如何防止ActionScript代码反编译

发布于 2024-07-17 18:37:14 字数 173 浏览 10 评论 0原文

有没有可靠的方法来防止我的actionscript代码(as2或as3)被复制(例如,如果其中有一些IP)? 我知道有一些工具可以反编译 Flash 代码,因此很容易对其进行逆向工程,而且我还看到一些工具声称能够以不可窃取的方式混淆 ActionScript 代码,但我想知道它们的可靠性如何他们是... 你知道吗? 谢谢!

Is there a reliable way of preventing my actionscript code (as2 or as3) from being copied (e.g. if there's some IP in it)?
I know there are tools that can decompile flash code so it's easily reverse-engineered and I've also seen a few tools that claim to be able to obfuscate actionscript code in such a way that it's not steal-able, but I wonder how reliable they are...
Do you know? Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

浮生面具三千个 2024-07-24 18:37:14

从定义上来说,这是不可能阻止的。

原因很简单,代码需要在客户端运行,所以客户端需要能够读取它。

你能做的最好的事情就是努力去做(需要时间),以至于无利可图。
Flash 有一个内置功能可以防止使用密码进行反编译。 我不确定它到底是如何工作的,我猜是某种形式的加密。

您可以尝试泄露敏感数据并在运行时加入它,对其进行加密并从服务器获取解密密钥。

但最终你却无能为力。 除非您不希望用户输入加密密钥(密码或文件)。
Flash 中没有内置加密功能,但有一些免费库,例如 crypto lib http:// code.google.com/p/as3crypto/

It is by definition imposible to prevent it.

The reason is simple, the code needs to run on the client, so the client needs to be able to read it.

The best you can do is to make so hard (time demanding) to do that it's not profitble.
Flash has a built in feature to protect againt decompiling with a password. I'm not sure exactly how it works, I guess some form of encryption.

You can try and spil sensetive data up and join it at runtime, og encrypt it and get the descryption key from the server.

But in the end there's nothing you can really do. Unless you wan't the users to input the encryption key (password or a file).
There is no build in encryption in Flash but there is a couple of free librarys like crypto lib http://code.google.com/p/as3crypto/.

晚雾 2024-07-24 18:37:14

我没有找到可靠且可持续的方法来混淆代码。 如果有一种方法可以混淆代码,我敢打赌:

  • 它会影响代码的性能,
  • 有人为该混淆方法制作/找到反编译器只是时间问题

我不认为这是一个好的做法依赖客户端代码的安全性。 即使代码无法反编译,swf 也会在客户端上运行,并通过用户有权访问的网络连接与 Internet 进行通信。 可以嗅探数据包,并且可以轻松分析正在传输的所有数据。

我认为您应该找到一种方法来开发安全的应用程序,即使考虑到客户知道您所做的一切。 您应该尝试使用服务器端约束并在使用之前过滤所有输入。 此外,从服务器端脚本请求所有敏感数据,而不是将其嵌入到 AS 代码中可能是一个好的开始。

I've found no reliable and sustainable way to obfuscate the code. If there's a way to obfuscate the code, I'd bet that:

  • it would affect the performance of your code
  • it would be just a matter of time before someone makes/finds a decompiler for that obfuscation method

I wouldn't consider a good practice to rely on the security of your client code. Even if the code couldn't be decompiled, the swf is run on the client and communicates with the Internet via a network connection the user has access to. The packets can be sniffed and all the data that's being transfered can be easily analyzed.

I think you should find a way to develop a secure application, even considering that the client knows everything you do. You should try to use server-side constraints and filter all inputs before using them. Also, requesting all the sensitive data from a server-side script, instead of embedding it in your AS code could be a good start.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文