4

GOOGLE is full of so called SWF encrypters/obsfucators/lockers. But 99% of them cause bugs in complex applications. In applications with imported 3D libraries or that use external files. Or in complex applications with thousands of lines of code inside and that have many animations inside.

I've been working with KINDISOFT software, and my team has developed over 200 games, using ADOBE FLASH CS5 and CS6, and FLEX. The SWF's generated from FLEX were able to be encoded by KINDISOFT and other SWF protectors, while the other SWF files ,exported by ADOBE FLASH were so messed up that the errors started appearing from start.

So I got two questions :

a) When using such software like SWFENCRYPT or secureSWF or other similar products that use as input your SWF files, they actually decompile your file, insert obsfucation , and some security, and then recompile ? Or they simply alter the bytecodes ?

b)Is there no way to insert protection inside the original source files, this way substantially decreasing the risk of having bugs ?

The purpose of this question is to find out how to protect your FLASH APPLICATIONS if you have the sources, before compiling, so that after compiling, the code would be 100% functional, rather then protecting your SWF after it was compiled and risking to generate bugs.

Thank you for your time

NVG
  • 3,248
  • 10
  • 40
  • 60
  • "[there is no viable code protection in Flash](http://whitequark.org/blog/2012/07/06/lets-destroy-flash-together/)" - Peter Zotov. Not trying to start a flame war, but is it worth the effort to implement something that is known to be broken? – Enrico Dec 16 '12 at 20:36

1 Answers1

2

I think obfuscating software is altering bytecode. For example, addition of invalid bytecode used to break decomplilers in the past, while Flash Player still played swf correctly. This is endless battle of sword and shield (but it seems obfuscators are in better position.)
To be more concrete, if your application breaks after obfuscation - what you can do:

  • exclude fragile resources like animated clips from obfuscation. If you absolutely need to protect them, you can encrypt them with simple algorythm like RC4 (it's fast) and decrypt in obfuscator-protected section (see as3crypto).
  • work with KindiSoft, sending them error reports with examples of broken swf.
  • add your own obfuscation methods, like hiding of logic in pictures/other resources.
alxx
  • 9,897
  • 4
  • 26
  • 41
  • -How can I encrypt animated clips ? -kindisoft doesnt even have a contact form on their website , and when I email them, they dont answer; -currently all the resources are inside the FLA/SWF file; – NVG Dec 10 '12 at 12:04
  • Load them as bytes and encrypt byte arrays. To load, decrypt and use Loader.loadBytes (although I stumbled upon bugs when did that on as2 clips, as3 ones should do without problems.) – alxx Dec 10 '12 at 12:07