Tools to protect .SWF/code from decompiler?

Similar Messages

• How Can I protect my swf files from decompiling / saving

  I have navigated through the internet for a long time now but
  could not find the solution to my problem which is "how to protect
  my swf file from decompiling/saving"?
  I know that it CAN BE DONE and here is an example of a file
  on the internet that cannot be saved or decompiled using any
  software that I have come across (ie:SOTHINK decompiler, saveflash)
  http://www.3dinternet.com/video.swf
  Any help? any hints ?
  Thanks
  Hagop

  Hagop,
  > I have navigated through the internet for a long time
  now but
  > could not find the solution to my problem which is "how
  to
  > protect my swf file from decompiling/saving"?
  There is no way to protect your SWF from decompiling. Any
  commercial
  software on the market can be decompiled -- including the
  Flash authoring
  tool and Photoshop, for example -- which is why softare
  generally ships with
  an end user license agreement (EULA) that expects you to
  agree not to
  decompile or reverse engineer your purchase.
  Most Flash content (other than RTMP requests for video, for
  example) are
  HTTP requests, which by nature means the content is
  downloaded to your hard
  drive, just like HTML documents, CSS files, JPGs, and GIFs.
  Your browser
  requests the files, downloads them to your hard drive, then
  displays them
  from your local copy.
  > I know that it CAN BE DONE and here is an example of a
  > file on the internet that cannot be saved or decompiled
  using
  > any software that I have come across
  What you've seen, then, is merely the result of software
  that uses
  unknown (to you or to your sofware) encryption/obfuscation
  algorithms. Keep
  trying, and you'll eventually nail it.
  At best, you can use obfuscators to temporarily deter a
  certain segment
  of the decompiling-inclined population.
  David Stiller
  Adobe Community Expert
  Dev blog,
  http://www.quip.net/blog/
  "Luck is the residue of good design."

• How do java software developers protect their code from their customers...

  How do java software developers protect their code from their customers, if their code can be easliy decompiled? I will really like to know how to protect my .jar archives and .class files.
  Thanks,
  RilwanJ

  That depends on what you mean by 'protect', and how paranoid you are.
  The best way is with the license, but then... it's nearly impossible to know when someone violates the license.
  You could make the source available to them for a reasonable fee (many companies won't even consider your product unless they can get the source).
  And of course if you are really paranoid, you could obfuscate it. There are a bunch of tools around to do that. But obfuscating has it's own significant set of drawbacks.
  Ultimately if you want your customers to take you seriously, you have to trust them. Onerous protection will usually cause them to look elsewhere.

• Error during Custom Build - error PRJ0019: A tool returned an error code from "Performing Custom Build Step"

  Hi All,
  I was trying to develop C++ web service using GShop with Visual Studio 2005.I refered a tutorial :-
  http://guruce.com/blogpost/hosting-webservices-on-windows-embedded-compact-windows-ce-using-gsoap .
  AS per the tutorial i proceeded. But, i stuck-up when making a custom build with Helloworld.wsdl.Here is the output :
  1>------ Rebuild All started: Project: HelloWorldWebService, Configuration: Debug Pocket PC 2003 (ARMV4) ------
  1>Deleting intermediate and output files for project 'HelloWorldWebService', configuration 'Debug|Pocket PC 2003 (ARMV4)'
  1>Performing Custom Build Step
  1>'D:\Test' is not recognized as an internal or external command,
  1>operable program or batch file.
  1>Project : error PRJ0019: A tool returned an error code from "Performing Custom Build Step"
  1>Build log was saved at "file://d:\Test Code\HelloWorldWebService\HelloWorldWebService\Pocket PC 2003 (ARMV4)\Debug\BuildLog.htm"
  1>HelloWorldWebService - 1 error(s), 0 warning(s)
  ========== Rebuild All: 0 succeeded, 1 failed, 0 skipped ==========
  As given in the tutorial i kept my custom build command line as : -
  $(SolutionDir)\gsoap-2.8\gsoap\bin\win32\wsdl2h.exe -s $(InputPath) -o $(ProjectDir)$(InputName).h
  and outpouts : $(InputName).h
  I kept GSHOP in the project filder :- D:\Test Code\HelloWorldWebService
  Kindly help.
  Jyotiranjan

  Hi Jyotiranjan,
  I’m glad to hear that you got it working.
  Thank you for sharing your solutions
  experience here. It will be very beneficial for other community members who
  have similar questions.
  Best regards,
  Lucy
  Lucy Liu [MSFT]
  MSDN Community Support | Feedback to us
  Get or Request Code Sample from Microsoft
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• Easy way to protect source code from hackers?

  I did a search and couldn't come up with an answer.
  I added a password script for clients on my site, but I would like to be able to (inexpensively!) protect my code from hackers so they can't view passwords and usernames.
  Any one know of a good place to check?
  Thanks,
  Jim

  The other methods are like putting a No Trespassing
  sign on your door, hardly secure.
  I AGREE. That is why I said it was a "fast fix" and I also said, "However if someone disabled javascript, they could still view your source."
  Metaphorically
  speaking if you want a vault with a moat get MySQL if
  you want to keep your kids inside the playroom by
  means of a plastic barrier then go with
  Javascript/.htpasswd methods mentioned by other
  inexperienced users that are only looking for a
  "real fast fix".
  .htpasswd is hardly the equivalent of the javascript method.
  I am not looking for any fix, thanks. And I was just making suggestions, same as you.
  I am not an inexperienced iWeb user. I am inexperienced with MySQL and PHP. Lucky for me, this is the iWeb forum.
  If you do not think your photos are highly classified
  information (or something) then you might want to
  re-evaluate your professional priorities.
  They are probably copyrighted, they are personal, maybe they aren't for the public eye, but they are not exactly confidential. The OP said he wanted to protect the passwords in the source code. I offered two ways to do this.
  I'm sure
  you do care about the security of your photos online
  that's why iWebFAQ is defending your position on the
  security issue since it seems like it is not that big
  of a deal for some novice users that are simply
  looking for kudos.
  There you go, talking in third person again...
  I am not looking for kudos. In fact, I challenge you, Jasper, to find a thread where I am asking for thanks or points or stars or $5 donations or whatever. Go for it. You won't find one.
  Remember if you are Publishing to .mac you can set up
  your own Password Protection in iWeb as Old Toad
  first mentioned. This method is much more secure
  than the Javascript method later mentioned in an
  attempt to join this discussion.
  If you need any more help setting up MySQL feel free
  to contact iWebFAQ.
  And for just a $5 suggested donation, you can find out all about how hackers operate.

• Protecting swf files from being decompiled

  At the end of the day, our flex apps are deployed as swf
  files which have the potential to be decomplied and thereby our
  intellectual properties lost. There are tools in the market which
  claim to secure the swf files from being decompiled. Are these
  tools live up to their claims? Is it worthwhile to spend money on
  these tools? Would the protected swf become harder to deployed? Any
  good products already available in this line? Please point out
  some. Thx.

  Most of the tools I have seen are geared towards extracting
  resources from swf's. I use one myself (eltima.com) for
  "harvesting" manufacturers content for my motorcycle dealers. They
  are authorized to use this content, but finding someone at Yamaha
  of Kawasaki or any of the majors who even knows where to find these
  resources is next to impossible. I have also used it to learn from
  by viewing scripts, but as you say, at the end of the day, I think
  the concepts and best practices are about the only thing worth
  taking away from others efforts, not the code.
  Unlocking a protected file can be done as well and I remember
  using a product over a year ago to get at the scripts within an swf
  (I wanted the URL's that pointed to media - it was legal for me to
  do this). It ran from the command line and output the scripts.
  There aren't too many of these types of programs to be found, but
  they exist.
  My personal opinion is that it's not worth the effort. My
  java classes can be decompiled and if someone wants to go to that
  trouble, more power to them. To my knowledge, there isn't anything
  out there yet that is perfect for backwards engineering an swf into
  an MXML file, but a competitor of FLASH Decompiler says that they
  can decompile Adobe 9 PLAYER swf's. For what it's worth, I plan on
  posting the majority of my code on my flexdev.org site once I get
  it established.
  For people who make components for sale, this could be an
  issue of stolen revenue if the decompilers get sophisticated enough
  to reverse engineer the swc into a usable MXML file. I would be
  against anyone who stole code for this purpose, for sure.

