RE: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Hairy Dog Digital 
> Wouldn't anybody who could get that far be too busy writing their own
code?

That's what many of us would do, but there are the others that will expend
more energy to not do work (or work that *could not do*), rather than just
doing it.


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Mark Winterhalder 

On 7/19/07, Jon Bradley <[EMAIL PROTECTED]> wrote:

On Jul 19, 2007, at 8:29 AM, Mark Winterhalder wrote:

> But I wonder, did anybody compare haXe vs AS3 bytecode yet? A
> decompiler is likely to assume AS3 has been used, and maybe haXe
> creates sufficiently different bytecode to confuse it.

That doesn't really matter.  If it's FP9, it's AS3. The bytecode has
to be AVM2 bytecode no matter where it comes from.


I'm not so sure about that. The generated bytecode patterns for things
like loops might be different. Stuff like that. There are many ways
how to use opcodes in sequence to achieve a certain result. IIRC, it
confused decompilers when you did manual optimizations with flasm for
the old VM.


The general point is - intrinsic methods in the Player are hardcoded
and available. References or calls to those methods can be followed,
no matter if they're named funky or not.


Exactly. That's why, if somebody would add encryption to the main SWF,
'loadBytes' would be the string I'd search for...


Let's say you call "blahblah.mask = something" and that gets
obfuscated to _3457._3 = _537.  Any sufficiently designed decompiler
will be able to mark that as _3457.mask = _537. Following those
references, a decompiler could then figure out the raw type of _537
and _3457 and mark those as maybe "spriteInstance1" or
"shapeInstance45" or whatever.

Then, the decompiler results in spriteInstance1.mask =
shapeInstance45. Legible enough to work with. I don't believe that
scenario can be avoided, no matter what compiler/obfuscator you use.


Yeah, I totally agree. It's just about making it non-trivial.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Jim Kremens 

"So, maybe half your code in the end will be pretty funked up. That's
still probably more than enough to make use of the decompiled code."

Wouldn't anybody who could get that far be too busy writing their own code?

Jim
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Jon Bradley 

On Jul 19, 2007, at 8:29 AM, Mark Winterhalder wrote:


But I wonder, did anybody compare haXe vs AS3 bytecode yet? A
decompiler is likely to assume AS3 has been used, and maybe haXe
creates sufficiently different bytecode to confuse it.


That doesn't really matter.  If it's FP9, it's AS3. The bytecode has  
to be AVM2 bytecode no matter where it comes from.


The general point is - intrinsic methods in the Player are hardcoded  
and available. References or calls to those methods can be followed,  
no matter if they're named funky or not.


Let's say you call "blahblah.mask = something" and that gets  
obfuscated to _3457._3 = _537.  Any sufficiently designed decompiler  
will be able to mark that as _3457.mask = _537. Following those  
references, a decompiler could then figure out the raw type of _537  
and _3457 and mark those as maybe "spriteInstance1" or  
"shapeInstance45" or whatever.


Then, the decompiler results in spriteInstance1.mask =  
shapeInstance45. Legible enough to work with. I don't believe that  
scenario can be avoided, no matter what compiler/obfuscator you use.


- jon



___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Eric Priou 

But I wonder, did anybody compare haXe vs AS3 bytecode yet? A
decompiler is likely to assume AS3 has been used, and maybe haXe
creates sufficiently different bytecode to confuse it.

I don't know about haxe as3 pcode.
BTW, I know that haxe as2 version use some differents structures in  
the compiled swf.

Suffice to say that a decompiler *may* be fooled (at the beginning)

---
Eric Priou aka erixtekila
Dev notes : http://www.v-i-a.net/inprogress
Oregano XMLSocket server forum : http://www.v-i-a.net/forum


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Cedric Muller 

Another idea...
Would it be possible to add to the SWF some malicious bytecode ?

The process:
user tries to decompile a SWF. When trying to read the bytecode,  
decompiler stumbles upon the malicious bytecode which makes, let's  
say, windows, go out of reach... ? (overflow, bluescreen ...?)


of course, this is platform specific ...


Though, one could just use Haxe instead...


Yeah, I prefer it anyway.
But I wonder, did anybody compare haXe vs AS3 bytecode yet? A
decompiler is likely to assume AS3 has been used, and maybe haXe
creates sufficiently different bytecode to confuse it.

