Protecting your SWF with secureSWF

miguelMoraleda — Mon, 08 Feb 2010 15:31:15 +0000

I’ve been worried about this topic for a long time now, especially when I work as freelancer. Because every time I demo a project to a clients, I always fear they will decompile the SWF and disappear. I might be paranoid, but not too far from reality. Fortunately I’ve never had any problems like this, but I still prefer to be protected. Besides, these attacks are used for other purposes such as intellectual property theft, search for security flaws and exploits, and so on. It is also a very important issue when your application is of commercial value, as it is even more tempting to get the full benefit in a gruesome way.
Anyone with a copy of a Flash decompiler such as ASV or Sothink Decompiler can look at your ActionScript code. Suddenly, your licensing code, copy protection mechanisms, and proprietary logic are available for all to see – whether it’s legal or not. Anyone can use the details of your software for whatever reason they like. They can search for security flaws to exploit, steal unique ideas, crack programs, etc.

ActionScript is very easy to decompile. There are over 22 decompilers today. This is not a design flaw in the language; it’s a reality of all interpreted language such as Java, .NET, etc.

The encryption of the SWF (more like the code obfuscation) is to make the code difficult to understand. It’s noteworthy that it’s not actual encryption.

Despite all the protection it gives us, the obfuscation code is still vulnerable to illegal redistribution; anyone can download the SWF and republish it. To solve this issue, secureSWF has a protective system of domains (the movie will only work on the list of domains we specify) and also an encrypted loader (generates a separate swf to load our movie, assigns an encrypted name to the swf and decrypt it at runtime making it harder to download our swf), the grace of this protects us from attackers or SWF rippers grabbers.

secureSWF is the most sophisticated ActionScript obfuscation, code protection, and SWF encryption solution for Adobe’s Flash and Flex.
It provides state-of-the-art techniques to stop Flash decompilers, prevent illegal copying and redistribution, and help you increase your Flash application’s security.

What secureSWF’s SWF Encryption Does

Control Flow Obfuscation

Changes possible areas of the code flow that doesn’t affect the way the application runs. It also inserts extra control flow statements in certain areas of the code to make decompilation virtually impossible.

Dynamic Code Wrapping

Dynamically wraps up the ActionScript byte-code blocks in SWF files to make finding entry points of the code very difficult for Flash decompilers. This will usually crash the decompiler.

Statement-level Randomization

Will randomly restructure the sequence of the byte-code instructions that the decompiler uses to reform a complete ActionScript statement. It removes all the possible links between the compiled byte-code and the ActionScript source code making decompiling a very difficult process.

String Encryption

Will replace sensitive literal strings in your code with a function call that gets the string from an encrypted byte array.

The Information secureSWF Removes

Packages (and internal namespaces for AS3)

Classes

Functions (getters and setters as well)

Variables (local and global variables for AS1 and AS2)

Handles Inheritance and Polymorphism

Dynamic Variables (even the ones done by AS2 eval)

Removes Function Parameters Names

Frame Labels

Symbol Instance Names

Button Names

Textfield Names

Edit Textfield Variables

SWF Metadata

ActionScript 3 Metadata

Getting Started secureSWF

secureSWF Manual

Demo

Only to show you the result of the secureSWF encryption I wrote this basic class.

Before

package
{
	import flash.display.Sprite;
	import flash.display.StageAlign;
	import flash.display.StageQuality;
	import flash.display.StageScaleMode;
 
	public class Main extends Sprite
	{
		private var _draw:Sprite;
 
		public function Main()
		{
			super();
			configStage();
			createDraw();
			testFor();
		}
 
		private function testFor():void
		{
			for (var i:int = 0; i < 10; i++) 
			{
				trace(i);
			}
		}
 
		private function createDraw():void
		{
			_draw = new Sprite();
			addChild(_draw);
			_draw.graphics.beginFill(0xff0000);
			_draw.graphics.drawRect(0, 0, 100, 100);
			_draw.graphics.endFill();
		}
 
		private function configStage():void
		{
			stage.scaleMode = StageScaleMode.NO_SCALE;
			stage.quality = StageQuality.BEST;
			stage.align = StageAlign.TOP_LEFT;
		}
	}
}

After

package
{
	import flash.display.*;
 
	public class do extends Object
	{
		public function do(  )
		{
			var _local_1:boolen;
			var _local_2 = false<NULL&param2;
			if( _local_2&&_local_1 )
			{
			}
			if( _local_2 )
			{
				this.break();
				if( _local_2 )
				{
					this.if();
					if( _local_2&&_local_2 )
					{
						this. do();
					}
					return;
		}
		private function if(  ):void
		{
			var _local_1:boolen;
			var _local_2 = ^===<-^false++;
			if( _local_1 )
			{
				 case = new Sprite();
				if( _local_2&&this )
				{
				}
				addChild(this. case);
				if( _local_2&&_local_1 )
				{
					this. case.graphics.beginFill(16711680);
					if( _local_1 )
					{
						_local_2 = 0>0;
						drawRect(,this instanceof 0-0,100,100);
						this. case.graphics.endFill();
					}
				}
				return;
		}
		private var  case:Sprite;
		private function break(  ):void
		{
			var _local_1:boolen;
			var _local_2:Object;
			if( _local_2 )
			{
			}
			stage.scaleMode = StageScaleMode.NO_SCALE;
			if( _local_2 )
			{
				stage.quality = StageQuality.BEST;
				if( 0-0||this )
				{
					stage.align = StageAlign.TOP_LEFT;
				}
				return;
		}
		private function  do(  ):void
		{
			var _local_2 = true as param2>=param2;
			var _local_3:boolen;
			var _local_1:int;
			while( _local_1<10 )
			{
			}
			return;
		}
	}
}

You can see, the result is very crazy, but the code executes exactly the same as the original. For this example I used the standard encryption preset (among other presets), but with more security settings my decompiler crashed. Very nice!!
Well, this example is the end of my post. I hope you like it. Any comment or suggestions will be welcomed.

Miguel Moraleda » security