The team I recently working with mainly developing AIR application on Windows Vista, our designers using Macs though. AIR can be run both on Windows and Mac, but we experienced several Mac-only crashes.

We have several Flex developers, I have to use some of my time review code for other developers even rewriting some of buggy code. The designer working on Flex Builder for skinning will run the application on his Mac a few days a month, until he ran Flex Builder we knew the application got crash on Mac. I had to use several hours to find and fix the problem. A month and more later he opened his FB again and the application crash again.

Crash Reasons?

Totally three Mac-only crashes I fixed. Now I work remotely at home and using my own Macbook so there will no more ‘silent’ Mac-only crash will happen. Here’s reasons I found which caused Mac-only crashes:

• SQLite database object AMF3 deserialization, in a special case of object serialized with a single object to be stored several times into database table.
• A fault application menu was added.
• SQLite database, a write transaction was added into a function which has several read transactions running in parallel. Also, it seems several ‘select all’ read transactions at the same time cause occasionally crash as well.

Avoid Mac-only Crashes

• If application need to be run on Mac, have at least one developer working on Mac. Fixing a Mac-only bug after several weeks is hard than regular bugs. For agile development, bug should be find as soon as possible, if a month later find application cannot be run on Mac, a senior developer have to use at least several hours if unlucky.
• Be careful when working on SQLite database. The first crash was because of an unsafe usage of reference, reuse a single object reference sometime cause unknown issues like this; for 3rd crash, although SQLite can have a single write transaction to be run at the same time of several read transactions, as ‘writer’ will wait for an exclusive lock until all ‘readers’ complete, SQLite engine inside AIR might not handler it correctly, at least on Mac.

I have a long time searching for security on SQLite database, as far as I know encryption was a commercial extension for SQLite and not sure whether Adobe will implement it for AIR SQlite engine. It really a great news now Adobe AIR 1.5 support encrypted SQLite database. Thanks, Adobe AIR team.

Using encryption with SQL databases

Introducing Adobe AIR 1.5

Shocked by Doug Mccuue’s post, I decided to have a test on obfuscation and decompiler together, to see how safe my own Flex/Air code bases.

SWF Encrypt

For a long time I was impressed by SWF Encrypt, although it’s not a real encryption, should be something interest if it can obfuscate code well for me.

Sothink Decompiler

In AS2 days I used to use the free Flare written by Igor Kogan, it was a great tool to help to search where co-workers hide their code inside FLA files. But now I need a AS3 version it no longer support. I read a post by Lee Brimelow about Sothink decompler several months before, so I would like to give it a try.

Test

SWF Encrypt trial version let me try 25 times, I made a secure swf from my AIR swf file.

Sothink Decompiler can read my origin AIR swf file easily, include almost all assets and code packages. Unfortunately the trial version do not let me check source code.

I found code structure in Sothink quite clear and accurate matching my own code base. I decided to buy it as the price not a problem $79.

Result

From my original AIR swf file, Sothink can read almost all my code, that….hell!

From secure AIR swf file, Sothink again, read most of my code, only several properties and function names hide.

Conclusion

First, the dark side, our code is definitely not safe.

Second, I do not feel SWF Encrypt doing its own job, I hope it can at least change my property/function names so even decompilers can take out all code, still hard to understand. SWF Encrypt really hide several properties/function names, but only very few of them.

Third, I found Sothink useful. Flex framework itself is a giant code base, Sothink decompiler code give some other code we cannot see and realize in MXML files.

Update: finty is right. I forgot Flex compiler can generate source code itself.