How to protect SWF against decompiler?
hi all, i'm new here..
i want to ask question about swf protector against swf decompiler.
i saw so many protector using obfuscator,encryption like that..
i want to use FMS (flash media server) that will invoke callback function..
i'm afraid using encryption,will not detect the name of the function
my question is :
is there any other solution except using obfuscator to handle decompiler?
thanks before..
The only foolproof means to protect your swf files is to not make them available to the public.
Similar Messages
-
How to protect yourself against the latest Mac OSX Trojan/worm/"virus"
Does anyone know if this is true? I saw it on goole news
How to protect yourself against the latest Mac OSX Trojan/worm/"virus"
Thanks
Jason
[ Edited by Apple Discussions Moderator; href URL ]Hi YoungBrando,
Welcome to the Apple Discussion Pages
IS there something out there ?
Apparently so.
Are people getting lot of there Buddies computers trying to sned them the file ?
It does not look like it.
Does this Qualify as a virus ?
No. It does not pass itself on without some intervention by the users involved.
Does it qualify as a a Trojan ?
Yes.
What to do.
Don't except files from anyone with the file name mentioned.
Read this response as well
Be aware before Unstuffing any unknown files.
Change the IChat > Preferences > Message section option to Confirm before sending any Files to ON This may not stop the code from getting your computer to send the file without you seeing but it may help based on the way the code is described as being put together generally.
Symantic's reponse
In this article Sophos claim it to be the First Virus for OS X
It also highlights that the main Anti-Virus software houses have already put out an update.
7:51 PM Friday; February 17, 2006 -
How to protect swf from hackers!!!
Hi, I have made many games is it any way that I can protect my swf from flash developers who want hack my game???..
First I was tried way load game swf's into preloader swf and call it by Iframe most flash developers just get only my preloader.swf unable to get game..
but now few did this... now i am searching way that to protect swf from flash dicompilors???Flash runs on the 'client side', which makes it vulnerable. There are several ways to hack a Flash game - intercepting and modifying/faking communications with the server (ie, sending fake values to your 'highscores.php' or whatever, say using an app like Fiddler2), decompiling the .swf to see how it communicates with the server (and any encryption or obfuscation it might be using to try and protect communications), or even directly editing the memory being used by the game (ie, using CheatEngine to change your score directly, the speed of the game, etc). It's pretty hard to protect against all these, and usually takes more time and effort than the game is worth.
So the best rule is, expect your game to be hacked. Don't use it as a basis for giving away an expensive prize, for example (or at least, don't let it be obvious that the winner hacked the game or other players will get pissed off), unless all the logic happens on the server side.
But if you still want to try...
Let's say your game consists of three types of processes - Input (from the user), Logic (the app deciding what to do with the input), and Output (the result of the logic). Input and Output have to happen on the client side, or the user won't be able to interact with the game or see the results of their interactions - so these parts can never be fully secured, only validated as acceptable or not. However, the Logic (all or part) could be done on the server, where the user can't see it or modify it. The Flash game takes the user's input (maybe makes sure it's valid), and sends it to the server. The server checks that the input is valid, and if so performs the game logic, and sends the output back to the Flash game. If the input is NOT valid, perhaps silently keep that user (account ID or their IP address, for awhile) from adding to the high score list, or interacting with other players. Or boot them for 5 minutes, or something.
The main problem with this is (depending upon the type of game) lag in communicating with the server, and server load. If every little input/output has to go to the server, be processed, and then be sent back to the user, the game could run very slowly for the player; or if many people are playing at once, the server could crash. So you probably have to find ways to optimise this, and decide what should happen on the server, and what can safely happen on the client side (and be fairly well validated), etc.
Gambling-type and turn-based games are fairly easy to secure this way, though, since lag won't affect gameplay too much and there's not a lot of information going back and forth with the server. Say in a card game, the server tells the flash what cards to display for the user. The user can only choose which card to play - this choice is sent back to the server. The server calculates the results of the play, and the other players' moves, and then tells the flash what new cards/scores to display.
