PDA

View Full Version : Source code protection


Eric Drutel
01-05-2010, 03:01 PM
What obfuscators do you use to protect your source code? What other methods do you use to make it hard to break the code?

bowljoman
01-05-2010, 05:11 PM
If it must be protected, do not put it in action script.

What needs to be protected? Raw code or key_data?

Eric Drutel
01-06-2010, 06:16 AM
It is just raw code. I do not have the option to not use action script.

tadster
01-09-2010, 03:27 PM
...
[Embed(source="mySwfWithText.swf", mimeType="application/octect-stream")]
private var mySecret:Class;

private var keepSecret:*;
...

var loader:Loader = new Loader();

var btC:LoaderContext = new LoaderContext(false, ApplicationDomain.currentDomain);

loader.loadBytes(new mySecret(), btC);
loader.contentLoaderInfo.addEventListener(Event.CO MPLETE, haveContents);
...

private function haveContents(e:Event):void
{
keepSecret = e.target.content;

var someText:String = TextField(Sprite(keepSecret).getChildAt(0)).text;
//in this case the loaded swf is a sprite that has one textfield on it
//but you would be able to use it in any way, any of its methods or properties
//but for this case imagine that this text field contains a RegExp string

var unKnowableRegExp:RegExp = new RegExp(""+someText+"", "ig");

if (loaderInfo.url.match(unKnowableRegExp)) init();

}



by doing this the contents of mySwfWithText.swf
is not seen anywhere in a decompiler, not the hex, not anywhere
all you will get is a reference to the class, something like
"_main.mySecret" which will extend the ByteArray Asset Class,
but you wont be able to see the contents of it...
and the [Embed...] code does not get seen either, so there's no way for them
to really know the name of the swf used for this.
and therefore the resulting regexp used is pretty much a secret..

Eric Drutel
01-11-2010, 05:20 AM
Thanks! I'll have a look at this.