SWF Encryption Uncovered

Last week, I dug some dirt on DComSoft and Eltima and I got them really pissed off. This week is dedicated to Amayeta.

Known for providing the worst customer service anyone can expect, Amayeta started after MDM acquired Flashincrypt in 2005 (Amayeta and MDM are the same company too). Back then, a few developers wrote Flash applications that required any sort of protection and Flashincrypt was the only usable software. A more powerful software was in the make called ASO from Genable Labs. While it was never officially launched, I had the chance to test ASO and it was very promising. But Genable disappeared, all of a sudden, and I wasn’t able find any resource that said what happened. Their website just went down one morning and never got back up. Prior to the disappearance, Genable announced that they sold ASO Lite version to a CA company and they will continue to develop ASO Pro version. But that was their last announcement.

So how is that related to Amayeta? Well, Genable released a utility very similar to SWF Decrypt before disappearing called FINI that reversed Flashincrypt protection in November 2004. Flashincrypt was temporary discontinued until, by mid 2005, MDM acquired it and created SWF Encrypt. So, SWF Encrypt was born of a useless software to begin with

When SWF Encrypt 3.0 was released, it looks like Amayeta did not give Flashincrypt’s users a free upgrade as anyone would expect. They treated their users as if they were upgrading from a usable version looking for improved and additional features. You can see it on this page that I pulled from internet archive. They were clearly asking users to upgrade for a fee.

I am not sure when SWF Encrypt 3.0 got bypassed, but when Amayeta released SWF Encrypt 4.0 they literally said “The Encryption Technology used to protect your ActionScript are up to 1000 times stronger than previous builds.” as you can see here. But it didn’t take long for ASV to bypass their protection and show the world again that it is just a useless piece of junk. At that time, I was using SWF Encrypt 4.0 and I paid $125 for it. I saw my Amayeta protected SWF files decompile in ASV as if they were not protected at all! Even worse, I contacted their customer support a couple of times and never received a response. That was early 2007.

If SWF Encrypt 4.0 was “up to 1000 times stronger” than 3.0, then what on god’s earth was SWF Encrypt 3.0 doing?! What were they charging people for?!

Every release of SWF Encrypt was pretty much bypassed. Since 2004, anyone who had a look at how they did their protection was easily able to figure it out and reverse it. Authors of FINI and ASV both said it took them just minutes. I’m definitely not as experienced as they are, so it took me a weekend. If you still doubt that SWF Encrypt is just a scam and Amayeta is absolutely not a trustworthy company, check out swfdump and try it on your files before and after using SWF Encrypt. Let me know how long does it take you to figure out how stupidly their protection works!

I think this should be really interesting to everyone who paid to get SWF Protector. It is clear to me that Eltima, the company that makes Flash Decompiler Trillix, one of the most popular Flash decompilers, is behind DComSoft (makers of SWF Protector). While I do not have, in my opinion, any solid proof, there are a couple of things that clearly point that way:

DComSoft accidentally used one of Eltima’s products’ EULA

As you can see in the screen shots, SWF Protector for Mac comes with Recover PDF Password license agreement. Recover PDF Password is one of Eltima’s products and you can also see Eltima’s name at the end in the screen shot below.

I can think of only one excuse for this, DComSoft copied the packager for Mac from Eltima’s and forgot to change the EULA. It can happen

More Proof

Eltima immediately contacted Gareth Jones after reviewing SWF Protector. While it could be a coincidence, Gareth says from the correspondence it is clear they are the same company. It can also be that the same marketing guys are working for both DComSoft and Eltima.

I also noticed the following while visiting both websites:

1. Both have translations to only French and German… Exact match!
2. Copyright notice says 2000 – 2010 on both websites while the domain name dcomsoft.com was created in 2005.

Conclusion

While I do not think that any of this is a solid proof and there still exists a small chance that all of this is just a coincidence, it does mean one of two things:

1. DComSoft is indeed the same company as Eltima and it is completely unethical and totally crosses the line to sell a Flash decompiler for years then come up and sell another software, under another company name, that protects from the decompiler they originally made!
2. DComSoft is a very low quality company that copies content from Eltima and makes completely worthless software.

That’s what I think. Let me know what do you think in the comments section.

Update: Another post about the subject can be found here.