A real-time shooter, on the other hand? Even a game of Pong can be tricky. In those types of games, you could potentially send some data (user's x and y position, current health, ammo, score, framerate, etc) every now and then (maybe obfuscated, checksummed, compressed, via socket, etc) and the server can see if they should be 'possible' and decide whether to keep accepting input from the user, but that gets pretty tricky really quickly, and you'll probably get far more false-positives than catch actual hackers. -
Does anyone know how to protect rmbp against newst Malware that is going through JAVA?
I read an article on Appleinsider about a new Malware that is going through java and can affect newer macs. I bought my retina two weeks ago and have to use programs that use java. How can I protect my computer?
Thanks Kappy! I knew if anyone would know the answer, it would be you. I appreciate it.
-
How to protect OSX against Shellshock bug?
Is there a patch out already to protect against the just discovered Shellshock bug (which exploits bash)?
Per Linc Davis, a user here who knows more about Unix than pretty much anyone else here:
The issue only affects users who run a public server.
From your post:
my airport extreme just got hacked
And what does your router have to do with the issue? Router poisoning has been known to exist for a long time, which has absolutely nothing to do with Bash, or your Mac. It's a problem with routers being shipped with remote management enabled in its settings. Reset the router, then go into the settings and disable remote access. -
Protecting a swf from decompilation ?
The problem is the following i have an application that needs
to login to a server but in order to do that it has the admin
username and password in its actionscript.There is no way of
removing the password from the AS so i need a way to protect my
file from decompilation. Most important of all i have seen it is
possible , if you do not believe me try to decompile that ...
http://www.gotoandlearn.comIt's impossible to protect swf from decompilation, you can
only try to
obfuscate them with program like swfEncrypt.
But you even need this to achieve what you want, I'm quite
sure that
you should have a asp or php script on the server that really
do the
login put username and password only into them, they are
executed on
the server and user do not download them.
bye -
Protecting swf files from being decompiled
At the end of the day, our flex apps are deployed as swf
files which have the potential to be decomplied and thereby our
intellectual properties lost. There are tools in the market which
claim to secure the swf files from being decompiled. Are these
tools live up to their claims? Is it worthwhile to spend money on
these tools? Would the protected swf become harder to deployed? Any
good products already available in this line? Please point out
some. Thx.Most of the tools I have seen are geared towards extracting
resources from swf's. I use one myself (eltima.com) for
"harvesting" manufacturers content for my motorcycle dealers. They
are authorized to use this content, but finding someone at Yamaha
of Kawasaki or any of the majors who even knows where to find these
resources is next to impossible. I have also used it to learn from
by viewing scripts, but as you say, at the end of the day, I think
the concepts and best practices are about the only thing worth
taking away from others efforts, not the code.
Unlocking a protected file can be done as well and I remember
using a product over a year ago to get at the scripts within an swf
(I wanted the URL's that pointed to media - it was legal for me to
do this). It ran from the command line and output the scripts.
There aren't too many of these types of programs to be found, but
they exist.
My personal opinion is that it's not worth the effort. My
java classes can be decompiled and if someone wants to go to that
trouble, more power to them. To my knowledge, there isn't anything
out there yet that is perfect for backwards engineering an swf into
an MXML file, but a competitor of FLASH Decompiler says that they
can decompile Adobe 9 PLAYER swf's. For what it's worth, I plan on
posting the majority of my code on my flexdev.org site once I get
it established.
For people who make components for sale, this could be an
issue of stolen revenue if the decompilers get sophisticated enough
to reverse engineer the swc into a usable MXML file. I would be
against anyone who stole code for this purpose, for sure. -
How to protect a pdf-file in a pdf-portfolio against extraction?
How to protect a pdf-file in a pdf-portfolio against extraction?
You can't.
Portfolios are just a single-page document with a bunch of attached files - the act of opening one of those attachments is identical to the act of "extracting" it into a new document, so blocking it would stop the Portfolio from working. -
How do you protect yourself against DDOS attacks?
