Is there any Actionscript 3 obfuscation program? also while we are on the obfuscation subject, what is the best Actionscript 2 obfuscation program? Genable seems to be down and last I knew that was the best.

As far as I know, Adobe doesn't intend to make current SWF ver. format public... And, there are no decompilers at the moment capable of recreating AS3 (avm2) scripts. Why would you need an obfuscator?
If my info isn't up to date, I hope, some one will correct me.

thanks.

Sothinks SWF Decompiler 4.0 is capable of decompiling AS 3.0 now.
I have tested it, Flash throws some compiling errors for the decompiled FLA (so many static private final function is located at the code, instead of public/private functions), but it reads the Strings for example. Also exports all the external Class AS files, even with their original name.

I haven' t tested yet if it can decompile SWC or components inside of the FLA, but still this is a bad news for AS 3.0. Now I am looking for a AS 3.0 Obfuscator.

Well, just looking at the advertisement at the top of the page, I see www.amayeta.com. Apparently they sell an obfuscator called SWF Encrypt 4.0...

Dunno if that'll help, but it might. :D

I've tried that, but did not work for AS 3.0.

Look up AS3 MD5 encryption on google. There's an AS3.0 encryption class that's been translated from java, and I have downloaded it, but I can't get to it through my company's blog-blocking software...

http://gsolo.com/temp/macromedia/flex/beta/Global/com/gsolo/encryption/MD5.zip

Oh.. sorry. Thought you meant encryption. Just re-read it, and you want an obfuscator. I've heard that Amayeta SWFEncrypt is supposed to be the best out there. Of course, the decompilers claim to have broken it, but I haven't seen any evidence of this.

something will always break any encrypting method, the only way to protect your code is through making the comprehension of the code time-limiting, which is not worth the effort.

I just assume that anyone smart enough to get at my code doesn't need to copy it anyways - its not like we're inventing the wheel in flash

its not like we're inventing the wheel in flash

yes, you are totally right :)

All I have to hide is some String that contain some connection data.

If someone becomes curious about how I've done all that stuff and break the code for analyze, all I could say is "go ahead, it's all yours, 'cause there are thousands of similar code around the internet".

But if someone breaks the code and cheats on an advergame which gives prizes, it's not right.

So the best practice is to use a socket-server, but still need to hide the connection data. Then guess what, I have to write lots of code to avoid browser caching of the SWF that contains connection data.

I have to write lots of code to avoid browser caching of the SWF that contains connection data.

I didn't know this was even possible on a web deployed swf. Would love to know the technique if you wouldn't mind sharing.

PMF

I didn't know this was even possible on a web deployed swf. Would love to know the technique if you wouldn't mind sharing.

PMF

Of course.

First of all I use SmartFoxServer for this tecnique (it seems expensive just for a tecnique, but I use the socket-server for entire project).

Anyway, SFS (SmartFoxServer), has a java server side extension which converts any physical file (located at anywhere on the server, e.g. C:\Files) into byteArray and convert it into base64 and send to the base SWF which I embed into HTML. This base SWF includes a Class which converts the Base64 data into a byteArray again. And you load the SWF from the socket-server into base SWF. So the file is never cached for browser.

Here is the code for loading the data.

var dec:ByteArray = Base64.decode64(data);//Converts the Base64 into Byte Array. - data comes from SFS extension.
loader.loadBytes(dec); //loads the byteArray
addChild(loader);//add it to the DisplayList


You can load any data with this tecnique. No http posts, no cache etc. etc. But I still research for any weaknesses.

Ok, this was a summary of the tecnique. But if you want more, please let me know, so I can prepare a tutorial with files.
If you install SFS also you could find a tutorial which loads JPEG. But as I mentioned the code needs to be edited. And does not include all the processes of my project.

PS: the java extension needs to be edited, but editing process does not need complex java knowledge.

Pretty cunning, I like it, thanks. Obviously it's still not 100% secure, but it does make it a whole heap more difficult to try & glance at things like connection data. Presumably SFS is not completely necessary if it's possible to convert the swf to a base64 byteArray in PHP. I don't know if this is possible, but I do know a server side guy who might.

As for a tutorial, I'm pretty sure there would be others interested in this too - sounds like a perfect tutorial submission for this site!

PMF

yes you are right, SFS is not completely necessary.
Here is the fact, I think if the person cannot connect to SFS, then he/she will not be able to receive the byteArray and the SWF that is not located at http. So if I hide the connection data (assuming that someone decompiled the base SWF, unfortunately SFS works for everyone by standalone flash player, but not remotely if you configure cross-domain policies right) then that person will not be able to connect to SFS.
So where is the byteArray data :)

I'm using irrFuscator:
http://www.ambiera.com/irrfuscator/index.html

It's for flex developers and seems to be pretty new, but it works for me like a charm :)

wow. thanks for this information dudez. i havent checked back in awhile.

the obfuscation is mostly for security reasons. it makes sure no one can see certain things like where the data is going and coming.

also, i was wanting to user encryption and if i store the key in the application, anyone can look at it if it is decrypted, but for that i guess i could randomly create a new key on login, store it in the session and send it to the swf for when its needed to be used.
but that may defeat the purpose of encryption if a user picks up the key on the way back.

lol. it would be extreme, but you know, if theres a weakness, someone is going to find it.