1 Reply Latest reply on Apr 7, 2008 8:29 PM by cxf02

    Protecting swf files from being decompiled

    Isaac Fung
      At the end of the day, our flex apps are deployed as swf files which have the potential to be decomplied and thereby our intellectual properties lost. There are tools in the market which claim to secure the swf files from being decompiled. Are these tools live up to their claims? Is it worthwhile to spend money on these tools? Would the protected swf become harder to deployed? Any good products already available in this line? Please point out some. Thx.
        • 1. Re: Protecting swf files from being decompiled
          cxf02 Level 1
          Most of the tools I have seen are geared towards extracting resources from swf's. I use one myself (eltima.com) for "harvesting" manufacturers content for my motorcycle dealers. They are authorized to use this content, but finding someone at Yamaha of Kawasaki or any of the majors who even knows where to find these resources is next to impossible. I have also used it to learn from by viewing scripts, but as you say, at the end of the day, I think the concepts and best practices are about the only thing worth taking away from others efforts, not the code.

          Unlocking a protected file can be done as well and I remember using a product over a year ago to get at the scripts within an swf (I wanted the URL's that pointed to media - it was legal for me to do this). It ran from the command line and output the scripts. There aren't too many of these types of programs to be found, but they exist.

          My personal opinion is that it's not worth the effort. My java classes can be decompiled and if someone wants to go to that trouble, more power to them. To my knowledge, there isn't anything out there yet that is perfect for backwards engineering an swf into an MXML file, but a competitor of FLASH Decompiler says that they can decompile Adobe 9 PLAYER swf's. For what it's worth, I plan on posting the majority of my code on my flexdev.org site once I get it established.

          For people who make components for sale, this could be an issue of stolen revenue if the decompilers get sophisticated enough to reverse engineer the swc into a usable MXML file. I would be against anyone who stole code for this purpose, for sure.