Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-18 Thread Joseph Balderson 
Damn thread splicing. I didn't realize at the time that this thread was 
30+ posts long, not 6. Gotta remember to look at the Re: in the 
subject... :P
___

Joseph Balderson, Developer | http://joeflash.ca | 705-466-6345


Tom Chiverton wrote:
> On Wednesday 04 Jun 2008, Joseph Balderson wrote:
>> Ah. I thought he was talking about SWCEncrypt, which is actually an
>> obfuscator. 
> 
> Yeah, but SWFObfuscator isn't as cool a product name, so I guess they went 
> with being confusing...
> 



--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! 
Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/flexcoders/join
(Yahoo! ID required)

<*> To change settings via email:
mailto:[EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-09 Thread Tom Chiverton 
On Wednesday 04 Jun 2008, Joseph Balderson wrote:
> Ah. I thought he was talking about SWCEncrypt, which is actually an
> obfuscator. 

Yeah, but SWFObfuscator isn't as cool a product name, so I guess they went 
with being confusing...

-- 
Tom Chiverton



This email is sent for and on behalf of Halliwells LLP.

Halliwells LLP is a limited liability partnership registered in England and 
Wales under registered number OC307980 whose registered office address is at 
Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB.  A list 
of members is available for inspection at the registered office. Any reference 
to a partner in relation to Halliwells LLP means a member of Halliwells LLP.  
Regulated by The Solicitors Regulation Authority.

CONFIDENTIALITY

This email is intended only for the use of the addressee named above and may be 
confidential or legally privileged.  If you are not the addressee you must not 
read it and must not use any information contained in nor copy it nor inform 
any person other than Halliwells LLP or the addressee of its existence or 
contents.  If you have received this email in error please delete it and notify 
Halliwells LLP IT Department on 0870 365 2500.

For more information about Halliwells LLP visit www.halliwells.com.



--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! 
Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/flexcoders/join
(Yahoo! ID required)

<*> To change settings via email:
mailto:[EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

RE: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-05 Thread Dale Fraser 
@Mike,

 

Where do I find this framework?

 

Regards

Dale Fraser

 

From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Cato Paus
Sent: Thursday, 5 June 2008 6:24 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

 

Hello again, I have read more Flex documentation, and found a lot of 
good information regarding the remote objects and the environment, 
but I have a thought about making a change in the structure of the 
Flex application, have someone tried to take a module and put it into 
a sql database as a bytearray, and bring it to the application as 
remote object and connect module loader to the DTO, is possible to 
connect the module loader to the byteArray?

--- In flexcoders@yahoogroups.com  ,
"Michael Schmalle" 
<[EMAIL PROTECTED]> wrote:
>
> I'll Chime in on this since.. I could call myself a professional 
component
> developer.
> 
> I had the same worries about source and intellectual property (2 
years ago).
> What I have found in the real component market,
> developers will buy your component without code IF you have a site 
and
> support backing up your claim of a purely 'encapsulated' API.
> 
> Now what I have learned; Mind you I have been developing components 
since
> Flash 5 :)
> 
> - Source code IS love but, they are going to pay a lot more for it. 
I'm
> talking about my frameworks coming up that are definite jewels for 
the
> professional/enterprise flex developer.
> 
> I will have to options SWC or SWC/with source. You can't stop 
people from
> riping off your stuff. There are ticks and leaches in the REAL 
world as
> well. The trick, is to be the leader and innovator. I have survived 
2 years
> without selling source. I have created a brand new framework that I 
am very
> proud of, documented great and I will be selling my components with 
source.
> 
> Anyway, ramble but... you will always get decompiled and don't kid 
yourself.
> 
> Peace,
> Mike
> 
> On Wed, Jun 4, 2008 at 3:57 AM, Josh McDonald <[EMAIL PROTECTED]> wrote:
> 
> > I still can't see what you hope to achieve with these 
solutions? Anybody
> > willing to copy and paste your code, is just as willing to copy 
your
> > encrypted .SWC file.
> >
> > Source code is like love - it only has value if you give it out.
> >
> > -Josh
> >
> >
> > On Wed, Jun 4, 2008 at 5:45 PM, Cato Paus <[EMAIL PROTECTED]> wrote:
> >
> >> Hello again everyone, how can we protect our code?
> >>
> >> How should we go forward in order to protect the methods used to 
change
> >> the senistive information on user data, some blogs on this?
> >>
> >> I found one at a remote-finfig.xml and the use of session id
> >>
> >>
> >> http://www.flexpasta.com/index.php/2008/03/18/flex-using-blazeds-
with-java-do-you-care-about-security/
> >> this is good to have this thread hope we can work together to 
find out of
> >> this :)
> >>
> >>
> >> --- In flexcoders@yahoogroups.com 
, "jmfillman"  
wrote:
> >> >
> >> > Has anyone had experience using SWC Encrypt 2.0, by Amayeta? 
Does it
> >> > work, or would I just be wasting my money? I'm trying to 
protect a
> >> > component I plan to sell, but given the prevalence of de-
compilers, I'm
> >> > hesitant to release it. I don't want to see all my hard work 
stolen.
> >> >
> >>
> >
> >
> >
> > --
> > "Therefore, send not to know For whom the bell tolls. It tolls 
for thee."
> >
> > :: Josh 'G-Funk' McDonald
> > :: 0437 221 380 :: [EMAIL PROTECTED]
> > 
> >
> 
> 
> 
> -- 
> Teoti Graphix, LLC
> http://www.teotigraphix.com
> 
> Teoti Graphix Blog
> http://www.blog.teotigraphix.com
> 
> You can find more by solving the problem then by 'asking the 
question'.
>

