Re: [Flashcoders] obfuscation swf !
If the viewer cannot get your swf, they cannot decompile it: http://jimbo.us/swf_protect/ - Original Message - From: Bart Wttewaall [EMAIL PROTECTED] To: Flashcoders mailing list flashcoders@chattyfig.figleaf.com Sent: Sunday, May 07, 2006 8:10 AM Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Isn't all the swf content in that url ? http://jimbo.us/Games/mahJongg/advert.php?data=content so : $ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content $ mv advert.php?data=content ad.swf $ swfdump -a ad.swf Interesting content. Is this trick so hard to find ? Le 17 juil. 07 à 18:06, Jim Berkey a écrit : If the viewer cannot get your swf, they cannot decompile it: http:// jimbo.us/swf_protect/ - Original Message - From: Bart Wttewaall [EMAIL PROTECTED] To: Flashcoders mailing list flashcoders@chattyfig.figleaf.com Sent: Sunday, May 07, 2006 8:10 AM Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com --- Eric Priou aka erixtekila Dev notes : http://www.v-i-a.net/inprogress Oregano XMLSocket server forum : http://www.v-i-a.net/forum ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
RE: [Flashcoders] obfuscation swf !
Yeah - looks like it to me! And what's with all the secrecy about the technique? :) Sunil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Priou Sent: 17 July 2007 17:26 To: flashcoders@chattyfig.figleaf.com Subject: Re: [Flashcoders] obfuscation swf ! Isn't all the swf content in that url ? http://jimbo.us/Games/mahJongg/advert.php?data=content so : $ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content $ mv advert.php?data=content ad.swf $ swfdump -a ad.swf Interesting content. Is this trick so hard to find ? Le 17 juil. 07 à 18:06, Jim Berkey a écrit : If the viewer cannot get your swf, they cannot decompile it: http:// jimbo.us/swf_protect/ - Original Message - From: Bart Wttewaall [EMAIL PROTECTED] To: Flashcoders mailing list flashcoders@chattyfig.figleaf.com Sent: Sunday, May 07, 2006 8:10 AM Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
RE: [Flashcoders] obfuscation swf !
) { if (_root.shad_133._visible == true) { enable = true; gotoAndStop(2); } // end if } // End of TellTarget } // end if if ((numb == 143 || numbc == 143) (_root.shad_133._visible == false || _root.shad_135._visible == false)) { tellTarget(_root.br_134) { if (_root.shad_134._visible == true) { enable = true; gotoAndStop(2); } // end if } // End of TellTarget } // end if if (numb == 144 || numbc == 144) { for (i = 140; i = 143; i++) { if (eval(_root.shad_ + i + ._visible) == true) { tellTarget(_root.br_ + i) { enable = true; gotoAndStop(2); } // End of TellTarget } // end if } // end of for } // end if } else { _root.checkName = name; _root.check = _root.tile[name.substring(3, 6) - 1]; for (i = 1; i = 144; i++) { tellTarget(_root.br_ + i) { if (enable == true) { gotoAndStop(2); } // end if } // End of TellTarget } // end of for tellTarget(_root. + name) { gotoAndStop(3); } // End of TellTarget } // end else if _root.miss.gotoAndPlay(2); } // End of the function stop (); shuffle(); -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Eric Priou Envoyé : July 17, 2007 12:26 PM À : flashcoders@chattyfig.figleaf.com Objet : Re: [Flashcoders] obfuscation swf ! Isn't all the swf content in that url ? http://jimbo.us/Games/mahJongg/advert.php?data=content so : $ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content $ mv advert.php?data=content ad.swf $ swfdump -a ad.swf Interesting content. Is this trick so hard to find ? Le 17 juil. 07 à 18:06, Jim Berkey a écrit : If the viewer cannot get your swf, they cannot decompile it: http:// jimbo.us/swf_protect/ - Original Message - From: Bart Wttewaall [EMAIL PROTECTED] To: Flashcoders mailing list flashcoders@chattyfig.figleaf.com Sent: Sunday, May 07, 2006 8:10 AM Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com --- Eric Priou aka erixtekila Dev notes : http://www.v-i-a.net/inprogress Oregano XMLSocket server forum : http://www.v-i-a.net/forum ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive
RE: [Flashcoders] obfuscation swf !
Check it out, and see if you can 'steal' this game - it is yours for the taking: Instead of Alert! you should have wrote, Congrats! This game is yours! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederic Caron Sent: Tuesday, July 17, 2007 9:32 AM To: flashcoders@chattyfig.figleaf.com Subject: RE: [Flashcoders] obfuscation swf ! I've just save as and uncompile .. I don't get where's the revolution? message = Alert! This movie\'s copyrights are being infringed! A message is being sent to the author that you have copied his work. \nOffending website path: + _url; ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Instead of answering every note that claims to have 'taken' the game, don't write a note - prove it - You do not have the game, you have a nearly empty container file :) You have the game? Congrats - upload it to your site and show us! jimbo - Original Message - From: Jesse Graupmann [EMAIL PROTECTED] To: flashcoders@chattyfig.figleaf.com Sent: Tuesday, July 17, 2007 12:46 PM Subject: RE: [Flashcoders] obfuscation swf ! Check it out, and see if you can 'steal' this game - it is yours for the taking: Instead of Alert! you should have wrote, Congrats! This game is yours! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederic Caron Sent: Tuesday, July 17, 2007 9:32 AM To: flashcoders@chattyfig.figleaf.com Subject: RE: [Flashcoders] obfuscation swf ! I've just save as and uncompile .. I don't get where's the revolution? message = Alert! This movie\'s copyrights are being infringed! A message is being sent to the author that you have copied his work. \nOffending website path: + _url; ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
So you are telling me that the game content is ad.swf? I don't think so . . . - Original Message - From: Eric Priou [EMAIL PROTECTED] To: flashcoders@chattyfig.figleaf.com Sent: Tuesday, July 17, 2007 12:26 PM Subject: Re: [Flashcoders] obfuscation swf ! Isn't all the swf content in that url ? http://jimbo.us/Games/mahJongg/advert.php?data=content so : $ curl -LO http://jimbo.us/Games/mahJongg/advert.php?data=content $ mv advert.php?data=content ad.swf $ swfdump -a ad.swf Interesting content. Is this trick so hard to find ? Le 17 juil. 07 à 18:06, Jim Berkey a écrit : If the viewer cannot get your swf, they cannot decompile it: http:// jimbo.us/swf_protect/ - Original Message - From: Bart Wttewaall [EMAIL PROTECTED] To: Flashcoders mailing list flashcoders@chattyfig.figleaf.com Sent: Sunday, May 07, 2006 8:10 AM Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com --- Eric Priou aka erixtekila Dev notes : http://www.v-i-a.net/inprogress Oregano XMLSocket server forum : http://www.v-i-a.net/forum ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
RE: [Flashcoders] obfuscation swf !
Why don't you explain us what's the technique, cause for me that isn't a game anyways that's only weird blocs. - F -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jim Berkey Envoyé : July 17, 2007 1:21 PM À : flashcoders@chattyfig.figleaf.com Objet : Re: [Flashcoders] obfuscation swf ! Instead of answering every note that claims to have 'taken' the game, don't write a note - prove it - You do not have the game, you have a nearly empty container file :) You have the game? Congrats - upload it to your site and show us! jimbo - Original Message - From: Jesse Graupmann [EMAIL PROTECTED] To: flashcoders@chattyfig.figleaf.com Sent: Tuesday, July 17, 2007 12:46 PM Subject: RE: [Flashcoders] obfuscation swf ! Check it out, and see if you can 'steal' this game - it is yours for the taking: Instead of Alert! you should have wrote, Congrats! This game is yours! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederic Caron Sent: Tuesday, July 17, 2007 9:32 AM To: flashcoders@chattyfig.figleaf.com Subject: RE: [Flashcoders] obfuscation swf ! I've just save as and uncompile .. I don't get where's the revolution? message = Alert! This movie\'s copyrights are being infringed! A message is being sent to the author that you have copied his work. \nOffending website path: + _url; ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
On 7/17/07, Jim Berkey [EMAIL PROTECTED] wrote: So you are telling me that the game content is ad.swf? I don't think so . . http://www.snafoo.org/snafoogame.swf 7 minutes. Sorry. Mark ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Hi Gregory, sorry for the late reply. I have tried SWF Encrypt from Amayeta. I can really recommend it for swf encryption but as I wrote before, it breaks v2 components. Kind Regards, Andy On 5/11/06, GregoryN [EMAIL PROTECTED] wrote: Andy, What kind of encryption have you tried? I use bytecode manipulations (Flare+manually). Some tricks, indeed, break the component (v.2), but others work OK. I don't think it depends on what your component does, rather the encrypting technique itself. -- Best regards, GregoryN http://GOusable.com Flash components development. Usability services. - Andy Bueler wrote: Hi, is there a way to protect flash components? Unfortunalty encrypting breaks the components, but is there a tool to at least obfuscation them? Kind Regards, Andy ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Andy, What kind of encryption have you tried? I use bytecode manipulations (Flare+manually). Some tricks, indeed, break the component (v.2), but others work OK. I don't think it depends on what your component does, rather the encrypting technique itself. -- Best regards, GregoryN http://GOusable.com Flash components development. Usability services. - Andy Bueler wrote: Hi, is there a way to protect flash components? Unfortunalty encrypting breaks the components, but is there a tool to at least obfuscation them? Kind Regards, Andy ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Hi, is there a way to protect flash components? Unfortunalty encrypting breaks the components, but is there a tool to at least obfuscation them? Kind Regards, Andy On 5/10/06, John Hattan [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burak KALAYCI Sent: Monday, May 08, 2006 11:57 AM To: Flashcoders mailing list Subject: Re: [Flashcoders] obfuscation swf ! Hi John, I wouldn't say SWF Encrypt is absolute crap - though it took just minutes for us to bypass their initial 3.0 version. As per requests from our customers, we have been deliberately not bypassing it (but we gave no promises). Recently, it turned out it broke some of our applications (namely UAE and ASR) because our software does not preserve the tag order when saving a SWF file and the obfuscation moves real actionscript bytecode to other tags. We had to move the scripts back and though we didn't add even a single line of code to bypass the obfuscation, it turned out some of the scripts can now be decompiled. I'm sure SWF Encrypt guys can fix this quickly (or they already may have) because we are not actively trying to bypass the obfuscation. Current release version of ASR can show the script in fish_secure.swf, with the right options selected. We will have the same option with the ASV update (as it also uses the same decompiler engine), which will be released in 10 days (We hope to have it released by ASVs 6th anniversary - May 16). I'd agree that SWF Encrypt is currently a good choice.. But, one must not depend on it too much. Also, I'd suggest identifier renaming ( like http://www.genable.com/asolite.html ) in addition to any other obfuscation, as it will be non-reversible even in theory. It may require more work and care but I think it's worth it. Big thanks for the info. I've heard loads of FUD about flash encryption versus decompilers, but very little real information. --- John Hattan [EMAIL PROTECTED] Gamedev.net - more 1's and 0's than you can shake a stick at ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
RE: [Flashcoders] obfuscation swf !
I wrote up a review here. http://www.gamedev.net/features/reviews/productreview.asp?categoryid=35prod uctid=565 A couple of the commentors talked about how it's absolute crap, but I haven't yet found a SWF-decryptor that can bring the encrypted SWF back to something resembling its original form. I probably should've embedded some hidden source-code and challenged the naysayers to present it to me :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Wttewaall Sent: Sunday, May 07, 2006 7:10 AM To: Flashcoders mailing list Subject: Re: [Flashcoders] obfuscation swf ! http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
Hi John, I wouldn't say SWF Encrypt is absolute crap - though it took just minutes for us to bypass their initial 3.0 version. As per requests from our customers, we have been deliberately not bypassing it (but we gave no promises). Recently, it turned out it broke some of our applications (namely UAE and ASR) because our software does not preserve the tag order when saving a SWF file and the obfuscation moves real actionscript bytecode to other tags. We had to move the scripts back and though we didn't add even a single line of code to bypass the obfuscation, it turned out some of the scripts can now be decompiled. I'm sure SWF Encrypt guys can fix this quickly (or they already may have) because we are not actively trying to bypass the obfuscation. Current release version of ASR can show the script in fish_secure.swf, with the right options selected. We will have the same option with the ASV update (as it also uses the same decompiler engine), which will be released in 10 days (We hope to have it released by ASVs 6th anniversary - May 16). I'd agree that SWF Encrypt is currently a good choice.. But, one must not depend on it too much. Also, I'd suggest identifier renaming ( like http://www.genable.com/asolite.html ) in addition to any other obfuscation, as it will be non-reversible even in theory. It may require more work and care but I think it's worth it. Best regards, Burak www.asvguy.com Burak KALAYCI, Manitu Group http://www.buraks.com http://www.manitugroup.com - Original Message - From: John Hattan [EMAIL PROTECTED] To: 'Flashcoders mailing list' flashcoders@chattyfig.figleaf.com Sent: Monday, May 08, 2006 18:36 PM Subject: RE: [Flashcoders] obfuscation swf ! I wrote up a review here. http://www.gamedev.net/features/reviews/productreview.asp?categoryid=35prod uctid=565 A couple of the commentors talked about how it's absolute crap, but I haven't yet found a SWF-decryptor that can bring the encrypted SWF back to something resembling its original form. I probably should've embedded some hidden source-code and challenged the naysayers to present it to me :) ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] obfuscation swf !
