Gareth Jones

Company: DCOMsoft
Product: SWF Protector 3
Price: From $39.95

Following my recent re-review of Amayeta’s SWF Encrypt 6.0, here’s another look at SWF Protector 3 from DCOMsoft.

The latest version of the software is 3.0.1.191 which means it hasn’t changed at all for over a year, so it will be interesting to see if it still offers protection against decompilers that are advancing all the time.

First the interface. In the default simple mode this is clean and quite minimalist. You have a button to add individual files, a button to add folders and a button to recursively add folders which is a nice feature that can save a lot of time on larger projects. After adding your files to the list you can either protect them individually or all in one go.

A properties window on the right gives you rudimentary information on each file while a log window at the bottom keeps you informed of progress.

When protecting a file the program will attempt to use default obfuscation settings which it will automatically wind down if there are any problems so that the resulting file always works. If a file does ever break during the process there’s an advanced mode that allows you to tweak the obfuscation applied to each function individually, though to be honest I have never needed this as the automatic settings have never broken a file.

Obfuscated files are given the original file’s name while the original file is renamed which is great news if you’re obfuscating large projects as it means you won’t have to go round renaming files or updating references afterwards. This was something I highlighted in its predecessor as a major advantage over SWF Encrypt last year, before Amayeta shamelessly copied the feature.

The program does occasionally crash and when it does it will be one of two ways – either immediately after loading up despite no interaction from yourself or immediately after you add a file to the obfuscation list. Resolving the issue in both instances is a simple case of closing the program and running it again, but of course such a crash is an annoyance that can’t really be justified in this day and age of tried and tested OSes, drivers, middleware etc.

So, how does it perform when it comes to obfuscating? For this test I again used Sothink’s SWF Decompiler (version 640, build 3450) and Burak’s ASV 2011 (version 2011/08).

First Sothink’s SWF Decompiler. This tool opened both SWFs without crashing or throwing up any error messages, but the AS it gave me was all obfuscated. In both AS3 and AS2 it seemed to only show me the code as SWF Protector 3 wanted it to be seen, which is what we want from an obfuscator really. When I attempted to rebuild the AS3 FLAs the tool crashed, and while the AS2 files did yield FLAs they was completely worthless as none of the code was intact and the library assets were a mess. In short, all I could get from SWF Decompiler was the audio, fonts and graphics, but none of that is realistically going to help someone rip off your Flash project.

Burak’s ASV fared much better with AS3, but slightly worse with AS2. It was completely thrown by the AS2 files and gave me nothing but a long list of error messages. I couldn’t browse the file properly, let alone rebuild an FLA. This implies that the AS2 obfuscation in SWF Protector 3 is significantly more effective than that found in Amayeta’s SWF Encrypt 6. AS2 is traditionally easier to obfuscate than AS3 though, so how did an AS3 file compare? AS3 was a different story as ASV was not only able to open the file but it also showed me all of the code in original, unobfuscated form. It wasn’t quite able to get all the way through to rebuilding an FLA as the FLA that it exported would not compile into a functioning SWF, but with the asset library intact and the original code all visible in ASV’s code browser, it wouldn’t take too long for a determined developer to put together a working rip-off of your Flash project.

An interesting observation was that the test AS3 SWF increased in size slightly after it was run through ASV, but this didn’t seem to affect the file’s running in any way. I do wonder what extra data ASV injected into the file though.

To conclude, if your SWF files are AS2 then SWF Protector 3 looks like an excellent purchase. The two most well-known decompilers on the market couldn’t even get close to decompiling the files, and this tool costs less than half of what Amayeta charges for its ineffective SWF Encrypt software. If you work in AS3 however it’s clear that although SWF Protector 3 will still protect your work against Sothink’s SWF Decompiler, Burak’s ASV almost has it fully cracked. Indeed, a developer with some time on his/her hands would have no trouble in rebuilding your AS3 project from the exported FLA and unobfuscated code, which means that for AS3 developers the search for the perfect obfuscator continues.

UPDATE: It appears that SWF Protector 3 isn’t compatible with Flash player version 11.1.102.55 and it’s not clear if compatibility will return with a future release of the player. SWF Protector 4 is already out for Mac so it can’t be long before the PC version is made available so hopefully the issue will be resolved soon. Alternatively if you need a Flash obfuscator for PC today then you Kindi SecureSWF is your best bet.

Company: Amayeta
Product: SWF Encrypt 6.0
Version tested: 6.0.10
Price: £89 / $145

Since so much of this site’s traffic is from people who are looking for Flash-related obfuscating and decompiling, I decided to revisit all of the products I reviewed last year and once again put them all under the microscope in order to ensure that the information contained within the reviews is still accurate.

First, some background on Amayeta is that it’s owned by Jaspal Sohal, the same guy that owns MDM which makes Zinc. Zinc is a Flash projector that has received a lot of negative press mostly relating to quality and support problems, and with that in mind I must admit I wasn’t expecting much from SWF Encrypt but nevertheless have reviewed the latest build as objectively as possible.

Loading it up

SWF Encrypt 6 takes about 5 seconds to load up on my hefty PC which is quite surprising considering the minimalist interface. The layout of the UI is simple and functional, with all options within easy reach. The window is split into three main areas. A (somewhat clumsy) file browser takes up around a third of the space on the left, a list of SWF files within a given directory takes up the top half of the 2/3 on the right, and settings/properties/logs take up the bottom right 1/3. I’ve attached a screenshot.

