I'm embarking on a new project to protect images from being copied. This method will also prevent screen shots being taken. It's only in development/working theory stage at the moment. I was just wondering if this type of high security would be of interest to users here?

The final result would mean you can have high res proofs for customers to view, without the risk of them printing off and getting your work for free :eek: .
I'm looking at giving output images in swf format like this Here (http://www.chrishoggy.pwp.blueyonder.co.uk/p1.htm) (and the final release would have download, direct link and copy protection/blocking. It will have password encryption even if download was achieved, and decompiler protection to cut out image ripping from the swf. There will also be the ability to disable the print screen function and render any key activity useless while the image is in view.

chris,

i have yet to view ANY image that i cant copy, one way or another. if i can see it on my monitor, i can copy it. i guarantee it. if in no other way, i can ALWAYS take a photo of the monitor. so, if it can be seen, it can be copied, regardless of how many keys you disable. and with flat screens being so prevalent nowadays, you dont even get any barrel distortion from the screen. and if you somehow figured out an interlace method to defeat digital cameras, there are still optical/analog cameras that would not be fooled.

now, i have seen some decent methods to slow or stop most folks from copying and a lot of them are swf based, so if that's what you're shooting for, why ok. just be aware that there's always a way to pick any lock :)

the best way for proofs is still watermarks across the image. i know. i rip a LOT of images just for personal pleasure and the ones i always leave alone are the watermarked ones. it's just not worth the effort to try to clean them up.

craig

It's a noble attempt but as Kraellin says: Where there's a will, there's a way. :sad:

Dave.

It may be impossible to stop the tech minded from getting your images. But we are talking about showing customers your work, and they are mainly not able to do work on images. If they were, they would not have needed your services in the first place :happy:

I do like the cool watermarks you can put on with flash. Here is one on one of my own photos :bigthmb:
http://www.chrishoggy.pwp.blueyonder.co.uk/wm.swf

Here is a quick example with low security and no folder lockdown (no htaccess files added etc). Let me know how long it takes for you to get the restored image (it isn't a fully restored image by the way :wink: )
http://www.chrishoggy.pwp.blueyonder.co.uk/test/

Image you are looking for is a 1600x1146 jpg file ;)

You are not displaying the big image. Display the big image and then ask how long it takes...

Here is a quick example with low security and no folder
...
Image you are looking for is a 1600x1146 jpg file ;)

You are not displaying the big image. Display the big image and then ask how long it takes...
You are viewing the big image, as that is the restored image you can see through the viewer. It's there, being viewed and you can see every bit of the image. It's just not all showing at the same time :D .

Images that are in the script can be hotlinked to and viewed from source. So like I said, show me the image :wink:

Move viewer with your mouse ;)

Then it must be me: all I get to see is a small image with a magnifying glass that I can move around. Granted it magnifies the area that is on top of, but I don't get to see the "big picture"... pun intended.

If you feel that strongly, look into the possibility of having an applet that does not display anything unless the browser is in focus (I don't know if it can be done without mucking with the OS...) and disabling the keyboard. Then the only method left (there is always a way...), would be by taking a photograph of the monitor.

I think, it is an interesting and valiant effort but a futile one.

Just my 2 cents.

You are viewing the big image, as that is the
....
Images that are in the script can be hotlinked to and viewed from source. So like I said, show me the image :wink:

I think, it is an interesting and valiant effort but a futile one.

Fact is, a customer can view any part of a restored image via the viewer (that can be made bigger). They can zoom in on detail and see the work done, but they can't print the restored image :dizzy:
Fact that you can't show me the whole image, proves it isn't that easy to get/grab/hotlink to, or what ever. So it proves the method works :D

My (ex)father-in-law used to say "Locks only keep out honest people"

