Are DComSoft and Eltima the same company?
I noticed a lot of traffic coming from the SWF Decrypt blog so I decided to take a look and see what was going on over there. It appears that Magus, the blog’s admin and author of the above named software has gotten pretty excited about DComSoft and Eltima being the same company. The reason for this is supposedly because both companies sell competing software – a SWF obfuscator and a SWF deobfuscator respectively, though an additional reason I think would be that for a few weeks now Magus has had a bee in his bonnet having broken DComSoft’s SWF protection and he no doubt sees this as a way of sticking the boot in.
To be honest though I wouldn’t at all be surprised if they were the same company:
- From correspondence I’ve had with reps from both companies, English is not their first language despite the USA being their registered addresses.
- When reviews of software from both companies go up on this blog, it’s Ukrainian traffic that comes for a look in both cases – not American.
- In all the correspondence I’ve had with these reps, their writing style is very similar.
- Products from both companies use the same activation tool and, as it would seem, the same EULA.
- Lastly, Eltima contacted me to offer me a review sample the *same day* that the DComSoft SWF Protector 2 review went up.
The thing is, who cares if they are the same company? Hundreds (if not thousands) of companies all around the world sell products that compete against each other – it’s known as a Multibrand Strategy or Multiple Branding and is defined below:
Marketing of two or more mutually competing products under different brand names by the same company. The motive may be that the company wishes to create internal competition to promote efficiency, or to differentiate its offering to different market segments, or to get maximum mileage out of established brands that it has acquired.
Source: http://www.brandchannel.com
One example would be BT, the UK’s telecommunications giant offering one phone number for recipients to tell who just called (1471), and another number to prevent this service from working if the caller doesn’t want the recipient to know who they are (141). Another would be that the same cosmetic companies offer both nail varnish and nail varnish remover. This really isn’t anything new.
In fact, you could even argue that a company that makes one product would be the best choice for a competing product – after all, the best lock-pickers are all lock-smiths.
Perhaps DComSoft’s/Eltima’s mistake is making themselves look suspicious by denying the link – or at least failing to acknowledge it – when accepting the link would have been no big deal to anyone with even a basic understanding of the markets.
Finally, it’s worth pointing out that however unlikely it is that this is all coincidental, it’s not an absolute impossibility that these two companies are independent. While we can all speculate I think we should wait to hear from a rep from either company before making such conclusions.
This is different, Gareth. They are selling a solution to a problem they helped in creating. And I uncovered that it was a very flawed solution. I think they intentionally made it this way so they will be able to, when they want to, to bypass their own protection. It’s like buying a security system from a thief!
Eltima has many products, why only SWF Protector being marketed under a different brand?
Hi Magus
I think you need to look at this from both angles. Do you think that if Eltima scrapped their deobfuscator that everyone else would follow and a need for an obfuscator would disappear? I think it’s obvious that this isn’t what would happen.
If Eltima hadn’t created Trillix then SWF Protector 2 would still exist. Similarly, if SWF Protector 2 hadn’t been created then Trillix would still exist. Why? Because there are other people in the world, all doing their own thing.
I used the lock-smith example previously but you didn’t seem to pick it up. Check this out. The lock on my flat broke one day and I couldn’t get in. I called a lock-smith who turned up and he opened the lock without using a key. He then replaced the lock with a new one and my door worked again. Had he only been able to install new locks I’d have had to break down my door to get in. Similarly, had he only been able to remove old locks and not been able to install new ones, I’d have a door that didn’t lock. Lucky for me, he could do both.
Some of the best security experts in the world started out as hackers. It’s knowing how to get in that allows them to come up with ways to keep people out.
Of course, I wouldn’t buy protection software if its protection could be circumvented by another application, no matter who the author was and whether they both came from the same company or not. If SWF Protector 2 can be circumvented by Trillix then the answer is simple – don’t use it and find an alternative.
The best obfuscators will make it impossible for the code to be returned to its original condition – even if other features can simply be stripped off by editing some bytes. Whether SWF Protector 2 does that or not remains to be seen – I’m currently testing a few more software tools and will be posting my results shortly.
As for why they use two different companies to sell their two products… I think the answer to that is pretty obvious, don’t you?
By the way, I’d appreciate it if you can enable my post on your blog. :)
I’d say Magus is actually right, this is different. Would you buy a security system for your house, from a company that also help burglars get into houses? I know I wouldn’t. Sure, they would know a thing or two about securing a house because they are working with the burglars, but they would know even more about security systems that could benefit the burglars.
As I said previously, there are two ways of looking at this and you’re assuming that their loyalty would be to the thief in that their security products could easily be circumvented by their decryptor tool.
The alternative however is also true – they could be offering a decryptor tool that they know doesn’t crack their security (but does crack everyone else’s).
There are two possibilities here so each has only a 50% chance of being the correct one. Unlike you two, I’m reserving judgement until I see some test results because until then I just don’t know which case is correct. You two have already decided which side to believe even though you have zero evidence, which in all honesty I think dents your credibility somewhat.