I'm starting a new job soon for an employer who has had the occasional ddos attack against their website.
Anyways I was wondering, how do you guys protect yourselves against ddos attacks?
The way my employer fought against it last time was rather unelegant and a sort of lucky situation. They noticed that all the attacks came from IPs which where located in foreign countries, so they simply blocked entire ip ranges which werent from the country they were providing the service for.
This seems like quite a drastic measure to me. After all, one goal of my employer is to become more international, and even if you cater only to local clientele, plenty of legitimate users could be across the border.
Specifically protecting Apache against DDOS attacks is what I would be interested in.
Can anyone suggest some software or setup I should research for this?A colleague of mine recently had one of his own servers under a DDOS attack. Nginx helped out a bit. But the holy grail in this case was Fail2ban.
Now, usually a DOS would mean that massive requests are issued within a short time. Such behaviour is easily identified and blocked. But how do you react when its distributed and each individual node is issueing requests at a normal rate?
Well in my tests I came to the conclusion that its all about the difference in typical behaviour of legitimate visitors to a site and automated requests as in the case of a DDOS attack.
For example, while a DOS bot might not issue requests at an alarmingly high rate (slow and steady wins the race), but will continually issue requests for hours.
So rather than trying to catch "burst" behaviour with requests crossing a certain threshold in a short amount of time, I instead configured fail2ban to check for IPs which crossed a certain threshold after an hour, and then block that IP for 24hours.
It might take a while to find the sweet spot. And it wont be effective immediately. But with a little patience the blocklist started to fill up, and after a few hours the DDOS'ers seemed to have run out of IPs from which to attack.
It makes sense if you think about it. A legitimate human user, will go to a site, and spend most of their time reading content, rather than klicking links. Well, usually anyways.
Also, I've noticed that bots always seem to hit the same URL. Meaning, the main url of the site, and not selecting any links within the site. While I suppose that it would be trivial to configure a bot to act more legitimately and have it actually klick through all available links, I think it kind of defeats the purpose. Or at least most script kiddies won't go that far.
If you know your way around with REGEXP, I'm sure you could come up with some really nicely custom-tailored rules for fail2ban to use in identifiying and blocking ips. So for example, rather than simply counting ANY connection made in the http logs, you could concentrate on IPs which only and continually access the main the url, over and over again.
Legitimate users will most likely click on other links as well, so if you manage to exclude these kinds of accesses from Fail2ban's counting mechanism, you minimize the chance of locking out legitimate users. -
How to protect customization in oracle apps files against autoconfig run
Hi,
how to protect customization in oracle apps files against autoconfig run.
For example:
Take wdbsvr.app file i have added a new dad configuration for APEX but when ever i run autoconfig it replaces all my customizations so could you please let us know how to protect these customizations .
Thanks.Hi,
Please see (Note: 270519.1 - Customizing an AutoConfig Environment).
Regards,
Hussein -
How to protect the lines in smartforms
hi gurus
i want to know how to protect the line in smartforms..
regards
baskarCheck this link.
http://www.saptechies.com/smartforms-protect-lines-in-main-window/
if you are using tables, there are two options for protection against line break: You can protect a line type against page break. You can protect several table lines against page break for output in the main area.
Protection against page break for line types Double-click on your table node and choose the Table tab page. Switch to the detail view by choosing the Details pushbutton. Set the Protection against page break checkbox in the table for the relevant line type. Table lines that use this line type are output on one page.
Protection against page break for several table lines Expand the main area of your table node in the navigation tree. Insert a file node for the table lines to be protected in the main area. If you have already created table lines in the main area, you can put the lines that you want to protect again page break under the file using Drag&Drop. Otherwise, create the table lines as subnodes of the file. Choose the Output Options tab page of the file node and set the Page Protection option. All table lines that are in the file with the Page Protection option set are output on one page
Regards,
Maha -
How to protect java source code?
Hi everybody
I love Java but I think that people can decompile my class file to take my source code!Like this program
http://kpdus.tripod.com/jad.html
How to protect our source code?Even you use Jar files, they can unzip them and decompile!