http://www.amayeta.com/software/swfencrypt/ This doesn't obfuscate, but really encrypt your swf's. I've tried every swf decoder I could find to check if it works, and it does. All you get is rubbish when decompiling. 2006/5/7, [EMAIL PROTECTED] [EMAIL PROTECTED]: Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
RE: [Flashcoders] obfuscation swf !
I've used SWFEncrypt a couple of times and it works ok. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 07 May 2006 12:10 To: flashcoders@chattyfig.figleaf.com Subject: [Flashcoders] obfuscation swf ! Is there any good way or method for obfuscation a Flash file so that swf works fine after obfuscation and also prevent any one to understand the code easily . Few common softwares for obfuscation are just not that good as swf stops working after using them . Of if not obfuscation is there any other method to prevent swf to be decompiled to fla . help will be really appreciate . Thx Max mail2web - Check your email from the web at http://mail2web.com/ . ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com ___ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
Re: [Flashcoders] Obfuscation
common' man- firefox-page-info-media-whatever.swf - save as One thing that people don't consider is that You don't need to obfuscate if people can not access the SWF In the first place 1) use SSL + prevent caching in the HTTP header - no SWF in the browser cache or 2) instead of pointing to foobar.swf in the Object/Embed tag point to getBinary.php /getBinary.asp / whatever + prevent caching in the HTTP header - no SWF in the browser cache It's complicated to put in place, but the result is No SWF in the browser cache to decompile 2) off course is still not 100% safe against people being able to detect a SWF stream with a HTTP sniffer but the solution 1) well.. almost unbeatable zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
if anyone has any further coherent information or personal experience with obfuscating by hand (ie not using someone else's software)... i would be more then happy to hear from you. once i actually achieve any results i will report back. i'm benchmarking against asv and sothink 2005 build 5.whatever. One thing that people don't consider is that You don't need to obfuscate if people can not access the SWF In the first place 1) use SSL + prevent caching in the HTTP header - no SWF in the browser cache or 2) instead of pointing to foobar.swf in the Object/Embed tag point to getBinary.php /getBinary.asp / whatever + prevent caching in the HTTP header - no SWF in the browser cache It's complicated to put in place, but the result is No SWF in the browser cache to decompile 2) off course is still not 100% safe against people being able to detect a SWF stream with a HTTP sniffer but the solution 1) well.. almost unbeatable zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
zwetan, if anyone has any further coherent information or personal experience with obfuscating by hand (ie not using someone else's software)... i would be more then happy to hear from you. once i actually achieve any results i will report back. i'm benchmarking against asv and sothink 2005 build 5.whatever. One thing that people don't consider is that You don't need to obfuscate if people can not access the SWF In the first place 1) use SSL + prevent caching in the HTTP header - no SWF in the browser cache or 2) instead of pointing to foobar.swf in the Object/Embed tag point to getBinary.php /getBinary.asp / whatever + prevent caching in the HTTP header - no SWF in the browser cache It's complicated to put in place, but the result is No SWF in the browser cache to decompile 2) off course is still not 100% safe against people being able to detect a SWF stream with a HTTP sniffer but the solution 1) well.. almost unbeatable Neither of your 'solutions' is even remotely unbeatable. I can get around both of them with the wget command-line tool, which is a standard install on most flavours of linux. There are others that do the same thing, and any download accelerator program for Windows will also be able to download the file. Obfuscation is the only way to protect your code, and even then I wouldn't consider it 'almost unbeatable'. -- Steve Webster Head of Development Featurecreep Ltd. www.featurecreep.com 14 Orchard Street, Bristol, BS1 5EH 0117 905 5047 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
Neither of your 'solutions' is even remotely unbeatable. I can get around both of them with the wget command-line tool, which is a standard install on most flavours of linux. There are others that do the same thing, and any download accelerator program for Windows will also be able to download the file. I can block wget with just JavaScript ;) http://www.gnu.org/software/wget/faq.html#3.6 Wget doesn't feature JavaScript support and is not capable of performing recursive retrieval of URLs included in JavaScript code. In fact, it is impossible to extract URLs from JavaScript by merely parsing it. Web clients need to actually execute it, and Wget can't do that since it's not a GUI browser. Obfuscation is the only way to protect your code, and even then I wouldn't consider it 'almost unbeatable'. I still think obfuscation is not the only way... zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
