secureSWF Changelog

What's new in secureSWF 4.6 Build 3883

Dec 11, 2014
  • Support for AIR 15: We now support all AIR versions. Including AIR 15 beta.
  • Manual Activation: If you need to activate secureSWF on an offline, or behind a firewall, machine, you can now use the manual activation process. The new release can generate a Machine ID which you can use to acquire a Verification Key from the following page: http://www.kindi.com/verify-v4/
  • Using your registration information, and the Verification Key, you can activate secureSWF without the need to connect to the activation server. Of course, this will only work on the machine which you have used to generate the Machine ID.
  • The manual activation process can be done via the GUI or the CLI.
  • Enhanced Protection Against Decompilers: As we frequently do, the new build also updates the protection mechanisms we use to prevent decompilers from generating anything useful or running at all. We recommend that you re-run your apps through the new version and publish an update.
  • Better String Encryption Performance: We’ve enhanced the performance of the string decryption routine, which runs every time your code accesses an encrypted string. This means your app will now perform a bit faster if you are using string encryption. The enhancement applies to both RC4 and AES algorithms.
  • Bug Fixes: We’ve fixed an issue with String Encryption advanced selection dialog in the GUI. We’ve also fixed almost all reported crashes. Please keep sending crash reports. We rely on them to make secureSWF more stable and reliable.

New in secureSWF 4.5 Build 3859 (Nov 8, 2013)

  • Eliminated the need for Flex or AIR SDKs. secureSWF can now sign AIR and APK files all by itself.
  • Internal certificate for signing AIR and APK files when none is provided.
  • Generate AIRI from AIR files and vice versa.
  • Ability to protect native desktop AIR apps.
  • Protection options have been enhanced to crash all the latest decompilers.
  • Packages, classes, and non-private members are excluded from renaming in SWC files by default.
  • Export to Ant now generates separate rules for protection options and renaming options.
  • Fixed inconsistent results when protecting with GUI and then exporting to Ant.
  • OS X 10.9 and Windows 8.1 support.
  • Fixed retention of save each file as in Windows.
  • Fixed relative path issues on Mac.
  • Rules list in the configuration options tab got redesigned.
  • Added search for literal strings.
  • GUI now saves maximized state.
  • Fixed finding main SWF file in AIR and APK apps containing spaces in their names.
  • Export to Ant utility now saves the latest used location.
  • Fixed “Unable to parse the engine output” issue.
  • Added ability to activate secureSWF from Ant.
  • Fixed applying renaming values in configuration rules.
  • Fixed all reported crashes which we were able to regenerate.

New in secureSWF 4.0 Build 3718 (Nov 12, 2012)