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Joseph Balderson 
Ah. I thought he was talking about SWCEncrypt, which is actually an 
obfuscator. I stand corrected.
___

Joseph Balderson | http://joeflash.ca
Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
Author, Professional Flex 3 (coming Winter 2008)
Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674



Doug McCune wrote:
> Just to clarify, Andrew is in fact talking about encryption, not 
> obfuscation. The NitroLM product (which I have not used) actually does 
> raw byte encryption on your swf, which then gets loaded by a wrapper swf 
> and decrypted at runtime based on a secret key that gets sent over a 
> secure connection after valid credentials are passed to the server. You 
> would have to be able to crack the swf encryption before a decompiler 
> would even be able to give you any decompiled code.
> 
> Doug
> 
> On Wed, Jun 4, 2008 at 1:35 PM, Joseph Balderson <[EMAIL PROTECTED] 
> > wrote:
> 
> I meant to say "...and the code is completely _un_intelligible..."
> 
> 
> __
> 
> Joseph Balderson | http://joeflash.ca
> Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
> Author, Professional Flex 3 (coming Winter 2008)
> Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674
> 
> Joseph Balderson wrote:
>  > What you both just described is obfuscation, not encryption. And
> there
>  > are varying levels of obfuscation. The barest level is replacing all
>  > props with _loc_1, whcih is child's play. I think what Andrew is
>  > referring to is "strong" obfuscation, that will replace vars with a
>  > meaningless string of characters which include illegal
> characters. The
>  > SWF will still play fine, but the moment you try and decompile into
>  > classes and recompile, you get a zillion compiler errors from all
> the
>  > illegal characters, and the code is completely intelligible,
> cause all
>  > custom class members have been replaced by goobledygook. That is
> what I
>  > call "strong obfuscation".
>  >
>  > True SWF encryption is only possible with code injection
> decrypted at
>  > runtime, using either encrypted data or preferably over a secure
>  > streaming connection (RTMPE or the like) as far as I know, though
> I've
>  > never actually seen anyone go to the trouble.
>  >
>  >
>  > __
>  >
>  > Joseph Balderson | http://joeflash.ca
>  > Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
>  > Author, Professional Flex 3 (coming Winter 2008)
>  > Staff Writer, Community MX |
> http://communitymx.com/author.cfm?cid=4674
>  >
>  >
>  >
>  > Sherif Abdou wrote:
>  >> The local variable get changed to _loc_1, so your best best is
> to write
>  >> some sort of script that changes the public/private variables to
>  >> something like
>  >> __var_1, and make sure u increment by 1. you can do the same for
>  >> functions function __test__1();. I dont think encryption will
> matter
>  >> unless some crazy person wants to decipher what all they mean.
>  >>
>  >> - Original Message 
>  >> From: andrewwestberg <[EMAIL PROTECTED]
> >
>  >> To: flexcoders@yahoogroups.com 
>  >> Sent: Tuesday, June 3, 2008 4:54:14 PM
>  >> Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?
>  >>
>  >> > - We ran SWCEncrypt on a Flex SWC and then tried decompiling a
>  >> Flex app
>  >> > created with the encrypted SWC versus the unencrypted SWC. I
>  >> could not tell
>  >> > any difference whatsoever. Both decompiled just fine, it appeared
>  >> as if
>  >> > SWCEncrypt did absolutely nothing to the SWC file. I don't know
>  >> if we were
>  >> > doing soemthing wrong (although really how can you? you just run
>  >> it on a
>  >> > SWC), or if the encryptor doesn't support Flex SWCs specifically.
>  >>
>  >> I tested SWC encrypt on my flex swc today and I can also verify that
>  >> it didn't do a darn thing to the code as viewed through Sothink's
>  >> decompiler. (disclaimer: I consult for a company that does SWF and
>  >> Flex/AIR module encryption that could be considered a competitor of
>  >> these guys. Just checkin out the competition ;) )
>  >>
>  >> -Andrew
>  >>
>  >>
>  >>
>  >
>  > 
> 
>  >
>  > --
>  > Flexcoders Mailing List
>  > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
>  > Search Archives:
> http://www.mail-archive.com/flexcoders

