sporst / swfretools Goto Github PK
View Code? Open in Web Editor NEWSWF file reverse engineering tools
SWF file reverse engineering tools
In ActionScript 2 code, it would be better for readability if strings defined in constant pools were surrounded by quotes.
CREATEPROCESS -> CREATE_PROCESS
I don't know how to fork or commit.
sorry for writing such small things like this.
Comparable to the SWFTools swfdump tool.
Right now the user does not know how many tags/functions there are left to try while using Minimizer. This should be improved so that the user knows how much there is left to come.
Right now Flash Dissector shows the unadjusted relative branch offset in the GUI for ActionIf instructions. This makes it difficult to find out where a jump is going. Displaying the adjusted address would make things much easier for users.
Right now the readme file does not explain that you need the JHexView and splib libraries from my GitHub account too.
Same as Issue #21 but for ActionJump.
Right now Flash Dissector swallows parser bugs silently and the user does not get any feedback that something went wrong.
Negative 3-byte signed integer values are not parsed correctly.
As of version 1.1 when displaying ActionScript 2 code in the GUI, ActionPush instructions are shown as blanks instead of ActionPush instructions.
I want to have the ability to drag & drop files into Flash Dissector to load them.
This makes it easier to re-open recently analyzed files.
couldn't open www.justin.tv/widgets/live_embed_player.swf, it quits without warning
Right now all the constants are shown in one line which is not very readable
An exception get's thrown (see below) when attempting to parse a Multiname with a kind.value() of 0x1D. I modified MultinameInfoParser class to include kind.value() and fieldName in the exception message.
Exception in thread "AWT-EventQueue-0" java.lang.IllegalStateException: Invalid multiname type: 29, fieldName: DoABC::ABCData::constant_pool::multiname[6]::data
at tv.porst.swfretools.parser.structures.MultinameInfoParser.parseData(MultinameInfoParser.java:34)
at tv.porst.swfretools.parser.structures.MultinameInfoParser.parse(MultinameInfoParser.java:41)
at tv.porst.swfretools.parser.structures.ConstantPoolParser.parse(ConstantPoolParser.java:68)
at tv.porst.swfretools.parser.structures.AS3DataParser.parse(AS3DataParser.java:18)
at tv.porst.swfretools.parser.tags.DoABCParser.parse(DoABCParser.java:33)
at tv.porst.swfretools.parser.tags.TagParser.parseTag(TagParser.java:165)
at tv.porst.swfretools.parser.tags.TagParser.parseTag(TagParser.java:76)
at tv.porst.swfretools.parser.tags.TagParser.parse(TagParser.java:213)
at tv.porst.swfretools.parser.SWFParser.parse(SWFParser.java:95)
at tv.porst.swfretools.dissector.gui.main.models.FileModel.openFile(FileModel.java:63)
at tv.porst.swfretools.dissector.gui.main.implementations.FileActions.openFile(FileActions.java:61)
at tv.porst.swfretools.dissector.gui.main.actions.OpenAction.actionPerformed(OpenAction.java:49)
The following links should be of some help in writing a parser for the Vector type:
Right now there is no feedback in the GUI about what is happening internally. A progress dialog would give this feedback.
Once in a while there are nested SWF files inside a SWF file or shellcode is stored in a DefineBinaryData tag. It would be cool if there was a right-click menu in the Flash tree to dump all structures.
In Flash Dissector, the DoAction tag action list is not shown in the GUI.
Because going through all tags and functions one by one is too slow.
When showing ActionScript 2 code in the GUI, unknown instructions are shown as blanks. A better idea is to show them as unknown instructions with their unknown action code.
yerDebugger.exe e:\ToDo\cve-2011-2110\main.swf
Minimizing SWF file F:\Tools\flex_sdk_4.1\runtimes\player\10.1\win\FlashPlayerDe
bugger.exe with player e:\ToDo\cve-2011-2110\main.swf
Trying to remove tag FileAttributes (1 of 9) at offset 00000015 ... KEEP
Trying to remove tag Metadata (2 of 9) at offset 0000001B ... KEEP
Trying to remove tag ScriptLimits (3 of 9) at offset 000001E8 ... KEEP
Trying to remove tag SetBackgroundColor (4 of 9) at offset 000001EE ... KEEP
Trying to remove tag FrameLabel (5 of 9) at offset 0000020F ... KEEP
Trying to remove tag DoABC (6 of 9) at offset 00000216 ... Exception in thread "
main" java.lang.NegativeArraySizeException
at tv.porst.splib.arrays.ArrayHelpers.removeData(Unknown Source)
at tv.porst.swfretools.minimizer.Minimizer.removeTags(Unknown Source)
at tv.porst.swfretools.minimizer.Minimizer.main(Unknown Source)
i'm using swftools_120.zip
thx
For each action, the tree only shows an ACTION entry without showing information for each specific action type.
Which in turn leads to a nullpointer exception.
As of version 1.1, PushDuplicate instructions are not shown in the GUI.
The DefineBinaryData tag can contain nested SWF files. Parse those recursively.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.