• [CS3 SDK] Error "A tool returned an error code from"

  Hello!!!
  I'm starting to develop plug-ins on InDesign using the first exercise of tutorial (WriteFishPrice) with VisuaStudio C++ 2008 ExpressEdition.
  When I try to compile my source I got this message:
  In compiling error does not occur none (0 Failed, 0 warnings, 0 skips)
  In compiling error does not occur none (0 Failed, 0 warnings, 0 skips).
  To me it describe that me code are working fine, but the PlugIn does not work, it is generated, but when put in the plugins folder of InDesign gives error to start.
  (Adobe InDesign cannot load the WRITEFISHPRICE.PLN plug-in. The WRITEFISHPRICE.PLN plug-in requires the debug version of InDesign. Please contact the vendor to get a compatible version of WRITEFISHPRICE.PLN)
  I'm posting the low response from the compiler, if someone could help me I would be grateful.
  http://www.denisramos.com/sidnei/BuildLog.htm
  Thanks

  From the build log, you have a build events which are trying to execute
  odfrc and merge_res.cmd.
  both are in the SDK bin folder; for me it's C:\Adobe\CS2SDK\devtools\bin
  You need to add the path to the equivalent folder either for the project in Visual Studio.
  I'm surprised you have a pln created, but in any case the resources won't be correct.

• Protecting a swf from decompilation ?

  The problem is the following i have an application that needs
  to login to a server but in order to do that it has the admin
  username and password in its actionscript.There is no way of
  removing the password from the AS so i need a way to protect my
  file from decompilation. Most important of all i have seen it is
  possible , if you do not believe me try to decompile that ...
  http://www.gotoandlearn.com

  It's impossible to protect swf from decompilation, you can
  only try to
  obfuscate them with program like swfEncrypt.
  But you even need this to achieve what you want, I'm quite
  sure that
  you should have a asp or php script on the server that really
  do the
  login put username and password only into them, they are
  executed on
  the server and user do not download them.
  bye

• Protecting SWF files.

  Hi,
       Can i know whether there is any way to protect swf files from being decompiling. I have seen that some tools are available for decompiling the swf files. Can anybody help me by providing a tutorial for the same or any ideas.
  Thank and Regards,
           Sreelash

  Yes, as mantissao states, the best you can do for a SWF is to run it through an Obfuscator.
  Google: Actionscrip Obfuscation and you will find some products to do this.
  What it does is change the Actionscript in the SWF to make it "unreadable" by decompilers.  In practice, what happens is this: Decompilers update constantly to work around any problems arising from new obfuscation techniques, and then new obfuscation techniques are created to stop the new decompilers.  In the end, a decompiled SWF that was obfuscated becomes difficult to parse through, as all variable names are random strings of text, but not impossible.
  Otherwise, the only method you can use is a streaming server (Adobe FMS, Red5, Wowza, etc) and offload all important Actionscript to the server.  This would be reliable in protecting that Actionscript, but may not be worth the time and effort of setting it up.  Plus, this is overkill if the only goal is to protect some "proprietary" code.

• Need to protect page views from showing CF coding

  I am building an application for a client that involves a
  considerable amount of cfml. I've spent a hundred hours building
  and testing this code. I would like to somehow protect this code
  from being copied (or downloaded) and re-used (or modified once
  downloaded) by someone other than me. In other words I don't the
  client cloning my code and making it work in-house. Not that they
  would but... you never know who they may hire down the road. Since
  I'm a novice ColdFusion user I need a simple solution. Protecting
  on a file-by-file or directory basis would be great. Any help would
  be greatly appreciated.