Hi zwetan, Neither of your 'solutions' is even remotely unbeatable. I can get around both of them with the wget command-line tool, which is a standard install on most flavours of linux. There are others that do the same thing, and any download accelerator program for Windows will also be able to download the file. I can block wget with just JavaScript ;) Fair enough, but then you also block all your regular visitors who have JavaScript disabled from accessing your SWF file. Anyway, ultimately the swf file will be loaded from somewhere (via physical file or script) and I can just point wget at that file instead. Safari's Activity window will show me all URLs loaded as part of the page, so I just just copy it from there. Obfuscation is the only way to protect your code, and even then I wouldn't consider it 'almost unbeatable'. I still think obfuscation is not the only way... I think we'll probably have to agree to disagree here. Since the Flash file *has* to be downloaded to the client for playback, it can be downloaded to the client for de-compiling. I wouldn't normally mind people protecting their own stuff using the methods you described, but when you're advising others it's important to make sure the advice you're giving out is sound. Either that, or tell people of the potential problems with your solution rather than just saying that it's 'almost unbeatable'. Sorry if I sound confrontational, but security is a bugbear of mine. -- Steve Webster Head of Development Featurecreep Ltd. www.featurecreep.com 14 Orchard Street, Bristol, BS1 5EH 0117 905 5047 ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
- zwetan wrote: I still think obfuscation is not the only way... Also, SWF in a web page isn't the only one to protect... IMO, protecting something with the aid of server-side of any kind is quite different subject. And main question there is about file storage, headers, cache etc rather than AS or SWF bytecode itself. Yes, using some server-side solution can beat 90% of amateur thieves. But, as mentioned above, it's only about web page. -- Best regards, GregoryN http://GOusable.com Flash components development. Usability services. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
protecting something is all about making hard to access so imho anything that can make a SWF hard to get is good so to make a big answer to everyone point by point Gregory wrote: Yes, using some server-side solution can beat 90% of amateur thieves. But, as mentioned above, it's only about web page. As obfuscation can beat 90% of amateur joe-user-using-a-decompiler But not the 10% rest of user who gonna either be motivated or skilled enougth to unobfuscate the code... steve wrote: Fair enough, but then you also block all your regular visitors who have JavaScript disabled from accessing your SWF file. For me someone who does not want to execute JavaScript also does not want to execute plugins and how many users gonna do that ? like 0,001% ? Anyway, ultimately the swf file will be loaded from somewhere (via physical file or script) and I can just point wget at that file instead. That can be obfuscated too Nathan wrote: Proxy sniffers are also easy to come by, easy to use, and give you the option to save any of the files locally. Yes, for you Not everybody find a sniffer that easy to use, or even would have the idea to use one just because they didn't even know that something like that exists Dave wrote: While this is true for wget, there are engines that will execute Javascript to extract URLs, then fetch those URLs. Texis' Webinator does this. It's also relatively easy to do this using Windows Script functionality. I ended up writing scripts for exactly this purpose - to fetch Javascript URLs. Yes ok, but are you considering yourself as a lambda user ? I think not :) In addition, as others have mentioned, it's very easy to capture anything through a proxy. SSL doesn't prevent this, either. Yes I know that, others people on this list know that, But are lambda users know that or have the skill to do that ? Protecting something is all about numbers a) foobar.swf no protection, no obfuscation, nothing accessible in the browser cache b) how many % of users will just know that they can decompile the SWF with some tools as ASV or others ? c) how many % users will want so bad the source code of the SWF to actually buy the tool to decompile it ? d) add obfuscation how many % of users will be motivated and skilled enougth to reverse the obfuscation ? e) add SSL + prevent SWF caching how many % users will be motivated and skilled enougth to set up and use a proxy and/or a HTTP sniffer ? etc. the more you add, the more you reduce the % of users who will actually go all the trouble to get the SWF, decompile it, etc. you will never obtain 100% code protection but if the goal is to protect the code with tricks any tricks are good, even the dumb one as renaming extensions *.swf to *.gif and honestly I was just mentioning another trick, no more zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
Yes I know that, others people on this list know that, But are lambda users know that or have the skill to do that ? I'm not familiar with the phrase lambda user, so I can only presume it means a non-technical user. But are those the people who you're concerned about? I think it's worthwhile to mention that you might have different goals and expectations with regard to obfuscation than others might. My point was simply that you can't guarantee that your Flash code can't be reverse-engineered. If you're willing to accept that limitation, you might want to implement all the things you mentioned. But that's still a very big limitation. There are certain things that, for security reasons, you simply wouldn't want to do within your Flash code for this reason - shopping cart engine functionality comes to mind. You wouldn't want your server-side application to blindly accept inputs from Flash for obvious reasons. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
