Gareth Jones

Company: DCOMsoft
Product: SWF Protector 3
Price: From $39.95

Well, it’s finally here. Nearly three months after Magus released his SWF Decryptor which circumvented both Amayeta’s SWF Encrypt and DCOMsoft’s SWF Protector 2, DCOMsoft has returned with SWF Protector 3. The update was initially promised to be with us within days, so let’s hope this new version is worth the long wait.

First impressions were slightly dampened by the installer’s default install location and icons being labelled “Swf Protector 2″, despite the text and the graphics on the installer claiming that this is in fact “Swf Protector 3″. Clearly whoever compiled the installer didn’t take the time to check the strings in the setup script, which seems a bit slap-dash considering the length of time this thing’s been in development. I manually updated the paths and names and continued with the installation.

Once installed, SWF Protector 3 looks pretty much identical to its predecessor apart from the label in the application’s title bar. What with the above installer issue and the identical application interface, it’s pretty clear that all that’s changed in this version of SWF Protector is the obfuscation engine so that’s where I’ll focus my attention for this review. For any other aspects of the software you might as well check out the review for the previous version.

I decided to take an in-development Learnalot resource (blog) as my test file because I’d actually had trouble with it with SWF Protector 2. Despite working perfectly with Settlers, the second version of SWF Protector broke a single button in this resource which prevented the user from progressing from the first activity. I never did work out the exact reason for this failure, but nevertheless SWF Protector 2 was always adamant that the file had been obfuscated “successfully”. As a workaround I had simply used another obfuscator because I don’t have the time to invest in making one piece of software work when alternatives work by default.

Anyway, I published the resource in question to give me a file of 337kb in size. First I decided to see if SWF Protector 2 was still breaking the resource. Had the file fixed itself in the time that had passed since I last tried SWF Protector 2? No, it hadn’t and the button in question was once again broken and the file was now 464kb in size.

I republished the file and this time obfuscated it with SWF Protector 3. The new file was 424kb in size, which is exactly 40kb smaller than the output from SWF Protector 2 – impressive! I ran the SWF to see if the button in question was now working, and I’m happy to report that yes it was!

As is always the case with an arms race the winning side depends purely on the time-frame in which you make your analysis. It could be just a matter of time before Magus (or someone else) releases a decryptor that undoes SWF Protector 3′s work, and then it would just be a matter of time before SWF Protector 3 was updated once more. As such, being drawn into such an argument is pretty futile so for now, I’ll just confirm that yes it protects against today’s version of SWF Decryptor.

With everything else in the application being identical to the previous version, there’s not much else to say other than to perhaps ask, where are the new features, DCOMsoft? Over two months ago in a comment over on Magus’ blog, a beleaguered Alex Chevalier did all he could to reassure the Flash community that a new version of SWF Protector was already in development a week before Magus released his tool, complete with “new algorithms and features” that was going to be out as soon as the testing process was over. Three months on, we certainly have new algorithms but where are the new features? We have support for Flash 10, but that’s it. After three months of hype I must admit that I was expecting a little more than Flash 10 support.

Nevertheless, any over-hyping (and anticlimactic) issues are irrelevant when it comes to reviewing the software as it is, and as this software is an improvement on what came before it (albeit an evolution rather than a revolution), I’ve got to mark it accordingly. The lack of any new features means there’s just as much distance between SWF Protector and Kindisoft’s SecureSWF as there was before, but the obfuscation algorithm in SWF Protector 3 is clearly a vast improvement on its predecessor both in terms of reliability and efficiency, and the official support for Flash 10 is of course a bonus for those working with the very latest plugin.

8.5/10

I noticed a lot of traffic coming from the SWF Decrypt blog so I decided to take a look and see what was going on over there. It appears that Magus, the blog’s admin and author of the above named software has gotten pretty excited about DComSoft and Eltima being the same company. The reason for this is supposedly because both companies sell competing software – a SWF obfuscator and a SWF deobfuscator respectively, though an additional reason I think would be that for a few weeks now Magus has had a bee in his bonnet having broken DComSoft’s SWF protection and he no doubt sees this as a way of sticking the boot in.

To be honest though I wouldn’t at all be surprised if they were the same company:

• From correspondence I’ve had with reps from both companies, English is not their first language despite the USA being their registered addresses.
• When reviews of software from both companies go up on this blog, it’s Ukrainian traffic that comes for a look in both cases – not American.
• In all the correspondence I’ve had with these reps, their writing style is very similar.
• Products from both companies use the same activation tool and, as it would seem, the same EULA.
• Lastly, Eltima contacted me to offer me a review sample the *same day* that the DComSoft SWF Protector 2 review went up.

The thing is, who cares if they are the same company? Hundreds (if not thousands) of companies all around the world sell products that compete against each other – it’s known as a Multibrand Strategy or Multiple Branding and is defined below:

Marketing of two or more mutually competing products under different brand names by the same company. The motive may be that the company wishes to create internal competition to promote efficiency, or to differentiate its offering to different market segments, or to get maximum mileage out of established brands that it has acquired.

Source: http://www.brandchannel.com

One example would be BT, the UK’s telecommunications giant offering one phone number for recipients to tell who just called (1471), and another number to prevent this service from working if the caller doesn’t want the recipient to know who they are (141). Another would be that the same cosmetic companies offer both nail varnish and nail varnish remover. This really isn’t anything new.

In fact, you could even argue that a company that makes one product would be the best choice for a competing product – after all, the best lock-pickers are all lock-smiths.

Perhaps DComSoft’s/Eltima’s mistake is making themselves look suspicious by denying the link – or at least failing to acknowledge it – when accepting the link would have been no big deal to anyone with even a basic understanding of the markets.

Finally, it’s worth pointing out that however unlikely it is that this is all coincidental, it’s not an absolute impossibility that these two companies are independent. While we can all speculate I think we should wait to hear from a rep from either company before making such conclusions.

DCOMsoft have very kindly offered a free copy of the SWF Protector 2 software that I reviewed earlier today, to be given to the winner of some kind of competition. I’ve never held a competition on my blog before, so bear with me on this one. Ok, so…

The word “obfuscate”, as defined by Chambers Free English Dictionary, is:

1 to darken or obscure something.
2 to obscure something or make it difficult to understand.
3 to bewilder or confuse someone.

So, keeping with the theme, what’s the most bewildering or confusing thing that’s ever happened to you, or that you have ever inflicted on someone else? It can be on any subject – doesn’t need to be related to writing code or anything like that – and be no more than 500 words. It’s not an easy task, but then this prize is worth £40 so I don’t think I’m asking too much of you!

The best (most interesting or amusing) account by 12pm GMT on Monday the 12th of April gets a free copy of SWF Protector 2.

My girlfriend will be the judge, so you can be assured that the results will be totally fair and impartial. The judge’s decision is final and there are no cash alternatives to the prize. The winner will be announced right here.

Company: DCOMsoft
Product: SWF Protector 2
Price: From $39.95

About a week ago, DCOMsoft emailed me to ask if I’d be interested in trying out their SWF Protector 2 product and posting my thoughts in exchange for a licence. Always on the lookout for new software that’s better than what I currently use, I said yes. I’d like to stress though that in no way does providing a license obtain a favourable review for any old product – I always approach a product objectively and will post both positive and negative findings whether the review is commissioned or not.

So, on with the review. On installing the application it came to time to register it. I copied and pasted in the serial and hit the Enter button without noticing that I hadn’t selected the serial number properly before copying and had missed off the last digit. The little registration window closed and gave me no feedback, so it wasn’t until I tried to run the application again and found that it wasn’t yet registered that I noticed that the registration had failed. I tried again, this time re-selecting the serial number and making sure I had it all in there, and it then gave me a message confirming registration. For instances where a mistake like this can happen, it would be worth having a message to say “Registration failed” or “Incomplete serial number”, but that’s a minor gripe.

Once registered, the application’s interface is very clean and quite minimalist. The first thing I noticed – and with some excitement – was an “Add folder recursively” button which, I’m pleased to say, works a treat. The application adds all of the SWFs contained within a parent and all child folders, tells you their protection status and offers the ability to open each one if you need to make sure you’re looking at the right file here.

As opposed to SWF Encrypt which shows you all the SWFs in a directory and asks you to select all of the ones you want to obfuscate, SWF Protector 2 assumes you’ll want to protect everything by giving you just one “Protect all” button. This makes sense, because if you didn’t want to protect your SWFs then chances are you wouldn’t be using the application in the first place. If there are any SWFs in there that you don’t want to protect however, you can simply remove them individually from the list before hitting the “Protect all” button. Alternatively, if you do only want to protect a single file, you can right-click on that file and select “Protect one file” from the menu.

Having had SWF Encrypt crash on me a few times after trying to obfuscate a file that was currently open inside the Flash IDE, I was curious to see what SWF Protector would do in this case. It didn’t disappoint, prompting me with a message stating that it could not overwrite the file – a much more elegant solution that simply crashing unexpectedly!

When my target file wasn’t open inside Flash’s IDE, SWF Protector 2 further impressed by renaming the original file “example_original.swf” and creating an obfuscated version with the original file’s name. This eliminates the issue I outlined in SWF Encrypt’s case where you either have to rename all your files manually or change all of your file links on your server to take into account the different name of the protected file. Bonus.

I also wanted to see what SWF Protector 2 did when revisiting a previous project – would it remember the last location or would I have to navigate to the project all over again? It actually remembered my previous location, and did so even when I closed the application without protecting any files. Excellent.

Also available at the top of the screen is an Advanced option which lets you configure the level of obfuscation – either on a per-class basis or you can set the level for the entire file. I took an unprotected SWF that was 518kb in size and ran it through the obfuscator at minimum settings and the output was also 518kb. I ran the same file again at maximum settings and this time the output came out at 555kb, so obviously the level of protection is such that it can make anywhere between 0% and 10% difference to the file-size – exactly how much protection you apply is up to you, so you can balance protection against file-size depending on the exact needs of your specific project. This is another feature that is missing from SWF Encrypt.

One bug that I did notice in SWF Protector 2 though was that after protecting a file in Advanced mode, the “Protect all” button would not become re-enabled for me to run another pass despite me selecting a new, unprotected file. To get the button back I either had to switch to Simple mode or restart the application and switch back to Advanced mode. This isn’t a deal-breaker, as you won’t be re-protecting files with different levels of security one after the other very often (if at all), and I only noticed it because of the test I was running. However, to get top marks an application does need to be bug-free, so I’ll have to take this and the failure to notify on a failed registration into account when coming up with a score.

The fact that SWF Protector 2 not only does what it says on the tin but does so with much more thought towards usability and thus efficiency of use does make it a better product than SWF Encrypt. I’m sure DCOMsoft will endeavour to resolve the two small issues I experienced with the application as soon as they read this post, whereas from past experience (here, here and here) I know that Amayeta is unlikely to even care about SWF Encrypt’s bugs, let alone fix them. Being a better product is one thing, but being a better product that costs only a third of Amayeta’s price (the personal license costs just £25, though you’ll probably want the business license at £39 to be able to use it commercially) is just great and easily makes it a recommended product.

8/10

Coming soon: A review of how these SWF protectors stack up against SWF decryption tools.