I heard on Russian twitter that flash decompilers fail to parse embeded binary data (for example another SWFs). Tested it locally and that rendered to be true — the content of embeded SWF was impossible to extract. That seemed so simple yet effective. Just use something like
[Embed(source="swf.swf", mimeType="application/octet-stream")]
Someone could write a simple command line script to split SWFs into several parts to embed them inside a loader SWF and assemble again. Or it’s possible to add simple encryption to go further.
This idea is indeed very simple so someone might have made a tool like this already. I didn’t find a tool but I did find a post about this technique. And since then I successfully used it in one of my projects.
Code obfuscation is not an easy task. If they can`t decompile you code today, they can tomorrow. But you can`t change your code protection after publishing you swf.
I hear that you can read unprotected swf from memory where it will br stored.
Yura
Embedding is not obfuscation