I'm not familiar with the phrase lambda user, so I can only presume it means a non-technical user. Yes indeed But are those the people who you're concerned about? I think it's worthwhile to mention that you might have different goals and expectations with regard to obfuscation than others might. My point was simply that you can't guarantee that your Flash code can't be reverse-engineered. I don't think I said something different with you will never obtain 100% code protection Here for example a goal you can not reach with obfuscation: - you have an online game in flash Goal: you want to avoid to have your SWF copied all around on different site Here the obfuscation will be not really usefull If you're willing to accept that limitation, you might want to implement all the things you mentioned. But that's still a very big limitation. There are certain things that, for security reasons, you simply wouldn't want to do within your Flash code for this reason - shopping cart engine functionality comes to mind. You wouldn't want your server-side application to blindly accept inputs from Flash for obvious reasons. Humm but this is a different thing You got the security of the source code, the SWF, etc... And You got the security of your application And this, the SWF being accessible or not, Being decompiled or not You can secure it using data encryption Dumb exemple: User login on his shopping cart The flash can have a MD5 Function to hash its password before sending it to the server etc. an external attacker can access as much as he want the MD5 hash function code, this will not break the security of the hash. The weakness in a hash function is the hash function algorithm itself, Not the fact that you can access its implementation in code. ( and yes I know MD5 is broken, and few others too, cf http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html ) zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
Personaly I think that if someone can bypass the obfuscation, (not jump tricks but *real* obfuscation by variable renaming/hashing - see http://tech.motion-twin.com/obfu ) then there is no need for additional protections because the user is motivated enough to bypass them as well. Yes but who knows in which order the user gonna try to bypass the protection(s) ? I think that you need to protect from two things : a) internal attacks, by obfuscating the SWF b) external attacks, by obfuscating the protocol This is not *real* security - it should just be called tricks to get rid of people without enough free time or technical background. Yep And to get back on topic here a little list of papers for these kind of tricks - JAurora http://wwwhome.cs.utwente.nl/~oord/ see the paper Stealthy obfuscation techniques misleading the pirates - Gleb's Naumovich's publications http://cis.poly.edu/gnaumovi/publications.html some interesting papers as Obfuscation of Design Intent in Object-Oriented Applications Preventing Piracy, Reverse Engineering, and Tampering - Christian Collberg, Clark Thomborson, Douglas Low http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson Low98a/ Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs zwetan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
From: will g [mailto:[EMAIL PROTECTED] Sent: Saturday, January 14, 2006 8:06 AM To: flashcoders@chattyfig.figleaf.com Subject: [Flashcoders] Obfuscation Hello all, My name is Will, and i've got an interesting question. (or at least I think it's interesting). This question is about obfuscating your action script. I know there are software packages out there that will rename your variables to single letter and number symbols to make the script hard to read, and that there are programs that will add logical impossibilities to the tree structure inside the swf to make decompilers crash... But what i'd like to know is how to add these logical impossibilities manually. Is there a site that talks about how to do this, or explains the structure and how it can be... edited. Any help is greatly appreciated. I reviewed an SWF obfuscator a while back. http://www.gamedev.net/features/reviews/productreview.asp?productid=565 --- John Hattan The Code Zone - Sweet Software for a Saturnine World www.thecodezone.com ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
