flash Optimizer not on the quality of its interface or the high level of customisable options, but on the usefulness of the product, its importance in the development cycle and its cost, and for this reason…

2/10

Company: Eltima Software
Product: Recover PDF Password
Price: From $39.95

Shortly after my SWF Protector 2 review, Eltima Software contacted me and asked me if I’d be interested in reviewing their Recover PDF Password software in exchange for a license. I required the services of such a tool just a couple of months back and at the time I used a 50-use trial from another vendor, so I knew that this was something that could come in handy.

I installed the application without any problems, though as it uses the same registration format as SWF Protector 2 it’s probably susceptible to the same issue if you happen to not put in the correct serial.

When the interface opened up, I was surprised to find that this tool is actually a brute-force password cracker rather than a password removal tool like the one I used a couple of months ago. Why would you need to spend time guessing a password if it can simply be removed? How curious!

The answer as I discovered after a little research (I don’t tend to use PDFs much in my line of work) is that PDFs have different layers of protection. There’s a “user password” and an “owner password”, and the “user password” protects against the opening of a file, printing and even copying and pasting of text and graphics, whereas the “owner password” protects against making changes to the document.

The PDF I unlocked two months ago only had protection against copying text – I was able to open and view the file without any problems, so obviously that aspect of the “user password” had not been used and as such the file was not encrypted. Because the file wasn’t encrypted, the tool had been able to simply change a couple of bytes to disable the requirement for a password and had unlocked the printing ability for me pretty much instantly. However, had the file been protected against opening – and therefore been encrypted (128-bit AES encryption by default) then this tool would not have worked and the only way round this is by brute-force – which is where Recover PDF Password comes in.

I created a PDF and set the “user password” as “t3st”. I opened it in Recover PDF Password and as I knew the password was made up of lower-case letters and numbers, I selected numerals and lower-case letters from the options. Of course, if I really needed to use this tool the chances are I’d have no idea what the password was and as such would have to tick every box on there (including upper-case, special symbols and spaces), which would dramatically increase the time taken to crack the password as the number of potential combinations sky-rockets. The default length of the password to crack was 1-8 so I left it at that.

On an Intel Core 2 Duo laptop clocked at 2.2ghz, the password was cracked in just over a minute. A popup window informed me that the password had been cracked and it also told me what it was. It then asked me if I wanted to save a new version of the file that had the password removed.

I decided to test again but with every combination ticked to see what difference it made to the time, and as expected it was significantly higher at 58 minutes.

It’s important to note that the fact that it takes so long to crack a password this way is not down to any shortcomings with the software – there are just so many combinations of passwords that it naturally takes time to check them all. Even a password of 4 characters in length has over 78 million possible combinations when using all of these different characters (as a comparison, when using just lower case letters and numbers there were only 1.7 million possible combinations), so that the password was cracked in just 58 minutes is actually pretty impressive as it gives us a rate of around 22,500 password tries every second (maximum, though the real value will most likely be less as it’s unlikely that it had to try every single combination before arriving at the actual password).

There are more advanced options as well, such as being able to specify patterns within your password such as “pass??rd” where only the question marks are tested, but again this would only be useful if you already had a good idea of what the password was but I’m suspecting that in most cases you won’t.

I personally use much longer passwords than my test 4-character example when I’m trying to protect something though, and in the event that I’d have to brute-force my way into one of my own files I’m guessing it would take several days if not weeks. Again, that isn’t a problem with the software – it’s a problem with the method used, but when a file is encrypted with 128-bit AES encryption this method is really your only option.

After your file has been cracked it’s added to a history tab so that you can keep track of your passwords without having to have them cracked again, assuming of course that you don’t simply save the cracked version instead.

So, to round up if you have a PDF that you can open but it has limitations like not being able to print or copy/paste the text, your best way forward is to use a simple password removal tool as there’s no point trying to work out a combination on a lock if you can just break it off. On the other hand, if your PDF won’t even open without a password then a brute-force crack is your only option and in this case you need Recover PDF Password from Eltima Software.

Marks out of 10? Well, the software does exactly what it’s supposed to do and does it well. Brute-force cracks are always time-intensive due to their nature so it would be totally unfair to mark a piece of software down for not being instantaneous (though from experience this is what a lot of people expect from their software no matter how complex its task, simply because they don’t really understand what’s going on behind the scenes). Perhaps on a geek level it would be nice to know exactly how many combinations the tool had attempted before your password had been cracked, and there are a couple of instances where the software would have benefited from proper translation (when you save the cracked file the message says, “The file is written down successfully”), but for a tool that works through 22,500 password combinations every second in an effort to reunite you with your work, these are very minor gripes.

9/10