Any reverse engineers have experience with secureSWF?
I\'m writing a flash application and am afraid that it will be decompiled. In order to minimize this chance, I want to obfuscate the file.
I have heard of secureSWF
-
I don't have extensive experience with obsfuscators, but some months ago I was asked to try a couple of them for a specific project (it was actually a --rather simple-- multiplayer game). I tried SecureSWf and Amayeta SWFEncript (both trial versions, which were fully functional, if I recall right).
Both had some problems with the more "advanced" features. If I'd choose just to rename identifiers, things would work smoothly. But even with the default settings (a minimum of control flow obfuscation), one of the obfuscators produced illegal bytecode, i.e. it would be rejected by the player's verifier. This produces an exception and that's about it. I really can't recall which one, but it failed as soon as you run the swf.
I didn't test much further, but it made me see this is something you have to take into account as well. There's an extra cost in using this tools. It could be acceptable or not for your purposes, but you should account for it. Once you change and twist you swf, it's not the same swf you've debugged and tested anymore. So, now you'll have twice as work testing, cause there's a chance the obfuscator has introduced bugs. The one I saw was pretty evident and blew the player right away, but there could be subtler, harder ones. And if you happen to have a bug that only shows in your "secure" version (or worse, it looks like it only happens in your secure version, but you're not positive), debugging it will not be fun.
Of course, this is not a proper review, just my limited experience. Most obfuscators have free trials so you can try them yourself. And I should also say that the decompiled and disassembled code was well, really obfuscated, and making sense out of it would be a daunting task.
Yet, I thought I would add a different perspective, which is not often mentioned.
加载中...
- 热议问题