Hello, I am using the FileReference class to upload an image to a PHP script, nice and simple. In my PHP script i have: $userfile= $_FILE['Filedata']['tmp_name']; Which, should get the file. But are there any other parameters in the _FILE array i can access, because in a normal upload from an HTML form i can use: $userfile_name= $HTTP_POST_FILES[userfile][name]; $userfile_size= $HTTP_POST_FILES[userfile][size]; $userfile_type= $HTTP_POST_FILES[userfile][type]; $userfile_error= $HTTP_POST_FILES[userfile][error]; Can i use these when using the FileReference class? Another quick question: Is it possible to send additional variables along with the FileReference object? Thanks for your help, it is very much appreciated. Regards, Sam On 15/01/06, John Hattan [EMAIL PROTECTED] wrote: From: will g [mailto:[EMAIL PROTECTED] Sent: Saturday, January 14, 2006 8:06 AM To: flashcoders@chattyfig.figleaf.com Subject: [Flashcoders] Obfuscation Hello all, My name is Will, and i've got an interesting question. (or at least I think it's interesting). This question is about obfuscating your action script. I know there are software packages out there that will rename your variables to single letter and number symbols to make the script hard to read, and that there are programs that will add logical impossibilities to the tree structure inside the swf to make decompilers crash... But what i'd like to know is how to add these logical impossibilities manually. Is there a site that talks about how to do this, or explains the structure and how it can be... edited. Any help is greatly appreciated. I reviewed an SWF obfuscator a while back. http://www.gamedev.net/features/reviews/productreview.asp?productid=565 --- John Hattan The Code Zone - Sweet Software for a Saturnine World www.thecodezone.com ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
On Jan 15, 2006, at 8:26 AM, Sam Wootton wrote: Is it possible to send additional variables along with the FileReference object? I have not found a way to do it through the file POST itself, but you can add a query string to the URL of your file upload script. fileupload.php?yourVar=yourValue And then access it from that location with your script. Not perfect, but gets you part way there. blue skies, bryan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
Yeah, thanks, was just working on that - saw it posted on a forum somewhere. Your help is much appreciated. On 15/01/06, bryan.rice [EMAIL PROTECTED] wrote: On Jan 15, 2006, at 8:26 AM, Sam Wootton wrote: Is it possible to send additional variables along with the FileReference object? I have not found a way to do it through the file POST itself, but you can add a query string to the URL of your file upload script. fileupload.php?yourVar=yourValue And then access it from that location with your script. Not perfect, but gets you part way there. blue skies, bryan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
1) there's no way to 100% protect your swf :-( There's no 100% to protecting anything...nothing to be sad-faced about, it's just the way it is. The objective in security is to have any attacker jump through hoops to reach his goal. If these hoops are too numerous, or too high off the ground, or on fire...or something...he won't bother. The cost of success will outweigh the benefit. Scott ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
--- Scott Hyndman wrote: 1) there's no way to 100% protect your swf :-( There's no 100% to protecting anything...nothing to be sad-faced about, it's just the way it is. The objective in security is to have any attacker jump through hoops to reach his goal. If these hoops are too numerous, or too high off the ground, or on fire...or something...he won't bother. The cost of success will outweigh the benefit. Can't agree more (and thanks for moral support). :-) Some problem is that we're building/raising these hoops manually, but ASV is jumping through them with computer-aid... -- Best regards, GregoryN http://GOusable.com Flash components development. Usability services. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
allright boys and girls. i've come back baring news. first and foremost. i agree obscurity is not security. therefore... hoops will have to be a distant second best. second... read below. http://www.gotoandplay.it/_articles/2004/04/swfProtection.php if anyone has any further coherent information or personal experience with obfuscating by hand (ie not using someone else's software)... i would be more then happy to hear from you. once i actually achieve any results i will report back. i'm benchmarking against asv and sothink 2005 build 5.whatever. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
RE: [Flashcoders] Obfuscation
Great question! I've been meaning to find out mroe about this too. Ade -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of will g Sent: 14 January 2006 14:06 To: flashcoders@chattyfig.figleaf.com Subject: [Flashcoders] Obfuscation Hello all, My name is Will, and i've got an interesting question. (or at least I think it's interesting). This question is about obfuscating your action script. I know there are software packages out there that will rename your variables to single letter and number symbols to make the script hard to read, and that there are programs that will add logical impossibilities to the tree structure inside the swf to make decompilers crash... But what i'd like to know is how to add these logical impossibilities manually. Is there a site that talks about how to do this, or explains the structure and how it can be... edited. Any help is greatly appreciated. Sincerely, Will. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
