Re: Flash Obfuscation

[Paul Melson <pmelson () gmail com>]

On Thu, Apr 29, 2010 at 2:05 AM, 0x4150 <0x4150 () gmail com> wrote:
> Has anyone done obfuscation of a flash application? If so, what
> tool(s) would you recommend?

I wouldn't recommend any of them as a way to actually secure anything
as the end result must still be a SWF file that Flash Player can parse
correctly, and therefore they can be decompiled or debugged in order
to reverse the code.

The only example of obfuscated ActionScript that I've seen to date has
been a malware dropper. In that case it was about 20 minutes by hand
to reverse. About 1 minute for Wepawet to do the same.

PaulM



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------