Protect your Flex/Flash (SWF) files with encryption

If you develop for the web using Adobe Flex or Flash technologies, your end product is a SWF file that is run in the browser with the Adobe Flash Player.  This allows the development of rich internet applications (RIA) with very dynamic interfaces.  By definition, any time you are running  your application on the client side like this, you expose your application to reverse engineering.  There are tools available that allow unscrupulous developers to decompose the SWF file into its source code (typically FLA format).  This allows them to copy, edit, and do what they will with your code.

Although you can never protect yourself at 100% when running code in the client, there are solutions out there that let you to obfuscate and encrypt your SWF files that will thwart standard attempts at decomposition.

As a Flex developer I have searched through and tried many of the different tools out there and my preferred choice is SWF Encrypt from Amayeta. This allows you to encrypt pretty much any SWF file very quickly.  I have exposed my Flex enabled site to a security test by a third party that attempted multiple approaches to decompose my SWF with no luck.

If you are creating SWF files using the Flex SDK you may run into some errors after encryption.  If you do, set change the setting for “Encrypt Names” to “False” and it should work better for you.

SWF Encrypt Settings

Change "Encrypt Names" setting to "False" for Flex apps

There is a slight overhead in the encryption that results in a slightly bigger SWF file.  As an example, here is the result of the last Flex app that I encrypted using SWF Encrypt 6.0:

------------------------------------------------------ Encryption Completed Successfully! ------------------------------------------------------ Size Before Encryption: 679984 Bytes Size After Encryption: 753037 Bytes ------------------------------------------------------

For me this is an acceptable trade off for the peace of mind that comes with having a protected SWF online.

You can purchase SWF Encrypt through Crackednoodle’s affiliate links below:

2 Responses to “Protect your Flex/Flash (SWF) files with encryption”

Leave a Reply

*
Get Adobe Flash player