.

How to decompile ActionScript v3 for free?

<<

zelda

Newbie
Newbie

Posts: 8

Joined: Thu Jul 08, 2010 9:52 am

Post Tue Jul 26, 2011 8:12 am

How to decompile ActionScript v3 for free?

Hi guys!

Do you have any experiences with decompiling ActionScript v3 for free?

I have tried to do that with HP SWFScan (they are saying that it supports AS v3), but wasn’t successful. Commercial Sothink SWF Decompiler was able to do that, but not for free  ;)

Thanks for suggestions!

Regards,
zelda 
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jul 26, 2011 9:37 am

Re: How to decompile ActionScript v3 for free?

I've used http://nowrap.de/flare.html in the past to good effect for v1 and v2, and while I have not touched it since my SEC542 class, the OWASP project SWFIntruder may be a good option as well. It's a run-time analysis tool designed for security.

https://www.owasp.org/index.php/Category:SWFIntruder
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

zelda

Newbie
Newbie

Posts: 8

Joined: Thu Jul 08, 2010 9:52 am

Post Wed Jul 27, 2011 5:00 am

Re: How to decompile ActionScript v3 for free?

tturner,

thank you very much for your reply. Unfortunately neither flare or SWFintruter can't decompile SWF with ActionSript v3.

For now it seems that the only option to decompile ASv3 is to buy some commercial product.

zelda
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jul 27, 2011 7:54 am

Re: How to decompile ActionScript v3 for free?

It's also possible that the HP tool is not working because protection mechanisms like http://www.dcomsoft.com/ http://www.kindi.com/swf-encryption.php http://www.amayeta.com/software/swfencrypt/ (as well as many other examples) have been used to prevent it.

There's no guarantee that commercial tools will help here if such methods have been employed.

You may find some other alternatives at http://www.swftools.com/tools-category.php?cat=759

I know one of my developers has used this site for some freeware utilities but I have no direct experience myself.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

zelda

Newbie
Newbie

Posts: 8

Joined: Thu Jul 08, 2010 9:52 am

Post Wed Jul 27, 2011 9:53 am

Re: How to decompile ActionScript v3 for free?

Thanks for the idea with obfuscation - it is definitely obfuscated! But Sothink Decompiler can do the job, while HP SWFScan can't :(

Thanks for the link with alternatives. Still, every tool there, that can possibly do the job can't be used in commercial matter :(

z.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jul 27, 2011 1:26 pm

Re: How to decompile ActionScript v3 for free?

So did Sothink work for you? I'm curious because I may have to take a look at it for my own toolset.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

zelda

Newbie
Newbie

Posts: 8

Joined: Thu Jul 08, 2010 9:52 am

Post Thu Jul 28, 2011 2:09 am

Re: How to decompile ActionScript v3 for free?

Sothink worked even in trial version, but you can't export the code (due the trial).

Actually I wasn't able to decompile any ASv3 with HP SWFScan, flare or SWFIntruder, even sample SWF files from web - not obfuscated.

If any of you was successful in it, please let me know.

Thanks,
z.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jul 28, 2011 7:30 am

Re: How to decompile ActionScript v3 for free?

Yeah Flare does not support v3 at all. It's somewhat dated and has not been updated in awhile but it works great for v1 and v2. SwfIntruder is used for runtime analysis, I don't know that it will decompiler a swf but it will provide you much of the same information you'd be looking for in a decompiler with the added benefit of doing several security checks on the analyzed swf. It does support v3 as far as I know. I really don't understand why the HP tool would not work. Would you mind linking to the sample files you are discussing? I'm interested to see whats going on here.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

zelda

Newbie
Newbie

Posts: 8

Joined: Thu Jul 08, 2010 9:52 am

Post Thu Jul 28, 2011 8:33 am

Re: How to decompile ActionScript v3 for free?

I was wrong, sorry  :-[

HP SWFScan can decompile ASv3 but not the one I need to test. Might be because of the obfuscation (?), I don't know.

I tried to obfuscate the ASv3 SWF that was OK with SWFScan before, but now the error showed up "Decompile operation failed".

When I'm trying to decompile the needed file, no error shows up. It just finds "nothing" in the file, except urls and AS version. No source code is found.

z.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software