利用Alchemy加密的破解方法

Alchemy由于是C编译的，其实相当于代码混淆，然后利用混淆的代码去解密。 如
as3加密入门-1使用alchemy进行代码混淆

也就是将原有SWF分为3份：

加载模块。
Alchemy解密模块。

加密的主程序。
然后就是利用加载模块去分别加载 解密模块和主程序，然后用解密模块的解密函数去解密主程序。

看似很完美，但是加载模块还是可以反编译，然后就可以知道所使用的 解密模块的包名和函数了。

然后我们可以自己自己写加载模块，并利用ApplicationDomain.currentDomain.getDefinition()获取函数所在类并调用解密函数。

火影世界 这个游戏就是利用Alchemy加密的，可以使用此方法破解。

<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600" creationComplete="application1_creationCompleteHandler(event)">

<s:Button left="2" top="2" label="加载Main" click="button1_clickHandler(event)"/>
<s:Button left="80" top="2" label="破解" click="button3_clickHandler(event)"/>

<fx:Declarations>
<!-- Place non-visual elements (e.g., services, value objects) here -->
</fx:Declarations>
<fx:Script>
<![CDATA[

import flash.utils.describeType;
import flash.utils.getDefinitionByName;

import mx.core.UIComponent;
import mx.events.FlexEvent;

private var loader:Loader;
private var ui:UIComponent = new UIComponent();

protected function button1_clickHandler(event:MouseEvent):void
{
// TODO Auto-generated method stub
//FSM_decodeData.start();
loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, onComplete);
var lc:LoaderContext = new LoaderContext();
lc.applicationDomain = ApplicationDomain.currentDomain;
loader.load(new URLRequest("Main[1].swf"), lc);
}

private function onComplete(event:Event):void
{
loader.contentLoaderInfo.removeEventListener(Event.COMPLETE, onComplete);
var ad:ApplicationDomain = ApplicationDomain.currentDomain;

//trace(flash.utils.describeType(ad));
var cls:Class = ad.getDefinition("MainSelfPreLoad") as Class;
var preLoad:MovieClip = new cls();

ui.addChild(preLoad);

}

protected function application1_creationCompleteHandler(event:FlexEvent):void
{
// TODO Auto-generated method stub
addElement(ui);
}

private var stream:URLStream;
private var helper:*;
private var resourceManger:*;
protected function button3_clickHandler(event:MouseEvent):void
{
var ad:ApplicationDomain = ApplicationDomain.currentDomain;
var tmp1:Class = ad.getDefinition("MainLoader") as Class;
//var tmp2:Class = ad.getDefinition("Resource") as Class;
var tmp2:Class = getDefinitionByName("com.mxw.common.gameCommon.managers.Resource") as Class;
var rm:Class = getDefinitionByName("com.mxw.common.gameCommon.managers.ResourceManager") as Class;

resourceManger = new rm();
var hc:Class = getDefinitionByName("com.mxw.common.LoaderHelper") as Class;

helper = new hc();

stream = new URLStream();
stream.addEventListener(Event.COMPLETE, onBytes);
stream.load(new URLRequest("MainLoginServer[1].swf"));//Main是加载器没加密，加密的一个是MainLib是游戏，一个是MainLoginServer是登陆。

//helper.decodeData();
}

private function onBytes2(event:Event):void
{
var tmp:ByteArray = new ByteArray();
stream.readBytes(tmp, 0, stream.bytesAvailable);
var bytes:ByteArray = helper.decodeData(tmp);

var file:FileReference = new FileReference();
file.save(bytes, "Decoded.swf");
}
]]>
</fx:Script>

</s:Application>