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Doug McCune 
Just to clarify, Andrew is in fact talking about encryption, not
obfuscation. The NitroLM product (which I have not used) actually does raw
byte encryption on your swf, which then gets loaded by a wrapper swf and
decrypted at runtime based on a secret key that gets sent over a secure
connection after valid credentials are passed to the server. You would have
to be able to crack the swf encryption before a decompiler would even be
able to give you any decompiled code.

Doug

On Wed, Jun 4, 2008 at 1:35 PM, Joseph Balderson <[EMAIL PROTECTED]> wrote:

>   I meant to say "...and the code is completely _un_intelligible..."
>
> __
>
> Joseph Balderson | http://joeflash.ca
> Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
> Author, Professional Flex 3 (coming Winter 2008)
> Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674
>
> Joseph Balderson wrote:
> > What you both just described is obfuscation, not encryption. And there
> > are varying levels of obfuscation. The barest level is replacing all
> > props with _loc_1, whcih is child's play. I think what Andrew is
> > referring to is "strong" obfuscation, that will replace vars with a
> > meaningless string of characters which include illegal characters. The
> > SWF will still play fine, but the moment you try and decompile into
> > classes and recompile, you get a zillion compiler errors from all the
> > illegal characters, and the code is completely intelligible, cause all
> > custom class members have been replaced by goobledygook. That is what I
> > call "strong obfuscation".
> >
> > True SWF encryption is only possible with code injection decrypted at
> > runtime, using either encrypted data or preferably over a secure
> > streaming connection (RTMPE or the like) as far as I know, though I've
> > never actually seen anyone go to the trouble.
> >
> >
> > __
> >
> > Joseph Balderson | http://joeflash.ca
> > Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
> > Author, Professional Flex 3 (coming Winter 2008)
> > Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674
> >
> >
> >
> > Sherif Abdou wrote:
> >> The local variable get changed to _loc_1, so your best best is to write
> >> some sort of script that changes the public/private variables to
> >> something like
> >> __var_1, and make sure u increment by 1. you can do the same for
> >> functions function __test__1();. I dont think encryption will matter
> >> unless some crazy person wants to decipher what all they mean.
> >>
> >> - Original Message 
> >> From: andrewwestberg <[EMAIL PROTECTED]
> >
> >> To: flexcoders@yahoogroups.com 
> >> Sent: Tuesday, June 3, 2008 4:54:14 PM
> >> Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?
> >>
> >> > - We ran SWCEncrypt on a Flex SWC and then tried decompiling a
> >> Flex app
> >> > created with the encrypted SWC versus the unencrypted SWC. I
> >> could not tell
> >> > any difference whatsoever. Both decompiled just fine, it appeared
> >> as if
> >> > SWCEncrypt did absolutely nothing to the SWC file. I don't know
> >> if we were
> >> > doing soemthing wrong (although really how can you? you just run
> >> it on a
> >> > SWC), or if the encryptor doesn't support Flex SWCs specifically.
> >>
> >> I tested SWC encrypt on my flex swc today and I can also verify that
> >> it didn't do a darn thing to the code as viewed through Sothink's
> >> decompiler. (disclaimer: I consult for a company that does SWF and
> >> Flex/AIR module encryption that could be considered a competitor of
> >> these guys. Just checkin out the competition ;) )
> >>
> >> -Andrew
> >>
> >>
> >>
> >
> > 
> >
> > --
> > Flexcoders Mailing List
> > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
> > Search Archives:
> http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! Groups
> Links
> >
> >
> >
> >
>  
>

