How It Works


Flash Antidecompiler uses a new technology created by BIS Guard & Co. and patented (priority of 2002)

This technology includes the byte code encryption, custom swf loading, and implementation of detect and reject tactics for preventing various hacker attacks. Flash Antidecompiler uses keyless encryption. It means that encryption key is not hard-coded but calculated at runtime and thus can't be extracted from the decompiled code.

Flash Antidecompiler work-flow



Flash Antidecompiler contains Antidecompiler itself and Swf Preloader. Antidecompiler encrypts whole swf file and adds Preloader to encrypted swf file.


Swf Preloader


includes decryptor, class loader and Sonar module. When AVM/Flash Player starts, it calls Preloader as main class. Swf Preloader calls Sonar module that checks the environment integrity and the presence of hacker attacks. When Sonar detects suspicious changes in AVM or hacking attempts it just stops the program execution. If everything is OK the execution is passed to decryptor and then to class loader. Finally, the main class of the original program is called.





Before/After


Source code before protection

package
{
import flash.*;
...
public class Preloader extends Sprite
{
[Embed (source="assets/content.swf",  mimeType="application/octet-stream")]
private var contentClass:Class;
...
private var loader:Loader;
private var context:LoaderContext;
...
public function Preloader()
{
stage.align = StageAlign.TOP_LEFT;
...
loadContent();
}

private function loadContent(): void
{
...
}
...
}
}


Compiled class

CWSñ x â ¦  D Ê application/x-shockwave-flashAdobe Flex 4
Application
http://www.adobe.com/products/flexunknown unknown EN Sep 2, 2016
Dè| CÿÿÿZ   ¡Z ÃyŒëV Ï Preloader ÿܸ  ˆèºFÌ¿þA÷œ=çÜ{ÿ¸Ï}®ž}©¯ººú­êîúúÃót


Encrypted class

CWS {\ xœÜ¼wX”É>Z€!)DÀ!ÐAI’ø g¶Â$ °!ûöm7€’ž’¿R¤g +Ì>Ý;Î×:Ñ_G7ÍÀÃ_'YN%²%Á²7!É×ÖÑ@H|÷–÷ Ç—xï*.šÝù‡LRB¾ƒ±Æé?W¥™vž“¹w(CÌü…ïÝ÷;ÖXßsç|ãÍ@=Éà€¼ý¿ñ7››„¸6TÌç §\n._ÃMEòFBîŒ8}™3ýÐͽ†{æ¡óÉÚ

And after any decompiler

null

Thus, if usual obfuscators make the reverse engineering time consuming, painful,
and complicated enough, Flash Antidecompiler makes it absolutely impossible.


Copyright © 2017 BIS Guard & Co. ToC Read Me User Guide EULA Modified Nov 23, 2016