I've heard of a few 3rd-party solutions (sorry, I don't have any links handy). It isn't a built-in feature of AIR, however.
3rd party solutions don't work i've tried them all, i was asking same question in this forum but for now no answer, Adobe said "we consider this idea" the idea was to encrypt all source code in a local store or something just like sqlite air db
If it is impossible to distribute anything else than your source-code Adobe Air is at a major disadvantage.
One thing is flex, where it is possible to reverse-engineer the code with some effort and the right tools, but with Ajax everything is readable for everyone by default? Pretty silly if you ask me.
It's great if you want to give your software and code away for free and let everyone modify it, but I am planning to make a living. And until there is some way , however basic, I can make my sourcecode protected I'll consider all other options.
I really like the "run everywhere" - idea, but if I am forced to "share with everyone" I'm not really that tempted.
I suppose that for now, you can just minify or pack your source code prior to packaging your AIR file. Of course, the raw minified/packed source code will still be delivered with the AIR file.
There are a number of tools for this; I use the YUI Compressor. Just go the YUI developer center and download it.
I have a solution maybe. The Flash experts will tell me if it's possible to do:
2. Create an SWF file that has the key to decypher the JS file.
4. Protect the initalizer, decoder SWF with a good SWF decomplier protection tool: http://www.amayeta.com/software/swfencrypt/
If it's cool, then it would be great to have an app that creates you the encrypted files and provides a key, with the FLA template
question is how do you include the js from swf to eval it?
write it down on hdd, that is not a solution?
can you pass the decrypted js file from swf to browser without writing it to hdd?
Yes, this should be possible without writing it, since SWF files has access to everything. you can eval strings too.
Making more simple, It should be working with a simple getURL call from the SWF, passing the key.
as3corelib has a cool cryptography class.
Could someone please post a complete guide on how to encrypt a complete ajax-absed application in this way?
Ideally I would like a guide on how to transform my regular project to a encrypted ready-only-project step by step, wit hlinks to the nessesary files included ( some eksternal librarys were needed?)
I'll try to create a proof of concept application based on my idea, to test if this really works. I'll post it here.
here are just ideas we wait for someone to post an example.
i've tried jasob obfuscator is pretty good
Doesn't the YUI Compressor pretty much do the same thing as Jasob Obfuscator? From the looks of it, I think it does. Are there major differences between the two?
Tibor, posting a sample implementation of your suggestions would be fantastic! I look forward to seeing it.
basically it does the same thing, the difference is if you use complex js libraries like Extjs you can also rename the main classes like Ext. (or namespaces) you can't do that in yui compressor
but i didnt test it on a full scale project, that will come in the near future
did you managed to find a solution to this?