Comments on: [AS3] Hiding Assets And Code By Embedding SWF Within Another SWF http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/ Flash UI Components Tue, 23 Aug 2011 08:29:00 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Lorenzo http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-524 Lorenzo Thu, 03 Jun 2010 16:43:08 +0000 http://ghostwire.com/blog/?p=709#comment-524 this technique is very smart ! thank's to share this. this technique is very smart !
thank’s to share this.

]]> By: sunny http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-495 sunny Wed, 31 Mar 2010 04:31:29 +0000 http://ghostwire.com/blog/?p=709#comment-495 The technique discussed here involves embedding one SWF in another shell SWF, and then loading the shell SWF instead of the module SWF. This means you have to do it for every module SWF. Or, you can also look at http://www.ghostwire.com/blog/archives/as3-applying-rot128-encryption-on-embeddedmodule-swfs/ The technique discussed here involves embedding one SWF in another shell SWF, and then loading the shell SWF instead of the module SWF. This means you have to do it for every module SWF.

Or, you can also look at
http://www.ghostwire.com/blog/archives/as3-applying-rot128-encryption-on-embeddedmodule-swfs/

]]> By: vic http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-494 vic Wed, 31 Mar 2010 04:07:06 +0000 http://ghostwire.com/blog/?p=709#comment-494 Hi, Does anyone know how this could be implemented in Flex? I have a "main" flex project/application that loads a module (from a separate project) into the main flex project at runtime. I am able to encrypt/obfuscate the main application using secureSWF, but the modules...which end up being separate swfs in the air package don't get encrypted as well. It seems that these obfuscators only encrypt the main swf files. I even extracted all files from the air app via unzipping and obfuscated the module file swf and then recompiled/repackaged the air app via ADT fine with no errors. However, when I after I successfully install and run the air application, the module that gets loaded into the main application does not function. I am assuming at this point that the main flex swf can no longer interpret the module swf that it is trying to load because it has been altered via obfuscation? Anyone know how to handle this? To obfuscate or encrypt a module that is a separate flex project? I only know of nitro-lm so far, but I want to see if anyone has a workaround to this maybe even using the above code, but just don't know how to implement this in my flex module? Thanks! Hi,

Does anyone know how this could be implemented in Flex? I have a “main” flex project/application that loads a module (from a separate project) into the main flex project at runtime. I am able to encrypt/obfuscate the main application using secureSWF, but the modules…which end up being separate swfs in the air package don’t get encrypted as well. It seems that these obfuscators only encrypt the main swf files. I even extracted all files from the air app via unzipping and obfuscated the module file swf and then recompiled/repackaged the air app via ADT fine with no errors. However, when I after I successfully install and run the air application, the module that gets loaded into the main application does not function. I am assuming at this point that the main flex swf can no longer interpret the module swf that it is trying to load because it has been altered via obfuscation?

Anyone know how to handle this? To obfuscate or encrypt a module that is a separate flex project? I only know of nitro-lm so far, but I want to see if anyone has a workaround to this maybe even using the above code, but just don’t know how to implement this in my flex module?

Thanks!

]]> By: sunny http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-393 sunny Tue, 25 Aug 2009 08:57:44 +0000 http://ghostwire.com/blog/?p=709#comment-393 As mentioned in the post, the part about encrypting the embedded SWF is not to prevent manual hacking, but **automated** extraction by decompilers (they don't do this now, but I wouldn't think it is difficult for them to implement such a feature). Encrypting the SWF is also not equivalent to obfuscating the source code. The encrytion does not even have to be complicated - even if you just corrupt a few bytes and not the whole SWF, it will be good enough to prevent automated extraction. As mentioned in the post, the part about encrypting the embedded SWF is not to prevent manual hacking, but **automated** extraction by decompilers (they don’t do this now, but I wouldn’t think it is difficult for them to implement such a feature).

Encrypting the SWF is also not equivalent to obfuscating the source code. The encrytion does not even have to be complicated – even if you just corrupt a few bytes and not the whole SWF, it will be good enough to prevent automated extraction.

]]> By: makc http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-392 makc Tue, 25 Aug 2009 05:46:10 +0000 http://ghostwire.com/blog/?p=709#comment-392 I fully agree about this being too simple for not taking advantage of, in fact I came up with same idea some time before, http://board.flashkit.com/board/showthread.php?t=790614 :) However, I do not agree in a slightest with "taking it further" part, because it is now not so simple and the ratio of effort to effect is much worse, see this thread http://board.flashkit.com/board/showthread.php?t=767745 - it took me probably 10 minutes to restore his SWF. A reasonable and acceptable compromise between simple embedding and messing up with SWF bytes would be base64 since not only it has ready codes for en/de-cryption, but also does not require you to use Flex SDK and does not compile useless Flex classes into your SWF. Personally, I still think C-like preprocessor like the one linked to from post in 1st link is the best way to obfuscate your code. And there are, of course, commercial tools that do this job better. I fully agree about this being too simple for not taking advantage of, in fact I came up with same idea some time before, http://board.flashkit.com/board/showthread.php?t=790614 :)

However, I do not agree in a slightest with “taking it further” part, because it is now not so simple and the ratio of effort to effect is much worse, see this thread http://board.flashkit.com/board/showthread.php?t=767745 – it took me probably 10 minutes to restore his SWF.

A reasonable and acceptable compromise between simple embedding and messing up with SWF bytes would be base64 since not only it has ready codes for en/de-cryption, but also does not require you to use Flex SDK and does not compile useless Flex classes into your SWF.

Personally, I still think C-like preprocessor like the one linked to from post in 1st link is the best way to obfuscate your code. And there are, of course, commercial tools that do this job better.

]]> By: Philippe http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-389 Philippe Fri, 21 Aug 2009 19:12:40 +0000 http://ghostwire.com/blog/?p=709#comment-389 That's clever :) It should stop lots of hackers. That’s clever :)

It should stop lots of hackers.

]]> By: dim http://www.ghostwire.com/blog/archives/as3-hiding-assets-and-code-by-embedding-swf-within-another-swf/comment-page-1/#comment-388 dim Fri, 21 Aug 2009 09:33:00 +0000 http://ghostwire.com/blog/?p=709#comment-388 very handy - thank you very handy – thank you

]]>