Mark



On 7/19/07, Jon Bradley <[EMAIL PROTECTED]> wrote:

It's basically a macro process for compiling AS classes.

One of the side effects is that it can be to obfuscate SWF files by
using your own re-write rules. Hit up the second page of the thread
to see a bit more information.

Macros are pretty cool stuff. Though the author of the toolset isn't
quite accurate in the decompiling aspect of things - basically saying
you can munge the intrinsic classes, which isn't possible. Those
classes still make calls to Player internals and can be followed
backward through the classes to 'fix' any obfuscation. So, maybe half
your code in the end will be pretty funked up. That's still probably
more than enough to make use of the decompiled code.

Bit tricky to setup and use, but it's pretty powerful if you need to
do conditional compiling and get some serious speed boosts (similar
to flasm hacking). Though, one could just use Haxe instead...

cheers,

jon


On Jul 18, 2007, at 7:32 PM, Latcho wrote:

> whats this?
>
> Jon Bradley wrote:
>> Or, if you're a masochist:
>>
>> http://www.kirupa.com/forum/showthread.php?t=256400
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Mark Winterhalder 

Though, one could just use Haxe instead...


Yeah, I prefer it anyway.
But I wonder, did anybody compare haXe vs AS3 bytecode yet? A
decompiler is likely to assume AS3 has been used, and maybe haXe
creates sufficiently different bytecode to confuse it.

Mark



On 7/19/07, Jon Bradley <[EMAIL PROTECTED]> wrote:

It's basically a macro process for compiling AS classes.

One of the side effects is that it can be to obfuscate SWF files by
using your own re-write rules. Hit up the second page of the thread
to see a bit more information.

Macros are pretty cool stuff. Though the author of the toolset isn't
quite accurate in the decompiling aspect of things - basically saying
you can munge the intrinsic classes, which isn't possible. Those
classes still make calls to Player internals and can be followed
backward through the classes to 'fix' any obfuscation. So, maybe half
your code in the end will be pretty funked up. That's still probably
more than enough to make use of the decompiled code.

Bit tricky to setup and use, but it's pretty powerful if you need to
do conditional compiling and get some serious speed boosts (similar
to flasm hacking). Though, one could just use Haxe instead...

cheers,

jon


On Jul 18, 2007, at 7:32 PM, Latcho wrote:

> whats this?
>
> Jon Bradley wrote:
>> Or, if you're a masochist:
>>
>> http://www.kirupa.com/forum/showthread.php?t=256400
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Jon Bradley 

A better link for those interested in obfuscation of AS3 code.

http://www.kirupa.com/forum/showthread.php?t=266992

peace,

jon

On Jul 18, 2007, at 7:32 PM, Latcho wrote:


whats this?

Jon Bradley wrote:

Or, if you're a masochist:

http://www.kirupa.com/forum/showthread.php?t=256400

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-19 Thread Jon Bradley 

It's basically a macro process for compiling AS classes.

One of the side effects is that it can be to obfuscate SWF files by  
using your own re-write rules. Hit up the second page of the thread  
to see a bit more information.


Macros are pretty cool stuff. Though the author of the toolset isn't  
quite accurate in the decompiling aspect of things - basically saying  
you can munge the intrinsic classes, which isn't possible. Those  
classes still make calls to Player internals and can be followed  
backward through the classes to 'fix' any obfuscation. So, maybe half  
your code in the end will be pretty funked up. That's still probably  
more than enough to make use of the decompiled code.


Bit tricky to setup and use, but it's pretty powerful if you need to  
do conditional compiling and get some serious speed boosts (similar  
to flasm hacking). Though, one could just use Haxe instead...


cheers,

jon


On Jul 18, 2007, at 7:32 PM, Latcho wrote:


whats this?

Jon Bradley wrote:

Or, if you're a masochist:

http://www.kirupa.com/forum/showthread.php?t=256400

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Latcho 

whats this?

Jon Bradley wrote:

Or, if you're a masochist:

http://www.kirupa.com/forum/showthread.php?t=256400

- Jon

On Jul 18, 2007, at 1:13 PM, Mark Winterhalder wrote:


On 7/18/07, Douglas Pearson <[EMAIL PROTECTED]> wrote:
Since we're talking about obfuscation/encryption does anyone know of 
a tool

that works for AS3 yet?

