Flex / Air obfuscation

Shawn picture Shawn · Aug 7, 2008 · Viewed 8.2k times · Source

I've written (most of) an application in Flex and I am concerned with protecting the source code. I fired up a demo of Trillix swf decompiler and opened up the swf file that was installed to my Program Files directory. I saw that all of the actionscript packages I wrote were there. I'm not too concerned with the packages, even though there is a substantial amount of code, because it still seems pretty unusable without the mxml files. I think they are converted to actionscript, or atleast I hope. However, I would still like to explore obfuscation.

Does anyone have any experience with Flash / Actionscript 3 / Flex obfuscators? Can you recommend a good product?

Answer

Borek Bernard picture Borek Bernard · Sep 25, 2008

The procedure suggested by maclema will not really stop any attacker from obtaining the source - the "wrapper application" will need to be unencrypted so the attacker will be able to find out that you use AES (or any other algorithm) and he will obtain the decryption key in a similar way (because it needs to be in plaintext somewhere). Once he has this, he will be able to decrypt your SWF file easily.

The only reliable solution (well...) is some kind of obfuscator - we use Amayeta which works for Flex in the latest version - please see http://www.amayeta.com/software/swfencrypt/ .