Kindi secureSWF
Enter your name and email below and the download link will be sent to you.

All submitted information is kept in the strictest confidence. Privacy Policy

For Windows, Mac, and Linux!

Cross Platform

ActionScript Encryption

ActionScript encryption (or byte-code obfuscation) makes decompiled ActionScript confusing and hard to understand. It's not real encryption, but in the context of code, it might be better. Although actual encryption can make your code entirely unreadable, it suffers from a classic encryption flaw, it needs to keep the decryption-key with the encrypted data. An automated tool could be created to decrypt the code. Once that happens the fully unencrypted, unobfuscated code is in plain view.

Stop Flash Decompilers

With all of that said, this should not be a showstopper. secureSWF implements four very effective ActionScript encryption techniques to protect ActionScript against decompilers that can be applied by several orders of magnitude,

How secureSWF's ActionScript Encryption Works

secureSWF manipulates the byte-code instructions in SWF files using techniques to foil, and even crash, Flash decompilers preventing them from generating anything useful, while leaving the Flash application's behavior and output intact. Here is an example where we applied some of the techniques and luckily, one of the decompilers generated something to demonstrate (all others crashed):

Code before ActionScript encryption

private function getNeighbours(i:int, j:int):Array{
  var a:Array = new Array();
  for (var k = 0; k < 8; k++){
    var ni = i + int(neighbour_map[k][0]);
    var nj = j + int(neighbour_map[k][1]) ;
    if (ni < 0 || ni >= xsize || nj < 0 || nj >= ysize)
      continue;
    a.push(Cell(cells[ni][nj]));
  }
  return a;
}

Code after ActionScript encryption

private function getNeighbours(_arg1:int, _arg2:int):Array{
  var _local3:Array = -(((null - !NULL!) % ~(undefined)));
  var _local4:*;
  var _local5:*;
  var _local6:*;
  _local3 = new Array();
  _local4 = 0;
  for (;//unresolved jump
  , _arg2 < 8;_local4++) {
    _local5 = (_arg1 + int(!NULL!));
    _local6 = (_arg2 + int(!NULL!));
    if (true){
      _arg1 = (((//unresolved nextvalue or nextname << !NULL!) + !NULL!) 
<< undefined);
      _arg1 = (!(!NULL!) ^ !NULL!);
      (!NULL! instanceof !NULL!);
      var _local1 = (((!NULL! as !NULL!) + !NULL!) == this);
      if (!(!NULL! == !NULL!)){
        -((true << !NULL!)).push(Cell(cells[_local5][_local6]));
      }
    }
    if (!true){
      (_local6 < 0);
      (_local6 < 0);
      (_local5 < 0);
    }
  }
return (_local3);
}

What secureSWF's ActionScript Encryption Does?

secureSWF can do the following to stop Flash decompilers:

  1. Control Flow Obfuscation

    Changes possible areas of the code flow that doesn't affect the way the application runs. It also inserts extra control flow statements in certain areas of the code to make decompilation virtually impossible.
  2. Dynamic Code Wrapping

    Dynamically wraps up the ActionScript byte-code blocks in SWF files to make finding entry points of the code extremely difficult for Flash decompilers. This will usually crash the decompiler.
  3. Statement-level Randomization

    Will randomly restructure the sequence of the byte-code instructions that the decompiler uses to reform a complete ActionScript statement. It removes all the possible links between the compiled byte-code and the ActionScript source code making decompiling an extraordinarily difficult process.
  4. Integer Date Obfuscation

    Makes integer literals in your code harder to read.
  5. String Encryption

    Will replace sensitive literal strings in your code with a function call that gets the string from an encrypted byte array. Here is an example:

    Before string encryption

    loader.load(new URLRequest(
    "http://www.kindi.com/getsomething.php?var=" + foo);



    After string encryption

    loader.load(new URLRequest(?.?(-581, -881) + foo);

Download


Our Users' Say: