如何防止ActionScript代码反编译
有没有可靠的方法来防止我的actionscript代码(as2或as3)被复制(例如,如果其中有一些IP)? 我知道有一些工具可以反编译 Flash 代码,因此很容易对其进行逆向工程,而且我还看到一些工具声称能够以不可窃取的方式混淆 ActionScript 代码,但我想知道它们的可靠性如何他们是... 你知道吗? 谢谢!
Is there a reliable way of preventing my actionscript code (as2 or as3) from being copied (e.g. if there's some IP in it)?
I know there are tools that can decompile flash code so it's easily reverse-engineered and I've also seen a few tools that claim to be able to obfuscate actionscript code in such a way that it's not steal-able, but I wonder how reliable they are...
Do you know? Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
从定义上来说,这是不可能阻止的。
原因很简单,代码需要在客户端运行,所以客户端需要能够读取它。
你能做的最好的事情就是努力去做(需要时间),以至于无利可图。
Flash 有一个内置功能可以防止使用密码进行反编译。 我不确定它到底是如何工作的,我猜是某种形式的加密。
您可以尝试泄露敏感数据并在运行时加入它,对其进行加密并从服务器获取解密密钥。
但最终你却无能为力。 除非您不希望用户输入加密密钥(密码或文件)。
Flash 中没有内置加密功能,但有一些免费库,例如 crypto lib http:// code.google.com/p/as3crypto/。
It is by definition imposible to prevent it.
The reason is simple, the code needs to run on the client, so the client needs to be able to read it.
The best you can do is to make so hard (time demanding) to do that it's not profitble.
Flash has a built in feature to protect againt decompiling with a password. I'm not sure exactly how it works, I guess some form of encryption.
You can try and spil sensetive data up and join it at runtime, og encrypt it and get the descryption key from the server.
But in the end there's nothing you can really do. Unless you wan't the users to input the encryption key (password or a file).
There is no build in encryption in Flash but there is a couple of free librarys like crypto lib http://code.google.com/p/as3crypto/.
我没有找到可靠且可持续的方法来混淆代码。 如果有一种方法可以混淆代码,我敢打赌:
我不认为这是一个好的做法依赖客户端代码的安全性。 即使代码无法反编译,swf 也会在客户端上运行,并通过用户有权访问的网络连接与 Internet 进行通信。 可以嗅探数据包,并且可以轻松分析正在传输的所有数据。
我认为您应该找到一种方法来开发安全的应用程序,即使考虑到客户知道您所做的一切。 您应该尝试使用服务器端约束并在使用之前过滤所有输入。 此外,从服务器端脚本请求所有敏感数据,而不是将其嵌入到 AS 代码中可能是一个好的开始。
I've found no reliable and sustainable way to obfuscate the code. If there's a way to obfuscate the code, I'd bet that:
I wouldn't consider a good practice to rely on the security of your client code. Even if the code couldn't be decompiled, the swf is run on the client and communicates with the Internet via a network connection the user has access to. The packets can be sniffed and all the data that's being transfered can be easily analyzed.
I think you should find a way to develop a secure application, even considering that the client knows everything you do. You should try to use server-side constraints and filter all inputs before using them. Also, requesting all the sensitive data from a server-side script, instead of embedding it in your AS code could be a good start.