After a few secs, the player is going to throw an error. Now an attacker could not run your app with a preloader, but it would still be able to retrieve your decrypted codebase because you have a nice feature in flash preventing the process to hold the CPU for too long (15 sec.). No more app hijacking using PreloadSWF! The fight still goes on If (root.name != "root1") Īnd it will freeze the whole app indefinitely. So when you start an app you can always detect if there is some other app spying on it by adding this to your code: Knowing the root1 trick help a lot because it is a native behavior on a read-only property. We also exchanged a lot recently on what could be done to prevent preloadSWF hacking. The one who identified this behavior was one of my new friend Josh This also applies to the preloaded SWF which is loaded first, hence is being named “root1” The first one being loaded is called “root1” and then “root2” etc. When a SWF gets loaded, FP give a (incremental) name to the root object. The whole protection reside around one very simple flash behavior. In its constructor, the launcher create a key, that decrypt the embedded SWF and use loadBytes to instantiate it before adding it to the stage. Let’s suppose you have a project you want to keep the code from being: viewed, modified, copied.Īnd let’s suppose you have some kind of classic setup:Ī obfuscated launcher, embedding an encrypted SWF containing the whole code base. This means it’s the only moment you have to “do something” The only thing happening before a SWF loaded (allComplete) callback is the constructor of that loaded SWF. I’ll skip some step on how preloasSWF work, if you want to know please read my previous articles: One SWF to rule them all! and FlashPreloadProfilerĪnd for those who didn’t knew yet, the last version of FlashDevlelop now support PreloadSWF easy integration for profiling your application with FlashPreloadProfiler! Case study I never given a lot of feedback about how to block this attack because I didn’t know any. If you have read my last posts, you now know the power of Flash hijacking via preloadSWF.
0 Comments
Leave a Reply. |