View Full Version : Hide actionscript

03-03-2009, 10:45 AM
I am trying to hide the actionscript in my swf. I do not want to have to use the different software available to do so. I want a simple script that can achieve a similar effect.

What I had in mind is to put the actionscript on my server and to have the swf ask for the actionscript when it is played. If the swf is being played from a browser window then the server will give the actionscript. if not then the actionscript is denied... Makes sense?

If yes...how can it be done :rolleyes::D

03-03-2009, 02:58 PM
Well, there is no foolproof way to do this. Reason is no matter what you do, someone can figure out how to retrace your steps. So yes you could hide the location of your actionscript, but it would be easy to track down with a decompiler.

Alternatively you can obfusicate the code, basically using a tool that makes the code only readable by a machine. Its great, except that the same tool that scrambles it can possibly be used to reverse it (since its a pattern replacement tool).

03-03-2009, 07:49 PM
hmm.. interesting... but how would the thief know which obfuscator i used ?

03-03-2009, 08:38 PM
Well they probably would be familiar with them and just test them. I don't know how many there are for AS, more exist for PHP and things like that, problem is that AS is already protected inside of the SWF, but once they get inside there is little to do.

My thoughts have always been to code boldly, and if they steal it you are more likely to benefit from putting a notice in your code comments asking for them to tell you.

03-04-2009, 08:58 AM
not good enough jeremy :eek: You cant work on something for months only to have some idiot take it in a few seconds of hacking.

There must be a solution. Why did adobe create such a product. It was not possible for them to make it unhackable. Iam sure if they put a little effort into it it could be done :mad:

03-04-2009, 10:27 AM
Adobe didn't create it originally, just for your info. It was started by Macromedia, and the whole idea was to provide some protection by it hiding in the swf, but that in order to have better development capabilities for others it had to be openable. Just like you spend a long time working on an HTML/CSS layout it can be swiped and copied, its because the code HAS TO BE AVAILABLE for the end user in order to be processed. Its not that they couldn't do more, but that its not why it was created.

I see you are really concerned about theft, but really the best solution is to follow the open source model, which encourages people to improve rather than to just steal. I'm sorry, but if you need a secure platform you will have to do something that doesn't download the script/files to the user, which means you will ultimately make it practically unusable. You'd have to make a compiled program, which still can be reversed engineered. There is NO WAY to make it 100% safe. The best you can do is deter them by making the code unreadable and putting a notice on your site.

Also, assess what you are doing. Are you really a big target? I haven't considered anything I have done to be worthy of theft, they are all really specific tasks that have little value to a hacker.

03-04-2009, 01:57 PM
well... its a bit of a tricky one.... we are creating a commercial solution which can only be distributed through flash as flash is on 99% of computers.... no other medium will do..... so we have no choice but to use flash ..... but then, from what i am hearing, the flash medium is easily hackable..... so what to do? :confused:

The last thing we want to do is to launch a new commercial service which we have spent almost a year to develop and then to have a competitor a week or two after our launch. :mad:

I will keep looking for the best way to hide the actionscript...:thumbsup: wish me luck :D

03-04-2009, 02:36 PM
Good luck, let me know if you find something.

Also be vigilant, so if your competition comes out with something almost the same and you can prove beyond doubt they swiped the code without permission, you can take legal action. Put that in your source code, and if you flex your muscles in the language you will scare away many people, and think about putting something easily distinguishable in your code, not just variables names because those are the easiest to change. Copyright does exist on code that you write, because its an expression of an idea.

My only idea is to somehow store most of the code behind a PHP security wall, and somehow (this is the part I don't know how to do) you have to verify that the document is being loaded from your server before PHP will send the data.

Also, perhaps its worth searching for some experts in Flash if you have significant business interests, better to spend a few bucks up front to secure yourself then to fight off someone later.

03-06-2009, 01:54 PM
here is an idea.... good or bad

Load actionscript into flash only if flash is loaded from a browser ....Flash will get its code from a php page..... if you try to open the php page directly, you will get nothing back.... the php page will only print code when it is called by the flash....