For Windows, Mac, and Linux!
Flash ActionScript is easy to decompile. More than 22 Flash decompilers exist today that attackers can use to view your ActionScript source code. This is not in any way a flaw in Flash; it is simply a reality of intermediate-compiled languages. Java and .NET applications suffer from the same exact problem. Being much higher-level than binary machine code, the ActionScript byte-code is full of identifiers and information that makes it easy to decompile.
The goal of an obfuscator is to make decompilation extremely time consuming and painful so that it is not worth the effort. The goal is to stop all casual hackers and as many serious hackers as possible.
An ActionScript obfuscator removes the context from the byte-code that decompilers would use to generate human-readable ActionScript source code. The trick is to remove this context from evil intentions while retaining complete execution integrity with the original program. secureSWF accomplishes this completely - your Flash application will produce the same results as it did before obfuscation but the code is more difficult to decompile.
ActionScript obfuscation does not do any tricks or hacks on Flash decompilers that exploits their flaws to make them crash. It simply removes the information they use to generate readable and useful ActionScript code. secureSWF renames identifiers into meaningless and confusing names, removes frame labels and changes their references into indices, and removes metadata when possible.
This process can not be reversed in any way. The original identifiers' names, frame labels, and metadata no longer exist in the obfuscated ActionScript. Here is an example:
package com.fgg.Mines {
import flash.display.*;
public class Face extends MovieClip {
public var win:MovieClip;
private var _status:int;// = 0
public static const START:int = 1;
public static const WIN:int = 4;
public function Face(){
_status = START;
super();
addFrameScript(0, frame1);
}
public function winner():void{
this.gotoAndStop("win");
_status = WIN;
}
public function start():void{
this.gotoAndStop("start");
_status = START;
}
public function get Status(){
return (_status);
}
function frame1(){
stop();
}
}
}//package com.fgg.Mines
package 2 {
import flash.display.*;
public class 6 extends MovieClip {
public var
:MovieClip;
private var ]:int;// = 0
public static const 5:int = 1;
public static const -:int = 4;
public function 6(){
] = 1;
super();
addFrameScript(0, ();
}
public function $():void{
this.gotoAndStop(4);
] = 4;
}
public function 4():void{
this.gotoAndStop(2);
] = 1;
}
public function get )(){
return (]);
}
function ((){
stop();
}
}
}//package 2
secureSWF renames (or completely removes) everything you have assigned a name to while designing or developing your Flash application. There is no obfuscator (whether it is for Flash or something else) exists today that can remove that much of information. secureSWF renames or completely removes the following for ActionScript 1, 2, or 3: