> > Personaly I think that if someone can bypass the obfuscation, (not "jump > tricks" but *real* obfuscation by variable renaming/hashing - see > http://tech.motion-twin.com/obfu ) then there is no need for additional > protections because the user is motivated enough to bypass them as well. >
Yes but who knows in which order the user gonna try to bypass the protection(s) ? > I think that you need to protect from two things : > a) internal attacks, by obfuscating the SWF > b) external attacks, by obfuscating the protocol > This is not *real* security - it should just be called "tricks" to get > rid of people without enough free time or technical background. > Yep And to get back on topic here a little list of papers for these kind of "tricks" - JAurora http://wwwhome.cs.utwente.nl/~oord/ see the paper "Stealthy obfuscation techniques misleading the pirates" - Gleb's Naumovich's publications http://cis.poly.edu/gnaumovi/publications.html some interesting papers as "Obfuscation of Design Intent in Object-Oriented Applications" "Preventing Piracy, Reverse Engineering, and Tampering" - Christian Collberg, Clark Thomborson, Douglas Low http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson Low98a/ "Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs" zwetan _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders