Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

String encryption in Flash

Posted on 2009-05-20
5
Medium Priority
?
419 Views
Last Modified: 2012-05-07
I would like to ask whether it is possible to protect strings  embedded/buried in Flash as independent XML provided I do not have FLA file but only final SWF. I mean something like Literal String Encryption in Kindisoft´s SecureSWF encryption. Is there any cheaper tool that would do only this? Is there any other "homemade" solution how to protect this part of SWF? I do not care about actionscript protection now widely used in all protectors I have found so far. Now when I decompress the final SWF the file (XML with Questions and answers) inside my quiz application (www.quiz-builder.com by Tanida) is completely free to a naked eye.
0
Comment
Question by:Arnie007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 22

Expert Comment

by:rascalpants
ID: 24435314

If the data is inside a SWF, there is no way to protect it....  all you can do is obfuscate it and hope know one is smart enough to understand the patterns...

I would highly recommend that if this is sensitive data, you do not store it in the SWF, and would also not recommend Flash having anything to do with a "secure transaction" of any type of data.  


rp / ZA
0
 

Author Comment

by:Arnie007
ID: 24448780
Actually there must be a way as Kindisoft uses so called "Literal String Encryption" and it works well. At least it is not so easy to list the strings inside SWF.
0
 
LVL 22

Accepted Solution

by:
rascalpants earned 2000 total points
ID: 24451152

as you said...  "so called" encryption is not Encryption...  never put secure data in a SWF...  no matter what...  it is way too much of a liability.


you cannot encrypt in Flash, you can only Obfuscate...  which is like taking a deck of cards and dropping them down a flight of stairs...  It might deter most hackers from having to pick them all up and reorder then... but what if you get a hacker that isn't lazy?


but it looks like your data is not credit card information or anything remotely private that can get you, the developer, sued.


but if you don't have the FLA, then how are you going to encrypt the XML in the first place?  you will need it to recompile the SWF.


why does the XML have to be inside of the SWF?  can't the SWF call a web server or a PHP script that can help you use key encryption...  that can still be broken, but it is a start...


rp / ZA




0
 
LVL 22

Expert Comment

by:rascalpants
ID: 24531201
Please finish up the question.


rp / Flash Zone Advisor
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This Micro Tutorial will teach to how to utilize bit rate in Adobe Flash Media Live Encoder.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question