Gaming Your Way

May contain nuts.

Air today, gone...

Air. The future of RIA. Unless you try and actually use it.

I've been wanting to write a swf encryptor for ages and last night I finally cracked ( As I'm working on something that I really don't want decompiling for various reasons ).
It was a toss up between Zinc and Air, but I opted for AIR 'cause in theory it is the future and therefore should have better support than Zinc.

So after all the hype surrounding Air I should just be able to google around, find out how to drag and drop, save a file and some other basics. I develop in Flex rather than cs3 'cause it's a million times better, but any search for Flex and Air just brings up examples using MXML. That's not great.

Eventually I found a hacky way to create an Air project in actionscript in Flex ( It's so convoluted it's untrue. You create a Flex project as opposed to an AS one as usual, tick the Air box, but on the part where you set the document class you alter the mxml extension to .as and it works ).
Getting there. Published the main class and up popped... nothing. More searching and I found out how to set it up ( A big thanks to Toby for blogging about it, without his words I'd have given up all together ).

Cool, got a window in place now. Close it, try publishing it again, and... nothing. Lot's more searching ( And swearing ) and I found out what the problem was, and the cure. If you don't exit your app correctly ( ie call an exit() after adding a listener to the close button ) then it doesn't actually exit correctly ( I found this out myself after a lot of messing about ).
When you publish an air app it runs something called adl.exe ( Adobe Debugging something. I've had enough air googling for a life time so can't face looking it up ) which runs the swf wrapped in the air api.
If you don't call exit() then when you close the app adl.exe keeps running. Ok, that's not the end of the world. What actually is though, is that you can only run one instance of adl.exe. If it's running after you've closed your app incorrectly, then you can't run any more air apps.
The beautiful thing is, it doesn't tell you. Flex doesn't tell you either. It's like they've ganged up to keep us in the dark.

Until I figured out the whole exit() thing, I was working with task manager open closing it down every time. The only solutions I found online were, yep, work with task manager open and...

Ok it kinda makes sense, and if you've got to call exit() then you've got to call it, but c'mon, this is the future of RIA and I've got task manger open to kill it ?
It all feels very beta-ish, from the hacky way to even create an Air project in Flex to that.

Once I got past these hurdles, I must admit it wasn't that bad. The lack of docs ( I only found this after I'd gone through a lot of pain ) has made it a less pleasant exercise than it should have been ( Oh joy, another mxml example for something I want to do with code ).

One weird thing which I'm putting down to me is that when I drag and drop a swf into my sexy little app it runs the app twice. I don't mean it opens another window, it just runs through all the code twice ( In alcon I was getting,
"wtf ?"
"wtf ?"
which was a bit of a give away ). A little kludgy check cleared that up.

At present we've got a simple little app which you can drag a swf onto, it then encrypts that with blowfish via the very nice Crypto library and you can then save that back out.

Next up ( And what I've been swearing at for the past hour or so ) is the decryption routines. Well, the code is being embedded and decrypted, it's just figuring out how to then make that byteArray run as a swf rather than just sitting there annoying me.


Comments (7) -

  • Rich Davey

    10/2/2008 11:32:23 PM |

    CS4 changes the way you build an Air app quite a lot btw, so I guess they didn't invest too much time into the current method! That aside, your SWF encrypter sounds interesting.

    How do you plan to protect the code in the SWF loader that has to actually decrypt what is being bytestreamed in? After all, reverse engineer that, and the encrypted code is just as vulnerable :(

  • ryan miller

    10/3/2008 3:03:10 AM |

    As a game developer I can understand your aversion to Flex, but why avoid it for developing a simple little AIR app?  Couldn't you have saved yourself a lot of time by just doing it in MXML?

  • Squize

    10/3/2008 11:21:18 AM |

    Hi Rich,

    The decrypt part is obviously the weak point. My plan ( Now it's working ) is to use my SICO routine to mess the source up, use swf encrypt on it and then wrap it up into a swc.
    Also I'm planning on altering the key, so the key you pass into the swc isn't the actual real one as such, the swc will alter it internally ( So encrypting the key itself ).

    Again this is still the weak point, but to get to the game you'd have to decompile the swf, then decompile the swc, figure out how it works, rip out the junk data ( The encrypted swf is embedded straight into the code, so at present this is going to be Flex / Flash develop only. CS4 supports embed so it won't be too long before this will be native to Flash ) then decrypt that before getting to the actual code.
    If someone is that determined then they deserve the code :)

    Hey Ryan. I know exactly what you mean mate, but I've never used MXML and for what I was doing it should have been simple to do in as3.
    You know when you're trying to take the lid off a jar and it's really stuck it starts becoming the most important thing in the world to do ?
    It was the same with this, it was almost the more painful it became the more I had to stick with it.
    I've got it in my head that there are loads of as3 coders all using Air everyday ( ie Proper coders ) so it shouldn't be that hard. Maybe it isn't and I just made a meal of it.

    Thanks to you both for taking the time to comment here.

  • Jeff Fulton

    10/3/2008 4:37:07 PM |

    Squize, this sounds like a great idea. We were working on our own Blowfish AS3 encryption app here at Mattel, but then got side tracked (probably on a Barbie dress-up game). I think I will wait for yours...

  • Squize

    10/3/2008 4:59:07 PM |

    Oh sweet sweet irony, I'm killing time waiting for the Barbie dress-up game gig by writing stuff like this ;)

  • Squize

    10/5/2008 2:32:58 PM |

    Excellent, thanks for the link mate.

    In spite of my bitching I have actually enjoyed using Air. Hmmm, perhaps enjoyed isn't the correct term, more that I've seen there's a ton of potential with it.

    I used to use Konfabulator a lot ( Now it's just there for the weather, as it's such a nice looking widget ) and I think a hell of a lot of those widgets could be done nicely in Air.
    Just even simple things, like a chrome less drop target for un/zipping files on the desktop or a desktop RSS reader ( I know these have all been done to death, but I'm thinking of added value to a client project. It increases the scope from "We'll just create some wallpapers the players can d/load" by a lot.
    Off the top of my head, something as simple as an RSS feed could be rebranded as a tv guide for a site like Cartoon Network.

    Lots of lovely possibilities :)

Comments are closed