Comments on: How to Hack an AIR App SWF

By: valentin

valentin — Thu, 10 Jun 2010 12:43:49 +0000

hi, I need to remove a connection from a swf file to a remote server. can you tell me how to do this?
email me on office@littlebitsoft.com to send you the file.
thanks.

By: Chandika

Chandika — Thu, 25 Jun 2009 02:31:29 +0000

Thanks David.

That does help and the rationale is sound. There is no absolute non-hackable system anyway.

You can only run faster than the hackers and be a step ahead. The cloud helps. Good stuff!

By: Andrew

Andrew — Wed, 24 Jun 2009 13:39:24 +0000

Tom,
Nitro-LM servers are geographically isolated and fully redundant. If one server is unavailable due to network or taken down for maintenance, etc…, the client code will fail over to the next one on its list. If you’re completely offline, you will not be able to get a license. You have to be online and have Internet connectivity to at least one of the servers in order to grab a license. The checkout license type allows you to grab a license and then use it for a period of time in either online or offline modes. Demo licenses as described in the above post work similarly to checkout type of licenses and will run for a period of days you set or for a certain execution limit you set. When you sign up for Nitro-LM (free program included), we give you 10x the number of demos as standard licenses. So if you were to sign up for the free program /w 100 licenses, we give you 1000 demos along with that to play with. This program is mainly geared for startup companies or micro-isv who have an application and a dream, but not much money to pay for a quality licensing solution before they have a successful product and revenue stream.

By: Tom Chiverton

Tom Chiverton — Wed, 24 Jun 2009 13:24:42 +0000

Interesting. What happens if the NitroLM servers are not available ?

By: dbigelow

dbigelow — Wed, 24 Jun 2009 11:26:49 +0000

As we stated, no system is perfect. But, Nitro-LM’s fundamental design difference from other systems is that there is a physical separation from the end user and the licenses you are granting them to use until licenses are needed and/or are required to be updated by your software. When you put the licensing logic and keys in the application (as in the example in this article) you have – NO CONTROL – and CUSTOMERS CAN (will) STEAL. With Nitro-LM there is a ‘cloud’ service that is the global-master control over licenses, their terms of use, qty, etc.- keeping you in control and in the ‘know’.

We did -NOT- design Nitro-LM to be ‘static’ like other systems or home-grown key-generation utilities. IF that 0.05% does figure out some way to compromise the system (very slim possibility) we can always push out a changed formulation very quickly to combat that (forcing the 0.05% to completely restart their efforts from ground zero). Being cloud-based, our customers could force old software to be upgraded to the new formulation immediately or let old software continue for as long as they want. The flexibility Nitro-LM provides is unparalleled with respect to this, and this goes for ANY software application (java, C/C++, .NET etc), not just Flex/AIR Apps.

To give you a bit of comfort. At this point, Nitro-LM has been running for 6+ years without issue.

By: Chandika

Chandika — Wed, 24 Jun 2009 04:02:59 +0000

Valid Point.

Just wondering about 0.05% who can do this.

Yes its cool that its really difficult, but do you guys have any idea how your system can be hacked too?

By: Andrew

Andrew — Tue, 23 Jun 2009 19:21:36 +0000

Thanks JP. It was nice getting to know you at the 360|flex show.

By: JP Bader

JP Bader — Tue, 23 Jun 2009 19:13:40 +0000

Amazing example of how unprotected our stuff can be and how important it is to be paranoid about security. Thanks!