The good news

The niggles from last year’s review version are all gone. You can customise your obfuscation preferences to either favour file-size or obfuscation strength, you can over-write the original file with the obfuscated file and two bugs that I discovered last year have also been fixed.

Now the bad news

Unfortunately the removal of last year’s niggles are made pretty much redundant by the fact that what is currently the latest version of SWF Encrypt 6 doesn’t work. I obfuscated some test files using the application’s default (recommended) settings and this is what I found:

Sothink’s SWF Decompiler (version 635, build 3363) was able to rebuild the source FLA and give me access to all of the file’s assets, though the code itself was still obfuscated. Burak’s ASV 2011 (version 2011/07) on the other hand was able to rebuild the FLA along with all of its assets and source code – and it even generated the original class structure for me as well. All I had to do was hit publish and I had a SWF that was identical to the original.

Even changing two out of the three advanced settings (encrypt names advanced and encrypt namespace) failed to stop ASV – and bear in mind that the more of these kinds of settings you enable, the more likely you are to experience problems when you have multiple SWFs working together.

Finally I enabled the third setting, encrypt resources, which did manage to stop ASV because it completely broke the SWF. With this setting enabled, all I got from running the protected SWF was a flashing blue box in the top left with some white symbols inside it. I also noticed that the original file’s size had gone up by 22kb – despite overwrite original filename being set to false – and it no longer worked. SWF Encrypt insisted that the original file had not been touched, yet it had clearly added 22kb of data to it and in doing so had broken that file as well.

Conclusions

So, what we have in SWF Encrypt 6 is a SWF obfuscator that fails to protect your SWFs against one of the best-known SWF decompilers out there on all but the very highest setting, but on that setting it completely breaks your SWF files and even breaks your originals.

Clearly, you’re better off saving your £89 and uploading unprotected files than buying this software from Amayeta. Perhaps the latest version of SWF Protector 3 – at less than half the price – can help? I’ll have a re-review of that up soon.

Having completed Batman: Arkham Asylum around two weeks after I started playing it, I decided that the next game that I should play and complete was Activision’s Call of Duty 3. This game was developed by Treyarch back in 2006, and I’ve had it for ages but never really got round to playing it. I loved the 360 launch game Call of Duty 2 (developed by Infinity Ward, as was the original) so I was looking forward to finally continuing the series with 3 before moving onto Modern Warfare 1 and 2, World at War and then Black Ops.

I completed Call of Duty 2 back in 2005 sometime on Veteran difficulty. This is normally my difficulty of choice, as you don’t want the game to be over too quickly and you tend to unlock more achievements at that level than on Normal. So, at the beginning of Call of Duty 3′s single player campaign I selected Veteran and looked forward to another round of top-quality entertainment.

It’s a shame then that I wasn’t playing a different game. Call of Duty 3 is disappointing on almost every level. As anyone who has seen my games collection can tell you, I love FPS games and as such I’m willing to put up with the odd niggle here and there if the remainder of the experience is worth it, but unfortunately Call of Duty 3 is not – read on to find out why.

After a few hours of playing, it became painfully obvious that back in 2006 Treyarch’s idea of increasing the difficulty level was not in making the enemy AI more intelligent or brutal or giving you fewer squad-mates to help out. Instead, Treyarch increased the “difficulty” by giving every German soldier God-like aiming abilities, X-ray vision and a hate for you that is so strong that they are willing to shoot at you in unison as your squad-mates (who are often closer to them than you are) clumsily open fire on their position. With their X-ray vision and seemingly laser-guided bullets, the Germans can spot you from hundreds of feet away in thick foliage even if you’re crawling and tear you apart with pin-point accuracy before you’ve even spotted them. Treyarch’s detection routines obviously don’t get any more complex than “Is the player within a mile of the German? If so, open fire with 100% accuracy irrespective of whether or not you can actually see them”. This is neither realistic nor fun and it all makes for an incredibly frustrating experience as your countless, repeated deaths are caused not by any foolish decisions, delayed reactions or lack of experience – they’re caused simply by broken game mechanics. I got around a quarter of the way into the game before deciding to restart on Normal difficulty as the game had become too frustrating.

On Normal things are only slightly better. The Germans no longer possess their God-like aiming abilities or X-ray vision (although stealth play is still impossible in this game because they still seem to have eyes in the back of their heads apart from one scripted scene where you’re tasked with sneaking up to a German who is answering the call of nature), but plenty of other bugs, glitches and other issues exist to ensure that the game remains a challenge albeit for all the wrong reasons:

• Countless invisible walls prevent you from performing any flanking manoeuvres and funnel you down a single narrow path into the line of fire. And I don’t just mean short walls or fences that are strategically placed to block your path (although there are plenty of these as well), but literally invisible walls. The walls that aren’t invisible are so short that even an old woman should be able to jump over them, but you can’t despite being a young, fit and healthy soldier.
• Enemy AI is happy to break cover and run around like a headless chicken before being put out of its misery by a well-aimed bullet. This actually happens in Veteran as well.
• Your squad AI is happy to stand by and watch as fellow squad-mates are shot and killed mere feet away. Your squad-mates will also do their best at every possible opportunity to get in your way, either blocking your line of fire or preventing you from entering/leaving an area. A rifle butt to the face convinces them to get out of your way most of the time, but not always.
• From a distance, enemy turrets seem to be unmanned as they rain down bullets on you and your men. This makes them impossible to take out until you get close enough for an operator to spawn, who you can then kill in order to disable the turret.
• You can walk into a room inside a building and initially find it empty, only for a German to spawn before your very eyes as if by magic. If the German spawns as you’re leaving the cleared room and shoots you in the back, well that’s just your problem. The best thing to do is wait in each empty room for a second or two just to make sure everything that is going to spawn has done so before you turn your back.
• I had to restart one of the early chapters from a checkpoint because although I’d taken out everyone in the house, my squad-mates were stood in the cellar and were unwilling/unable to leave in order for the story to progress. After running around the entire house no less than four times looking for some kind of trigger, I gave up and restarted. My squad-mates then remembered what they were supposed to do and gave me orders to progress to the next area.
• Similarly, you’ll frequently be left waiting for the game to catch up with your progress as you patiently wait to be allowed to do the next thing in any given area. Only when the game finally catches up and decides to let you proceed will you be able to interact with whatever it was that you were trying to interact with earlier. The worst example of this was when I rescued a squaddie from a cellar. There were four of us in the cellar and after waiting at least 10 seconds to be told to proceed I tried to open the door but it was locked. I then walked to the rescued squaddie and smacked him with the butt of my rifle a few times before the game told me to exit the cellar by opening the door which had magically unlocked itself.
• There have been several instances of soldiers running on the spot as they try (and fail) to run through scenery/walls.
• On two occasions I’ve fired at least 20 rounds into a German through a window from outside, and despite seeing the resulting blood clouds as the bullets hit (and presumably pass through) him, the German has refused to die. Do the same from inside the room however (but employ the same angle of attack and from the same distance) and he will die as normal.
• A German that I killed as he stood on top of a moving half-track stayed exactly where he was when the half-track drove away, suspended horizontally in mid-air around 6 feet above the ground. Here’s a photo.
• In one chapter I had to capture a factory and then defend it from a counter-attack. At one point two of my squad-mates were stood outside of a building aiming their guns at the wall without firing, while a German who was inside the building was glitching half-way through the wall and shooting at them from inside. Clearly he was far enough through the wall to be able to see my squaddies, but not quite far enough through it for them to decide to shoot back. I fired some shots at the wall/glitch and he died, and then my two squaddies proceeded to their destination.
• Sometimes when you perform a head-shot, the victim flies up about 15 feet into the air as though you’ve just delivered the mother of all upper-cuts.
• With the rifles and the MP40, you can shoot a German from a few feet away only for him to get back up and continue running after a brief pause. I realise some guns lose their effectiveness at range, but surely the victim would at the very least be injured? And surely a soldier wouldn’t instantly die if you shot him in the foot at close range? This is more of a game design issue than a glitch though, and as the game is 4 years old perhaps it’s an unfair complaint to make, since most other games (but not all) from the same period handled injury/death the same way.

Even with all of the above issues, the game is too easy on Normal difficulty and you’ll rarely die if you’ve got any FPS experience under your belt. Because of the huge number of issues though, the game is more of a challenge than it otherwise would be (or that it should be) on this setting. If you decide to increase the challenge and select Veteran then the cheap way in which Treyarch increases the difficulty saps any fun out of the game by making the enemy totally unrealistic.

I’m still going to complete the game though now that I’ve started – if not for my personal satisfaction then for the achievements points – but unlike the first Call of Duty or its sequel Call of Duty 2, I don’t think I’ll be replaying this one out of sheer enjoyment of the game. I will keep it though rather than sell it because it does have a good split-screen local multiplayer, which of course is unaffected and unhindered by poor AI.

Treyarch has historically played second fiddle to Infinity Ward, but with the original Medal of Honour and Call of Duty released at the beginning of the decade surely even a B-Team could develop a good FPS in 2006? In Call of Duty 3, Treyarch emphatically answered that question with a big, fat “NO!”. Since Treyarch are also the team behind World at War and Black Ops (which broke sales records around the world on the back of Infinity Ward’s earlier work on Modern Warfare 1 and 2), I’m no longer sure if these are games that I should be looking forward to or dreading.

3/10
(7/10 for multiplayer)

I was asked a few days ago by a father of two if it was worth buying the PSPgo. He already had a PSP 3000 which his eldest had commandeered and wanted another so that his youngest could play as well.

The PSPgo was released in Europe and the US on October 1st, 2009 as an alternative – not a replacement – to the recently released 3000. At launch the unit price was £250 – around £100 more than the 3000 – though due to the substantial resulting backlash many retailers were discounting the machine to around £225 from day one.

The Go has exactly the same hardware specifications as the 3000 except that it can’t play traditional UMD games as it lacks a UMD drive and it has a smaller screen due to the console itself being half an inch smaller and 43% lighter than the 3000. Depending on who you ask, the smaller size is sometimes a positive and sometimes a negative – yes it’s easier to fit into your pocket but yes a larger screen is always better than a smaller one.

Sony’s decision to launch the original PSP back in 2005 with a UMD drive was quite controversial. Back in 2005, solid state memory was pretty expensive and the UMD allowed a cheap method of providing up to 1.8GB of storage space for its games which would have cost almost as much as the console itself in solid state. However, the drive was slow, it drained the battery and as soon as your games collection surpassed the grand total of 1 you had to find another pocket for your (cumbersome and delicate) UMDs. Some cases allowed up to 3 UMDs to be carried with the console but quickly got bulky – anything more than 3 and you were looking at a bag.

