flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Chiverton ...@extravision.com>
Subject Re: Air apps easily decompiled and hacked
Date Tue, 25 Feb 2014 11:54:04 GMT
And ?

Unless you want your computer to start lying to you about what processes 
are running, and the code inside those processes, and also make tools 
like VirtualBox or Bochs illegal, effective DRM is impossible.
And you do not want you computer to start hiding things from you; it 
applies to the bad guys as well as the content creators.
See: Sony root kit

On the specifics you mention.

1) yes, you can recompile with the 'is registered' checks commented out 
for instance, but your server doesn't blindly trust the client to say 
'I'm userid 0, send me everything'. Right ? Right ?!?
2) there's no need to hide private signing or authenticating keys inside 
the application, this can all be kept server side.

Tom

On 25/02/2014 11:33, Alexander Farber wrote:
> "-1" since someone can take your app,
> decompile it, comment/shortcircuit the IAP/DRM
> and compile it back - as a "cracked" version...
>
> Or if you use any OAuth stuff - find the "secret"
> inside the app and then use it to impersonate other users.
>
> On Thu, Feb 20, 2014 at 1:59 AM, Joseph Balderson <news@joeflash.ca> wrote:
>
>> +1 totally agree.
>>
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________


Mime
View raw message