My goal is to see if one can easily bypass the licensing scheme. After all, if you were to depend on Sharify to protect your revenue stream, you may want to know if it actually works. In this example, I use the sample application included with the Sharify library.
As always, the first logical step is to pass the SWF through a decompiler. Next we look for any interesting classes. Based on the class names, one can easily guess that the SharifyFactory and the SharifyFactory_encryptedSwf are responsible for the core Sharify functionality.
It is clear that the actual Sharify Class resides in the AES-encrypted SharifyFactory_encryptedSwf, which is decrypted by the SharifyFactory class at runtime. Here is an important learning point - this technique of embedding the actual implementation as a ByteArray and loading it at runtime is useless. It doesn't make a difference even if the ByteArray is encrypted by the most sophisticated cipher in the world. Since the decryption algorithm, and more importantly the decryption key, is encoded in the external loader, the encryption does not provide any extra security.
Next the pass the SharifyFactory_encryptedSwf through the decryption algorithm to obtain the actual implementations. We can see that every time the application starts, the Sharify class would verify the license key against Sharify Server. The application listens for the SharifyStatus Event and responds accordingly.
Now here comes the interesting part, how can one bypass Sharify licensing scheme? For the purpose of this exercise, let's define a successful bypass as the ability to unlock the section of the application that is supposed to be accessible only to registered users.
The hack is actually surprisingly easy and there is no need to mess with the encrypted Sharify class at all. As mentioned, the main application listens for the SharifyStatus Event; therefore, the easiest way is to change the event listener function to fake a STATUS_REGISTERED event (value 102) as shown here.
While Sharify may be an interesting concept, it's quite obvious that a developer should not depend solely on Sharify to protect his/her revenue. I must also stress that Sharify does not protect your intellectual property at all. The source code of the main application is easily accessible from the decompiler.
[UPDATE] This author of Sharify is kind enough to share his thoughts on this post with us. Please read his comment.
Hi there. I know that maybe this isn't the place but could You show how to export Misc Tags from SWF Decompiler and how to use them in new project? Like You did with sherify ir with nitro lm. I would like to get that encrypted content and try to use it in another app (that will decrypt it and save to local file).
ReplyDeleteI want to try doing this.
What do You think about new Nitro LM using ANE and external dll and exe?
Please write me about my previous questions as little_master AT o2.pl