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Joseph Balderson 
I meant to say "...and the code is completely _un_intelligible..."
___

Joseph Balderson | http://joeflash.ca
Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
Author, Professional Flex 3 (coming Winter 2008)
Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674



Joseph Balderson wrote:
> What you both just described is obfuscation, not encryption. And there 
> are varying levels of obfuscation. The barest level is replacing all 
> props with _loc_1, whcih is child's play. I think what Andrew is 
> referring to is "strong" obfuscation, that will replace vars with a 
> meaningless string of characters which include illegal characters. The 
> SWF will still play fine, but the moment you try and decompile into 
> classes and recompile, you get a zillion compiler errors from all the 
> illegal characters, and the code is completely intelligible, cause all 
> custom class members have been replaced by goobledygook. That is what I 
> call "strong obfuscation".
> 
> True SWF encryption is only possible with code injection decrypted at 
> runtime, using either encrypted data or preferably over a secure 
> streaming connection (RTMPE or the like) as far as I know, though I've 
> never actually seen anyone go to the trouble.
> 
> 
> ___
> 
> Joseph Balderson | http://joeflash.ca
> Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
> Author, Professional Flex 3 (coming Winter 2008)
> Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674
> 
> 
> 
> Sherif Abdou wrote:
>> The local variable get changed to _loc_1, so your best best is to write 
>> some sort of script that changes the public/private variables to 
>> something like
>> __var_1, and make sure u increment by 1. you can do the same for 
>> functions function __test__1();. I dont think encryption will matter 
>> unless some crazy person wants to decipher what all they mean.
>>
>> - Original Message 
>> From: andrewwestberg <[EMAIL PROTECTED]>
>> To: flexcoders@yahoogroups.com
>> Sent: Tuesday, June 3, 2008 4:54:14 PM
>> Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?
>>
>>  > - We ran SWCEncrypt on a Flex SWC and then tried decompiling a
>> Flex app
>>  > created with the encrypted SWC versus the unencrypted SWC. I
>> could not tell
>>  > any difference whatsoever. Both decompiled just fine, it appeared
>> as if
>>  > SWCEncrypt did absolutely nothing to the SWC file. I don't know
>> if we were
>>  > doing soemthing wrong (although really how can you? you just run
>> it on a
>>  > SWC), or if the encryptor doesn't support Flex SWCs specifically.
>>
>> I tested SWC encrypt on my flex swc today and I can also verify that
>> it didn't do a darn thing to the code as viewed through Sothink's
>> decompiler. (disclaimer: I consult for a company that does SWF and
>> Flex/AIR module encryption that could be considered a competitor of
>> these guys. Just checkin out the competition ;) )
>>
>> -Andrew
>>
>>
>>
> 
> 
> 
> --
> Flexcoders Mailing List
> FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
> Search Archives: 
> http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links
> 
> 
> 
>

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Joseph Balderson 
What you both just described is obfuscation, not encryption. And there 
are varying levels of obfuscation. The barest level is replacing all 
props with _loc_1, whcih is child's play. I think what Andrew is 
referring to is "strong" obfuscation, that will replace vars with a 
meaningless string of characters which include illegal characters. The 
SWF will still play fine, but the moment you try and decompile into 
classes and recompile, you get a zillion compiler errors from all the 
illegal characters, and the code is completely intelligible, cause all 
custom class members have been replaced by goobledygook. That is what I 
call "strong obfuscation".

True SWF encryption is only possible with code injection decrypted at 
runtime, using either encrypted data or preferably over a secure 
streaming connection (RTMPE or the like) as far as I know, though I've 
never actually seen anyone go to the trouble.


