On 4/30/10, Paul Melson <pmelson (at) gmail (dot) com [email concealed]> wrote:
> On Thu, Apr 29, 2010 at 2:05 AM, 0x4150 <0x4150 (at) gmail (dot) com [email concealed]> wrote:
>> Has anyone done obfuscation of a flash application? If so, what
>> tool(s) would you recommend?
>
> I wouldn't recommend any of them as a way to actually secure anything
> as the end result must still be a SWF file that Flash Player can parse
> correctly, and therefore they can be decompiled or debugged in order
> to reverse the code.
>
> The only example of obfuscated ActionScript that I've seen to date has
> been a malware dropper. In that case it was about 20 minutes by hand
> to reverse. About 1 minute for Wepawet to do the same.
>
> PaulM
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
--
Sent from my mobile device
-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP
http://www.owasp.org
--
"Si vis pacem, para bellum"
--
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
On 4/30/10, Paul Melson <pmelson (at) gmail (dot) com [email concealed]> wrote:
> On Thu, Apr 29, 2010 at 2:05 AM, 0x4150 <0x4150 (at) gmail (dot) com [email concealed]> wrote:
>> Has anyone done obfuscation of a flash application? If so, what
>> tool(s) would you recommend?
>
> I wouldn't recommend any of them as a way to actually secure anything
> as the end result must still be a SWF file that Flash Player can parse
> correctly, and therefore they can be decompiled or debugged in order
> to reverse the code.
>
> The only example of obfuscated ActionScript that I've seen to date has
> been a malware dropper. In that case it was about 20 minutes by hand
> to reverse. About 1 minute for Wepawet to do the same.
>
> PaulM
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
--
Sent from my mobile device
-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP
http://www.owasp.org
--
"Si vis pacem, para bellum"
--
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]