  ColdFusion has the encode utility that can be run on your
  templates to
  make them harder to read. The documentation will tell you
  how.
  http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_02.html
  At the bottom of the page: "Note: You can also use the
  cfencode utility,
  located in the cf_root/bin directory, to obscure ColdFusion
  pages that
  you distribute. Although this technique cannot prevent
  persistent
  hackers from determining the contents of your pages, it does
  prevent
  inspection of the pages. The cfencode utility is not
  available on OS X."
  I believe CF8 and maybe CF7 now supports the ability to just
  export the
  compiled Java byte code for your application so you do not
  have to give
  the source code, but I have never done this.
  http://livedocs.adobe.com/coldfusion/8/htmldocs/deploying_5.html#117556
  Neither of these are full proof. There are known tools that
  are capable
  of un-encoding encoded ColdFusion templates and reverse Java
  byte code
  back into source code. But it at leasts inconveniences the
  casual
  sneak, just like locking your doors does.

• What's the best way to protect my code?

  What's the best way to protect my code from people reading it? Do obfuscators work well? If so, which one is really good?

  Obfuscation helps but is not a complete solution.
  Here is an idea to consider. Take the binaries(*.class) of the files you wish to protect and encrypt them. This would require you to write a small utility...not too hard. When you want to use these classes you decrypt them and dynamically load them. You could make a custom classloader to handle the details if you want to get fancy. The security of your classes would rest on the quality of the encryption you choose. A scheme such as this would be tough to reverse engineer using available tools.

• Graphic tool to generate java code

  Does it exist any graphic tool that generates java code from the shapes? something like the form editor of Netbeans for example, or a plugin for other graphic editors like adobe photoshop...
  tnx a lot
  I tried to search through the the whole web or java.sun.com, but i cannot get less then 350000 sites...
  Wil

  Possibly free, of course :)

• Protecting EXE, PDF and SWF files from piracy

  I am hoping others in the community have some experience with protecting their Captivate output (EXE and SWF files) from piracy.  We will be selling our eLearning products developed with Captivate through our online store and want to protect them against file sharing and other forms of piracy.  I have found several companies online offering DRM (digital rights management) and SAS (software activation services) that require users to enter a license key to use the products.  I am looking for any recommendations from users who have implemented these types of services.  What provider did you use and what issues did you encounter.  Any insights would be greatly appreciated!
  Thanks,
  Jason

  Most of the tools I have seen are geared towards extracting
  resources from swf's. I use one myself (eltima.com) for
  "harvesting" manufacturers content for my motorcycle dealers. They
  are authorized to use this content, but finding someone at Yamaha
  of Kawasaki or any of the majors who even knows where to find these
  resources is next to impossible. I have also used it to learn from
  by viewing scripts, but as you say, at the end of the day, I think
  the concepts and best practices are about the only thing worth
  taking away from others efforts, not the code.
  Unlocking a protected file can be done as well and I remember
  using a product over a year ago to get at the scripts within an swf
  (I wanted the URL's that pointed to media - it was legal for me to
  do this). It ran from the command line and output the scripts.
  There aren't too many of these types of programs to be found, but
  they exist.
  My personal opinion is that it's not worth the effort. My
  java classes can be decompiled and if someone wants to go to that
  trouble, more power to them. To my knowledge, there isn't anything
  out there yet that is perfect for backwards engineering an swf into
  an MXML file, but a competitor of FLASH Decompiler says that they
  can decompile Adobe 9 PLAYER swf's. For what it's worth, I plan on
  posting the majority of my code on my flexdev.org site once I get
  it established.
  For people who make components for sale, this could be an
  issue of stolen revenue if the decompilers get sophisticated enough
  to reverse engineer the swc into a usable MXML file. I would be
  against anyone who stole code for this purpose, for sure.

• Prevent SWF files from being decompiled back into FLA format

  Some programs such as Sothink SWF Decompiler may be used to
  decompile the SWF files back into FLA format. Even the ActionScirpt
  inside the SWF files can be decompiled as well! No one can even
  tell the difference between the original FLA file and the compiled
  FLA file! What can we do to prevent this from happening? I heard
  that we may protect the SWF files by using ActionScript Obfuscator.
  Is it true? How to do that? Please help, I must do something on
  it.

