I've recently came across the new online SWF, Zend, and Java decomplier at showmycode.com that allows you to almost "view the source" of the SWF file online. If you had some important data stored in your SWF (such as API keys or passwords) you may not wish them being exposed.
The easiest (and therefore naïve) way to hide them* would be to store them in external text files and embed in the SWF.
[Embed(source="api_key.txt", mimeType="application/octet-stream")] private const API_KEY:Class; // ... var myAPI_KEY:String = String(new API_KEY());
Then you can create an instance and cast it to
String, like shown above.
The asset class extends
mx.core.ByteArrayAsset and its byte content is not revealed by most decompilers.
*Of course, this "solution" does not offer any serious protection, you can still decompress the SWF and view the keys in the hex editor. You could scramble/hash them a bit to make the hacker's job harder but it's still possible to extract them.12:46 PM | posts | 2 Comments | Tags: as3, tips, debugging
Adding comments disabled for now.