The UMD format shouldn’t come as a surprise to anyone though as Sony’s history with bespoke formats is long and colourful. Among the success stories are the CD, the Memory Stick and Blu-ray, but on the flip side are BetaMax, DAT tapes and Mini Disk. Cynics were adding the UMD to the latter list as early as 2006.

At the beginning Sony seemed to have high hopes for the UMD format. As well as providing the medium for the PSP’s games, the UMD was also used for PSP versions of the latest blockbuster movies (the original PSP came with Spiderman 2) though this aspect was actually poorly thought out.

Firstly, a UMD movie could only be watched on the PSP – a rumoured UMD set-top box that would allow UMDs to be watched on your living room TV never materialised. Secondly, this PSP-only version of the movie often cost considerably more than a DVD copy that you could watch on anything. It was even possible to rip DVD movies to memory card and watch them on the PSP at no extra cost, though Sony artificially crippled the resolution of movies played back this way to 320×240 as a way of forcing people to watch their movies on UMD – which could use the system’s 480×272 screen to its full potential. With custom firmware removing this limitation however and UMD movie sales slumping, Sony eventually removed the limitation from their own firmware in revision 3.30 as part of a larger drive to try to stem the flow of custom firmware installations.

So, the UMD failed as a movie format and here in 2010 you can get memory cards of a higher capacity for next to nothing, so surely the PSPgo is a no-brainer and everyone should upgrade from their PSP3000, right? Sadly not, and the reasons are all down to yet more stupidity on Sony’s part.

First there’s the console’s price. Even today it has an RRP of £225 while you can pick up the PSP 3000 for just £130. In May Sony CFO Bill Glaser called the Go’s sales “a little bit of a disappointment”, so recently it has gone through a relaunch to an indifferent public and now includes 10 “free” games, though again all is not as it seems. The first and most obvious issue is that you’re paying for these “free” games in the inflated price of the system so they’re not free at all. The second issue is that while 6 of the games are either critically or commercially acclaimed, four of them are not and so are unlikely to be on your wanted list, and lastly, although Sony claims that there’s £200 of games being given out for free here, you could actually get all 10 for closer to £70 on UMD if you were to shop around. Still, if this offer is enough to tempt you, be warned that Sony fully intends to make back any money that it’s losing with this promotion as soon as you start buying more games.

Assuming you swallow the £70 higher price tag of the Go, you’ll then be wanting to buy some more games for the machine. The only place to buy games for the Go is on Sony’s online PlayStation Network (PSN), and for some reason nearly a year after the console’s launch there are still a LOT of great games that aren’t available on the service simply because they were released before Sony started selling games online.

When you do find a game that you want to buy on the service, be prepared to pay a premium. Despite having zero distribution costs, everything from brand new releases to bargain-bin golden oldies costs significantly more on PSN than on UMD. I’ve heard clowns make excuses for this, claiming that it costs publishers more to sell on PSN than it does to sell in shops and therefore the games simply have to cost more. Whether this is the case or not I don’t know, but I don’t think the average customer cares about the politics behind it all and I think they just want fair prices. Besides, I’m not sure how any of this is supposed to excuse Sony’s own games which also cost more on PSN than they do on UMD – are we to believe that Sony’s gaming division is charging itself extortionate rates to sell on its own platform? That seems to be quite a stretch for the imagination – even for a Sony fanboy.

Lastly, if you’re one of those people who sells their games once they’re completed or no longer played (personally I keep all of mine, unless the game is just total garbage) then you’re out of luck on the PSPgo. Games are digitally signed at the point of download to only work on your PSP, so you’re stuck with the game whether you like it or not. You can’t sell it to anyone and can’t send it back for a refund – this really is a one-way trip here. Of course, with a UMD copy (which cost you less in the first place remember), you can either sell it on eBay or part-exchange it for another game in your local games shop.

I said earlier I’d come back to why the PSPgo has so far sold so poorly that Sony felt it needed a relaunch. Unfortunately for Sony, it appears that the gaming public isn’t quite as stupid or gullible as Sony likes to believe.

When the PSPgo was first announced and the lack of a UMD drive was confirmed, thousands of PSP owners who initially wanted to upgrade asked the question, “How do I get all of my [UMD] games onto it?“. Sony promised a solution, though wouldn’t give any clues as to what the solution was until shortly before the release of the console. Speculation was rife, including – though not limited to – the idea that Sony would install booths into games shops all around the country that would turn UMD games into digital copies.

It turned out however that the “solution” was this: for people who had an existing UMD games collection, Sony was willing to give them an incredible 3 games for free with their PSPgo. That included those who only had 3 UMD games as well as those who had 100+. Also, the selection of games to choose from was very limited. Unsurprisingly, few took up their “trade-in” offer and most stuck to their older PSPs instead.

Those who were new to the world of PSP weren’t stupid either – why would they pay extra for a system that also forced them to pay extra for a smaller selection of games? And then prevent them from selling those games when they were done with them?

The result was, quite naturally, poor sales of the PSPgo which lead Sony to conclude that the gaming public “was not yet ready for digital distribution”. I’d say that on the contrary, digital distribution is doing just fine when done properly and that in fact what people aren’t ready for is to be ripped off three times over with a single console. Had the pricing of the console reflected the lower manufacturing cost and the pricing of the games reflected the zero distribution costs, then I think the PSPgo could have been a contender – even with the smaller games selection. As it is, to answer the question at the beginning of this article – is is worth buying a Sony PSPgo? No it isn’t – get the PSP 3000 instead.

