GhostWire Studios - Flash/Flex UI Components Development And Consulting Services
Quality User Interface Controls For Flash Application DevelopmentAspireUI Components

Nov 16 2009

[AS3] Applying ROT128 Encryption On Binary XML

Published by at 11:05 am under Flash,Flash AS3,Tips

This is Part III of our discussion on ROT128 Encryption.

Part I: “Applying ROT128 Encryption On ByteArray”
Part II: “Applying ROT128 Encryption On Embedded/Module SWFs”

In “Saving XML As Binary”, we looked at how text XML can be stored in a ByteArray object so that it can be compressed and made non-human-readable. In this post, we look at how you can integrate ROT128 into the XML-to-ByteArray-to-XML routines. Binary XML is used only as an example; you can definitely apply the same concept to other binary data.


XML-to-ByteArray:
ROT128 is applied after the XML is stored and compressed as ByteArray.

var data:ByteArray = new ByteArray();
data.writeUTFBytes(xmlData); // xmlData is original XML string
data.compress();
// BEGIN ROT128
var j:int = data.length;
while (j--)
{
	data[j] += 128;
}
// END ROT128
new FileReference().save(data, "bindata.xml"); // default name "bindata.xml"


ByteArray-to-XML:
With ROT128 applied, the saved binary file is no longer a valid compressed ByteArray – it cannot be uncompressed and converted back to XML without first reversing the encryption on the raw data.

// event handler for Event.COMPLETE of URLLoader loading external XML
function on_XML(evt:Event):void
{
	var data:* = URLLoader(evt.target).data;
	if (data is ByteArray)
	{
		try
		{
			// BEGIN ROT128
			var j:int = data.length;
			while (j--)
			{
				data[j] += 128;
			}
			// END ROT128
			data.uncompress();
		}
		catch(e:Error)
		{
		}
	}
	data = XML(data);
	// handle data as XML
}


Partial Encryption
In order to make the process of reversing ROT128 encryption less predictable, you could vary the conditions under which the encryption is to be applied.

Here is an example (alternate bytes):

// BEGIN ROT128
var j:int = data.length;
while (j--)
{
	data[j] += 128;
	j--; // skip next byte
}
// END ROT128

Another example (first 1024 bytes):

// BEGIN ROT128
var j:int = (data.length < 1024) ? data.length : 1024;
while (j--)
{
	data[j] += 128;
}
// END ROT128

Correspondingly, your applications would reverse the encryption under the same conditions. Effectively, these conditions determine the complexity of your cipher and become the “secret key” necessary to decrypt the data.


Conclusion
ROT128 is a weak encryption technique that you should not use to protect sensitive data. However, the light-weight algorithm can be used to make binary blobs inaccessible to unauthorized parties while allowing your applications to easily restore the data when needed.

This method of encryption may seem amateurish, but it does what it is supposed to do well enough while remaining light-weight and flexible.

It worked well enough for Julius Caesar, after all.

pixelstats trackingpixel
Be Sociable, Share!
             

    2 responses so far

    2 Responses to “[AS3] Applying ROT128 Encryption On Binary XML”

    1. Martinon 04 Dec 2009 at 1:38 am

      Great!

      I love your series, I have used every “hack” you have mentioned. I am making a highscore-game in which I tend to protect.

      md5, and some other stuff to detect a false highscore-entry. But the flashclient is easily decompiled and explored – but your embed-solution, as well as ROT128 etc is really KING.

      Do not own many decompilers, but the one I had did not crack the swf!

      Now I have used this binary-xml as well – but went for another solution.
      The problem with yours – is that it has to load an external XML-file.

      But I want to have the bytearray of the XML to be inside of the swf.
      for example:

      var bytearray:ByteArray = new ByteArray();
      myBinaryXmlString = “rÛH?æô; 1«?U%º.S9hKåRé?¬???G”
      myDecodedBinaryXML = bytearray.???..

      setQuestionsXML(new XML(myDecodedBinaryXML));

      I know – if someone cracks the SWF, then they will see the decoding etc..
      But I did not understand how to decode the binary-string – without making a loading of the XML-file as you did, so that it comes in as a ByteArray automatically.

      So I used http://wonderfl.net/code/d65bf0f3fecc166ce9404a102a602653bc80457d
      instead to make my xml to a binary – and being able to decode it.

      Thanks.. YOU are so great!

    2. sunnyon 04 Dec 2009 at 6:19 am

      “The problem with yours – is that it has to load an external XML-file.”

      Sorry for not mentioning it in the original post, but you can definitely embed the XML:

      http://www.ghostwire.com/blog/archives/as3-embedding-binary-xml/

      I am not sure though, if it is worthwhile converting the XML to binary, ROT128-encrypting it, embedding the encrypted binary data, and using SWF-embed protection. Seems a little overkill, perhaps.

    Trackback URI | Comments RSS

    Leave a Reply

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word