Knocking out the Assets Protector

I recently came across another commercial intellectual property protection tool for the Flash platform. I realize it has been a while since I reviewed one of these tools, so it's time to see how much the field has evolved, if at all.

The AssetProtector is designed to protect your external assets, like images, music, and XML files, by encryption. Your Flash application will need to use a special loader, an extension of the Loader Class, to load and decrypt the protected assets at runtime. This tool may be useful for game developers, who wish to prevent others from stealing their graphics or modifying the game files.

The AssetProtector contains three separate entities - 1) the Protector Machine, an offline encryption tool that works on your external assets; 2) the Asset Loader, a dummy SWC library that allows you to interact with the special loader via actionscript; and 3) the Protector Agent, an SWF file that you will need to deploy along with your main SWF and encrypted assets. It is obvious that the Protector Agent is the heart of this intellectual property protection scheme as it contains that actual implementation of the special loader class. The main task, therefore, is to understand how the Protector Agent works.

As always, we start by passing the Protector Agent SWF through your favorite decompiler. Any semi-experienced Flash developer would immediately recognized that the SWF has been processed by secureSWF. At least the creator of Protector Agent is willing to pay for the full version, unlike some other developers. secureSWF does a good job obfuscating names and strings, many it very difficult to read the decompiled scripts. Fortunately, one can easily build a tool to deobfsucate those names and strings. I won't publish the source code, but I can assure you that it is easily doable.

Next, we notice that there is a bunch of stuff located after the End SWF tag, which should normally be the last tag in an SWF file. Instead of embedding data using the DefineBinaryData tag, the creator of Assets Protector attaches another SWF file to the end of the Protector Agent SWF file, and uses the loaderInfo.bytes property to access it at runtime.

After we extract the inner SWF, we pass it through the decompiler again. Strange enough, the commercial decompilers keep crushing. It turns out, the creator used a very very long name for a dummy function and repeated that function hundreds of times. The amount of text needed to be displayed by the decompiler is so large that it crushes the commercial decompilers. This can easily be fixed by renaming that function name (a reference to the string pool) into something shorter. After this small modification, the SWF is decompiled beautifully.

This time, we notice some very long Base64 encoded strings. It is clear that they represent some other embedded SWF files. We decode and decompile them again, and we are finally greeted with two functions - pull, which takes one ByteArray parameter and returns a string, and getBytes, which takes one ByteArray and one string parameters and returns another ByteArray. If you study the code a bit, you will realize that the pull function takes the original Protector Agent SWF as a parameter and extracts a string from it. This string is most likely the encryption key used in encrypting the external assets. The getBytes function takes the protected assets and the encryption key as parameters and returns the decrypted assets.

Finally, we test the whole process on the supplied demo project. The encryption key is "12345" and all the protected assets can be decrypted by processing them through the getBytes function.

So, what is the final verdict? Well, as everyone knows, Flash is an open specification, therefore, any SWF can be reverse engineered by a decompiler. If someone is determined to steal your intellectual properties, they will succeed, eventually. Tools like AssetProtector may be useful to shut up investors and managements, but they offer little concrete protection to your intellectual properties. Ultimately, knowledge and ideas are meant to be shared for the benefit of humanity.