Update: As of 21st of April, 2011 – just 18 months after launch – the PSPgo has been discontinued due to its failure to have any impact on the market. The full story is here.

Company: Kindisoft
Product: SecureSWF
Price: From $99

Kindisoft’s SecureSWF is the latest Flash obfuscator to go under the microscope (SWF Protector 2 and SWF Encrypt are reviewed elsewhere), so as the most expensive of the three (when considering the luxury versions), how does it stack up in terms of interface, functions, usability and stability?

Having downloaded the .zip file from the website, the first thing you notice is that there’s no installer. SecureSWF comes in a .zip file ready to extract and use without installation which has both pros and cons, though the benefits do outweigh the drawbacks. You can stick SecureSWF straight onto a USB drive like a portable app without worrying about whether or not it will run (assuming Java VM 1.5 is installed on the target machine), though if you believe in consistency you’ll have to manually stick the folder in your Program Files directory and create the relevant shortcuts in your Start Menu or favourite application launcher. As I said, the benefits do outweigh the drawbacks and I’m not suggesting that this is an issue – it’s just an observation.

So, after settling on where you’re going to run SecureSWF from, the next thing you notice after running the application is the number of options available. Compared to the other two solutions, there is a lot going on here (even the entry level SecureSWF has more options than both SWF Encrypt and SWC Encrypt combined), and it does seem a little daunting at first, but you quickly come to realise that it’s actually not that bad.

There are five tabs along the top – four of which contain settings and the last one is a status summary page. The fourth tab is just a rules page that overrides some of the options on the previous tabs, so in reality you have just three options tabs to familiarise yourself with rather than the initially anticipated five.

The first tab is the lightest on the options with just a SWF selection area, a list of presets to choose from and somewhere to specify the output location. You can select multiple files to import from the file browser (SWF, SWC and AIR formats – the others can only do SWF), though unfortunately there is no recursive import. There are five presets to choose from ranging from most- to least- aggressive, and a custom option should you want to tweak any of the presets yourself.

The second tab gets into more detail, allowing you to completely customise the level to which identifiers are renamed. Everything including local identifiers, labels, instance names, global variables and class members can be renamed to your exact requirements, and there’s even a tree structure that allows you to go in and select individual values. While this is great for offering the maximum level of obfuscation and the ability to make slight adjustments in the case of too many changes causing problems, I probably wouldn’t spend too much time here as it’s far easier to just let the presets take care of it all. Still, if I was in a situation where the maximum protection was available to me apart from one little identifier somewhere causing a problem, it’s nice to know that I can go in there and make the necessary change without having to sacrifice the security of the rest of the SWF.

The third tab offers code transformation, obfuscation, encrypted domain locking, SWF optimisation and literal strings encryption. The domain locking worked as expected, preventing my SWF from running anywhere other than this website and also from being run locally on my computer. Because I can only tell how well the other features are working by running them through a deobfuscator, I’m reserving those for another article that I’m working on which will be coming shortly.

Obfuscating a test SWF of 1,115kb, SecureSWF delivered a file of 1,156kb on maximum settings and 1,111kb on minimum settings – yes, it was actually smaller than the original. Obfuscation time was quick and on par with the others, and I experienced no crashes or freezes from the software no matter how hard I tried.

SecureSWF is a feature-packed obfuscator that not only works on Flash SWF files, but also SWC and AIR files as well. As the only obfuscator that works with these alternate file types, SecureSWF is really your only option when working with these formats. With regards to SWF files, the level of detail with which SecureSWF allows you to customise its obfuscation is significantly higher than that of SWF Protector 2, and an order of magnitude higher than that of SWF Encrypt.

One issue that always seems to come up in SecureSWF reviews is price. Yes, the fully-fledged bells-and-whistles version costs $400 which is significantly higher than either SWF Protector 2 or SWF Encrypt. However, the obfuscating methods, options and features available in this package – not to mention the fact that it will also protect your Flash components and AIR files – mean that you are getting a lot more here so naturally the cost is going to reflect that. I don’t really want to start comparing SecureSWF with its competitors here because this is supposed to be a review – not a comparison – but when one of the factors that could potentially put people off SecureSWF is its price when compared to its competitors, it’s difficult not to get sucked into such a comparison.

The bottom line is that SecureSWF starts at just $99, which is $151 less than SWF Encrypt and SWC Encrypt combined, but it offers more features than those two and does everything better. In light of that, even if price is an issue for you then SecureSWF blows SWF Encrypt out of the water having beaten it on options, features and price. Where things start to get interesting is when you compare SecureSWF to DComSoft’s $39.95 SWF Protector 2, but for that you’ll have to wait for my Versus feature which is coming soon.

In its own right, SecureSWF is a very impressive tool that is bursting with options and features. Due to the extreme levels of flexibility, it should be possible to tune every possible SWF file so that it’s protected as securely as possible without breaking any functionality. The fact that it allows obfuscation of everything from function names to labels and global variables to class members means that SWF files will be that much closer to being totally secure.

