-
Senior Member
Whooooa okay. So what decompiler was able to pull that out? It looks like really similar output to the hp thingy...
what's weird is that it wasn't a private class, it was a public class...
-
it was the hp decompiler, there are regexs to exclude certain classes and properties in the settings.
-
Senior Member
What did you exclude to make it show the class? I'm baffled...I would have figured it couldn't get past that instantiation and hung for good...
-
-
Senior Member
Ah. So the only thing about it that was keeping the decompiler from finding it was that it was an internal class in the document file, which was being read as package * ...that last one you unticked, ^\*
fun.
I give up.
-
a.k.a gltovar
how 'bout an obfuscator? sure some one could decompile your code but if its hard enough to read... does that add up for anything?
PHP Code:
import flash.utils.ByteArray;
// a resource manager specialized for maps public class MapResourceManager extends ResourceManager { public static function canLoadResWithIndex(idx:int):Boolean { // if the resource is null, it cannot load return getResFromIndex(idx) != null; } public static function loadResString(idx:int):String { var cl:Class = getResFromIndex(idx); if (!cl) return "error"; // convert the data into a text string with // 'end' suffix. var data:ByteArray = new cl as ByteArray; return data.toString() + "end."; } } // end class
vs
PHP Code:
import flash.utils.ByteArray;
public class _wm3952 extends _lc4996 { public static function _fi5847(_vr345:int):Boolean { return _ya7618(_vr345) != null; } public static function _dm6121(_vr345:int):String { var _zu342:Class = _ya7618(_vr345); if (!_zu342) return irrcrpt(87, "kzrd"); var _lw654:ByteArray = new _zu342 as ByteArray; return _lw654.toString() + irrcrpt(23, "uzd."); } }
Alternatively I've been tinkering around with the idea of coding on in a swf at run time:
( i made a lil vid of it):
http://www.youtube.com/watch?v=yD2axVpM3NE
It caused me to look at sourcebinder.org where they give you the oppertunity to design swfs using a visual tool ( like a UML or flow chart ) but you can edit/create code live as well. I am pretty sure they are creating the code using a converting strings to byte arrays and loading them as if they are swfs... ( its a educated guess )
if they can do that, it could mean you could have a textfile/textfiles of actionscript you load in at run time, convert them to bytecode and load them into your swf. Then you can encrypt the external text you are loading some how.
just ideas = P
-
AS3 classes are stored as doABC bytecode blocks in the swf file. It's not as simple as loading up a String as a class. At least, I really don't think so. I'd love to be proven wrong.
-
a.k.a gltovar
Originally Posted by 5TonsOfFlax
AS3 classes are stored as doABC bytecode blocks in the swf file. It's not as simple as loading up a String as a class. At least, I really don't think so. I'd love to be proven wrong.
correct, there is a TON of work to convert a string to a class = P but once that is taken care of.... = P
I can't talk about what sourcebinder.org is doing behind the scenes... mainly due to their EULA on their alpha (specifically the reverse engineering part); but without decompiling, you can see they are converting strings into swfs, which is no small feat = D
-
It's pretty straightforward, actually. The trick is doing it client-side instead of with the flex compiler on the server. I wonder whether a java applet could be made to leverage the flex compiler client-side. Even if so, that would almost certainly fall afoul of Adobe's licensing terms for redistribution. Maybe Haxe?
-
Woah - I snooze for one day and this thread exploded :P
I just ran your last swf through SO Think and Trillix, here's what I got:
PHP Code:
// SO Think
Error: Error #1503: A script failed to exit after 30 seconds and was terminated.
at fckoff/boogie()
at fckoff/noImg()
at fckoff/noImg()
at fckoff()
at SafeDocument()
PHP Code:
// Trillix
//class SafeDocument
package
{
import flash.display.*;
public class SafeDocument extends flash.display.MovieClip
{
public function SafeDocument()
{
super();
addChild(new fckoff());
return;
}
}
}
import flash.display.*;
import flash.events.*;
import flash.net.*;
import flash.system.*;
class fckoff extends flash.display.MovieClip
{
public function fckoff()
{
var loc1:*;
var loc2:*;
var r:flash.net.URLRequest;
r = null;
l = new Loader();
c = new LoaderContext();
s = new Sprite();
vx = 10;
vy = 10;
super();
try
{
r = new URLRequest("http://www.joshstrike.com/images/web/savela1.jpg");
cc = c;
cc.securityDomain = SecurityDomain.currentDomain;
l.load(r, cc);
}
catch (err:Error)
{
noImg();
}
init();
return;
}
private function init(arg1:flash.events.Event=null):void
{
var evt:flash.events.Event=null;
var loc2:*;
var loc3:*;
evt = arg1;
with (loc3 = s)
{
graphics.beginFill(16711680, 1);
graphics.drawCircle(0, (0), 20);
graphics.endFill();
}
s.y = loc3 = 100;
s.x = loc3;
addChild(s);
s.addEventListener(Event.ENTER_FRAME, this.doLoop, false, 0, true);
return;
}
private function noImg():void
{
var loc1:*;
var loc2:*;
var loc3:*;
try
{
boogie();
}
catch (err:Error)
{
noImg();
}
finally
{
noImg();
}
return;
}
private function boogie():void
{
var loc1:*;
loc1 = NaN;
for (;;)
{
loc1 = 0;
while (loc1 < Infinity)
{
trace("hah");
loc1 = (loc1 - 1);
loc1 = (loc1 + 1);
}
noImg();
}
return;
}
private function doLoop(arg1:flash.events.Event):void
{
if (s.x > 550 || s.x < 0)
{
vx = vx * -1;
}
if (s.y < 0 || s.y > 400)
{
vy = vy * -1;
}
s.x = s.x + vx;
s.y = s.y + vy;
return;
}
private var c:flash.system.LoaderContext;
private var l:flash.display.Loader;
private var s:flash.display.Sprite;
private var cc:*;
private var vx:Number=10;
private var vy:Number=10;
}
-
Also on the client-side compiling issue does anyone know how wonderfl compiles? I suspect it's serverside from how fast things load up but I've never really dug into it.
-
a.k.a gltovar
Originally Posted by neznein9
Also on the client-side compiling issue does anyone know how wonderfl compiles? I suspect it's serverside from how fast things load up but I've never really dug into it.
wow super cool, thanks for showing me that
-
Senior Member
wonderfl almost certainly isn't doing anything with the strings to evaluate them... the time it takes to compile, it's gotta be running it against the Flex SDK (does that violate the Adobe terms? ...not sure why it would... the SDK is open source, right?)
Even if you could pass strings in to compile at runtime within the code, how would it help? Someone could pick off the strings, and whatever encryption method and key you were using would have to be residing in the client-side script...
What would be cool, and useful, would be a sort of remote access for flash. Something that would copy all the textfields, bitmaps, etc. -- everything on the display chain -- off a file running on a server, show them in a local .swf, and send the whole event flow from those objects, plus the mouse, keys, and other environmental vars back to the server for processing. That would be a radical rewrite of the entire way the VM works, and I doubt we'll ever see anything like it, because protecting .fla source isn't really a priority compared with other security issues... but that would protect the code. It would have a lot of other really nice security-positive results too; for instance, forever removing the need to add wildcards to crossdomain files; being able to write only local paths and remove the possibility of XSS attacks; totally sealing back-end services... yeah. In a perfect world, more than 1% would have the bandwidth to deal with it at 30fps, too.
-
a.k.a gltovar
heh, maybe onlive could have support for swfs or air ^_^
-
a.k.a gltovar
hey guys, what about this eval function:
http://eval.hurlant.com/
looking though the source, it looks like its converting the code, to byte code and wrapping it with swf bytecode headers and such, and its running functions live.
-
Originally Posted by joshstrike
...copy all the textfields, bitmaps, etc. -- everything on the display chain -- off a file running on a server, show them in a local .swf, and send the whole event flow from those objects, plus the mouse, keys, and other environmental vars back to the server for processing.
Most of that could be done with some clever recursion in the dom and careful management of your events...then you could pipe it all up to the server and have some server-side AS3 or even some other language do all your controlling and just pipe back the results...essentially moving the controller outside and dropping a communication bridge in the middle.
-
Senior Member
@deadlock
that is freakin' AWESOME!
That library is gonna radically alter or revolutionize the way I write joint AS3 / PHP code...
it still has the problem of sending all the code into the front-end, where it can be read, but the possibilities for obfuscation and self-modification become pretty much endless when you can eval blocks like that... Thanks!!!
-
Senior Member
Alright, I'm ready to revive this thread.
Go check out my site at strikesapphire.com ...the core of it is loaded up in a file called Hotwire.swf ...basically if you decompile it, you should get nothing more than the the crypto package and a document class plus a couple of internal classes.
This is about as far as I think the bytearray + obfuscation concept can be pushed. So, I dare anyone to decompile the actual source. I double-dare ya =)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|