  • Reworked Identifiers Renaming:
  • Redesigned secureSWF's identifier renaming from the ground up to give you better protection, faster performance, and more control than ever.
  • Completely new renaming engine.
  • Cross SWF files renaming.
  • Supports user defined namespaces.
  • Highly increased ability to rename much more identifiers than previous version.
  • More stable with clear auto selection and exclusion.
  • Configurable post build renaming check.
  • Renames method's local variables.
  • Four new renaming modes.
  • More aggressive use of ActionScript keywords for new names.
  • Incremental renaming. Reload the mapping table in the future.
  • Single JSON based renaming mapping table for the entire project.
  • Advanced and easy-to-use identifiers browser to change renaming settings.
  • Configurable to select all members through parent node.
  • More detailed identifier information.
  • Enhanced Code Protection:
  • Protect your intellectual property from sophisticated decompilers with secureSWF's beefed-up security algorithms and options.
  • All protection algorithms have been reworked to break latest decompilers.
  • New Integer Data Obfuscation protection options.
  • Configurable Statement-level Randomization intensity.
  • Enhanced Control Flow Obfuscation for stability.
  • Manually set a randomization seed to allow identical files regeneration.
  • Better String Encryption:
  • With secureSWF v4, potentially sensitive embedded strings get even more shielding from prying eyes.
  • Choose between fast RC4 or extra-secure AES encryption algorithms.
  • Configurable key length to balance file size and security.
  • Select strings using a pattern.
  • Select all strings.
  • Get warnings for strings left unencrypted.
  • Advanced Domain Locking:
  • Keep your code from running on unauthorized domains with secureSWF's industry-leading domain locking features.
  • Choose between fast RC4 or secure AES encryption algorithms.
  • Configurable key length to balance file size and security.
  • Use wildcards such as * to include all sub domains.
  • More secure and more stable.
  • Sophisticated Encrypted Loader:
  • Cloak your SWF files and lock down your intellectual property with secureSWF's powerful and customizable encrypted loader.
  • Fully encrypts your SWF files
  • Fast and secure decryption only at runtime
  • Protects against memory debuggers
  • Advanced preloader designer
  • Many templates to choose from
  • Add links to preloader
  • Saves preloader design in a separate file
  • New SWF and Project File Formats:
  • Thanks to expanded file format support, secureSWF now offers even greater file import/export flexibility and compatibility.
  • Fully supports SWF v13 and v14 with LZMA compression.
  • Latest Flash CS6 and Flex 4.6 support.
  • Supports APK files for Amazon market place.
  • New JSON based project file format.
  • Saves relative paths.
  • Imports files from other projects.
  • Comprehensive Code Optimization:
  • Projectwide code optimization puts overweight ActionScript on a diet and gives users a snappier experience.
  • Replaces debug line numbers.
  • Replaces debug file names.
  • Merges code linkage.
  • Merges byte code blocks.
  • Resort the constant pool.
  • Finalizes classes.
  • Finalizes methods.
  • Makes methods static when possible.
  • Privatizes fields.
  • Privatizes methods.
  • Removes write-only fields.
  • Replaces constants with their literal values.
  • Converts read-only fields to constants.
  • Removes function parameters.
  • Removes trace calls.
  • Removes dead code.
  • Optimizes imports.
  • Optimizes push instructions.
  • Optimizes integer arithmetics.
  • Replaces method calls with the method code (function inlining).
  • Configurable code optimization for each package, class, or class member.
  • Smart SWF Optimization:
  • secureSWF's intelligent SWF optimization makes your Flash apps lean and mean and blazing fast.
  • Super compression uses LZMA when possible.
  • Lossless images optimization.
  • Reduces 2D graphics shapes size.
  • Merges 2D graphics lines to improve performance.
  • Optimizes fonts.
  • Images re-compression.
  • Trims tags.
  • Trims shapes data.
  • Trims fonts data.
  • Removes frame labels.
  • Removes unused fonts.
  • Removes unused images.
  • Removes unused shapes.
  • Removes unused sounds.
  • Removes unused sprites.
  • Removes unused videos.
  • Redesigned GUI:
  • No matter what development platform you prefer, secureSWF v4's OS-native GUI has been updated with an improved appearance and more efficient workflow.
  • Separate native GUI for each platform.
  • Native executable for Windows using standard look-and-feel.
  • Cocoa based GUI for Mac OS X 10.5, 10.6 and 10.7.
  • GTK 2 based GUI for Linux.
  • Automatically finds Flex and AIR SDKs.
  • Manages Flex and AIR SDKs.
  • Auto-updates while running.
  • Easier to use protection presets.
  • Help information attached to each set of options.
  • Reworked stack trace translator.
  • Improved Configurable Rules.
  • Expanded Integration Framework:
  • Always easy to get along with, secureSWF now plays even nicer with third-party tools and environments.
  • Separate cross-platform Java-based engine contained in a single Jar file.
  • Fully featured command line interface (same used by GUI).
  • Fully featured Ant task.
  • Auto-generate Ant script from GUI with all necessary files including engine jar file.
  • JSON-based human-readable project files.
  • All project file fields can be used in Ant.
  • All project file fields can be overridden in CLI.
  • Multiple CLI modes: analyze, execute, run, activate.
  • CLI output can be in JSON for easy parsing.
  • Generates project files from CLI using any preset.
  • Activates directly through Ant.

New in secureSWF 3.6 Build 5762 (Jul 13, 2011)

  • Integration with Powerflasher FDT
  • FDTWouldn’t it be great to run secureSWF inside the most advanced Flash development platform? You will find a 5th download option when you download secureSWF v3.5; an FDT plugin! Copy the file into FDT plugins folder and a new secureSWF button will appear in FDT toolbar. That’s all what it takes to start running secureSWF within FDT.
  • Kindisoft and Powerflasher are also announcing today a new partnership to empower you to make the best out of the Flash platform. secureSWF v3.5 is just a beginning of a much closer integration along the way. We’ll be working closely with the FDT team to bring you the ability to declare obfuscation settings within your code, debug obfuscated files, export a complete auto build script with a click of a button, and much more.
  • Remove Debugging Information
  • Keeping debugging information in released Flash applications can be useful for error reporting because source code line numbers and files names where an exception has been thrown can be found in the call stack. Unfortunately, this information is also available to attackers trying to reverse-engineer your code and it also costs a lot of file size.
  • New options in secureSWF v3.5 will enable you to remove all debug information that you will no longer need outside a debugger, but will keep the source code line numbers. Error messages will show the obfuscated call stack trace (which you can de-obfuscate using the mapping table) with the line numbers.
  • Local Variables Renaming for ActionScript 3
  • Variables declared within the function scope in ActionScript 3 are usually compiled as registers without their specified names. But when they are not, for a number of reasons, the identifiers names are passed along the compiled code giving decompilers the ability to regenerate a very closer version on the original source code. With secureSWF v3.5, you can enable the ability to rename local variables in the few cases were they are still in the compiled code.
  • Control Over Randomization
  • Randomization is one of the most important protection mechanism for secureSWF. Proper randomization what makes it impossible to create another tool to reverse secureSWF protection. The downside is that a completely different SWF file will be generated every time you run secureSWF, which might not be favorable for testing or verification.
  • To solve the dilemma, we added a new checkbox in the “Protection Options” tab labeled “Randomize Results” checked by default. When unchecked, secureSWF will generate exactly the same protected SWF file. This will guarantee a consistent output for the identical files and identical configurations.
  • Detailed File Save Options
  • Official support for Adobe Flash CS5
  • Flash CS5With secureSWF v3.5 we officially support Adobe Flash CS5. You can now switch to CS5 with confidence that you can still rely on us to protect your work.

New in secureSWF 3.5.0 (May 27, 2010)

  • Integration with Powerflasher FDT:
  • Wouldn’t it be great to run secureSWF inside the most advanced Flash development platform? You will find a 5th download option when you download secureSWF v3.5; an FDT plugin! Copy the file into FDT plugins folder and a new secureSWF button will appear in FDT toolbar. That’s all what it takes to start running secureSWF within FDT.
  • Kindisoft and Powerflasher are also announcing today a new partnership to empower you to make the best out of the Flash platform. secureSWF v3.5 is just a beginning of a much closer integration along the way. We’ll be working closely with the FDT team to bring you the ability to declare obfuscation settings within your code, debug obfuscated files, export a complete auto build script with a click of a button, and much more.
  • Remove Debugging Information:
  • Keeping debugging information in released Flash applications can be useful for error reporting because source code line numbers and files names where an exception has been thrown can be found in the call stack. Unfortunately, this information is also available to attackers trying to reverse-engineer your code and it also costs a lot of file size.
  • New options in secureSWF v3.5 will enable you to remove all debug information that you will no longer need outside a debugger, but will keep the source code line numbers. Error messages will show the obfuscated call stack trace (which you can de-obfuscate using the mapping table) with the line numbers.
  • Local Variables Renaming for ActionScript 3:
  • Variables declared within the function scope in ActionScript 3 are usually compiled as registers without their specified names. But when they are not, for a number of reasons, the identifiers names are passed along the compiled code giving decompilers the ability to regenerate a very closer version on the original source code. With secureSWF v3.5, you can enable the ability to rename local variables in the few cases were they are still in the compiled code.
  • Control Over Randomization:
  • Randomization is one of the most important protection mechanism for secureSWF. Proper randomization what makes it impossible to create another tool to reverse secureSWF protection. The downside is that a completely different SWF file will be generated every time you run secureSWF, which might not be favorable for testing or verification.
  • To solve the dilemma, we added a new checkbox in the “Protection Options” tab labeled “Randomize Results” checked by default. When unchecked, secureSWF will generate exactly the same protected SWF file. This will guarantee a consistent output for the identical files and identical configurations.
  • Detailed File Save Options:
  • Ok. We get it. You want to specify a new name for each file and you want that saved in the project configuration file. secureSWF v3.5 will save the selected output option and adds a new save option that enables you to specify the new name for each file if you want to.
  • Official support for Adobe Flash CS5
  • With secureSWF v3.5 we officially support Adobe Flash CS5. You can now switch to CS5 with confidence that you can still rely on us to protect your work.

New in secureSWF 3.4.0 (Oct 27, 2009)

  • Super Compression
  • Complete AIR and SWC Files Support
  • Uber-Detailed Configuration Rules

New in secureSWF 3.3.0 (Jun 6, 2009)

  • Advanced Code Transformation Selection.
  • Exclude 3rd-Party SWC Code.
  • Enhanced control flow obfuscation.
  • PDF Reports.
  • Easier Classes navigation.
  • Enhanced CLI and Ant Scripr integration.
  • Enhaced performance: better memory usage.

New in secureSWF 3.2.0 (Mar 4, 2009)

  • Includes several bug fixes and introduces three new features.
  • Control Over Aggressive Renaming - Aggressive Renaming turns identifiers names into a mix of symbols, whitespaces, and numbers that are illegal for ActionScript. While this is completely safe for the Flash Player, it causes trouble when parsing and writing XML. You can now turn aggressive renaming off for better compatibility with XML data-binding. When turned off, the new identifiers names will still be illegal for ActionScript, but fine with XML.
  • Using ActionScript Keywords for New Identifiers Names - You will find another new checkbox in the Identifiers Renaming tab. When "Use ActionScript Keywords" is checked, Identifiers Renaming will use ActionScript reserved words, such as switch, case, if, while, do... etc, for 38 of the new identifiers names whither they are packages, classes, functions or variables. It will randomly select the identifiers that will be renamed into ActionScript keywords.
  • Local Execution Prevention - We thought you might find it useful to prevent users from running your Flash application locally while it can still run on every other domain. The new checkbox under Encrypted Domain Locking will do just that if you don't want to lock your SWF file to your domain while still don't want users to run it on their local machine.
  • Bug Fixes - We've done many general enhancements and fixed almost every issue that was reported to us through the Error Reporting tool. Most significant fixes are: A better layout for the Protection Options tab, we've fixed the issue with activating secureSWF on some localized versions of Windows, smart renaming now works for ActionScript 3 frame labels, and we now properly fill up the identifiers tables for ActionScript 2.