flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Smith <gosm...@adobe.com>
Subject RE: Air apps easily decompiled and hacked
Date Wed, 19 Feb 2014 20:33:24 GMT
Are you sure the others that aren't obscured are locals? I'd bet they're instance variables.

- Gordon

-----Original Message-----
From: Sean Thayne [mailto:sean@skyseek.com] 
Sent: Wednesday, February 19, 2014 12:24 PM
To: users@flex.apache.org
Subject: Re: Air apps easily decompiled and hacked

Ya, you right Alex, I re-checked, and there are not comments. It does keep
trace() calls though.

I also noticed that it does obscure some local vars into _loc_# vars, and but it doesn't obscure
others, which I think is kinda weird.

-Sean Thayne


On Wed, Feb 19, 2014 at 11:47 AM, Alex Harui <aharui@adobe.com> wrote:

> Comments are easily viewable?  I don't think so.  It also depends on 
> whether you have the original source files or not.  For Google 
> Closure, if you have a source map, you can get back to the source as well.
>
> Try dumping out an export release version of one of your SWFs.  Sure 
> you can get back from the byte code to the basic algorithm, but I 
> don't think it is that much easier than deciphering a minified js or 
> even looking at intel byte code in an EXE file.
>
> -Alex
> ________________________________________
> From: Sean Thayne <sean@skyseek.com>
> Sent: Wednesday, February 19, 2014 8:21 AM
> To: users@flex.apache.org
> Subject: Re: Air apps easily decompiled and hacked
>
> I'm actually more concerned about the plain readability of the AS3, 
> even comments are easily viewable. Where as a JS site that has been 
> compile with Google Closures is minimized and heavily obscured. I feel 
> like it would be very easy to steal someones hard work.
>
> -Sean Thayne
>
>
> On Wed, Feb 19, 2014 at 9:18 AM, Gary Yang <flashflexpro@gmail.com> wrote:
>
> > Client side can not be trusted, server api should always be the 
> > security gate!
> >
> > After all there are certain applications that can encrypt Flash 
> > applications, Javascript application is just plain text!!!
> >
> >
> > On Wed, Feb 19, 2014 at 11:08 AM, Sean Thayne <sean@skyseek.com> wrote:
> >
> > > Anybody else concerned about decompilers like SoThink?
> > >
> > > http://www.ericzhang.me/cracking-adobe-air-applications/
> > >
> > > -Sean Thayne
> > >
> >
>

Mime
View raw message