___

Joseph Balderson | http://joeflash.ca
Flex & Flash Platform Developer | Abobe Certified Developer & Trainer
Author, Professional Flex 3 (coming Winter 2008)
Staff Writer, Community MX | http://communitymx.com/author.cfm?cid=4674



Sherif Abdou wrote:
> The local variable get changed to _loc_1, so your best best is to write 
> some sort of script that changes the public/private variables to 
> something like
> __var_1, and make sure u increment by 1. you can do the same for 
> functions function __test__1();. I dont think encryption will matter 
> unless some crazy person wants to decipher what all they mean.
> 
> - Original Message 
> From: andrewwestberg <[EMAIL PROTECTED]>
> To: flexcoders@yahoogroups.com
> Sent: Tuesday, June 3, 2008 4:54:14 PM
> Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?
> 
>  > - We ran SWCEncrypt on a Flex SWC and then tried decompiling a
> Flex app
>  > created with the encrypted SWC versus the unencrypted SWC. I
> could not tell
>  > any difference whatsoever. Both decompiled just fine, it appeared
> as if
>  > SWCEncrypt did absolutely nothing to the SWC file. I don't know
> if we were
>  > doing soemthing wrong (although really how can you? you just run
> it on a
>  > SWC), or if the encryptor doesn't support Flex SWCs specifically.
> 
> I tested SWC encrypt on my flex swc today and I can also verify that
> it didn't do a darn thing to the code as viewed through Sothink's
> decompiler. (disclaimer: I consult for a company that does SWF and
> Flex/AIR module encryption that could be considered a competitor of
> these guys. Just checkin out the competition ;) )
> 
> -Andrew
> 
> 
>

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Michael Schmalle 
I'll Chime in on this since.. I could call myself a professional component
developer.

I had the same worries about source and intellectual property (2 years ago).
What I have found in the real component market,
developers will buy your component without code IF you have a site and
support backing up your claim of a purely 'encapsulated' API.

Now what I have learned; Mind you I have been developing components since
Flash 5 :)

- Source code IS love but, they are going to pay a lot more for it. I'm
talking about my frameworks coming up that are definite jewels for the
professional/enterprise flex developer.

I will have to options SWC or SWC/with source. You can't stop people from
riping off your stuff. There are ticks and leaches in the REAL world as
well. The trick, is to be the leader and innovator. I have survived 2 years
without selling source. I have created a brand new framework that I am very
proud of, documented great and I will be selling my components with source.

Anyway, ramble but... you will always get decompiled and don't kid yourself.

Peace,
Mike

On Wed, Jun 4, 2008 at 3:57 AM, Josh McDonald <[EMAIL PROTECTED]> wrote:

>   I still can't see what you hope to achieve with these solutions? Anybody
> willing to copy and paste your code, is just as willing to copy your
> encrypted .SWC file.
>
> Source code is like love - it only has value if you give it out.
>
> -Josh
>
>
> On Wed, Jun 4, 2008 at 5:45 PM, Cato Paus <[EMAIL PROTECTED]> wrote:
>
>>   Hello again everyone, how can we protect our code?
>>
>> How should we go forward in order to protect the methods used to change
>> the senistive information on user data, some blogs on this?
>>
>> I found one at a remote-finfig.xml and the use of session id
>>
>>
>> http://www.flexpasta.com/index.php/2008/03/18/flex-using-blazeds-with-java-do-you-care-about-security/
>> this is good to have this thread hope we can work together to find out of
>> this :)
>>
>>
>> --- In flexcoders@yahoogroups.com, "jmfillman" <[EMAIL PROTECTED]> wrote:
>> >
>> > Has anyone had experience using SWC Encrypt 2.0, by Amayeta? Does it
>> > work, or would I just be wasting my money? I'm trying to protect a
>> > component I plan to sell, but given the prevalence of de-compilers, I'm
>> > hesitant to release it. I don't want to see all my hard work stolen.
>> >
>>
>
>
>
> --
> "Therefore, send not to know For whom the bell tolls. It tolls for thee."
>
> :: Josh 'G-Funk' McDonald
> :: 0437 221 380 :: [EMAIL PROTECTED]
> 
>



-- 
Teoti Graphix, LLC
http://www.teotigraphix.com

Teoti Graphix Blog
http://www.blog.teotigraphix.com

You can find more by solving the problem then by 'asking the question'.

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-04 Thread Josh McDonald 
I still can't see what you hope to achieve with these solutions? Anybody
willing to copy and paste your code, is just as willing to copy your
encrypted .SWC file.

Source code is like love - it only has value if you give it out.

