I'm looking to get back into doing some work with Fusion. I am wondering the current state of security of MFAs embedded in the final products? I would like to do some work with the relay client, in particular. Are things like encryption keys at risk if there are known exploits to extract MFA files?
Well, from what I know, no file from current build can be decompiled and may never will, specially the ones from 2.5+.
Another thing is that the ones that can be decompiled (old builds), they have never figured out how to remove/open a password protected group of events (specially the ones closed before exporting).
Other things to add is that custom icons, alt/global values/strings/flags and comments are also impossible to recover, so you may use that in your advantage.
You can also rename some of the extensions you're using, specially the ones for encryption, you should rename the file both in Extensions and Data\Runtime for it to work correctly, and make sure they match.
(Check Unicode folder as well, and if you're exporting for other platform, change those as well. Please make a backup before messing with that tho)
Thanks for the great information!
I'm thinking of another solution:
you create an empty extension (with the sdk). this extension does not need to have an action, just to be unique, undistributed and present in your mfa.
let's say that I manage to get my hands on your mfa, but that my cf2.5 does not have this extension: I would have a message "failed to open document"
I'm thinking of another solution:you create an empty extension (with the sdk). this extension does not need to have an action, just to be unique, undistributed and present in your mfa.let's say that I manage to get my hands on your mfa, but that my cf2.5 does not have this extension: I would have a message "failed to open document"
Posting Permissions
Reply With Quote