Here are the slides from my presentation that I gave today at Flash on the Beach. The presentation covers decompiling Flash and Flex SWFs and includes an overview of the tools available, a few examples of the kind of code you might see, and some security suggestions. I will not be posting any of the code that I showed during the session (apart from the very tiny snippets in the slides). I think it’s pretty obvious why I’m not going to post the decompiled Photoshop Express code 🙂
I don’t think there’s any formal feedback survey or anything at FOTB, so if you were at my session I’d love to hear what you thought about it. You can email me at doug@dougmccune.com or leave some comments here. Let me know what you liked and what you didn’t.
Great slides Doug, same thing I always tell clients when they ask about swfs, security and hiding code. “It’s on the internet, people will get it, deal with it”. Unfortunately the only way to really deal with people stealing code is to sick lawyers on them. Better off to just create a kick butt app, get the jump on everyone and then keep pushing while everyone plays catch up.
Wow, looks it was a very interesting presentation… did FOTB record it? It is/will be accessible somehow?
Hi Doug,
I was at your session. Sadly I didn’t sit right at the very front, so didn’t get a copy of your book. So I hated your session 😉
In reality, I actually thought it was the second best presentation of the whole three days. I’m a flex developer who just doesn’t get Flash Pro and all the art-farty crap that designers come up with. So your code-only session was great. The best session was Mark Anders’ one on Flex 4 and Thermo BTW, so don’t feel bad that you weren’t best.
Good job man, it was the best development session that I was able to see at the conference.
I’m pretty sure the session wasn’t recorded. At FOTB they only seemed to be recording the presentations on the biggest stage, and I’m not sure if those are even going to be made available or not. In my case it might be best that it wasn’t recorded, seeing as I pulled up various bits and pieces of decompiled apps and talked pretty frankly about specific applications and libraries I’ve decompiled 🙂
Maybe I’ll try to give this talk at a local user group meeting or something and post a recording of that, I’ll see if I can work something out.
Just downloaded the slides and wanted to say thanks for a great session at FOTB – it was definitely one of my favorites – I’ve taken away some knowledge I can really use and hope to learn more from. Cheers!
Sometime, I’ll have to have you sign an NDA and see how far you get in cracking the SLI NitroLM tools just for curiosity’s sake. I appreciated the mention.
Doug –
As usual you nailed the subject perfectly.
We all should know that no security system is perfect – everything can be broken with enough time and effort. However, as you pointed out in your presentation, one of the safest things to do is separate the protection components from the application. We have found this to be EXTREMELY beneficial in protecting not just the licensing of a solution – but also protecting the core know-how within the Application.
Thanks for picking up on that fundamental. It is amazing how many people “don’t” get that aspect of protecting software.
NOTE TO EVERYONE: There is no such thing as “ethical” hacking… If people want to know how other people do things – go to a 360|Flex conference and talk to the people that wrote them. (or buy Doug’s book) 🙂 It is amazing how open people are to helping each other in this community (a good thing).
Thanks for referring to Nitro-LM as an option for Encryption maybe your IPod Nano chances just went up. 🙂
Pingback: jonnymac blog