I also don’t think I’d be out of line for suggesting that you have a hidden agenda in pursuing your current line of inquiry. I can’t say that I like the way either of you have already performed the role of judge, jury and executioner without even carrying out any tests. If these tests come back and demonstrate that Trillix cannot decrypt a file that has been obfuscated with SWF Protector 2, you’ll both look pretty silly!
How about you both hold off on the accusations and either wait for some tests or do some of your own?
I’ve done some testing. I wrote SWF Decrypt, remember? I don’t care if Trillix cannot decompile SWF Protector obfuscated files right now. My point was, they can bypass their own protection when they want to. And my proof is SWF Decrypt. All what I had to do is remove a few bytes at the beginning of each method. It was ridiculously easy!!
I also said in my blog post that there exists a small chance where all of this is just a coincidence and there might be no link between Eltima and DComSoft at all. But DcomSoft did not deny it although they took the time to post a very long hateful comment on my blog.
All what I’ve said, if DComSoft and Eltima were in fact the same company, then, IMO, what they are doing is completely unethical. That’s an opinion, not a judgement nor an execution.
It does not matter which protector can protect from which decompiler right now. A worthy obfuscator should make it completely impossible for any decompiler to output any useful ActionScript. Now and in the future.
I did not receive any comment from you on my blog. Unless you are referring to that one about viagra :)
Oh, I have to acknowledge one point you had right. Neither Trillix nor SWF Protector were the first of their kind. Still, they tried to hide that they were the same company.
PS: I posted another comment that probably went to spam for mentioning the v word.
@Gareth, so what you are saying is, there is no reason for someone to not produce/sell decompilers/guns/drugs/(enter “bad” thing here) because if you stop, others would go on – so why don’t they cash in on this while they can. sounds logical, but I think what these guys say is it’s not ethical.
> I’ve done some testing. I wrote SWF Decrypt, remember?
Oh, so you’ve tested SWF Protector 2 and Trillix?
> I don’t care if Trillix cannot decompile SWF Protector obfuscated files right now.
I guess not then.
If Trillix can’t decompile SWF Protector 2 files then I think your whole point is null and void. You’ve been harping on about how it’s unethical for a company to be making a security product and a hacking product that can circumvent that security, without actually testing it to see if it can. To then say that you “don’t care” if Trillix can decompile SWF Protector 2 files after that is just ridiculous because that has been your entire point until now.
Your tool only cracks the AS3 protection, which is also true for other products from companies who do *not* make competing products – so this shows that making a competing product is not to blame for the crack. It’s also worth noting that your tool cannot crack the AS1 or AS2 in either product. While I know you’ve claimed that this is not important, I think the honest answer is that you weren’t able to crack it, and since lots of people still use AS2 I think they would disagree with you and say that actually, AS2 support is a requirement.
Another minor point you made is that it’s simply unethical for one company to make competing products. This is a subjective opinion and not one that I share. It is also something that happens all over the world as I illustrated in my post. It is a recognised business practice to have competing products under different brand names. The only reason you’re singling out Eltima/DComSoft for this while ignoring the other thousands of companies around the world who do the same thing is because you have a bee in your bonnet with DComSoft, as is apparent in all of your blog posts. For some reason you feel that you have a point to prove, yet you’re trying so hard to make it that you’re actually starting to look a bit silly and like you’re on some kind of crusade.
Just calm down. Test the products. Make sure the two companies *are* actually the same before spamming different blogs claiming that they are. If they *do* turn out to be the same company then so what? Are you going to do the same thing to Lever Brothers for what they do with Persil, Omo and Surf? What about DSG for what they do with Matsui and Ferguson? Why stop at just 1 company?
@makc
Hi Makc
That’s pretty much what I’m saying, yeah. I’m not sure I’d include a deobfuscator in the same league as drugs and guns, but sure enough if one company stopped making them, someone else would take their place. Why? Because the demand is there.
If a single company decides to make both a security product and a hacking product then I’m fine with that – I just wouldn’t personally buy the security product if it was circumvented by the hacking one. In fact, I wouldn’t buy any security product if it could be circumvented, no matter who the author was.
The type of security employed by SWF protectors seems to be limited to either a) making the SWF incompatible with deobfuscators so that they can’t be opened; and b) actually editing the code so that while the SWF can be opened, the code within is useless to human eyes.
As we’ve seen, the former security type is easily circumvented by nothing more than changing some bytes in the file. The latter method however is less susceptible to breaking because (if done properly) it’s not possible to reverse the obfuscation process.
I’d suggest that any security product that properly obfuscates your code is worth your money (comparisons aside), while any product that relies on simply editing the file’s header so that it can’t be opened in a decompiler is not, as it won’t take long for decompilers to be updated to take that new header into account.
Whether SWF Protector 2 and Trillix are made by the same company or not, if Trillix can’t make any use of SWFs that have been obfuscated by the former application then I don’t see what the problem is.