Few days ago I started small research about protection of Adobe AIR application from some kind of hackers. Many of you may know that after compilation of Adobe AIR app you will receive also SWF file(s) inside package that can be changed. In all cases that I know – developers simply obfuscate that file(s). But protection actually was not applied.
You still can change strings, numbers and etc. What if hacker wants just change “Money” default value from 1000 to 9999? This cheater will not decompile SWF because it can simple “edit” it directly using some kind of tools. As some of you thinking right now somthing like “Unity3D can’t be edited” – I assure you that this can be done the same as with Adobe AIR.
It’s easy as for me. Sure, cheater can’t decompile and re-use obfuscated code. But as my experience telling me – not all hackers require sources or injections.
How my protection works:
1) Using Native Extension we re-create at C-level inside AIR two Objects: Loader and ByteArray
2) Using C we embed our content inside our extension as resource and compile it. Than we create ByteArray and load it into the Loader using loaderBytes method. This all was done only at C level.
3) Pass Stage from AS3 to C-level and execute addChild method with our Loader ( C side)
You can grab (for win) compiled application from here and play with it and leave a comments 🙂 Note: this protection can be developed for Mac also.
Profit! Try to find this image somewhere 🙂 Sure, you can because everything that was compiled – can be hacked. But how you can do this if you must be advanced developer with hacker skills 🙂 Gamers not hackers. Also dumping was not useful here.
AS3 side consist only from 2 lines of code. Hacker will do nothing here. Just two lines of code!
ANE swc side also pretty simple. But actually this also can’t be helpful for the hacker.
As you can see there is no ByteArray or Loader that can be aimed by cheaters. In my research I don’t apply C resource encryption and type-checking inside ANE so after editing ANE swc hacker can pass not Stage but Sprite and grab it.
But in this case I can simply check passed object type at C level and if it is not a Stage – app can show messagebox with text something like “Application is damaged. Please re-install it”.
There is only image from Jpeg. But same way we can use SWF with full application instead simple image.
This protection of Adobe AIR most best that I know ever and I’m really happy that it works like a charm! Maybe it’s not new, but I don’t saw anything like that!
Someone asked me could be this applied to mobile. Yes, this could be applied with limitation depending to platform.