Securing SWFs, written in Actionscript 2 and 3.

Question

Hi there,

I have around 3000 SWF files, some are interactive which has lots of actionscripts and some are just animated lessons for mathematics. Currently, users have access to these files through a web interface (PHP). Even though access to these files are restricted for unregistered users, the registered users can still download the files by getting the swf link from the HTML source view.

I would like to achieve the following:

1) Securing ActionScripts both 2 and 3.

2) Prevent users from stealing our SWFs. (swf won't run if they download and execute on the local machine. but still they can decompile).

I'm aware of secureSWF from http://www.kindisoft.com which I've already tested. It works fine and best suit my needs. The problem is I've to convert all of my 3000+ swfs.

Apart from obfuscation, can anyone suggest me some best practices to secure our hard works?

Thanks in advance.

Answer 1

Ya that's rite! As Tom said, Obfuscation is the best available method now.

But my concern was, to obfuscate all 3000 over files will be a pain. So I came with something which will automate the process. I just wrote a small piece of VB.net application to do so. (more like a batch file). Have not finalized yet.

Answer 2

• Use Actionscrip obfuscator like SWF Protector from DComSoft ( http://www.dcomsoft.com ) as opposed to secureSWF it can protect both AS2 and AS3 at once. It should be able to handle pretty large/mass protection.

• Server side protection by using htaccess URL rewrite and hotlink preventing rules that will hide/mask the URL to your SWF