The problem of having our Flash games encrypted while still working raises when we put sweat and blood to put our latest game into the wild and we want to protect it.
With so many encryptors/protectors/obfuscators around the web, choosing the right one could be an hassle.
I’ve chosen mine: Kindi’s secureSWF.
It has the most comprehensive set of options you can imagine. You can select the level of encryption, with some presets settings, you can prevent the SFW to be played locally and you can even sitelock it.
How does it work? secureSWF renames just about every identifier (including classes, symbol instances names, and even frame labels) in your ActionScript into short meaningless names that include unprinted characters. This means decompilers won’t read your code, and if they manage to do it, once the code will be exported, it will generate a lot of errors if you try to compile it.
Now I wanted to put some screenshot here and there, and finish the post, but Kindi’s guys published a lot of screenshots on their site, better than any screenshot I can take.
This made me angry, so I launched Sothink SWF Decompiler 6 and Flash Decompiler Trillix 5 to put secureSWF in troubles.
Then I took the SWF used in the Box2D slicing engine to see what happens.
This is the code you get with the Sothink SWF decompiler:
and this is the one displayed by Trillix:
Both are clean and perfectly understandable, while being a bit different.
Now, let’s compile the SWF using the safe option, which is the weakest encryption but ensures your final SWF to be working.
This is what Sothink returns:
And this is Trillix’s result:
Both codes are obfuscated, with Trillix’s looking a bit worse because of the way it calls methods. Trying to understand even a simple example like this one becomes really really hard, but the best has yet to come.
Decompiling the SFW made with the standard settings crashed Trillix while Sothink (which will be the only decompiler used for the tests from now on) returned this incomprehensible code:
Even with just the standard settings, I feel safe with this code, I don’t think people will bother trying to steal my games. They’d rather build their own game from scratch.
And what happens when I sitelock a game? Obviously it must add something like the code explained in this post.
Well, I sitelocked the movie to emanueleferonato.com, then I decompiled it and that’s what I found:
I suppose the lock lies in the highlighted code which calls this class:
I couldn’t even find the string “feronato” and searching into some files also made the decompiler to crash.
But I wanted to push more the test, so since it has a “Best size” protection, I tried it on a file which has been compressed as much as I could.
I am talking about the complete Bejeweled game in less than 2KB which SWF is only 2.035 bytes.
With secureSWF I managed to get a 1998 bytes file!!
There’s no doubt, secureSWF will be the Flash obfuscation software I will be using for a long time and I am highly recommending you to do the same.
I am using encryptors for years and at the moment this is the best choice on the market. And the professional edition costs less than a half of the cheapest Flash game sponsorship I got.