The fact Sir, is that it does NOT work.
It took me 10 minutes to get it.
Here is the URL:
http://www.chrishoggy.pwp.blueyonder.co.uk/test/thisistheoneyouwant.jpg


get/grab/hotlink to, or what ever. So it proves the method works :D

You did it via common folder name, thats after you got it from the swf. And you received 6 url 404 errors when trying.
/test/thisistheoneyouwant.jp HTTP/1.1" 404
/images/thisistheoneyouwant.jp HTTP/1.1" 404
/test/imagebase/thisistheoneyouwant.jpg HTTP/1.1" 404
/imagebase/thisistheoneyouwant.jpg HTTP/1.1" 404
/thisistheoneyouwant.jpg HTTP/1.1" 404
/thisisthesmall.jpg HTTP/1.1" 404
Here is a quick example with low security and no folder lockdown
I did say that, did I not?
The fact Sir, is that it does NOT work
These are supposed to be constructive comments?
2 simple steps that will be in the final template would have stopped that. What would you have done if the files were named thisistheoneyouwant.wxyz and the folder they were in was server side access only?

It took me several steps because I made a mistake typing the URL.
I typed "thisistheoneyouwant.jp" instead of "thisistheoneyouwant.jpg"

Regarding the comments, they were just my opinion. I still think what you are doing is a valiant and creative effort but only from a coding perspective.

I did decompile the swf file and that is how I had access to the image name. I do realize 99% of the users would not be able to do it either because they don't know how or don't think the effort is worth it.

Regarding renaming the image "thisistheoneyouwant.wxyz", I don't think it will work. I will download the "wxyz " file and just rename it locally to "jpg".

If you still want to pursue this idea, look into the possibility, as you mentioned, of putting the big image outside the web server folder structure. I don't know if Flash allows for that but it is a possibility. This could be also be augmented with a simple check from the web server: if the request does not come from the local system, don't serve the image.

I think the idea of having a magnifier glass is an interesting idea. I just don't know how well that will work with someone that wants to see the overall picture. Sure, one gets to see all of the picture but not all at once, and, in my opinion that is a big problem. If you think your visitors will not mind, then, by all means, go at it.

One final point:

One of the reasons why I think this was a very creative approach is due to the fact that you allow users to see portions of "the big picture", even a VERY large hi res picture (that could be many Mb in size...), without having the picture transferred to the browser. All it comes to the browser is a tiny 6kb file. This "trick" is, I think, worth exploring more for other uses. Just not this one.

Having said all of that, remember: if there is a will there is a way and what I did, should not be seen as a statememt on your level of security but more a comment on Flash. It was a demonstration that, via the web, just about anything is possible. It was, from my perspective, simply an academic exercise.

You did it via common folder name, thats after you got it
...
were in was server side access only?

Yes decompiling is one of the easy ways round it, but that is yet another hole that will be blocked, by encrypting the swf scripts. As you will have seen there was no protection on this item at all (except standard import protection). It is just a flash effect that has been modified to show before and after on a roll over :D But saying that, it has made life difficult for the 20+ people who have been trying like mad to guess/work out where the files are (404's all over my logs :D ). So a 1 in 20 success rate isn't bad for a method that has no security applied to it at all. Once the security is applied this should improve dramatically, making ripping of the image nearly impossible for the every day user/customer :D

Hi Chris.

Well I was one of the people who tried and gave up. I think you idea has potential. I would not have a clue how to decompile a swf file (I could do some reading and then it may be easy) But I think this would stop the vast majority of people.

I did find the magnifying glass a little annoying. It’s difficult to get a feel for the whole picture. Maybe if the magnifier was not so strong and a little bigger then it would have been better.

Ken

Ken, the magnifier will be bigger and I may do away with the handle, just leaving a thin outer rim. The magnifier seems a bit overpowering because the base image (800x573) is so small compaired to the restored (zoomed 1600x1146) image, thus doubling the zoom before it even started ;) . Once finished the magnification will be between 1.5 and 2x, and shouldn't be as blocky, as both images will be the same size. ;)

Frank, as you know, you got the image url via this script.
loadMovie("thisisthesmall.jpg", "imagebase");
loadMovie("thisistheoneyouwant.jpg", "imagemagnifier.imagelarge");
_root.onEnterFrame = function() {
if (loaded == 2) {
scalefactor = imagemagnifier.imagelarge._width/imagebase._width;
gotoAndStop(2);
}
};
stop();