will g wrote: Hello all, My name is Will, and i've got an interesting question. (or at least I think it's interesting). This question is about obfuscating your action script. I know there are software packages out there that will rename your variables to single letter and number symbols to make the script hard to read, and that there are programs that will add logical impossibilities to the tree structure inside the swf to make decompilers crash... But what i'd like to know is how to add these logical impossibilities manually. Is there a site that talks about how to do this, or explains the structure and how it can be... edited. All the obfuscation is dangerous and can stop your files from working. An other techniques to prevent decompilation often result in invalid bytecodes being put into the SWF file that just HAPPEN to work ok in current players (but may well fail in the future). Also note that it is impossible to protect swf from disassembly .. if it runs, you can see the code. . period. I did trial and encrypted a not-to-complicated example, and it does some odd things, adding invalid tags to the file, setting incorrect information in the swf file header etc. There is no guarantee that a SWF like that will even run in future players. What's worse, when I tried the encrypted version, the resultant 'secure' SWF file did not play correctly (ie it introduced errors). BE VERY CAREFUL WITH PRODUCTS LIKE THIS ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
Dear urami, thank you for your reply. you seem to be very knowledgeable about this subject. If you could point me in the direction of where you have learned this I would be forever grateful. I am more than willing to take the risks of introducing the above techniques into the swf file (and am probably prepared to deal with them). Hope you can help me and adrian out. Will. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
A sidenote... The reason why i'm asking about doing this manually is precisely due to what urami mentioned. Using software that's available causes the file not to run properly (this swf is a bit on the long and complicated side). So i thought that maybe taking a manual approach might give me more control over which techniques are used, and how... and maybe the errors could be worked around. I figured if someone can write a utility to do it... someone had to do it manually first. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
On Jan 14, 2006, at 9:06 AM, will g wrote: But what i'd like to know is how to add these logical impossibilities manually. Try Flasm. blue skies, bryan ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
any tutorials on doing that with flasm that you know of? ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation
I've done a lot or search/research on this subject and here some results: 1) there's no way to 100% protect your swf :-( --- bryan.rice wrote: Try Flasm. 2) Yes. The only quite reliable way is to add bytecode that can't be generated in Flash IDE. It doesn't have to be logical impossibilities, sometimes optimization with Flasm is enough to obfuscate the decompiler. Besides, such optimization results in great improvemets in performance and your knowledge too. Carefully read Flasm instructions to start. Unfortunately, I don't have access to all of most interesting decompilers in which I'd like to test my defense efforts (first is ASV, of course). All I used to do in my experiments is adding some bytecode, testing and then trying to decompile with Flare (free tool). 3) As to obfuscators themselves, I believe it's just a matter of time to remove this from code with search/replace, if someone have a strong desire to read your code. Besides, if obfuscated and decompiled code is still working, it's not necessary to make it readable in most cases. 4) Don't want to hurt anyone, but I'd not recommend using trial etc. versions of obfuscation/encoding programs . urami_ is right: All the obfuscation is dangerous and can stop your files from working. As for me, I prefer use my own hands to have full control over my code. It would be great to collaborate in this direction (dream :-). -- Best regards, GregoryN http://GOusable.com Flash components development. Usability services. --- will g wrote: But what i'd like to know is how to add these logical impossibilities manually. Is there a site that talks about how to do this, or explains the structure and how it can be... edited. ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Re: [Flashcoders] Obfuscation... Was: SWF Decompilers
I had an idea. Not sure if it's a good one. Flash is pretty good with optimizing all local var names to shorter ones like _1 and _2 which does make decompiled code a bit tougher to read. What if I took it just a step further and in one or two of my main classes I added something like this: /** * Fake function to deter decompiling * Function not actually used by class. **/ public var handleComputations () { // Maybe 10 or 20 lines of nonsensical but compileable // code using the local vars so that variable // names appear to be used inside this function but // this function isn't actually ever called by the class. // Maybe use uncommon routines with some bit shifts // and complex mathmatical equations to make it look scary. } Overall it might make the swf 1KB or so bigger but might be worth it if it added a frustrating day or two to a decompiler especially if they don't figure out right away that the function is never called. Any thoughts? JOR ___ === James O'Reilly === === SynergyMedia, Inc. === www.synergymedia.net Mike Duguid wrote: yep still works On 10/28/05, Gregory [EMAIL PROTECTED] wrote: Question: BTW, anyone knows if __bytecode__() is supported in Flash 8 (I'm still using MX 2004 Pro)? ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders ___ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders