Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 422
  • Last Modified:

String encryption in Flash

I would like to ask whether it is possible to protect strings  embedded/buried in Flash as independent XML provided I do not have FLA file but only final SWF. I mean something like Literal String Encryption in Kindisoft´s SecureSWF encryption. Is there any cheaper tool that would do only this? Is there any other "homemade" solution how to protect this part of SWF? I do not care about actionscript protection now widely used in all protectors I have found so far. Now when I decompress the final SWF the file (XML with Questions and answers) inside my quiz application (www.quiz-builder.com by Tanida) is completely free to a naked eye.
0
Arnie007
Asked:
Arnie007
  • 3
1 Solution
 
rascalpantsCommented:

If the data is inside a SWF, there is no way to protect it....  all you can do is obfuscate it and hope know one is smart enough to understand the patterns...

I would highly recommend that if this is sensitive data, you do not store it in the SWF, and would also not recommend Flash having anything to do with a "secure transaction" of any type of data.  


rp / ZA
0
 
Arnie007Author Commented:
Actually there must be a way as Kindisoft uses so called "Literal String Encryption" and it works well. At least it is not so easy to list the strings inside SWF.
0
 
rascalpantsCommented:

as you said...  "so called" encryption is not Encryption...  never put secure data in a SWF...  no matter what...  it is way too much of a liability.


you cannot encrypt in Flash, you can only Obfuscate...  which is like taking a deck of cards and dropping them down a flight of stairs...  It might deter most hackers from having to pick them all up and reorder then... but what if you get a hacker that isn't lazy?


but it looks like your data is not credit card information or anything remotely private that can get you, the developer, sued.


but if you don't have the FLA, then how are you going to encrypt the XML in the first place?  you will need it to recompile the SWF.


why does the XML have to be inside of the SWF?  can't the SWF call a web server or a PHP script that can help you use key encryption...  that can still be broken, but it is a start...


rp / ZA




0
 
rascalpantsCommented:
Please finish up the question.


rp / Flash Zone Advisor
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now