All the standard tools seem to stop with Flash 8/AS2.


I don't think there are any decompilers for AS3 yet, but I could be
wrong, and it's just a matter of time anyway.
If you want to take a shot at adding some obfuscation yourself, you
could get Swfmill off svn and hack something together that jumps
around in the ABC tags a bit. Ralf just added AVM2 opcode support the
other day.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com



___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com



___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Jon Bradley 

Or, if you're a masochist:

http://www.kirupa.com/forum/showthread.php?t=256400

- Jon

On Jul 18, 2007, at 1:13 PM, Mark Winterhalder wrote:


On 7/18/07, Douglas Pearson <[EMAIL PROTECTED]> wrote:
Since we're talking about obfuscation/encryption does anyone know  
of a tool

that works for AS3 yet?

All the standard tools seem to stop with Flash 8/AS2.


I don't think there are any decompilers for AS3 yet, but I could be
wrong, and it's just a matter of time anyway.
If you want to take a shot at adding some obfuscation yourself, you
could get Swfmill off svn and hack something together that jumps
around in the ABC tags a bit. Ralf just added AVM2 opcode support the
other day.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com



___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Mark Winterhalder 

On 7/18/07, Douglas Pearson <[EMAIL PROTECTED]> wrote:

Since we're talking about obfuscation/encryption does anyone know of a tool
that works for AS3 yet?

All the standard tools seem to stop with Flash 8/AS2.


I don't think there are any decompilers for AS3 yet, but I could be
wrong, and it's just a matter of time anyway.
If you want to take a shot at adding some obfuscation yourself, you
could get Swfmill off svn and hack something together that jumps
around in the ABC tags a bit. Ralf just added AVM2 opcode support the
other day.

Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Jim Berkey 

Thanks Ian, your ideas look promising . . .

Thanks Frederic, that's on the same vein as Mark's link to Kerckhoffs' 
assumption - btw, I think I can defeat the way you found it, Frederic, with 
one more layer of php . . . maybe  . . . (you got to 'path' but not to 
'rainbow' - hmmm)


Seems we can protect from the casual swf grabber/decompiler, but as long as 
swf's are delivered in some manner to the player as one complete file, I can 
prevent it from caching on the users machine, I can hide the location of the 
file, but it can still be captured, even if it isn't a proper swf file when 
it hits the player . . .


. . . I'll be back . . .   :~)

jimbo
- Original Message - 
From: "Ian Thomas" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, July 18, 2007 9:47 AM
Subject: Re: [Flashcoders] RE: obfuscation swf !



Hm. Just a side thought on that - again, making it difficult rather
than impossible. Use the same FP9 idea - loading via a binary socket -
but instead of using Blowfish or something heavyweight to decrypt,
just split the source .swf into chunks on the server, load each chunk
seperately, reassemble and loadBytes on the client side.

Easy to get around if you know what's going on, granted. But no longer
just a case of lifting a cached file from somewhere and renaming it to
SWF. Particularly if you're clever about how the chunks are ordered.

Just a thought. :-)

Ian

On 7/18/07, Jon Bradley <[EMAIL PROTECTED]> wrote:


The most difficult method I am aware of is by using FP9 (AS3) and
Loader.loadBytes (combined with ByteArray). You could use a secured
socket connection and load binary data, decrypted through ByteArray
and a client-server handshake (say Blowfish as the encryption method
- it'll just take forever to decrypt the data).

That still won't protect you. All one needs is a packet sniffer to
get the data (including any keys or other information) and use the
SWF that loaded the data in the first place to decrypt it. It'll take
a bit longer to get the file (a long time if implemented properly)
but you can still get the file.

http://www.bytearray.org/?p=32

good luck.

- jon

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Eric Priou 

but instead of using Blowfish or something heavyweight to decrypt,
just split the source .swf into chunks on the server, load each chunk
seperately, reassemble and loadBytes on the client side.

Great concept, Ian :
"Diviser pour mieux régner"
---
Eric Priou aka erixtekila
Dev notes : http://www.v-i-a.net/inprogress
Oregano XMLSocket server forum : http://www.v-i-a.net/forum


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Ian Thomas 

Hm. Just a side thought on that - again, making it difficult rather
than impossible. Use the same FP9 idea - loading via a binary socket -
but instead of using Blowfish or something heavyweight to decrypt,
just split the source .swf into chunks on the server, load each chunk
seperately, reassemble and loadBytes on the client side.

Easy to get around if you know what's going on, granted. But no longer
just a case of lifting a cached file from somewhere and renaming it to
SWF. Particularly if you're clever about how the chunks are ordered.

Just a thought. :-)

Ian

On 7/18/07, Jon Bradley <[EMAIL PROTECTED]> wrote:


The most difficult method I am aware of is by using FP9 (AS3) and
Loader.loadBytes (combined with ByteArray). You could use a secured
socket connection and load binary data, decrypted through ByteArray
and a client-server handshake (say Blowfish as the encryption method
- it'll just take forever to decrypt the data).

That still won't protect you. All one needs is a packet sniffer to
get the data (including any keys or other information) and use the
SWF that loaded the data in the first place to decrypt it. It'll take
a bit longer to get the file (a long time if implemented properly)
but you can still get the file.

http://www.bytearray.org/?p=32

good luck.

- jon

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Jon Bradley 


On Jul 18, 2007, at 7:24 AM, Jim Berkey wrote:

I found early on that so many people can tear down a wall and  
condemn it easily when they see the skeleton, without ever trying  
to climb the wall, and that is not a good judge of the  
effectiveness of the wall. But if you do not see the skeleton, it  
is much harder to climb that wall. All of a sudden instead of  
multitudes saying how silly, only a few can actually climb the  
wall . . . maybe one day only one or two will be able to climb the  
wall. Yesterday Rákos captured the swf, and then others decompiled  
and re-compiled it. I have slept on the method that I believe Rákos  
used to capture the swf, and may have an answer for it later today.


We all definitely appreciate that you are trying. Just remember  
there's a huge difference in making it difficult to get the file and  
making it impossible to get the file (the latter being, literally,  
impossible).


The simple fact is that the SWF needs to be sent to the client, in a  
form the Flash Player can render. At this point in time, the  
technology does not exist in the Player or in the communication  
between the server and the Player (browser/plugin). It is absolutely  
impossible to keep the end user from gaining access to the SWF  
content in some manner or another.


You can obfuscate, but you cannot hide the content itself. I think  
what some of us are saying is - there is no way to keep us from  
getting the file.


The most difficult method I am aware of is by using FP9 (AS3) and  
Loader.loadBytes (combined with ByteArray). You could use a secured  
socket connection and load binary data, decrypted through ByteArray  
and a client-server handshake (say Blowfish as the encryption method  
- it'll just take forever to decrypt the data).


That still won't protect you. All one needs is a packet sniffer to  
get the data (including any keys or other information) and use the  
SWF that loaded the data in the first place to decrypt it. It'll take  
a bit longer to get the file (a long time if implemented properly)  
but you can still get the file.


http://www.bytearray.org/?p=32

good luck.

- jon

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Frederic Caron 
Dude, I love the way you play with mimetypes that's very smart... However rule 
stay the same, if a the client's computer can play it, its impossible to stop 
people from downloading it.

Again here's the fla 
http://www.the-flash-files.com/download/path.fla 

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jim Berkey
Envoyé : July 18, 2007 9:07 AM
À : flashcoders@chattyfig.figleaf.com
Objet : Re: [Flashcoders] RE: obfuscation swf !

Ok, yesterday was 7 minutes of work to capture . . . another try today. Is 
the wall higher yet?

http://jimbo.us/Games/jumpPeg/

jimbo 

___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Jim Berkey 
Ok, yesterday was 7 minutes of work to capture . . . another try today. Is 
the wall higher yet?


http://jimbo.us/Games/jumpPeg/

jimbo 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Mark Winterhalder 

On 7/18/07, Jim Berkey <[EMAIL PROTECTED]> wrote:

Wonderful folks, don't worry about my feelings because my methods were so
quickly destroyed. I'm a big boy, and have enjoyed the search for the holy
swf-grail for some time now. Thanks to Rákos, I believe I am one brick away
from that wall that is higher than anyone wants to climb, and may return
today with a challenge for Rákos and others.


Cool -- I like challenges like that. While I'm convinced that total
protection is impossible, I do believe that there /might/ be a way to
make it too difficult to be worthwhile.