Out of 10, the usability and features on offer here have to command top marks, but I think the price of the professional edition could possibly push the application slightly out of reach for some lone developers. Yes, the Personal Lite Edition is only $99 but if you’re buying SecureSWF then you want the best version. Bearing the price of the professional edition in mind and the fact that a portion of its features are found in a product that only costs 1/10th as much, I’ve got to take a mark off. However, the wealth of additional options and features that you get for your money, their importance and the extra protection they bring to your work – plus the additional format support of course – mean that it’s just a single mark.

9/10

Coming soon: A review of how these SWF protectors stack up against SWF decryption tools.

Company: Eltima Software
Product: Flash Optimizer
Price: From $99.95

I’ve been given a few more applications to review over the next couple of weeks, and the first one is Eltima’s Flash Optimizer. Eltima claim that this is the “most powerful SWF compressor available today” and that it is possible to reduce a file’s size by “up to 60-70%” without any loss of quality. Bold claims indeed. So how did it perform when tested?

First, the interface. The application loads up to reveal an interface that is made less daunting to new users by including easy-to-follow numbered instructions within the interface itself:

1. Select the Flash movie to compress.
2. Select the output destination.
3. Enter the desired output name (appending “_opt” to the name is the default behaviour).
4. Select your compression level (and tailor it to your specific needs if required).
5. Click on Preview or Compress.

When you import your Flash movie the interface changes to give you a preview window and some file properties, which include a breakdown of the file’s assets and the percentage of the total file size that each is responsible for. You can then make your compression choice and preview the results before exporting the final version as a new SWF. One thing that I noticed here (thanks to the game’s repetitive title screen music that quickly gets annoying), is that it’s sadly not possible to turn this preview off and the only escape from the audio was to turn down my computer’s volume. I’d recommend either being able to disable the preview, or at least be able to mute the audio for such cases.

Anyway, underneath the preview window is a list of presets (“best”, “good”, “basic”, “medium” and “sprite”) to choose from, which all affect specific optimisation options differently and to a different degree. The “best”/”good”/”basic” settings suggest a sliding scale from most- to least aggressive, so I thought it was odd that the next setting after “basic” was “medium”. However, while “basic” does turn some of the compression settings down a little from “medium” (and disables others completely), it also increases some of the other compression options and so it probably wouldn’t be accurate to suggest that “basic” is less aggressive than “medium” in all cases – it’s just different. I suppose you need to play with each option to see which is best for you and your particular project, but that’s obviously why there’s a preview window included.

So, how did Flash Optimizer perform? For the test I used Santa’s Parcel Drop, a game that Quak Multimedia was commissioned to develop a few years back. The game features jpeg, PNG and vector graphics, along with dynamic and static text and embedded audio – so a pretty good all-round test subject.

First, here are the file sizes of each of the games published, starting with the original game and then each unmodified preset:

Original game: 680kb
Best: 244kb
Good: 339kb
Basic: 668kb
Medium: 531kb
Sprite: 582kb

Unfortunately each of the presets attempted to compress fonts for me, and as you’ll see in the screenshots this resulted in the HUD totally disappearing from the game which pretty much broke it. I disabled the compression of fonts and for each preset the file size went up around 10kb. It’s worth noting that there are separate tick-boxes and sliders for pretty much every aspect of a SWF that can be compressed, so if you do find something looks unsatisfactory in your SWF after compression you can either scale back the level of compression for that aspect or disable it entirely.

You’ll also see from the screenshots however that some of the more aggressive settings were quite unkind to the jpeg images. They became incredibly blocky, and although this look can be quite fetching (Darwinia, 3D Dot Game Heroes etc), I don’t think that it’s intentional in this case. The vector graphics fared much better, but again I couldn’t be too aggressive with the settings if I wanted to maintain an appreciable level of detail.

The only compressed version of the game that didn’t distort the title screen’s buttons was the “best” setting, which was surprising as I would have assumed this to be the most aggressive from both the way it compressed the jpeg background and its name. I could see from the application that although aggressive in several other respects, “best” doesn’t attempt to delete any unnecessary shapes and morphs whereas the others do.

Even the “basic” preset distorted the title screen buttons (notice the upper left and lower right corners in particular) and the in-game plane and houses (the white lines on the plane’s wing and the window frames of the houses), yet when the fonts were included for the sake of the HUD it only saved me 2kb from the original game.

At this point I wondered if Santa’s Parcel Drop was just being particularly unfriendly to this compressor. I tried Name that Note which is again a mix of jpeg, PNG and vector graphics in the hope of seeing better performance. The results were the same – unusable assets from the most aggressive settings, and assets that had minor but noticeable imperfections on the less aggressive settings but no significant saving in terms of SWF file size.

One thing I did spot that could be useful was a “force to jpeg” option for images, and this could shave a few kb off a file when used properly but only on PNGs that don’t use the alpha channel which, if your graphic designer is doing his/her job properly will already have been done in the FLA anyway.

Due to the nature of compressors detail is going to be lost somewhere along the line no matter what you do, but when detail is so blatantly sacrificed for the sake of a few kb it’s hard to recommend as a process. Some SWFs will perform better of course, with some vectors in particular lending themselves to the compression process more favourably than others (these SWFs tend to be the kind used as examples on compression product websites to show the benefits of using the product), but in the real world such SWFs are few and far between and most of us work with vectors, jpegs, PNGs and even bitmaps.

There is the matter of audio, which obviously isn’t apparent here because the results are presented as static images but there was a saving in terms of file-size there – but again at the cost of quality and as I had already set the mp3 to the bit-rate that I felt was a fair trade-off between quality and size, I didn’t have any room to play with here either.

