Ya, you right Alex, I re-checked, and there are not comments. It does keep trace() calls though.
I also noticed that it does obscure some local vars into _loc_# vars, and but it doesn't obscure others, which I think is kinda weird. -Sean Thayne On Wed, Feb 19, 2014 at 11:47 AM, Alex Harui <[email protected]> wrote: > Comments are easily viewable? I don't think so. It also depends on > whether you have the original source files or not. For Google Closure, if > you have a source map, you can get back to the source as well. > > Try dumping out an export release version of one of your SWFs. Sure you > can get back from the byte code to the basic algorithm, but I don't think > it is that much easier than deciphering a minified js or even looking at > intel byte code in an EXE file. > > -Alex > ________________________________________ > From: Sean Thayne <[email protected]> > Sent: Wednesday, February 19, 2014 8:21 AM > To: [email protected] > Subject: Re: Air apps easily decompiled and hacked > > I'm actually more concerned about the plain readability of the AS3, even > comments are easily viewable. Where as a JS site that has been compile with > Google Closures is minimized and heavily obscured. I feel like it would be > very easy to steal someones hard work. > > -Sean Thayne > > > On Wed, Feb 19, 2014 at 9:18 AM, Gary Yang <[email protected]> wrote: > > > Client side can not be trusted, server api should always be the security > > gate! > > > > After all there are certain applications that can encrypt Flash > > applications, Javascript application is just plain text!!! > > > > > > On Wed, Feb 19, 2014 at 11:08 AM, Sean Thayne <[email protected]> wrote: > > > > > Anybody else concerned about decompilers like SoThink? > > > > > > http://www.ericzhang.me/cracking-adobe-air-applications/ > > > > > > -Sean Thayne > > > > > >