Where as the encrypted swf looks like this after decompiling ;)
Level #0: Frame=1 Label="!#p"
Movie Clip: Frame=1 Target="_level0.imagebase"
Shape:
Movie Clip: Frame=1 Target="_level0.imagemagnifier"
Shape: Mask
Movie Clip: Frame=1 Target="_level0.imagemagnifier.imagelarge"
Shape:
Movie Clip: Frame=1 Target="_level0.imagemagnifier.theglass"
Shape:

Photoshop: I don't mind codes being posted etc, as final template will have a totally different layout structure :nod:

Post the SWF file on the website and then I'll take a look. It just might work for you...

Ken, the magnifier will be bigger and I may do away with
...
different layout structure :nod:

This is a standard encryption swf. same file as before, but with the image file names changed. Images don't exist, so won't show in flash. But the image details are there to be found, as they were before ;)
http://www.chrishoggy.pwp.blueyonder.co.uk/test.swf

Just post the image file name :bigthmb:

Photoshop: If your decompiler does give up the details, it would be useful to know what one you are using :nod: . The encrypting software claims to block many of the main ones on the market ;)

The files are canyoufindit.jpg and canyoufinditbig.jpg

Would you rather take this discussion offline? We might be boring others to death with such arcane subject.... :-)

This is a standard encryption swf. same file as before, but
Just post the image file name :bigthmb:

There are many tech minded people on here who can contribute to the building/development of this, thats why I posted it to start with ;) That one was done with http://www.amayeta.com/ trial version. Would be nice to inform them of the lack of security in their software product. What decompiler do you use?

Seems server side access only is the way to go, and write the swf on the fly :nod: That cuts out any chance of gaining access to the files, unless they gained ftp access to the server :grin:

Are those the correct names?

I don't use a standard "Flash decompiler" but I did "decompile" the code.
I use my own method. It would not serve anyone telling the world how to "hack" a swf file, so if you don't mind I'll not make it public.

I got to go for for now: got to shovel snow... the northeast US is under a blizzard... :-(

There are many tech minded people on here who can
...
ftp access to the server :grin:

Quote from Amayeta

“SWF Encrypt™ 3.0 encrypts your Macromedia Flash® SWF files, protecting them from the most popular Flash Decompiler Tools on the market! Secure your ActionScript today and prevent SWF Reverse Engineering and Decompiling.”


Well Done Frank.

Ken

so if you don't mind I'll not make it public.
Yes, they are correct :nod:
Don't mind at all, in fact I have a good idea how, as I have just done it myself now (didn't try before) :dizzy: Doesn't say much for their stuff does it :confused:

Keeping the files server side may give them the file names, but they would have no access to a none public folder on the server (before you say it, I know there are ways. But it ain't that easy)

This kind of testing is the only way we will ever be able to get something that will have as many closed doors as possible :bigthmb:

Quite like the way this one turned out :bigthmb:
http://www.chrishoggy.pwp.blueyonder.co.uk/ex.swf

You decided to include both large and small in the SWF?

If you plan to use the swf method, then leave the big one in the server and load it as you were doing before. It was lightweight and very quick. This one weights a hefty 685Kb :-)

Quite like the way this one turned out :bigthmb:
http://www.chrishoggy.pwp.blueyonder.co.uk/ex.swf

Yes, I will have larger images on server, once I can secure them in a way that blocks direct access. Is this viewer better than the other for size of restored image etc? It does seem a bit larger/clearer and you can change size of viewer :cool: .
If the no security version Here (http://www.chrishoggy.pwp.blueyonder.co.uk/test/) is wanted for general web viewing/web design etc, I'm happy to post a zip with the source files and instructions on putting on the web. It's only a case of sizing and naming your before and after images, then uploading them along with the swf file.

A strip you can slide along revealing a slice of restored image I think would be a nice method for viewing. I saw one similar that you slid back the old to reveal the restore, this time though to protect from screen grab I would just use a slice of reveal then at least you see a full strip and by sliding across get a full effect of the work you have done.