Thanks in advance!Use Java Obfuscator. Try one of these
http://preemptive.com/products/dasho/index.html
http://www.zelix.com/klassmaster/obfuscator.html
http://java-source.net/open-source/obfuscators -
How to protect sourcecode,i have seen,there are many programs,which can convert .Class files to .java files,ok,How to protect resourcecode.thanks
Write your code in C++ and compile it using a good optimizing compiler, like icc (Intel C++ Compiler). (Hand-written assembly code is relatively simple to be decoded because it must be small and understandable by its writer, a human being; Microsoft C++ is a good compiler, but generates machine code that is very understandable by a human being - you don't need to be an unemployed Russian guy with a PhD in number theory to break the code - just being a normal guy that has a lot of time to spend is enough. Try reading the very contrived code that icc generates and compares it with the MSVC++ compiler generated code...)
To make the C++ code being harder to be understood if disassembled, use the Standard C++ Library (STL) and use a lot of templatized code, but turn the optimization options to the maximum available.
Java and .NET languages are not very amenable to source code protection. Obfuscating tools are available, but if you understand the subject of the code, you can easily guess the original source code. For instance, you can try to decompile the code of RSA JSafe that comes with the Sun JCE. Even obfuscated by Dash-O it is perfectly possible to understand what algorithms are implemented. -
If someone steals my iPhone and deletes all pictures, that will sync to my Mac. So then all my photos are lost! How do I safeguard against this?
If your phone (plus syncing) is the only place you keep your pictures you are asking for trouble, theft or not. Back up onto an external hard disk which is only mounted when you need it, then nothing external can erase them. Then make use of Apple's facilities for protecting your phone:
If your iPhone, iPad, or iPod touch is lost or stolen - Apple Support
iCloud: Use Lost Mode
iCloud: Find My iPhone overview
Find My iPhone Activation Lock - Apple Support -
Hi,
Can i know whether there is any way to protect swf files from being decompiling. I have seen that some tools are available for decompiling the swf files. Can anybody help me by providing a tutorial for the same or any ideas.
Thank and Regards,
SreelashYes, as mantissao states, the best you can do for a SWF is to run it through an Obfuscator.
Google: Actionscrip Obfuscation and you will find some products to do this.
What it does is change the Actionscript in the SWF to make it "unreadable" by decompilers. In practice, what happens is this: Decompilers update constantly to work around any problems arising from new obfuscation techniques, and then new obfuscation techniques are created to stop the new decompilers. In the end, a decompiled SWF that was obfuscated becomes difficult to parse through, as all variable names are random strings of text, but not impossible.
Otherwise, the only method you can use is a streaming server (Adobe FMS, Red5, Wowza, etc) and offload all important Actionscript to the server. This would be reliable in protecting that Actionscript, but may not be worth the time and effort of setting it up. Plus, this is overkill if the only goal is to protect some "proprietary" code.
Maybe you are looking for
-
How to restrict the access of FUNCTION MODULE for others after transporting
A Function module needs to be executed in one server and should be executed when others try to access it.how to restrict the access of FM to one application server after being transported using SM59.
-
Greetings from India. we have some issues with some purchase invoice AP invoice. we buy some materials and some consumables which are second sale. The supplier give us an assessable tax invoice for us to avail the CENVAT tax credit, which is a diffe
-
I used a font on my logo from a logo creation site I paid to use and create my logo but now I can't find it anywhere. Is there anyway to create a similar one in Photoshop? The logo is on my website http://www.ducktoes.com. It is the Ducktoes Comput
-
64-bit itunes version stops sync when optimizing on my 5 days old notepad LENOVO G570. windows 7home premiun constantly closes itunes during this optimization. When i did troubleshooting it said application is incompatible, but this is the version th
-
Hi all, I have a CSS 11501 and want to make a trunk with it. I believe it can do this but I'm wondering wether it knows vtp (and I don't want to add a vtp-server to our network) Can't find anything about vtp-settings in the documentation. regards, Ra