Comments on: FlashInCrypt http://brajeshwar.com/2004/flashincrypt/ Brajeshwar is an ardent believer of KISS (Keep It Simple Stupid), he envision pushing the technical envelop time and again for the betterment of commercial and practical applications. Tue, 14 Oct 2008 16:11:06 +0000 http://wordpress.org/?v=2.6.2 By: Steven http://brajeshwar.com/2004/flashincrypt/#comment-1594 Steven Wed, 08 Dec 2004 21:43:33 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1594 The aso link here: <a href="http://www.genable.com/aso/asolite.html" rel="nofollow"><a href="http://www.genable.com/aso/asolite.html" rel="nofollow">http://www.genable.com/aso/asolite.html</a></a> The aso link here:
http://www.genable.com/aso/asolite.html

]]> By: Steven http://brajeshwar.com/2004/flashincrypt/#comment-1593 Steven Wed, 08 Dec 2004 21:42:15 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1593 Genable released the new version of ASO. They updated it four times in one day. But the result seems the same as the original version. I try to reveal the code with a hex editor, it cost me less than 3 minutes. The current version is too simple. Maybe the next version will be stronger than old one. How about ASV? Best regards. Genable released the new version of ASO. They updated it four times in one day. But the result seems the same as the original version.

I try to reveal the code with a hex editor, it cost me less than 3 minutes. The current version is too simple. Maybe the next version will be stronger than old one.

How about ASV?

Best regards.

]]> By: Dani?¥l T. http://brajeshwar.com/2004/flashincrypt/#comment-1592 Dani?¥l T. Thu, 11 Nov 2004 08:26:22 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1592 Sorry, just found out that FlashInCrypt is a 'fake' obfuscator! <a href="http://www.genable.com/aso/fini.html" rel="nofollow"><a href="http://www.genable.com/aso/fini.html" rel="nofollow">http://www.genable.com/aso/fini.html</a></a> Too bad. greetz D.T. Sorry, just found out that FlashInCrypt is a ‘fake’ obfuscator!
http://www.genable.com/aso/fini.html
Too bad.
greetz D.T.

]]> By: Tony http://brajeshwar.com/2004/flashincrypt/#comment-1591 Tony Sun, 07 Nov 2004 03:54:04 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1591 The Fini was published by Wang Zhen, he posted the thread here. I do not know what the relationship between ASO and ASV is. Burak said that "we will bypass it as much as we can once another decompiler does this ". ASO help Burak to carry his point. It is so interesting thing. I do not know what Flashincrypt will do. And I do not know what the as-protect will do. Maybe the winter of protection tools comes. The Fini was published by Wang Zhen, he posted the thread here. I do not know what the relationship between ASO and ASV is. Burak said that “we will bypass it as much as we can once another decompiler does this “. ASO help Burak to carry his point. It is so interesting thing.
I do not know what Flashincrypt will do. And I do not know what the as-protect will do. Maybe the winter of protection tools comes.

]]> By: Burak KALAYCI http://brajeshwar.com/2004/flashincrypt/#comment-1590 Burak KALAYCI Sun, 07 Nov 2004 02:42:58 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1590 Genable released <a href="http://genable.com/aso/fini.html," rel="nofollow"><a href="http://genable.com/aso/fini.html," rel="nofollow">http://genable.com/aso/fini.html,</a></a> and we will be bypassing the protection with ASV (and our other tools). It took us about 10 minutes to do that, we will be releasing updates in a day or two... Genable released http://genable.com/aso/fini.html, and we will be bypassing
the protection with ASV (and our other tools). It took us about 10 minutes
to do that, we will be releasing updates in a day or two…

]]> By: zhen http://brajeshwar.com/2004/flashincrypt/#comment-1589 zhen Sun, 07 Nov 2004 02:38:10 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1589 I agree with Burak and Igor that injecting unaligned code into swf may not work with future Flash players. And it's extremely easy to remove. It took me about 20 minutes to write a small program "FINI" that automatically strips non-standard bytecode and tags off an "incrypted" swf file. Here is the link: <a href="http://genable.com/aso/fini.html" rel="nofollow"><a href="http://genable.com/aso/fini.html" rel="nofollow">http://genable.com/aso/fini.html</a></a> I agree with Burak and Igor that injecting unaligned code into swf may not work with future Flash players. And it’s extremely easy to remove. It took me about 20 minutes to write a small program “FINI” that automatically strips non-standard bytecode and tags off an “incrypted” swf file.

Here is the link:
http://genable.com/aso/fini.html

]]> By: IgorKogan http://brajeshwar.com/2004/flashincrypt/#comment-1588 IgorKogan Wed, 03 Nov 2004 22:49:51 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1588 Hi there, I've looked at the example file provided by the firma. I'm not sure what their actual protection is supposed to be, but the trick they use to disable disassembly isn't a very good one. They simply jump into the middle of the swf action, which happens to work in the Flash Player right now. However, there is no guarantee it will continue to work. The topic was discussed often enough: security through obscurity. It would take half a day to teach Flasm this particular trick. And even without that, it took me 10 minutes wiath a hex editor to reveal the code. The function in question (decompiled with Flare): bc[as]. _root.onEnterFrame = function () { myDate = new Date(); hourHand._rotation = myDate.getHours() * 30 + myDate.getMinutes() / 2; hourHandShadow._rotation = myDate.getHours() * 30 + myDate.getMinutes() / 2; minuteHand._rotation = myDate.getMinutes() * 6 + myDate.getSeconds() / 10; minuteHandShadow._rotation = myDate.getMinutes() * 6 + myDate.getSeconds() / 10; secondHand._rotation = myDate.getSeconds() * 6; secondHandShadow._rotation = myDate.getSeconds() * 6; }; Igor P.S. Don't know how to preserve the formatting in your comments, sorry. Hi there,

I’ve looked at the example file provided by the firma. I’m not sure what their actual protection is supposed to be, but the trick they use to disable disassembly isn’t a very good one. They simply jump into the middle of the swf action, which happens to work in the Flash Player right now. However, there is no guarantee it will continue to work.

The topic was discussed often enough:
security through obscurity. It would take half a day to teach Flasm this particular trick. And even without that, it took me 10 minutes wiath a hex editor to reveal the code. The function in question (decompiled with Flare):

_root.onEnterFrame = function () {
  myDate = new Date();
  hourHand._rotation = myDate.getHours() * 30 + myDate.getMinutes() / 2;
  hourHandShadow._rotation = myDate.getHours() * 30 + myDate.getMinutes() / 2;
  minuteHand._rotation = myDate.getMinutes() * 6 + myDate.getSeconds() / 10;
  minuteHandShadow._rotation = myDate.getMinutes() * 6 + myDate.getSeconds() / 10;
  secondHand._rotation = myDate.getSeconds() * 6;
  secondHandShadow._rotation = myDate.getSeconds() * 6;
};

Igor
P.S. Don’t know how to preserve the formatting in your comments, sorry.

]]> By: Burak KALAYCI http://brajeshwar.com/2004/flashincrypt/#comment-1587 Burak KALAYCI Wed, 03 Nov 2004 15:04:28 +0000 http://www.brajeshwar.com/wp/2004/flashincrypt/#comment-1587 Hi, As I've stated in the comments at my blog at <a href="http://www.asvguy.com/2004/01/the_swf_flash_d.html" rel="nofollow"><a href="http://www.asvguy.com/2004/01/the_swf_flash_d.html" rel="nofollow">http://www.asvguy.com/2004/01/the_swf_flash_d.html</a></a> we will not be jumping on bypassing this one - in line with our policy change. Nevertheless, we will bypass it as much as we can once another decompiler does this - or in case we find it necessary. Removing an action or changing variable function names is not reversible. But anything that crashes ASV (this one doesn't), or makes ASV not show the correct bytecode (p-code), can be reversed, and quite easily. So, nobody should think this kind of a protection will last forever (They state this on their site as well). Also, there might be problems with future Flash players. And yes, introducing itself as 'a professional grogram' (with a 'g') doesn't make a very good first impression. (There's no clue on where these guys are from on the site). In any case, we will continue supporting our customers promptly, on case by case basis, with their SWF files whether protected or not. Best regards, Burak Hi,

As I’ve stated in the comments at my blog at http://www.asvguy.com/2004/01/the_swf_flash_d.html we will not be jumping on bypassing this one - in line with our policy change.

Nevertheless, we will bypass it as much as we can once another decompiler does this - or in case we find it necessary.

Removing an action or changing variable function names is not reversible. But anything that crashes ASV (this one doesn’t), or makes ASV not show the correct bytecode (p-code), can be reversed, and quite easily.

So, nobody should think this kind of a protection will last forever (They state this on their site as well).

Also, there might be problems with future Flash players.

And yes, introducing itself as ‘a professional grogram’ (with a ‘g’) doesn’t make a very good first impression. (There’s no clue on where these guys are from on the site).

In any case, we will continue supporting our customers promptly, on case by case basis, with their SWF files whether protected or not.

Best regards,
Burak

]]>