As to why I just don't post my methods for examination by all, I found early
on that so many people can tear down a wall and condemn it easily when they
see the skeleton, without ever trying to climb the wall, and that is not a
good judge of the effectiveness of the wall. But if you do not see the
skeleton, it is much harder to climb that wall. All of a sudden instead of
multitudes saying how silly, only a few can actually climb the wall . . .
maybe one day only one or two will be able to climb the wall. Yesterday
Rákos captured the swf, and then others decompiled and re-compiled it. I
have slept on the method that I believe Rákos used to capture the swf, and
may have an answer for it later today.




Just to give you a heads up, here's how I did it, presumably Attila
used similar techniques:
I captured the SWF with Wireshark, then sent it through swfmill
swf2xml, changed the domain name, and it worked. I'm not going to tell
you what I would have done next, though. :)


Thanks for all input, none of it was taken in a bad way,
jimbo


Thanks for the challenge,
Mark
___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Jim Berkey 
Wonderful folks, don't worry about my feelings because my methods were so 
quickly destroyed. I'm a big boy, and have enjoyed the search for the holy 
swf-grail for some time now. Thanks to Rákos, I believe I am one brick away 
from that wall that is higher than anyone wants to climb, and may return 
today with a challenge for Rákos and others.


As to why I just don't post my methods for examination by all, I found early 
on that so many people can tear down a wall and condemn it easily when they 
see the skeleton, without ever trying to climb the wall, and that is not a 
good judge of the effectiveness of the wall. But if you do not see the 
skeleton, it is much harder to climb that wall. All of a sudden instead of 
multitudes saying how silly, only a few can actually climb the wall . . . 
maybe one day only one or two will be able to climb the wall. Yesterday 
Rákos captured the swf, and then others decompiled and re-compiled it. I 
have slept on the method that I believe Rákos used to capture the swf, and 
may have an answer for it later today.


Thanks for all input, none of it was taken in a bad way,
jimbo

- Original Message - 
From: "Sunil Jolly" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, July 18, 2007 5:08 AM
Subject: RE: [Flashcoders] RE: obfuscation swf !


I agree with JC that it wasn't really necessary to be quite so spiteful
about defeating his code.

I think the problem may have come from a "here's my solution, try and
break it" attitude instead of simply giving details of how it (was
supposed to) work.

Everyone here shares their knowledge to help other people, where in this
case it didn't seem like it.

As far as I know, any flash file (.swf) is downloaded to a client's
computer to be played, so its impossible to stop people from downloading
your swf files.

Sunil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hans
Wichman
Sent: 18 July 2007 05:56
To: flashcoders@chattyfig.figleaf.com
Subject: Re: [Flashcoders] RE: obfuscation swf !

Hi,
I might be wrong but like Bart said, I think SWFEncrypt does all this
already. At least I haven't had any problems with this andits fast too
AND
usable from a build file. But I'm sure some of you will be able to crack
it.

What I do have problems with is the attitude displayed towards Jimbo by
some
of the responders for trying to come up with a nice and easy solution,
even
it isn't foolproof. Putting a donkey sign over someones head is less
than
motivating. He offered us a challenge, some of us took it and won. No
need
to get all nasty about it imo.

greetz
JC


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com 


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

RE: [Flashcoders] RE: obfuscation swf !

2007-07-18 Thread Sunil Jolly 
I agree with JC that it wasn't really necessary to be quite so spiteful
about defeating his code.

I think the problem may have come from a "here's my solution, try and
break it" attitude instead of simply giving details of how it (was
supposed to) work.

Everyone here shares their knowledge to help other people, where in this
case it didn't seem like it.

As far as I know, any flash file (.swf) is downloaded to a client's
computer to be played, so its impossible to stop people from downloading
your swf files.

Sunil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hans
Wichman
Sent: 18 July 2007 05:56
To: flashcoders@chattyfig.figleaf.com
Subject: Re: [Flashcoders] RE: obfuscation swf !

Hi,
I might be wrong but like Bart said, I think SWFEncrypt does all this
already. At least I haven't had any problems with this andits fast too
AND
usable from a build file. But I'm sure some of you will be able to crack
it.

What I do have problems with is the attitude displayed towards Jimbo by
some
of the responders for trying to come up with a nice and easy solution,
even
it isn't foolproof. Putting a donkey sign over someones head is less
than
motivating. He offered us a challenge, some of us took it and won. No
need
to get all nasty about it imo.

greetz
JC


___
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Re: [Flashcoders] RE: obfuscation swf !

2007-07-17 Thread Hans Wichman 

Hi,
I might be wrong but like Bart said, I think SWFEncrypt does all this
already. At least I haven't had any problems with this andits fast too AND
usable from a build file. But I'm sure some of you will be able to crack it.

What I do have problems with is the attitude displayed towards Jimbo by some
of the responders for trying to come up with a nice and easy solution, even
it isn't foolproof. Putting a donkey sign over someones head is less than
motivating. He offered us a challenge, some of us took it and won. No need
to get all nasty about it imo.

greetz
JC




On 7/18/07, Costello, Rob R <[EMAIL PROTECTED]> wrote:



> 2006/5/7, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Is there any good way or method for obfuscation a Flash file so that
> swf works fine after obfuscation and also prevent any one to
> understand the code easily . Few common softwares for obfuscation are
> just not that good as swf stops working after using them . Of if not
> obfuscation is there any other method to prevent swf to be decompiled
> to fla . help will be really appreciate .
>
> Thx
>
> Max

My understanding is that encryption is unreliable - since the player has
to be able to decrypt it anyway, and the swf format is known - so any trick
that fools the decompiler is vulnerable to being corrected in the next
release of the decompiler

I've written a home grown obfuscator of sorts (for AS2). It's a bit slow
and clunky - and not AS3 compatible - but does what I need. (It can parse
AS2 source code for variable and functions names using VB, and then
obfuscate the byte code using FLASM.)

> Few common softwares for obfuscation are  just not that good as swf
stops working after using them .

depending on coding style, you need to avoid changing names of variables
that correspond to other constants (eg names of nodes in an XML file that
are matched in your code - won't match if you rename the coded version)

Also array syntax (AS2) that does things like ["prop" + x]  - don't want
to rename prop0, prop1 etc elsewhere

So you typically need some sort of exclusion list. I don't know that you
can ask the software to reliably work out which variables must be excluded
in some of these contexts.

(In some cases I could observe if functionality was impaired and look in
that region of code for array syntax etc.)

I had a look at ASO lite a while ago and at the time it took the approach
of not renaming any functions or classes - just simple variables, and it
also allows a custom exclusion list.

I was naïve enough to try my own (using Flasm and VB) that also did
function names etc.

The current ASO version now seems to rename functions and class names etc
(still allowing a custom exclusion list).

Its pretty fast - but I've had your issue - my code stops working and I
can't work out which additional variables to exclude. For example it seemed
to kill the V2 mx components - and it was finding thousands of variables
from those components.

It seemed to me that I only wanted to obfuscate my own code (eg I don't
mind if people decompile the mx components etc).

So I revisited the one I'd tinkered with. Its slow - uses VBA and Flasm.
(I tested it as compiled VB6 and almost identical speed. VBA allows me to
use Excel for data storage.

I now get it to parse my AS2 files first and locate all of the variables
and functions names I have introduced. (I don't get it to scan the mx source
files so it will leave them in swf).

I do have a list of excluded native functions - onRollOver etc.

Anyway, then VBA uses FLASM to search for those variables in the byte code
(flm file). (not all of them make it into the byte code)

Then, when there is a common list (my variables / functions / class names
that do appear in the swf - it does text a text / replace with an "illegal"
name - eg an integer  - which works at byte code level, but not if
decompiled).

This is all horribly slow (10 minutes - for say 75 classes - 400 k of AS2
files - 200 k of swf - 2 MB  flm file - on slowish machine)

Not sure it would qualify as a "good solution" for other contexts

But it does work well for my AS2 based development and I have full control
over obfuscation and I know it works.

I don't know what method ASO uses though I saw on the Flasm website that
one of ASO's people helped them optimise Flasm - so maybe a similar (more
optimised) approach. Was too aggressive for me though - couldn't get it to
work.

Any interest in this?

Cheers

Rob

Important - This email and any attachments may be confidential. If
received in error, please contact us and delete all copies. Before opening
or using attachments check them for viruses and defects. Regardless of any
loss, damage or consequence, whether caused by the negligence of the sender
or not, resulting directly or indirectly from the use of any attached files
our liability is limited to resupplying any affected attachments. Any
representations or opinions expressed are those of the individual sender,
and not necessarily those of