Flash Piracy

One of the problems of delivering copy protected content via Flash is that it is a semi-open platform and has no built-in copy protection mechanism. Flash game files (or SWFs) are just like any other file that can be copied from machine to machine. In fact when you play a flash game your PC has already downloaded the SWF file to your hard drive and is running it from there. Copying the SWF file back onto a different web server and adding it to another website is straight forward. 99% of the websites that have Desktop TD simply took a copy of the SWF file and rehosted it on their own site without asking permission. It’s technically theft but is tolerated in the flash community as a form of advertising for the developer, especially if the developer wants to promote their flash portal website. This process has worked very well for DTD due to the fact that the game redirect players back to my site when the game ends and they then tend to stay there. Most games are a little more polite and do not redirect, so maybe they are missing a trick there!

There are various things that can be done in code to lock the compiled game (or SWF) to your own domain but it is relatively straight forward to use a decompiler to turn your compiled game back into source code and the unscrupulous can simply remove any locking code and recompile. However software that encrypts the SWF file can be effective at stopping decompilers. DTD used such protection from version 1.21 onwards but the lack of protection for the earlier versions has turned out to be a problem as I will discuss below. Another problem is ‘hotlinking’ where a site is linking directly to the SWF file on your own server thereby using your bandwidth instead of theirs. Serving the SWF file dynamically and authorizing it via keys and the like is a good response to hotlinking. The multiplayer version of DTD will be domain locked and will use such a technology to ensure that it remains there!

Unfortunately both Desktop TD and Dave’s Element TD have been victim of a more serious type of flash piracy, reskinning. Reskinning is where the game is decompiled and the graphics and/or sound replaced with different versions. The game is then distributed as someone else’s work. A real slap in the face to the original developer I can tell you. Element TD was stolen by shockarcade.com (compare with the original Element TD). And in the last week Desktop TD has been stolen by onlinegamesquad.com (compare with original Desktop TD). Admittedly they have put some effort into the DTD reskin but it doesn’t have a single feature in it that wasn’t already in the code they pinched from DTD. If anyone knows a good way to deal with this type of piracy please get in touch!

Piracy and hacking prevention are now taking up a significant portion of my development time at the moment and I am learning as I go. It would be easy to blame Flash for these problems but they are really caused by success and human nature. I bet even Valve’s Steam protection gets hacked occasionally!


40 Responses to Flash Piracy

  1. jonandericadventures says:

    I am really sorry to hear that, the more I played Xeon Tactic, the more it was like Desktop Tower Defence, which I think is an awesome game.
    Additionally, to make it worse, commenters are crediting the creators of Xeon for revelutions like “Using Turrets like walls”, the sandbox type defence game.

    Prehaps you could post DTD onto Newgrounds, so you can get the reconignition you deserve. Yay!

  2. Hey drop me an email, I go to law school over here in the states, and I have just started looking into international copyright issues for a paper. I might be able to point you in the right direction.

  3. Valve can and has been broken repeatedly. The thing to remember is that any protections like these are akin to encryption, but the wrong way.

    It will always be harder to secure something than to disassemble it.

    The key, as you have done, is to make it difficult and ensure that your license is in order.

    Note: I am not a lawyer. I don’t even like them ;) That said, as a creative person:

    One license I might suggest is the Creative Commons license, which allows you to specify which uses are permissible, encoding this ‘unwritten rule’ into something with legal force.

    For example, you can allow distribution as long as the file is not modified and no commercial gains occur. (this might be beneficial to you, as you say, sites are basically paying your bandwidth and running your mochiads for you)


    also, reading the FAQ, as always, is useful


    Another option is filing DMCA takedown notices, which are usually used improperly, but in this case might be legitimately used. Most ISPs will honor a specific request (eg a URL) within 48 hours.


    Hope that helps. It’s always good to see independent developers do well.

  4. Griffon says:

    Don’t take the bait. Don’t spend precouse time and energy fighting against inevitable theft. Out innovate them, people will come and find and support those that are building and upgrading and out pacing feckless thugs that just copy anything they can and lump it together. No one that produces software doesn’t have it stolen at one level or another, while that is sad, it doesn’t really matter if you are really growing and brand and creating new stuff. Just my two cents on it. You guys are doing great stuff stick to that and leave DRM to those who can’t innovate.

  5. starbork says:

    Hang in there guys! I know you’ll get it sorted out… F code rippers!!! argh!!

  6. Thue Janus Kristsensen says:

    You say that they have decompiled the flash, changed it, and distributed it as their own. This is clearly illegal.

