ActionScript Encryption
ActionScript encryption (or byte-code obfuscation) makes decompiled ActionScript confusing and hard to
understand. It's not real encryption, but in the context of code,
it might be better. Although actual encryption can make your code entirely unreadable,
it suffers from a classic encryption flaw, it needs to keep the decryption-key with the
encrypted data. An automated tool could be created to decrypt the code. Once that happens the
fully unencrypted, unobfuscated code is in plain view.
Stop Flash Decompilers
With all of that said, this should not be a showstopper. secureSWF implements four very effective
ActionScript encryption
techniques to protect ActionScript against decompilers that can be applied by several orders of
magnitude,
How secureSWF's ActionScript Encryption Works
secureSWF manipulates the byte-code instructions in SWF files using techniques to foil, and even crash,
Flash
decompilers preventing them from generating anything useful, while leaving the Flash application's
behavior
and output intact. Here is an example where we applied some of the techniques and luckily, one of the
decompilers
generated something to demonstrate (all others crashed):
Code before ActionScript encryption
private function getNeighbours(i:int, j:int):Array{
var a:Array = new Array();
for (var k = 0; k < 8; k++){
var ni = i + int(neighbour_map[k][0]);
var nj = j + int(neighbour_map[k][1]) ;
if (ni < 0 || ni >= xsize || nj < 0 || nj >= ysize)
continue;
a.push(Cell(cells[ni][nj]));
}
return a;
}
Code after ActionScript encryption
private function getNeighbours(_arg1:int, _arg2:int):Array{
var _local3:Array = -(((null - !NULL!) % ~(undefined)));
var _local4:*;
var _local5:*;
var _local6:*;
_local3 = new Array();
_local4 = 0;
for (;//unresolved jump
, _arg2 < 8;_local4++) {
_local5 = (_arg1 + int(!NULL!));
_local6 = (_arg2 + int(!NULL!));
if (true){
_arg1 = (((//unresolved nextvalue or nextname << !NULL!) + !NULL!)
<< undefined);
_arg1 = (!(!NULL!) ^ !NULL!);
(!NULL! instanceof !NULL!);
var _local1 = (((!NULL! as !NULL!) + !NULL!) == this);
if (!(!NULL! == !NULL!)){
-((true << !NULL!)).push(Cell(cells[_local5][_local6]));
}
}
if (!true){
(_local6 < 0);
(_local6 < 0);
(_local5 < 0);
}
}
return (_local3);
}
What secureSWF's ActionScript Encryption Does?
secureSWF can do the following to stop Flash decompilers:
Control Flow Obfuscation
Changes possible areas of the code flow that doesn't affect the way the application runs. It also
inserts extra control flow statements in certain areas of the code to make decompilation virtually
impossible.
Dynamic Code Wrapping
Dynamically wraps up the ActionScript byte-code blocks in SWF files to make finding entry points of
the code extremely difficult for Flash decompilers. This will usually crash the decompiler.
Statement-level Randomization
Will randomly restructure the sequence of the byte-code instructions that the decompiler uses to
reform a complete ActionScript statement. It removes all the possible links between the compiled
byte-code and the ActionScript source code making decompiling an extraordinarily difficult process.
Integer Date Obfuscation
Makes integer literals in your code harder to read.
String Encryption
Will replace sensitive literal strings in your code with a function call that gets the string from
an encrypted byte array. Here is an example:
Before string encryption
loader.load(new URLRequest(
"http://www.kindi.com/getsomething.php?var=" + foo);
After string encryption
loader.load(new URLRequest(?.?(-581, -881) + foo);
Our Users' Say:
secureSWF have saved my company thousands of dollars in intellectual property. Thank you for being the watchdog of my assets. I endorse your product fully and I encourage everyone to use it.
Stephen Gose - PBMCube
http://www.pbmcube.com/