Ah. I thought he was talking about SWCEncrypt, which is actually an obfuscator. I stand corrected. _______________________________________________________________________
Joseph Balderson | http://joeflash.ca Flex & Flash Platform Developer | Abobe Certified Developer & Trainer Author, Professional Flex 3 (coming Winter 2008) Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674 Doug McCune wrote: > Just to clarify, Andrew is in fact talking about encryption, not > obfuscation. The NitroLM product (which I have not used) actually does > raw byte encryption on your swf, which then gets loaded by a wrapper swf > and decrypted at runtime based on a secret key that gets sent over a > secure connection after valid credentials are passed to the server. You > would have to be able to crack the swf encryption before a decompiler > would even be able to give you any decompiled code. > > Doug > > On Wed, Jun 4, 2008 at 1:35 PM, Joseph Balderson <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > I meant to say "...and the code is completely _un_intelligible..." > > > __________________________________________________________ > > Joseph Balderson | http://joeflash.ca > Flex & Flash Platform Developer | Abobe Certified Developer & Trainer > Author, Professional Flex 3 (coming Winter 2008) > Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674 > > Joseph Balderson wrote: > > What you both just described is obfuscation, not encryption. And > there > > are varying levels of obfuscation. The barest level is replacing all > > props with _loc_1, whcih is child's play. I think what Andrew is > > referring to is "strong" obfuscation, that will replace vars with a > > meaningless string of characters which include illegal > characters. The > > SWF will still play fine, but the moment you try and decompile into > > classes and recompile, you get a zillion compiler errors from all > the > > illegal characters, and the code is completely intelligible, > cause all > > custom class members have been replaced by goobledygook. That is > what I > > call "strong obfuscation". > > > > True SWF encryption is only possible with code injection > decrypted at > > runtime, using either encrypted data or preferably over a secure > > streaming connection (RTMPE or the like) as far as I know, though > I've > > never actually seen anyone go to the trouble. > > > > > > __________________________________________________________ > > > > Joseph Balderson | http://joeflash.ca > > Flex & Flash Platform Developer | Abobe Certified Developer & Trainer > > Author, Professional Flex 3 (coming Winter 2008) > > Staff Writer, Community MX | > http://communitymx.com/author.cfm?cid=4674 > > > > > > > > Sherif Abdou wrote: > >> The local variable get changed to _loc_1, so your best best is > to write > >> some sort of script that changes the public/private variables to > >> something like > >> __var_1, and make sure u increment by 1. you can do the same for > >> functions function __test__1();. I dont think encryption will > matter > >> unless some crazy person wants to decipher what all they mean. > >> > >> ----- Original Message ---- > >> From: andrewwestberg <[EMAIL PROTECTED] > <mailto:andrewwestberg%40gmail.com>> > >> To: flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> > >> Sent: Tuesday, June 3, 2008 4:54:14 PM > >> Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work? > >> > >> > - We ran SWCEncrypt on a Flex SWC and then tried decompiling a > >> Flex app > >> > created with the encrypted SWC versus the unencrypted SWC. I > >> could not tell > >> > any difference whatsoever. Both decompiled just fine, it appeared > >> as if > >> > SWCEncrypt did absolutely nothing to the SWC file. I don't know > >> if we were > >> > doing soemthing wrong (although really how can you? you just run > >> it on a > >> > SWC), or if the encryptor doesn't support Flex SWCs specifically. > >> > >> I tested SWC encrypt on my flex swc today and I can also verify that > >> it didn't do a darn thing to the code as viewed through Sothink's > >> decompiler. (disclaimer: I consult for a company that does SWF and > >> Flex/AIR module encryption that could be considered a competitor of > >> these guys. Just checkin out the competition ;) ) > >> > >> -Andrew > >> > >> > >> > > > > ------------------------------------ > > > > > -- > > Flexcoders Mailing List > > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > > Search Archives: > http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! > Groups Links > > > > > > > > > > >
