Slides from my Flash on the Beach session on decompiling SWFs
Posted by: Doug, in Actionscript, Flash on the Beach, Flex, decompilingHere are the slides from my presentation that I gave today at Flash on the Beach. The presentation covers decompiling Flash and Flex SWFs and includes an overview of the tools available, a few examples of the kind of code you might see, and some security suggestions. I will not be posting any of the code that I showed during the session (apart from the very tiny snippets in the slides). I think it’s pretty obvious why I’m not going to post the decompiled Photoshop Express code 
I don’t think there’s any formal feedback survey or anything at FOTB, so if you were at my session I’d love to hear what you thought about it. You can email me at doug or leave some comments here. Let me know what you liked and what you didn’t.
This entry was posted
on Wednesday, October 1st, 2008 at 2:24 pm and is filed under Actionscript, Flash on the Beach, Flex, decompiling.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Entries (RSS)
October 1st, 2008 at 6:03 pm
Great slides Doug, same thing I always tell clients when they ask about swfs, security and hiding code. “It’s on the internet, people will get it, deal with it”. Unfortunately the only way to really deal with people stealing code is to sick lawyers on them. Better off to just create a kick butt app, get the jump on everyone and then keep pushing while everyone plays catch up.
October 1st, 2008 at 11:26 pm
Wow, looks it was a very interesting presentation… did FOTB record it? It is/will be accessible somehow?
October 2nd, 2008 at 7:34 am
Hi Doug,
I was at your session. Sadly I didn’t sit right at the very front, so didn’t get a copy of your book. So I hated your session
In reality, I actually thought it was the second best presentation of the whole three days. I’m a flex developer who just doesn’t get Flash Pro and all the art-farty crap that designers come up with. So your code-only session was great. The best session was Mark Anders’ one on Flex 4 and Thermo BTW, so don’t feel bad that you weren’t best.
October 2nd, 2008 at 8:35 am
Good job man, it was the best development session that I was able to see at the conference.
October 2nd, 2008 at 4:19 pm
I’m pretty sure the session wasn’t recorded. At FOTB they only seemed to be recording the presentations on the biggest stage, and I’m not sure if those are even going to be made available or not. In my case it might be best that it wasn’t recorded, seeing as I pulled up various bits and pieces of decompiled apps and talked pretty frankly about specific applications and libraries I’ve decompiled
Maybe I’ll try to give this talk at a local user group meeting or something and post a recording of that, I’ll see if I can work something out.
October 4th, 2008 at 6:42 am
Just downloaded the slides and wanted to say thanks for a great session at FOTB – it was definitely one of my favorites – I’ve taken away some knowledge I can really use and hope to learn more from. Cheers!
October 6th, 2008 at 4:28 am
Sometime, I’ll have to have you sign an NDA and see how far you get in cracking the SLI NitroLM tools just for curiosity’s sake. I appreciated the mention.
October 6th, 2008 at 6:21 am
Doug -
As usual you nailed the subject perfectly.
We all should know that no security system is perfect – everything can be broken with enough time and effort. However, as you pointed out in your presentation, one of the safest things to do is separate the protection components from the application. We have found this to be EXTREMELY beneficial in protecting not just the licensing of a solution – but also protecting the core know-how within the Application.
Thanks for picking up on that fundamental. It is amazing how many people “don’t” get that aspect of protecting software.
NOTE TO EVERYONE: There is no such thing as “ethical” hacking… If people want to know how other people do things – go to a 360|Flex conference and talk to the people that wrote them. (or buy Doug’s book)
It is amazing how open people are to helping each other in this community (a good thing).
October 6th, 2008 at 6:31 am
Thanks for referring to Nitro-LM as an option for Encryption maybe your IPod Nano chances just went up.
October 18th, 2008 at 3:33 pm
Flash on the Beach 08 / Day 3 / Sessions and Wrap Up…
Flash on the Beach 2008, Brighton, UK – Day Three
October 1, 2008
Ben Stucki – Advanced Flexing for Flash Developers
Seb Lee-Delisle – Papervision3D Simplified
Doug McCune – Steal this code: Decompiling SWFs for fun and profit
Koen de Weggheleire – Pla…