Posts Tagged 'obfuscator'

Free SWF obfuscator update

These days AS3 devs are all moving to AIR, so I am not sure how many of them still feel like they need to protect SWF bytecode. Neverless, my three years old “proof of concept” SWF obfuscator post remains one of the most visited posts of this blog. Guess what – it’s update time! Behold brand new free SWF obfuscator version 2 :) So, what’s new?

Faster processing

Much faster! New version still goes same old “replace the string everywhere in SWF” way, but it uses special charcode tree to replace all identifiers in single pass. I might write another post on subject, if there is enough interest.

Automatic identifiers collection

You no longer have to manually type identifiers that you want to replace. The obfuscator runs your SWF through as3commons parser and collects all identifiers; then you can remove identifiers that you don’t want to replace. Note that neither as3commons parser nor my wrapper code are perfect, so it will fail for some SWFs. You can send me those, if you want, but I may not be able to fix that after all.

Bulk filtering

You don’t want to rename stuff like beginBitmapFill, so I parsed playerglobal.swc v11.6 and made a checkbox to ignore all those identifiers. Did the same for apache flex then, but not sure if that’s useful – so that checkbox is off by default.

That’s about it. One last warning: there will be invalid SWFs, and there will be bugs. I can’t really fix them all, but if you send me your stuff I might try. Or not.

Open-source SWF obfuscator, anyone?

Update: there is now new version here.

It appears you can actually write one in under XX minutes with almost no knowledge of SWF format and complicated parsing process. I have uploaded proof of concept to wonderfl (under unrestrictive WTFPLv2 license :). Processed with its default settings, my away3d SWF looks like this in Sothink decompiler:

Such a code would not even compile, obviously :) To de-obfuscate it, one would have to actually parse SWF, which is still possible, but ends up with meaningless names that are hard for bad programmers to interprete. Feel free to fix bugs or add features.

Old stuff

July 2020

Oh, btw…