Fresh freeware freezes freeloaders.
"One of the obvious concerns in Flash developer community is the threat of intellectual property theft. In this highly competitive environment, anyone with the mechanized assistance of a good decompiler can inspect the artwork and ActionScript code in your elaborately designed Flash files. It is possible and easy for a competitor to crib your work, if not copy outright, without your permission. For many Flash artists and programmers who create commercial multimedia productions, this annoying issue is becoming a major headache."
Yes, paranoia certainly is rife these days. But it won't cost you the earth to protect your bits, because Genable's new ActionScript Obfuscator is a free Windows program. Just run it, and it will make life eminently more difficult for someone to share your code.
Obfuscated SWF files (not compressed ones, since they aren't supported yet) have been tested to work in Flash Player 5 and 6. Thwarted decompilers include: Burak's Action Script Viewer (ASV) 2.0/2.5/3.0, LiveTronix SWF Scanner 2.6, and Sothink SWF Decompiler MX 2002.
Does obfuscation for reasons other than privacy and data security go against the View Source philosophy of the Web?
Just how long does an ActionScript program have to be before it's worth protecting?
If the makers of obfuscation programs are so concerned with "piracy" then why is their software free?
Replies: 10 comments
1) It is impossible to completely protect your SWF files. It's just a matter of time before those ActionScript decompilers are updated to understand any new obfuscation algorithms. If the Flash Player can download it and interpret the file, then so can any other program.
What if every SWF was encrypted and only the Flash Player had the secret key to decrypt it? Hackers could just disassemble the FLASH.OCX code to hunt for the secret key. Don't laugh. This happened to Microsoft: Wired News: MS Denies Windows 'Spy Key'
I also wonder how much the obfuscation process affects performance?
posted by Claim Jumper (), 08/06/2002 10:57 AM CST
2) In fact, it's possible to make your SWF file very very hard to decompile. [1] Not all low-level code in SWF can be interpreted to a high-level language (ActionScript). The author of flasm has presented several subtle examples on his homepage. [2] Branch instructions can be used to make the control-flow very confusing to a decompiler. [3] Tricks like identifier-scrambling are information-lossy and irreversible.
I don't know much about ASO. But I do believe the great power of a good obfuscator.
Just check numerous mature obfuscators for Java or .Net IL yourself. And you'll also believe the potency of such programs.
P.S. Java, IL and ActionScript are similar in their stack-based nature.
posted by Clark Lepoint (), 08/06/2002 11:53 AM CST
3) I first learnt how to make web pages by doing the view source thing, so I guess I have never liked this kind of thing... Even the old 'no right click' thing always annoyed me, and usually just made me more likely to try harder to get the source. Which is what people will probably do with this Obfuscator.
But, y'see I am a basically honest person who used the source files to learn, not to copy or steal... and I suppose their are some unscrupulous bods out there.
Tough question...
posted by scottp (), 08/06/2002 03:02 PM CST
4) First of all, there is no way to determine whether or not the end user is stealing or studying your work. Secondly, an html page is drastically different from a flash movie. Html pages consist of very simple tags that are easy to learn and code. Flash is much more complex, expensive, and professionally oriented. Chances are that stealing html code will accomplish little in the graphics-oriented web we have today. Flash games and applications, on the contrary, can be effectively ripped to great profit! There are enough people out there willing to release their code that all flash theft is inexcusable
Generally, any actionscript that is common knowledge is not worth protecting. Like I said, obfuscation is most valuable in games and applications, where profit can be earned.
Its obvious that the makers of obfuscation programs are feel the loss of the flash community due to ASVs and similar technology. How does the fact that their software is free affect its value in fighting "piracy". I don't see a connection.
posted by MixMatch (), 08/06/2002 03:18 PM CST
5) No matter how great the obfuscator, there is one "decompiler" that can never be defeated.
This "decompiler" is the many forums and tutorial repositories created and maintained by the flash community! If you see something and can't figure out how it was done yourself, you can be sure there is a forum with someone ready and willing to provide a solution (asking nicely helps)!
Forums--the best example of open source cooperation, and the nemesis of all obfuscators!
posted by Jerry Jasuta (), 08/06/2002 05:40 PM CST
6) I just thought it was amusing to see a piracy fighting tool given away for free. The irony alone is at least worth a smile.
posted by emberton (), 08/07/2002 12:21 AM CST
7) I think that code obfuscation, along with some other techniques, is an important step for the adoption of Flash for large application design and UI front-ends. Large enterprise organizations will not adopt Flash if any person off the street can open up a SWF and view the code and algorithms that make the software unique and sellable.
It is funny that this article is coupled with the announcement of the ActionScript Interpreter. That component could be used to further obfuscate code by keeping it external from the application. It too is an important step and I am going to make a Nielsen-like prediction (see the first 3/31/99 article) that Flash applications will be more prevalent in the near future.
I am sure that someone will come along and find a way to capture and decompile the code, even if it is sent dynamically via HTTPS to an interpreter. Nothing is completely safe. What enterprise developers need is a technique to make it extremely difficult and time consuming to steal Flash files.
posted by Mr. Potato (), 08/07/2002 12:25 AM CST
8) If this obfuscator were not free, ASV would have been updated in no time.
As the authors of ASV, we have all the tech to write an obfuscator. Bu we don't, because we don't find it ethical to do so. (providing both a decompiler and an obfuscator when both of them are not free).
posted by Burak KALAYCI (), 08/08/2002 03:56 PM CST
9) Those are fighting words!
posted by Mr. Potato (), 08/08/2002 10:11 PM CST
10) I think server-side code could help to protect the sources. I don't know anything about it, but if those code behaves like php it's almost secure, ... I think.
posted by Dragon (), 08/14/2002 01:26 AM CST
![[Valid RSS]](http://www.actionscript.com/archives/valid-rss.png "Validate my RSS feed"){kind=small}