Sadly, Eltima’s claims that files could be reduced in file size by 60-70% without any loss of quality isn’t even within sight on Santa’s Parcel Drop, let alone within reach.

I haven’t used a SWF compressor since Optimaze! (long since dead, last updated in 2002) back in the Flash 5 days, so I really wanted to like Flash Optimizer and hoped it would be the answer to squeezing a few more kb out of my existing SWFs. Based on the results from Santa’s Parcel Drop however, they just aren’t there to be squeezed. Since the days of Flash 5, Flash’s compression has been tweaked and tightened to the nth degree and as long as you don’t do anything stupid like embed PNG files that are several times larger than they need to be, or embed simple sound effects at 320kbps, a published SWF’s size is already quite minimal.

The extreme loss of quality on the aggressive settings and the negligible file size savings of the less aggressive settings mean that in this case at least, compressing a SWF further simply wasn’t worth the time it took to do so.

It’s difficult to come up with a score for this product because the problem here isn’t so much with the product itself but with what it’s trying to do. The application itself seems very well done, very polished and offers a lot more options and settings than Optimaze! ever did, and yet it’s unlikely that I’d use it on any of my SWFs because I suppose there just doesn’t appear to be any fat to trim in the first place. In trying to cut out some of the non-existent amounts of fat in my SWF, Flash Optimizer is cutting out some legitimate meat. As such, Flash Optimizer seems to be a solution without a problem.

Giving this application a low score feels like giving a professional cleaner a low score for not finding much dirt in one of Intel’s semiconductor labs – justified if I’m marking on productivity, but unfair because there just isn’t anything there to find. In the end though, I have to mark Flash Optimizer not on the quality of its interface or the high level of customisable options, but on the usefulness of the product, its importance in the development cycle and its cost, and for this reason…

2/10

Company: Eltima Software
Product: Recover PDF Password
Price: From $39.95

Shortly after my SWF Protector 2 review, Eltima Software contacted me and asked me if I’d be interested in reviewing their Recover PDF Password software in exchange for a license. I required the services of such a tool just a couple of months back and at the time I used a 50-use trial from another vendor, so I knew that this was something that could come in handy.

I installed the application without any problems, though as it uses the same registration format as SWF Protector 2 it’s probably susceptible to the same issue if you happen to not put in the correct serial.

When the interface opened up, I was surprised to find that this tool is actually a brute-force password cracker rather than a password removal tool like the one I used a couple of months ago. Why would you need to spend time guessing a password if it can simply be removed? How curious!

The answer as I discovered after a little research (I don’t tend to use PDFs much in my line of work) is that PDFs have different layers of protection. There’s a “user password” and an “owner password”, and the “user password” protects against the opening of a file, printing and even copying and pasting of text and graphics, whereas the “owner password” protects against making changes to the document.

The PDF I unlocked two months ago only had protection against copying text – I was able to open and view the file without any problems, so obviously that aspect of the “user password” had not been used and as such the file was not encrypted. Because the file wasn’t encrypted, the tool had been able to simply change a couple of bytes to disable the requirement for a password and had unlocked the printing ability for me pretty much instantly. However, had the file been protected against opening – and therefore been encrypted (128-bit AES encryption by default) then this tool would not have worked and the only way round this is by brute-force – which is where Recover PDF Password comes in.

I created a PDF and set the “user password” as “t3st”. I opened it in Recover PDF Password and as I knew the password was made up of lower-case letters and numbers, I selected numerals and lower-case letters from the options. Of course, if I really needed to use this tool the chances are I’d have no idea what the password was and as such would have to tick every box on there (including upper-case, special symbols and spaces), which would dramatically increase the time taken to crack the password as the number of potential combinations sky-rockets. The default length of the password to crack was 1-8 so I left it at that.

On an Intel Core 2 Duo laptop clocked at 2.2ghz, the password was cracked in just over a minute. A popup window informed me that the password had been cracked and it also told me what it was. It then asked me if I wanted to save a new version of the file that had the password removed.

I decided to test again but with every combination ticked to see what difference it made to the time, and as expected it was significantly higher at 58 minutes.

It’s important to note that the fact that it takes so long to crack a password this way is not down to any shortcomings with the software – there are just so many combinations of passwords that it naturally takes time to check them all. Even a password of 4 characters in length has over 78 million possible combinations when using all of these different characters (as a comparison, when using just lower case letters and numbers there were only 1.7 million possible combinations), so that the password was cracked in just 58 minutes is actually pretty impressive as it gives us a rate of around 22,500 password tries every second (maximum, though the real value will most likely be less as it’s unlikely that it had to try every single combination before arriving at the actual password).

There are more advanced options as well, such as being able to specify patterns within your password such as “pass??rd” where only the question marks are tested, but again this would only be useful if you already had a good idea of what the password was but I’m suspecting that in most cases you won’t.

I personally use much longer passwords than my test 4-character example when I’m trying to protect something though, and in the event that I’d have to brute-force my way into one of my own files I’m guessing it would take several days if not weeks. Again, that isn’t a problem with the software – it’s a problem with the method used, but when a file is encrypted with 128-bit AES encryption this method is really your only option.

After your file has been cracked it’s added to a history tab so that you can keep track of your passwords without having to have them cracked again, assuming of course that you don’t simply save the cracked version instead.