    But what is your evidence that they have not simply reimplemented it? I tried onlinegamesquad.com’s game, and it feels more like a reimplementation than a recompile.

    Strait reimplementations suck, and are bad form. But game ideas are probably not covered by copyright: http://www.copyright.gov/fls/fl108.html .

  7. ZZzz says:

    since this has something to do with DTD now… GIMME THE ETA ON 1.5

  8. Dave says:

    That’s a good question Thue. We believe the games are using our code in both cases as they contain certain subtle quirks and bugs that are a tell-tail sign of the methods used to code them. It is these small bugs and the way things work that we can easily spot.

    We have copies of both the games, so it is only a matter of decompiling them to see if they are using the same variable / function / class names and have the same code.

  9. Nazgum says:

    I would agree with Griffon; while theft does suck, your time and effort would be better put into enhancing your existing games and creating new ones then to futilely try to secure an swf.

    whether through theft or competition, you will still be competing with others when creating flash games, and the ones who are stealing will never match up; best to just ignore them and continue to put out quality work imo

    also, congrats on starting a company =)

  10. Cam says:

    Ok, this might be unwelcome, but didn’t Flash Element steal all its sound and much of its graphics from Warcraft 3 in the first place?

    Of course, I’m not suggesting that the levels of “infraction” are the same, but its still copyright infringement either way you slice it. You are using somebody else’s work and passing it off as your own.

  11. robotJAm says:

    The game on shock arcade is quite frankly shocking, they haven’t even reskined it as it even looks the same.

  12. Dave says:

    Cam: Fair point, but the graphics and sounds in Element were taken from the WC3 level editor, which has export functions, so they want you to do it :) Also all graphics had to be edited to work on a small 2D scale, so it was not a simple copy/paste job. If you replaced the graphics you would still have the same game.

    The problem is that by taking the code they have taken the games “engine” which is the bulk of the work in most games. Also with the engine they have the ability to make other TDs. With the DTD code they could make any manor of maze based TDs and with Elements they can do any shaped path based TD and in both cases adding additional towers / creeps is relatively easy.

    This is extra harsh for Paul as his maze based TD uses a routing system that he developed especially for flash, and is way more efficient than methods like A* for finding the shortest path between 2 points.

  13. […] In Pauls ‘Flash Piracy’ post he talked about the problem all Flash game developers have who wish to control the distribution of […]

  14. Noah says:

    In the modifiers of Xeno Tactic, I would look at it as an homage. They took the time to completely reskin your game. They added “Missions” which is actually a cool concept, and one you should consider in future renditions. You can’t do “The 100” until you pass all the other missions. I would just take it with a grain of salt and move on w/ your coding. They aren’t going to want to reskin your new version, or everytime you release a bug fix, and eventually they just give up.

  15. Paul says:


    If you look at the missions they are just my own easy / medium / hard / challenges with reduced levels. The sounds are taken from Starcraft so I am beginning to doubt the graphics are original at this point. Plus the only reason they are able to create such ‘missions’ is because of the way I have coded the engine to be flexible. I have spent many weeks optimizing the engine so that it is customizable and efficient and they come along and take all that work for nothing!? It is not an homage, it’s theft.

  16. eddie says:

    I say, do not release vr 1.5 until these theft problem is under control.
    Seeing a pirated version of DTD make me sad.

  17. Carlos says:

    Being a coder for nearly 20 years, and having faced code theft myself, I can suggest you some ideas.

    Like you said Actionscript (just like javascript), is easily “viewable” – all you can do is obfuscation and encryption.
    As we all know, if someone *really* wants to decompile it, it will no matter what – but the point is making it “hard enough” so the common thief won’t waste any time with it.

    When I started working with javascript I checked what was available at the time, I found I could easily “crack” the existing methods – so I devised and implemented my own double-obfuscation technique: something that I said: “If I faced this, I’d rather code it from the scratch than trying to work my way around it.”
    It’s basically a double obfuscation routine layered one on top of the other. Preventing from getting the code with a simple “alert/trace” on the right place. It can be cracked, but it will force them to waste time on it.

    For more serious programs – where revenue is involved, there are a lot of techniques you could use to prevent them from changing content – checksums, image validation, etc. etc.
    I was always creative with my protection routines – allowing a “apparently normal” operation, but randomly causing weird issues! eheh

    In any case, it’s something that should only be done up to a certain degree – never up to the point that will bother a regular user. No need to require fingerprint IDs or something similar! ;)

    If you want to discuss these items in more detail feel free to drop me a line by email. I’ll be happy to talk to you guys.

