Protecting swf theft, an imperfect but easy solution…

I was just digging through some old folders and found something I was playing with to somewhat protect a swf from thievery. Lemme first say though, I get a lot of emails about protecting swfs, and my usual response is obvious. If someone can see it or hear it, they can steal it. Nothing is ever going to stop someone from using the most low-brow methods of capturing something if they want it bad enough. I can hold up a tape recorder to my speakers if I really want to remove the DRM from my iTunes songs. 

With that said… lets suppose you have a bunch of images and you want to prevent someone from easily saving them and uploading them to their server. Well Flash is actually a decent way of stopping that (or annoying them into not trying). If the image were just embedded with html, its a simple swipe, drag to the desktop or just right-click and hit Save As….But if the image is in a Flash file, right clicking to save doesn’t do them any good. The Hamburglar would have to screencap the image (easy of course, but tedious for many images) OR if they were crafty they could do a Save As on the .swf file and reupload that. And thats where this little Actionscript 3 domain check comes in….

The Code…

This will prevent someone from using the swf on a domain other than your own (or whatever you specify) 

var checkDomain:String = getChildAt(0).loaderInfo.url;

if ( checkDomain.indexOf(“http://www.cartoonsmart” ) == -1  ) {  

if ( checkDomain.indexOf(“http://cartoonsmart” ) == -1  ) { 

var myText:TextField = new TextField();

var myFormat:TextFormat = new TextFormat();

myFormat.font = “Verdana”;

myFormat.size = 16;

addChildAt(myText, (0 + this.numChildren) );   // use (0 + this.numChildren)  in case you have more than one child in the swf.

myText.width = 400;

myText.height = 250;

myText.multiline =true;

myText.wordWrap =true;

myText.x = 0 ;

myText.y = 0;

myText.text = “Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image Sorry You Can’t View This Image” ;

TextField(myText).setTextFormat( myFormat );

root.alpha = 0; 



This WordPress theme isn’t the greatest for pasting code, but I’ve added some notes in the example source files you can download here. Here’s the important parts…

var checkDomain:String = getChildAt(0).loaderInfo.url;

That above creates a string variable out of whatever your domain name is

if ( checkDomain.indexOf(“http://www.cartoonsmart” ) == -1  )

That first if statement checks the variable to see if it DOES NOT contain this exact character sequence… http://www.cartoonsmart   (when you modify this, you’ll obviously want to swap that out for your own domain). So if the swf is hosted on our site, the if statement is false and what’s in the brackets doesn’t get run. Thats good, there’s no tom-foolery afoot. 

BUT if that statement is true, that means someone could have put the swf on their server , so we continue with the code in the brackets. But first, lets just be sure that someone hasn’t pulled up the domain without the www. part . So thats this next if statement (within the first)….

if ( checkDomain.indexOf(“http://cartoonsmart” ) == -1  ) { 

And if thats true as well, then we know for sure someone is pimping our shiz, so we can go nuclear by creating a text field, adding it to the swf, and making it say “Sorry You Can’t View This Image” over and over again. Thats all the code in the brackets up till this important last line…

root.alpha = 0; 

This makes everything that was originally in the swf get alpha-ed out. Or turn invisible basically. 

Ready to see it in action? 

Go here…  … and you’ll see the logo because the swf is on 

Or go here….  …and you’ll see only text because the swf isn’t on 

Finishing touches…

In the example files I zipped up for this, you can see that the logo image is in a Flash file which calls in the Actionscript from a .as file. That one line is simply…

include “”;

You’ll want to do this if you have a ton of images you want to pseudo-protect like this, because it keeps your Actionscript in one place instead of 50 or 100 files.  

Also you might have been wondering why I only included http://www.cartoonsmart  and http://cartoonsmart  in the code above instead of adding the .com to cap it off. Well thats in case you registered your domain with different top level extensions. So for example the logo still shows up if I view the swf from our .net domain….

And keep in mind, my example is actually pretty friendly since all it does is show text instead of the image. You could put anything in those if statements, like a navigateToURL statement that immediately sends the visitor to another site. Of course every time you publish the file you’ll also have to be sent there. Since your authoring environment will make those if statements true,  you must drink the poison yourself.  If you really want to be mysterious just don’t add the dynamic text, and leave the swf blank. 

And finally, my little example scenario here supposed that you were protecting a bunch of .swf’s and each one just had a single image in it.  So you probably want to load each one into a parent .swf that acts as a gallery. In which case, here’s your standard Actionscript 3 external file loading code…

var request:URLRequest = new URLRequest(“example_image.swf”);

var loader:Loader = new Loader()



And example_image.swf is the name of the file you are loading in and protected. 

Just because you’re paranoid…

…doesn’t mean you aren’t being followed. There’s plenty of Flash decryption software out there, so don’t think this will stop anyone against that. This might be useful in some circumstances, and I’ll leave that up to you to decide how great or how shitty this method is.  All I know, next time I get an email that says “how can I stop someone from stealing my Flash files”, they are getting sent here. Although, my first reply is always… “whatcha got worth stealing in a Flash file???”





3 thoughts on “Protecting swf theft, an imperfect but easy solution…

  1. Shane says:

    Hi Justin
    So event with this method, there is nothing to stop the “criminal” from deconstructing your swf in sothink swf decompiler and removing this security measure no?

  2. Yeah nothing is going to stop someone from using decompiler software. But keep in mind thats going to a lot of trouble, and decompiler software is more about protecting code, than protecting image content.

    This method is just a quick add-on to prevents someone from reuploading a bunch of your swfs to their domain. If those .swf’s contained images that you wanted to keep at your domain only, then this adds an annoyance-factor to anyone wanting to get them easily.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s