So, to round up if you have a PDF that you can open but it has limitations like not being able to print or copy/paste the text, your best way forward is to use a simple password removal tool as there’s no point trying to work out a combination on a lock if you can just break it off. On the other hand, if your PDF won’t even open without a password then a brute-force crack is your only option and in this case you need Recover PDF Password from Eltima Software.

Marks out of 10? Well, the software does exactly what it’s supposed to do and does it well. Brute-force cracks are always time-intensive due to their nature so it would be totally unfair to mark a piece of software down for not being instantaneous (though from experience this is what a lot of people expect from their software no matter how complex its task, simply because they don’t really understand what’s going on behind the scenes). Perhaps on a geek level it would be nice to know exactly how many combinations the tool had attempted before your password had been cracked, and there are a couple of instances where the software would have benefited from proper translation (when you save the cracked file the message says, “The file is written down successfully”), but for a tool that works through 22,500 password combinations every second in an effort to reunite you with your work, these are very minor gripes.

9/10

Company: DCOMsoft
Product: SWF Protector 2
Price: From $39.95

Note: This review is for an outdated product. For a review of SWF Protector 3, see here.

About a week ago, DCOMsoft emailed me to ask if I’d be interested in trying out their SWF Protector 2 product and posting my thoughts in exchange for a licence. I’d like to stress that in no way does providing a license obtain a favourable review for any old product – I always approach a product objectively and will post both positive and negative findings whether the review is commissioned or not.

So, on with the review. On installing the application it came to time to register it. I copied and pasted in the serial and hit the Enter button without noticing that I hadn’t selected the serial number properly before copying and had missed off the last digit. The little registration window closed and gave me no feedback, so it wasn’t until I tried to run the application again and found that it wasn’t yet registered that I noticed that the registration had failed. I tried again, this time re-selecting the serial number and making sure I had it all in there, and it then gave me a message confirming registration. For instances where a mistake like this can happen, it would be worth having a message to say “Registration failed” or “Incomplete serial number”, but that’s a minor gripe.

Once registered, the application’s interface is very clean and quite minimalist. The first thing I noticed – and with some excitement – was an “Add folder recursively” button which, I’m pleased to say, works a treat. The application adds all of the SWFs contained within a parent and all child folders, tells you their protection status and offers the ability to open each one if you need to make sure you’re looking at the right file here.

As opposed to SWF Encrypt which shows you all the SWFs in a directory and asks you to select all of the ones you want to obfuscate, SWF Protector 2 assumes you’ll want to protect everything by giving you just one “Protect all” button. This makes sense, because if you didn’t want to protect your SWFs then chances are you wouldn’t be using the application in the first place. If there are any SWFs in there that you don’t want to protect however, you can simply remove them individually from the list before hitting the “Protect all” button. Alternatively, if you do only want to protect a single file, you can right-click on that file and select “Protect one file” from the menu.

Having had SWF Encrypt crash on me a few times after trying to obfuscate a file that was currently open inside the Flash IDE, I was curious to see what SWF Protector would do in this case. It didn’t disappoint, prompting me with a message stating that it could not overwrite the file – a much more elegant solution that simply crashing unexpectedly!

When my target file wasn’t open inside Flash’s IDE, SWF Protector 2 further impressed by renaming the original file “example_original.swf” and creating an obfuscated version with the original file’s name. This eliminates the issue I outlined in SWF Encrypt’s case where you either have to rename all your files manually or change all of your file links on your server to take into account the different name of the protected file. Bonus.

I also wanted to see what SWF Protector 2 did when revisiting a previous project – would it remember the last location or would I have to navigate to the project all over again? It actually remembered my previous location, and did so even when I closed the application without protecting any files. Excellent.

Also available at the top of the screen is an Advanced option which lets you configure the level of obfuscation – either on a per-class basis or you can set the level for the entire file. I took an unprotected SWF that was 518kb in size and ran it through the obfuscator at minimum settings and the output was also 518kb. I ran the same file again at maximum settings and this time the output came out at 555kb, so obviously the level of protection is such that it can make anywhere between 0% and 10% difference to the file-size – exactly how much protection you apply is up to you, so you can balance protection against file-size depending on the exact needs of your specific project. This is another feature that is missing from SWF Encrypt.

One bug that I did notice in SWF Protector 2 though was that after protecting a file in Advanced mode, the “Protect all” button would not become re-enabled for me to run another pass despite me selecting a new, unprotected file. To get the button back I either had to switch to Simple mode or restart the application and switch back to Advanced mode. This isn’t a deal-breaker, as you won’t be re-protecting files with different levels of security one after the other very often (if at all), and I only noticed it because of the test I was running. However, to get top marks an application does need to be bug-free, so I’ll have to take this and the failure to notify on a failed registration into account when coming up with a score.

The fact that SWF Protector 2 not only does what it says on the tin but does so with much more thought towards usability and thus efficiency of use does make it a better product than SWF Encrypt. I’m sure DCOMsoft will endeavour to resolve the two small issues I experienced with the application as soon as they read this post, whereas from past experience (here, here and here) I know that Amayeta is unlikely to even care about SWF Encrypt’s bugs, let alone fix them. Being a better product is one thing, but being a better product that costs only a third of Amayeta’s price (the personal license costs just £25, though you’ll probably want the business license at £39 to be able to use it commercially) is just great and easily makes it a recommended product.

8/10

Coming soon: A review of how these SWF protectors stack up against SWF decryption tools.