-Josh

On Wed, Jun 4, 2008 at 5:45 PM, Cato Paus <[EMAIL PROTECTED]> wrote:

>   Hello again everyone, how can we protect our code?
>
> How should we go forward in order to protect the methods used to change the
> senistive information on user data, some blogs on this?
>
> I found one at a remote-finfig.xml and the use of session id
>
>
> http://www.flexpasta.com/index.php/2008/03/18/flex-using-blazeds-with-java-do-you-care-about-security/
> this is good to have this thread hope we can work together to find out of
> this :)
>
>
> --- In flexcoders@yahoogroups.com, "jmfillman" <[EMAIL PROTECTED]> wrote:
> >
> > Has anyone had experience using SWC Encrypt 2.0, by Amayeta? Does it
> > work, or would I just be wasting my money? I'm trying to protect a
> > component I plan to sell, but given the prevalence of de-compilers, I'm
> > hesitant to release it. I don't want to see all my hard work stolen.
> >
>  
>



-- 
"Therefore, send not to know For whom the bell tolls. It tolls for thee."

:: Josh 'G-Funk' McDonald
:: 0437 221 380 :: [EMAIL PROTECTED]

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-03 Thread Sherif Abdou 
The local variable get changed to _loc_1, so your best best is to write some 
sort of script that changes the public/private variables to something like
__var_1, and make sure u increment by 1. you can do the same for functions 
function __test__1();. I dont think encryption will matter unless some crazy 
person wants to decipher what all they mean.


- Original Message 
From: andrewwestberg <[EMAIL PROTECTED]>
To: flexcoders@yahoogroups.com
Sent: Tuesday, June 3, 2008 4:54:14 PM
Subject: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?


>- We ran SWCEncrypt on a Flex SWC and then tried decompiling a
Flex app
>created with the encrypted SWC versus the unencrypted SWC. I
could not tell
>any difference whatsoever. Both decompiled just fine, it appeared
as if
>SWCEncrypt did absolutely nothing to the SWC file. I don't know
if we were
>doing soemthing wrong (although really how can you? you just run
it on a
>SWC), or if the encryptor doesn't support Flex SWCs specifically.

I tested SWC encrypt on my flex swc today and I can also verify that
it didn't do a darn thing to the code as viewed through Sothink's
decompiler. (disclaimer: I consult for a company that does SWF and
Flex/AIR module encryption that could be considered a competitor of
these guys.  Just checkin out the competition ;) )

-Andrew

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-03 Thread Doug McCune 
That last comment isn't true. The Sothink decompiler works just fine on Flex
swfs.

Here's my experience with SWF Encrypt and SWC Encrypt:

   - We ran SWCEncrypt on a Flex SWC and then tried decompiling a Flex app
   created with the encrypted SWC versus the unencrypted SWC. I could not tell
   any difference whatsoever. Both decompiled just fine, it appeared as if
   SWCEncrypt did absolutely nothing to the SWC file. I don't know if we were
   doing soemthing wrong (although really how can you? you just run it on a
   SWC), or if the encryptor doesn't support Flex SWCs specifically.
   - SWFEncrypt, on the other hand, works. But it does not work for Flex
   swfs. If you try to encrypt a full Flex SWF the encryptor goes overboard and
   jacks up the Flex framework code and makes your SWF unrunnable.
   - What did seem to work was creating a SWF module that did not include
   the Flex framework code, encrypting that, and loading that module into a
   wrapper Flex app.
   - Neither SWCEncrypt nor SWFEncrypt seems to actually "encrypt" anything,
   All of it can still be decompiled with the Sothink decompiler (maybe the
   decompiler just knows how to decrypt whatever encryption is used).
   SWFEncrypt does seem to obfuscate the code though. A decompiled SWF that has
   been run through SWFEncrypt is harder to read than a non-obfuscated one.


On Tue, Jun 3, 2008 at 11:49 AM, Cato Paus <[EMAIL PROTECTED]> wrote:

>   right now the Flex framework is too much to decode. decoders only
> hang that I know of
>
>
> --- In flexcoders@yahoogroups.com , Tom
> Chiverton <[EMAIL PROTECTED]>
> wrote:
> >
> > On Monday 02 Jun 2008, jmfillman wrote:
> > > Has anyone had experience using SWC Encrypt 2.0, by Amayeta? Does
> it
> > > work, or would I just be wasting my money?
> >
> > Have you tried decompiling a swfencrypt'ed SWF ?
> >
> > --
> > Tom Chiverton
> >
> > 
> >
> > This email is sent for and on behalf of Halliwells LLP.
> >
> > Halliwells LLP is a limited liability partnership registered in
> England and Wales under registered number OC307980 whose registered
> office address is at Halliwells LLP, 3 Hardman Square,
> Spinningfields, Manchester, M3 3EB. A list of members is available
> for inspection at the registered office. Any reference to a partner
> in relation to Halliwells LLP means a member of Halliwells LLP.
> Regulated by The Solicitors Regulation Authority.
> >
> > CONFIDENTIALITY
> >
> > This email is intended only for the use of the addressee named
> above and may be confidential or legally privileged. If you are not
> the addressee you must not read it and must not use any information
> contained in nor copy it nor inform any person other than Halliwells
> LLP or the addressee of its existence or contents. If you have
> received this email in error please delete it and notify Halliwells
> LLP IT Department on 0870 365 2500.
> >
> > For more information about Halliwells LLP visit www.halliwells.com.
> >
>
>  
>

Re: [flexcoders] Re: SWC Encrypt 2.0 - Does it work?

2008-06-02 Thread Josh McDonald 
I'm not suggesting you don't try, or that charging for software is wrong or
anything like that, just that I feel source adds tremendous value to a
component, which changes the price point at which it becomes a good idea to
purchase it. I don't know what you plan on charging, or what your component
does, so I can't say whether or not it's a good deal. Just that personally,
I probably wouldn't recommend purchase of a closed-source component to my
employers, unless I can honestly say that having to wait for external help
every time something goes wrong will be a lot cheaper than paying me to
figure it out.

But philosophy aside, how will obfuscating the SWC really help? An
obfuscated SWC can just as easily be copied as something that comes with
source.

-J

On Tue, Jun 3, 2008 at 9:28 AM, jmfillman <[EMAIL PROTECTED]> wrote:

>   Josh,
>
> I couldn't disagree more. If you wrote a component that saves me time
> and/or money, or provides value to my users, it'd be silly, and a
> waste of time and money, for me to go and develop it myself. Since
> you saved me time and/or money, you also deserve to be fairly
> compensated, if you want to receive $$ for your work.
>
> I don't have the resources to go after anyone who might de-compile
> the code, especially internationally. That's just lost money.
>
> JF
>
>
> --- In flexcoders@yahoogroups.com , "Josh
> McDonald" <[EMAIL PROTECTED]> wrote:
> >
> > *sigh*
> >
> > Release it, maybe you'll sell some, maybe many amateurs who would
> never pay
> > will pirate it, maybe one or two professionals will pirate it.
> >
> > Don't release it, your hard work can stay safe, and you'll never
> sell a
> > copy.
> >
> > Personally, if it doesn't summon Jesus I think you'll need some
> luck selling
> > a component without source. This is why we have lawyers and
> contracts.
> >
> > -J
> >
> > On Tue, Jun 3, 2008 at 7:04 AM, Michel Scoz <[EMAIL PROTECTED]>
> > wrote:
> >
> > > I mostly used it for Flash SWF files, and it work wonders as
> far as I
> > > know. At least, no incompatibility problem and/or decompilers
> being able to
> > > show/see the code.
> > >
> > >
> > > --
> > >
> > > *De:* flexcoders@yahoogroups.com 
> [mailto:flexcoders@yahoogroups.com ] *Em
> > > nome de *jmfillman
> > > *Enviada em:* segunda-feira, 2 de junho de 2008 17:59
> > > *Para:* flexcoders@yahoogroups.com 
> > > *Assunto:* [flexcoders] SWC Encrypt 2.0 - Does it work?
> > >
> > >
> > >
> > > Has anyone had experience using SWC Encrypt 2.0, by Amayeta? Does
> it
> > > work, or would I just be wasting my money? I'm trying to protect a
> > > component I plan to sell, but given the prevalence of de-
> compilers, I'm
> > > hesitant to release it. I don't want to see all my hard work
> stolen.
> > >
> > >
> > >
> >
> >
> >
> > --
> > "Therefore, send not to know For whom the bell tolls. It tolls for
> thee."
> >
> > :: Josh 'G-Funk' McDonald
> > :: 0437 221 380 :: [EMAIL PROTECTED]
> >
>
>  
>



-- 
"Therefore, send not to know For whom the bell tolls. It tolls for thee."

:: Josh 'G-Funk' McDonald
:: 0437 221 380 :: [EMAIL PROTECTED]