For Windows, Mac, and Linux!
ActionScript Encryption
ActionScript encryption (or byte-code obfuscation) makes decompiled ActionScript confusing and hard to understand. It's not real encryption, but in the context of code, it might be better. Although actual encryption can make your code entirely unreadable, it suffers from a classic encryption flaw, it needs to keep the decryption-key with the encrypted data. An automated tool could be created to decrypt the code. Once that happens the fully unencrypted, unobfuscated code is in plain view.
Stop Flash Decompilers
With all of that said, this should not be a showstopper. secureSWF implements four very effective ActionScript encryption techniques to protect ActionScript against decompilers that can be applied by several orders of magnitude,
How secureSWF's ActionScript Encryption Works
secureSWF manipulates the byte-code instructions in SWF files using techniques to foil, and even crash, Flash decompilers preventing them from generating anything useful, while leaving the Flash application's behavior and output intact. Here is an example where we applied some of the techniques and luckily, one of the decompilers generated something to demonstrate (all others crashed):
Code before ActionScript encryption
private function getNeighbours(i:int, j:int):Array{
var a:Array = new Array();
for (var k = 0; k < 8; k++){
var ni = i + int(neighbour_map[k][0]);
var nj = j + int(neighbour_map[k][1]) ;
if (ni < 0 || ni >= xsize || nj < 0 || nj >= ysize)
continue;
a.push(Cell(cells[ni][nj]));
}
return a;
}
Code after ActionScript encryption
private function getNeighbours(_arg1:int, _arg2:int):Array{
var _local3:Array = -(((null - !NULL!) % ~(undefined)));
var _local4:*;
var _local5:*;
var _local6:*;
_local3 = new Array();
_local4 = 0;
for (;//unresolved jump
, _arg2 < 8;_local4++) {
_local5 = (_arg1 + int(!NULL!));
_local6 = (_arg2 + int(!NULL!));
if (true){
_arg1 = (((//unresolved nextvalue or nextname << !NULL!) + !NULL!)
<< undefined);
_arg1 = (!(!NULL!) ^ !NULL!);
(!NULL! instanceof !NULL!);
var _local1 = (((!NULL! as !NULL!) + !NULL!) == this);
if (!(!NULL! == !NULL!)){
-((true << !NULL!)).push(Cell(cells[_local5][_local6]));
}
}
if (!true){
(_local6 < 0);
(_local6 < 0);
(_local5 < 0);
}
}
return (_local3);
}
What secureSWF's ActionScript Encryption Does?
secureSWF can do the following to stop Flash decompilers:
Control Flow Obfuscation
Changes possible areas of the code flow that doesn't affect the way the application runs. It also inserts extra control flow statements in certain areas of the code to make decompilation virtually impossible.Dynamic Code Wrapping
Dynamically wraps up the ActionScript byte-code blocks in SWF files to make finding entry points of the code extremely difficult for Flash decompilers. This will usually crash the decompiler.Statement-level Randomization
Will randomly restructure the sequence of the byte-code instructions that the decompiler uses to reform a complete ActionScript statement. It removes all the possible links between the compiled byte-code and the ActionScript source code making decompiling an extraordinarily difficult process.Integer Date Obfuscation
Makes integer literals in your code harder to read.String Encryption
Will replace sensitive literal strings in your code with a function call that gets the string from an encrypted byte array. Here is an example:
Before string encryptionloader.load(new URLRequest(
"http://www.kindi.com/getsomething.php?var=" + foo);
After string encryptionloader.load(new URLRequest(?.?(-581, -881) + foo);
