custom software design

ArticlesFlash Actionscript Source Code Obfuscation
custom software design

Source code obfuscation has been an important topic in the world of computer programming. It has been around for years and it includes all programs, programming languages especially in today's online world of Flash "actionscript" programming. In computer science, source code (commonly just source or code) is any collection of statements or declarations written in some human-readable computer programming language. Source code is the mechanism most often used by programmers to specify the actions to be performed by a computer.

What is source code obfuscation?
Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose (a form of security through obscurity), to deter reverse engineering, or as a puzzle or recreational challenge for readers.
custom software design

Programs known as obfuscators transform human-readable code into obfuscated code using various techniques. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit is modified to hide its functionality. Normally in programming languages like visual Basic, VB.Net, C++, C-Sharp, this is done automatically at compile time.

For some reason though, Adobe (formerly called Macromedia) has dropped the ball when turning your flash program into a SWF. What I mean by that is that it is easily read and can be reverse engineered without much effort at all. Why they did not see this, who knows, maybe budget reasons. Well this has opened up a whole new market.

There are number of products on the market that allow you to obfuscate your code:

What to look for in a good Flash Actionscript 3 Obfuscation program?

#1. Choose a program that allows you to choose which variables to encrypt. This is important because some variables may be called outside the flash file and you don't want to encrypt these for this may cause the flash not to work. By selecting which variables you encrypt, it gives you the most control.

#2. Choose a program that will remove header information out of the images and compress. Does a flash obfuscation program allow you to remove this information. This will make it harder for a decompiler to determine the important images in your flash application.

#3. Choose a program that will encrypt strings. This will make important string information hard to reverse engineer and figure out.

#4. Choose a program that will not use too much overhead. While most flash obfuscation programs will make your SWF file larger, it is important to choose one that won't make it excessively large, or for that matter even smaller.

#5. Chose one that will make the file not work with decompilers at all. The best way to protect a compiled program is to crash the decompiler.

For my flash 8 actionscript 2 code, I found that Amayeta's SWF Encrypt v4.0 works great. They obfuscate the code and it's nearly impossible to understand anything they did but it works great, uses very little overhead and my flash project size only increased a very small amount.

For my actionscript 3 code, after a lot of research trial and error, I like Eramsoft's Flash Secure Optimizer. They do a great job at making code very unfriendly and no fun to read and understand, reverse engineer, and do a nice job of the decompiler. Furthermore, they allow you to choose what to encrypt and what to leave alone. This works well when you need to pass variable information from one flash application to another.

Both companies work well in my opinion for the respective versions of actionscript. Of course there are always more ways one can do to help make code more secure. Encrypting your own strings, images are only a few. If a hacker really wanted to hack your program, then he/she can do so.

But a hacker need to keep in mind that 99 out of 100 times it will take longer, a LOT longer, and a LOT more costly and a real pain to reverse engineer a obfuscated software program than it will for them to write one from scratch.

Finally keep in mind that if the hacked program is copyrighted than it becomes a whole another legal issue.