These days AS3 devs are all moving to AIR, so I am not sure how many of them still feel like they need to protect SWF bytecode. Neverless, my three years old “proof of concept” SWF obfuscator post remains one of the most visited posts of this blog. Guess what – it’s update time! Behold brand new free SWF obfuscator version 2 :) So, what’s new?
Faster processing
Much faster! New version still goes same old “replace the string everywhere in SWF” way, but it uses special charcode tree to replace all identifiers in single pass. I might write another post on subject, if there is enough interest.
Automatic identifiers collection
You no longer have to manually type identifiers that you want to replace. The obfuscator runs your SWF through as3commons parser and collects all identifiers; then you can remove identifiers that you don’t want to replace. Note that neither as3commons parser nor my wrapper code are perfect, so it will fail for some SWFs. You can send me those, if you want, but I may not be able to fix that after all.
Bulk filtering
You don’t want to rename stuff like beginBitmapFill, so I parsed playerglobal.swc v11.6 and made a checkbox to ignore all those identifiers. Did the same for apache flex then, but not sure if that’s useful – so that checkbox is off by default.
That’s about it. One last warning: there will be invalid SWFs, and there will be bugs. I can’t really fix them all, but if you send me your stuff I might try. Or not.
Coding on acid. 