  18. Adam says:

    First, send a polite email to several of the contacts listed at the site. No telling where they got the game, maybe they found it somewhere else and it said “free to post anywhere!”

    If you get no favorable response, send a sternly worded warning that you will contact a lawyer unless the game is removed.

    If the response is again not favorable, contact a lawyer and have them send a certified warning via postal mail. We did this once and it cost about $250.

    Finally, sue their ass.

    You can also consider demanding restitution of a few thousand dollars as part of an out of court settlement. The DMCA takedown idea is a good one if they are US based, if we have to live with crappy laws we may as well use them.

    I would not just let it go. That sets a precedent, that could hurt you legally, and encourages more piracy. And this is REAL piracy, profiting from the work of others.

  19. Gert-Jan says:

    I would think you’d already have this covered but I will ask it anyway. Do you use an SWF encryption tool for your files? I am sure you do… but in the rare case that you don’t take a look at http://www.amayeta.com

    And I support the suggested actions by Adam and others that you should protect your property and send them at least a warning. And talk to a lawyer to discuss any possibilities you have in this case.

  20. FinalKiller0 says:

    I looked on the shock arcade website and found this:


    I tuly hope this helps. This game is very fun and lots of people on shock arcade love it. I just really wish you guys got the credit instead of those evil pirates…

  21. edwards says:

    Take seriously care of what you are saying.
    It’s difamation !

    have you give credits to all the old tower defense games you copy to make you own desktop tower defense ?
    tower defense concept is certainly not your own original idea…
    you made a flash version of a tower defense games that’s all.
    so who copy what ?

    if you made a tennis game, de you must give money back to the creator of pong ?
    All the FPS must give moneys to wolfenstein 3D ?
    how many copy of tetris ? the game world is like that. everybody copy everybody.
    you firstly copy don’t forget that !
    And you are complaining because someone else copy you ?

    Xeno tactic is firstly A beta…so it will maybe completly different later…
    secondly, they say “thank you to you” …and they are certainly not forced to make that. so be proud if someone else copy you and stop to complain !
    lastly take seriously care of your accusation. it’s difamation.

  22. suzy says:

    desktop tower defense is already a copy of tower games !
    each game rip the ideas from the others…
    Desktop tower defense is not the first tower defense game over the world…

    he stoled the ideas from other games…and he complain because someone else stole his stoled idea…
    we call that…a clone.
    How many tetris clone ?

  23. doctorh says:

    Exactly, i think paul must stop to lost is energy like that.
    i can understand his sadness.
    But these games are simply clone.
    We see it everywhere everyday…All games is a copy of an other one.
    in my opinion : Use your energy to make a better game then the others,
    that will be your best revenge.
    And, if you don’t want to be riped off. don’t use flash.
    flash is the realm of decompilation and share…
    If someone is decompiling your code everybody have your code.

  24. ethan says:

    hey ! stop to filter the posts !
    Everybody can have an other opinion than your !
    how old are you ?
    never see that !

  25. jhon doe says:

    hello ! you are simply learning the world of game development…
    all games developer meet piracy and develop their skills with that.
    if you don’t protect your code…now you will surely make that better.
    Xeno tactic mention you !
    I think it’s a proof of honesty.
    And you will win free pub with that ! all the guys who love xeno tactic..will search more information about your game !
    this game is awesome and your too ! what’s wrong ?
    they made pub for you freely ! Be happy :)
    how about your traffic ?

  26. Paul says:

    There is a difference between a copy and an exact duplication. If I copied the code for Tetris and changed the graphics how is that not copying?? XT is an exact copy of DTD with only the graphics changed and the levels presented as a lockable sequence. The fact that XT has no feature in it that isn’t already in DTD and has all the same quirks in it that DTD has and the same text. Why would they pain-stakingly copy my game’s bugs?? The answer is they didnt, they simply decompiled my game and copied the code.
    It has the same towers, the same creeps, the same map layouts, the same projectiles, the same description text, the same drag and drop system, the same scoring, the same upgrade timer, the same blocking warning, the same creep distribution, the same time bonus system… need I go on. Now, if they’d been a bit cleverer and actually changed the game – I might never have suspected it was my code.

  27. Paul says:


    Desktop TD is based on lots of different TD’s. After all Tower Defense is a genre and not s single game. XT is not ‘based’ on DTD, or a group of TD’s, it is a copy of DTD down to the smallest detail.

  28. Dave says:

    The problem is not the copying of ideas (which must happen or there would only ever be one FPS in the world or one platform game.) it is the copying of code, and in this case an entire game engine.

    ID software don’t accuse Valve of copying their wolfenstine / Quake / Doom games, even though they are all FPS, they all run on their own game engines made from scratch by their own people. But if someone used the Quake Engine to make a game without asking or paying a penny to ID Software.. well that’s our beef. And just because they had the balls to thank Paul in their help file does not mean they sought permission or had any legal right to use the code.

    We have no problems with people doing TD’s in flash, we have a problem with them using our code, which we spent MANY a night working on and optimising, to do so.

  29. otto says:

    your desktop game is better ! more fun.
    xeno tactic is an other game. best graphics but not so fun.
    yes it’s a copy of your concept.
    But if it’s free and it make an other challenge for players, it’s nice.
    i want 1 million others to copy dtd ;p

  30. hudy says:

    How to kick the ass of a concurent website.
    Decompile a stolen .swf.
    Put the name of your website enemy eveywhere.
    Difuse the pirated game.
    tell to the original conceptor !” omg a pirate is diffusing your game !”
    Weeeee all my enemys will sue a lot of dollars bwhahahahaha.
    Seriously, encrypt your .Swf !

  31. the triple eyes says:

    The real thiefs are the decompiler developers, they make a lot of moneys with that !
    If you are removing decompiler…you are removing piracy.

    The real user of decompiler are 99 % spy and thief. And they know it !

    If you sell to everyone, a super key for open all the cars of the world !
    Do you think it’s perfectly moral ?

  32. orfc says:

    I suspect the graphic designer for the early 90’s alien breed game series on the amiga would like a word with onlinegamesquad too, ‘cos the skin’s a pixel-for-pixel copy

  33. Goku says:

    the problem isn’t a simple copy of idea’s because if it were that would be like having a problem with tennis games being a copy of pong the problem he is having is someone took the code the core of his game and tweaked it then claimed it as their own stealing a graphic or concept is one thing stealing the code the engine the very core of a game on the other hand is very much a different dragon all together and there are more uses for decompilers than just theft (though that is an obvious one) I’d like to get my hands on a decompiler just so i could take a copy of the various TD games and then tweak them so that i can have a game for my personal use that i can actually beat because even tough i like TD games i suck at them i wouldn’t re host it

  34. Goku says:

    as for the element TD and shock defense being the same i can see a number of similarity’s but i can see a number of differences granted i haven’t looked at the code it self so i could be wrong in thinking that they might not be the same engine

  35. pygar says:

    One thing I’ve noticed with YouTube content is that the ‘player’ movie and the content (the video) are actually two different .swf files. The player controls – what you see in the Browser window acts as a shell and the content (the video) loads into this on separate Flash level. If you use Firefox for instance to ‘save’ the movie, all you get saved is the shell .swf which is useless by itself. You don’t get the video. I’m not sure how great a method this is to protecting content, but it looks like it could be the basis of something that could be adapted. All a game developer would have to do is load their game dynamically into a .swf shelf which is embedded on the web page instead of embedding the actual game .swf itself. I’m sure this could work.

  36. Dave says:

    They do this so they can update the player without having to update millions of video files. The browser still downloads the video (or a game swf) so it could still be taken.

  37. Alex says:

    It’ll still discourage newbies from stealing the file, though, so it wouldn’t hurt to use.

  38. Rick says:

    I’m sure this kind of thing really ticks ya off! You mentioned your pathfinding system isn’t a standard A* method, which may or may not be the reason other companies are decompiling the game. I wish I could wrap my head around A*, let alone the routing system in DTD. I understand if you wish not to share, but what is the main idea behind the routing system? Sometimes I wish I knew how to program :) I just like to pretend I can!

    Keep up the good work!

  39. Jay says:

    Well as long as you offer a version that works offline, I don’t care how encrypted the file itself is to prevent decompiling, lol.
    My only concern is that there be a version I can download and play offline.
    Lots of people would love to play the game in places where a record of your computer logging into a game site everytime the game loads, or to play the game, would be a bad thing. ;)

  40. jsonchiu says:

    I found DTD from Xeno Tactics. I personally like both.
    I do not think that you should care too much about Xeno.
    Xeno Tactics is at least GIVING some sort of credit to DTD.
    It’s also bringing some more visitors to your site.

    BTW, I really wish the engine is open source. it would solve the piracy problem all together.
    I want to see how people implement their algorithms, ’cause I can’t seem to boost up the performance of my code. (and maybe make a few customized TD for my own use)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: