Protecting your SWF with secureSWF
This is a topic I’m worry from long time ago, especially when I work as freelancer becouse when I show the project to the clients I always think they will decompile the SWF and they will dissapear. Quite paranoid on my part but not so far removed from reality(possible). Fortunately I never had any problems about this, but I still prefer to be protected in this regard. Besides these abuses also are used for other purposes such as theft of ideas, search for security flaws and exploits, and so on. It is also a very important issue when your application will give some commercially valuable prizes, as it is even more tempting to get the full benefit of some gruesome way.
Anyone with a copy of a Flash decompiler such as ASV or Sothink Decompiler can look at your ActionScript code. Suddenly, your licensing code, copy protection mechanisms, and proprietary logic are much more available for all to see – whether it’s legal or not. Anyone can use the details of your software for whatever reason they like. They can search for security flaws to exploit, steal unique ideas, crack programs, etc.
Actionscript is a language very easy to decompile, decompilers are over 22 today. This is not a design flaw in the language, is simply a reality of interpreted language such as Java,. NET, etc.
The encryption of the SWF (more like the code obfuscation) it is the code will be confused and difficult to understand. It is noteworthy that not a real encryption.
Well finally and not more widespread, despite all the protection it gives us the obfuscation code still vulnerable to the illegal redistribution of our application, anyone can download the SWF and publish it elsewhere. To solve this secureSWF has a protective system of domains (the movie will only work within the domains we specify) and also a encrypted loader (generates a separate swf that will be the shipper of our movie, assigns names to swf encrypted and decrypted it at runtime doing much more complex the issue of downloading our swf), the grace of this is protecting us from attacks or SWF rippers grabbers, they are going to collect as SWF.
secureSWF is the most sophisticated ActionScript obfuscation, code protection, and SWF encryption solution for Adobe’s Flash and Flex.
It provides state-of-the-art techniques to stop Flash decompilers, prevent illegal copying and redistribution, and help you increase your Flash application’s security.
What secureSWF’s SWF Encryption Does
Changes possible areas of the code flow that doesn’t affect the way the application runs. It also inserts extra control flow statements in certain areas of the code to make decompilation virtually impossible.
Dynamically wraps up the ActionScript byte-code blocks in SWF files to make finding entry points of the code very difficult for Flash decompilers. This will usually crash the decompiler.
Will randomly restructure the sequence of the byte-code instructions that the decompiler uses to reform a complete ActionScript statement. It removes all the possible links between the compiled byte-code and the ActionScript source code making decompiling a very difficult process.
Will replace sensitive literal strings in your code with a function call that gets the string from an encrypted byte array.
The Information secureSWF Removes
Getting Started secureSWF
secureSWF Manual
Demo
Only to show you the result of the secureSWF encryption I wrote this basic class.
Before
package { import flash.display.Sprite; import flash.display.StageAlign; import flash.display.StageQuality; import flash.display.StageScaleMode; public class Main extends Sprite { private var _draw:Sprite; public function Main() { super(); configStage(); createDraw(); testFor(); } private function testFor():void { for (var i:int = 0; i < 10; i++) { trace(i); } } private function createDraw():void { _draw = new Sprite(); addChild(_draw); _draw.graphics.beginFill(0xff0000); _draw.graphics.drawRect(0, 0, 100, 100); _draw.graphics.endFill(); } private function configStage():void { stage.scaleMode = StageScaleMode.NO_SCALE; stage.quality = StageQuality.BEST; stage.align = StageAlign.TOP_LEFT; } } }
After
package { import flash.display.*; public class do extends Object { public function do( ) { var _local_1:boolen; var _local_2 = false<NULL¶m2; if( _local_2&&_local_1 ) { } if( _local_2 ) { this.break(); if( _local_2 ) { this.if(); if( _local_2&&_local_2 ) { this. do(); } return; } private function if( ):void { var _local_1:boolen; var _local_2 = ^===<-^false++; if( _local_1 ) { case = new Sprite(); if( _local_2&&this ) { } addChild(this. case); if( _local_2&&_local_1 ) { this. case.graphics.beginFill(16711680); if( _local_1 ) { _local_2 = 0>0; drawRect(,this instanceof 0-0,100,100); this. case.graphics.endFill(); } } return; } private var case:Sprite; private function break( ):void { var _local_1:boolen; var _local_2:Object; if( _local_2 ) { } stage.scaleMode = StageScaleMode.NO_SCALE; if( _local_2 ) { stage.quality = StageQuality.BEST; if( 0-0||this ) { stage.align = StageAlign.TOP_LEFT; } return; } private function do( ):void { var _local_2 = true as param2>=param2; var _local_3:boolen; var _local_1:int; while( _local_1<10 ) { } return; } } }
How you can see, the result is very crazy, but the code execution do exactly the same of the original. For this example I used the standard encryption (exist others), but with more hard security settings my decompiler crash. 
very nice!!
Well, this example is the end of my post. I hope you like it. Any comment or suggestions will be welcome.
Sponsored by secureSWF
, custom styles can be applied to scrollbars, we can break up text across columns, and more.
