Solved

String encryption in Flash

Posted on 2009-05-20
5
417 Views
Last Modified: 2012-05-07
I would like to ask whether it is possible to protect strings  embedded/buried in Flash as independent XML provided I do not have FLA file but only final SWF. I mean something like Literal String Encryption in Kindisoft´s SecureSWF encryption. Is there any cheaper tool that would do only this? Is there any other "homemade" solution how to protect this part of SWF? I do not care about actionscript protection now widely used in all protectors I have found so far. Now when I decompress the final SWF the file (XML with Questions and answers) inside my quiz application (www.quiz-builder.com by Tanida) is completely free to a naked eye.
0
Comment
Question by:Arnie007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 22

Expert Comment

by:rascalpants
ID: 24435314

If the data is inside a SWF, there is no way to protect it....  all you can do is obfuscate it and hope know one is smart enough to understand the patterns...

I would highly recommend that if this is sensitive data, you do not store it in the SWF, and would also not recommend Flash having anything to do with a "secure transaction" of any type of data.  


rp / ZA
0
 

Author Comment

by:Arnie007
ID: 24448780
Actually there must be a way as Kindisoft uses so called "Literal String Encryption" and it works well. At least it is not so easy to list the strings inside SWF.
0
 
LVL 22

Accepted Solution

by:
rascalpants earned 500 total points
ID: 24451152

as you said...  "so called" encryption is not Encryption...  never put secure data in a SWF...  no matter what...  it is way too much of a liability.


you cannot encrypt in Flash, you can only Obfuscate...  which is like taking a deck of cards and dropping them down a flight of stairs...  It might deter most hackers from having to pick them all up and reorder then... but what if you get a hacker that isn't lazy?


but it looks like your data is not credit card information or anything remotely private that can get you, the developer, sued.


but if you don't have the FLA, then how are you going to encrypt the XML in the first place?  you will need it to recompile the SWF.


why does the XML have to be inside of the SWF?  can't the SWF call a web server or a PHP script that can help you use key encryption...  that can still be broken, but it is a start...


rp / ZA




0
 
LVL 22

Expert Comment

by:rascalpants
ID: 24531201
Please finish up the question.


rp / Flash Zone Advisor
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
The goal of the tutorial is to teach the user how to how to load their YouTube profile onto Flash Media Live Encoder.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month10 days, 9 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question