Is it possible to use SecureSWF and still utilize reflection?
https://stackoverflow.com/questions/11549942
-
21-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
I have just inherited a project that uses SecureSWF. I am trying to utilize RobotLegs (which uses SwiftSuspenders for reflection to implement dependency injection) and have just discovered that SecureSWF breaks the build. Has anyone had a similar problem? Is there a workaround? Is it possible to obscure a SWF that's built with RobotLegs at all?
Lösung
It's straightforward, actually. You need NAMES for reflection. And they are the primary target for ANY kind of obfuscation and mangling. Since we absolutely can not abuse the verify mechanism in flash player VM (which is damn good), we have no way in getting around it.
I'm using secureSWF too, and I have a mechanism of sewing skins and controllers together with descrybeType() and a hell of a lot of checking of types and members. I exclude my sensitive to obfuscation classes from the protection workflow. They are of no use to a hacker anyway.