  Ng Jackie wrote:
  > Some programs such as Sothink SWF Decompiler may be used
  to decompile the SWF
  > files back into FLA format. Even the ActionScirpt inside
  the SWF file can be
  > decompiled as well! No one can even tell the difference
  between the original
  > FLA file and the compiled FLA file! How can we do to
  prevent this from
  > happening? I heard that we may protect SWF files by
  using ActionScript
  > Obfuscator. Is it true? How to do that?
  It's not true. SWF can't be protected.
  There are companies trying to sale products claiming they can
  protect SWF
  file, don't fall for that.
  In order to protect the file they jam the code and name of
  variables and functions.
  This however does not go w/o consequence. There is only how
  much you can mess the
  file up before the player will be unable to run it. Very
  risky games if you do that.
  One of the tools that was doing that, produced files which
  stop working with next
  player upgrade. From version 7 to 8. Than you just can't open
  it anymore.
  Secondly, as soon as such tool appear, the producers of
  decompilers provide antidotes.
  Upgrades with work around for the protection.
  Best Regards
  Urami
  !!!!!!! Merry Christmas !!!!!!!
  Happy New Year
  <urami>
  If you want to mail me - DO NOT LAUGH AT MY ADDRESS
  </urami>

• How to protect swf from hackers!!!

  Hi, I have made many games is it any way that I can protect my swf from flash developers who want hack my game???..
  First I was tried way load game swf's into preloader swf and call it by Iframe most flash developers just get only my preloader.swf unable to get game..
  but now few did this... now i am searching way that to protect swf from flash dicompilors???

  Flash runs on the 'client side', which makes it vulnerable. There are several ways to hack a Flash game - intercepting and modifying/faking communications with the server (ie, sending fake values to your 'highscores.php' or whatever, say using an app like Fiddler2), decompiling the .swf to see how it communicates with the server (and any encryption or obfuscation it might be using to try and protect communications), or even directly editing the memory being used by the game (ie, using CheatEngine to change your score directly, the speed of the game, etc). It's pretty hard to protect against all these, and usually takes more time and effort than the game is worth.
  So the best rule is, expect your game to be hacked. Don't use it as a basis for giving away an expensive prize, for example (or at least, don't let it be obvious that the winner hacked the game or other players will get pissed off), unless all the logic happens on the server side.
  But if you still want to try...
  Let's say your game consists of three types of processes - Input (from the user), Logic (the app deciding what to do with the input), and Output (the result of the logic). Input and Output have to happen on the client side, or the user won't be able to interact with the game or see the results of their interactions - so these parts can never be fully secured, only validated as acceptable or not. However, the Logic (all or part) could be done on the server, where the user can't see it or modify it. The Flash game takes the user's input (maybe makes sure it's valid), and sends it to the server. The server checks that the input is valid, and if so performs the game logic, and sends the output back to the Flash game. If the input is NOT valid, perhaps silently keep that user (account ID or their IP address, for awhile) from adding to the high score list, or interacting with other players. Or boot them for 5 minutes, or something.
  The main problem with this is (depending upon the type of game) lag in communicating with the server, and server load. If every little input/output has to go to the server, be processed, and then be sent back to the user, the game could run very slowly for the player; or if many people are playing at once, the server could crash. So you probably have to find ways to optimise this, and decide what should happen on the server, and what can safely happen on the client side (and be fairly well validated), etc.
  Gambling-type and turn-based games are fairly easy to secure this way, though, since lag won't affect gameplay too much and there's not a lot of information going back and forth with the server. Say in a card game, the server tells the flash what cards to display for the user. The user can only choose which card to play - this choice is sent back to the server. The server calculates the results of the play, and the other players' moves, and then tells the flash what new cards/scores to display.
  A real-time shooter, on the other hand? Even a game of Pong can be tricky. In those types of games, you could potentially send some data (user's x and y position, current health, ammo, score, framerate, etc) every now and then (maybe obfuscated, checksummed, compressed, via socket, etc) and the server can see if they should be 'possible' and decide whether to keep accepting input from the user, but that gets pretty tricky really quickly, and you'll probably get far more false-positives than catch actual hackers.