What is SWF Obfuscation?
An obfuscator is a program used to transform program code / ByteArray. The output of an obfuscator is program code/ByteArray, that is more difficult to understand but is functionally equivalent to the original code.
Obfuscation transformations are classified into the Layout, Control, Data, Preventive, Splitting, Merging, Reordering etc. transformations.
Process of creating obfuscation SWF:
STEP 1: Create Utility on server to Obfuscate SWF. It can be command line utility created in using Java/PHP/.NET etc
1. Read original SWF in binary Mode
2. Change Binary combination of SWF. Rearranging or sequencing
Sample Pseudo Code in PHP. We
$filename = "sample.swf";
$fp = fopen($filename, "rb");
$image = fread($fp, filesize($filename));
$image2 = ~$image;
fclose($fp);
echo $image2;
?>
3. Save obfuscation SWF on SERVER / content folder on server
Step 2: Process of Loading SWF in Container
1. Load obfuscated SWF using Loader object.
2. SWF will be loaded into local cache. But when user try to copy and run it, it will not run without our container. To avoid caching set 'cacheResponse' to true.
3. Convert SWF into Binary Mode-
4. Reverser the obfuscated SWF/ deobfuscate. Sample AS 3.0 Pseudo code
for ( var i:int = 0; i < b.length; i++ )
{
b.writeByte(~b[i]);
}
5. Now add loader object to stage
Step 3: Protect Container SWF
We need to use encryption tool to Obfuscate, Protect & Secure which contains reverse engineering/ deobfuscate logic for original SWF. Means we are adding two level of security.
No comments:
Post a Comment