How do I prevent my Flash & Flex software from being decompiled?

Naomi Kokubo

Naomi Kokubo

by Naomi Kokubo Editor of Founders Space

FOUNDER’S QUESTION:

I’m a game developer, and I’ve put a lot of time and money into producing an original game, which I’d hate to have someone clone or ripoff.  How do I protect my Flash & Flex software from being decompiled?

NAOMI’S ANSWER:

You are right to be worried.  Most Flash & Flex files can be decompiled, revealing the source code to anyone who makes the effort to do so.  Unfortunately, it doesn’t require a great deal of effort to download one of the many decompilers available online and rip off someone else’s hard work.

I did a lot of research looking for a solution, and most of the SWF protection packages out there don’t actually deliver what they promise.  They are simply too easy to outsmart.  However, after scouring many technical forums and developer sites, I found that a large number of developers have chosen one of these two products:

1)  irrFuscator

Ambiera’s irrFuscator obfuscates the Actionscript 3 bytecode in Flash and Flex SWF files so that decompilers won’t be able to extract your function, variable and constant names anymore.  irrFuscator can read in a directory of .as and .mxml files, process them and put them out into a target directory. Simply recompile the directory with the obfuscated files and your .swf files are a lot safer.

In contrast to many other SWF ‘protectors’, irrfuscator doesn’t ‘encrypt’ the SWF, it obfuscates the code, removing all the information from it. In this way, it cannot be ‘decrypted’ because the information simply isn’t there anymore. That’s why many big browser game and website developers, like Blizzard & Bigpoint, rely on the protection irrFuscator provides.  You can see the list on their site.

You can try a free download at Actionscript Obfuscator.

2)  secureSWF

The second is Kindisoft’s secureSWF, which provides obfuscation, code protection, and SWF encryption techniques to prevent Flash decompilers from generating anything useful from the SWF, SWC, or AIR files.

It also comes with an encrypted domain locking feature to specify a number of domain names for your SWF files to work under. This helps to ensure that your Flash application will not load if it is being launched offline or from another website.

You can also use secureSWF to create an encrypted loader for your SWF files. This will make finding the original SWF file in the browser cache much harder and will prevent attackers from using the widely available so-called SWF rippers or grabbers tools.  Kindisoft was nice enough to provide all members of Founders Space with a 25% discount.  Just use the following coupon code: FoundersSpace

You can try a free download at http://www.kindisoft.com/

I hope this answers your question!

Comments & Advice:
  1. David says:

    Did you test DcomSoft’s SWF protector? I downloaded the demo version here http://www.dcomsoft.com and I want to buy a license.

Make Your Comment: