dcsimg
A Flash Developer Resource Site

Page 2 of 2 FirstFirst 12
Results 21 to 38 of 38

Thread: Please decompile my site, if you can...

  1. #21
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    Whooooa okay. So what decompiler was able to pull that out? It looks like really similar output to the hp thingy...
    what's weird is that it wasn't a private class, it was a public class...

  2. #22
    Member
    Join Date
    Jul 2005
    Location
    Brisbane, Australia
    Posts
    66
    it was the hp decompiler, there are regexs to exclude certain classes and properties in the settings.

  3. #23
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    What did you exclude to make it show the class? I'm baffled...I would have figured it couldn't get past that instantiation and hung for good...

  4. #24
    Member
    Join Date
    Jul 2005
    Location
    Brisbane, Australia
    Posts
    66
    I just unticked it all.

  5. #25
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    Ah. So the only thing about it that was keeping the decompiler from finding it was that it was an internal class in the document file, which was being read as package * ...that last one you unticked, ^\*

    fun.

    I give up.

  6. #26
    a.k.a gltovar deadlock32's Avatar
    Join Date
    May 2001
    Location
    Naperville,IL
    Posts
    489
    how 'bout an obfuscator? sure some one could decompile your code but if its hard enough to read... does that add up for anything?

    PHP Code:
    import flash.utils.ByteArray;

    // a resource manager specialized for maps 
    public class MapResourceManager 
        
    extends ResourceManager 
    {
      public static function
          
    canLoadResWithIndex(idx:int):Boolean
      
    {
        
    // if the resource is null, it cannot load 
        
    return getResFromIndex(idx) != null;
      }
        
      public static function 
          
    loadResString(idx:int):String
      
    {
        var 
    cl:Class = getResFromIndex(idx);
        if (!
    cl)
          return 
    "error";
                
        
    // convert the data into a text string with 
        // 'end' suffix.        
        
    var data:ByteArray =
        new 
    cl as ByteArray;
        
        return 
    data.toString() + 
        
    "end.";
      }
    // end class 
    vs

    PHP Code:
    import flash.utils.ByteArray;

    public class 
    _wm3952 
        
    extends _lc4996 
    {        
      public static function 
        
    _fi5847(_vr345:int):Boolean
      
    {
        return 
    _ya7618(_vr345) != null;
      }
        
      public static function 
          
    _dm6121(_vr345:int):String
      
    {
        var 
    _zu342:Class = _ya7618(_vr345);
        if (!
    _zu342)
          return 
    irrcrpt(87"kzrd");
                
        var 
    _lw654:ByteArray 
        new 
    _zu342 as ByteArray;
        
        return 
    _lw654.toString() + 
        
    irrcrpt(23"uzd.");
      }    


    Alternatively I've been tinkering around with the idea of coding on in a swf at run time:

    ( i made a lil vid of it):
    http://www.youtube.com/watch?v=yD2axVpM3NE

    It caused me to look at sourcebinder.org where they give you the oppertunity to design swfs using a visual tool ( like a UML or flow chart ) but you can edit/create code live as well. I am pretty sure they are creating the code using a converting strings to byte arrays and loading them as if they are swfs... ( its a educated guess )

    if they can do that, it could mean you could have a textfile/textfiles of actionscript you load in at run time, convert them to bytecode and load them into your swf. Then you can encrypt the external text you are loading some how.

    just ideas = P

  7. #27
    Will moderate for beer
    Join Date
    Apr 2007
    Location
    Austin, TX
    Posts
    6,801
    AS3 classes are stored as doABC bytecode blocks in the swf file. It's not as simple as loading up a String as a class. At least, I really don't think so. I'd love to be proven wrong.

  8. #28
    a.k.a gltovar deadlock32's Avatar
    Join Date
    May 2001
    Location
    Naperville,IL
    Posts
    489
    Quote Originally Posted by 5TonsOfFlax View Post
    AS3 classes are stored as doABC bytecode blocks in the swf file. It's not as simple as loading up a String as a class. At least, I really don't think so. I'd love to be proven wrong.
    correct, there is a TON of work to convert a string to a class = P but once that is taken care of.... = P

    I can't talk about what sourcebinder.org is doing behind the scenes... mainly due to their EULA on their alpha (specifically the reverse engineering part); but without decompiling, you can see they are converting strings into swfs, which is no small feat = D

  9. #29
    Will moderate for beer
    Join Date
    Apr 2007
    Location
    Austin, TX
    Posts
    6,801
    It's pretty straightforward, actually. The trick is doing it client-side instead of with the flex compiler on the server. I wonder whether a java applet could be made to leverage the flex compiler client-side. Even if so, that would almost certainly fall afoul of Adobe's licensing terms for redistribution. Maybe Haxe?

  10. #30
    Ө_ө sleepy mod
    Join Date
    Mar 2003
    Location
    Oregon, USA
    Posts
    2,441
    Woah - I snooze for one day and this thread exploded :P

    I just ran your last swf through SO Think and Trillix, here's what I got:

    PHP Code:
    //  SO Think
    ErrorError #1503: A script failed to exit after 30 seconds and was terminated.
        
    at fckoff/boogie()
        
    at fckoff/noImg()
        
    at fckoff/noImg()
        
    at fckoff()
        
    at SafeDocument() 
    PHP Code:
    //  Trillix
    //class SafeDocument
    package 
    {
        
    import flash.display.*;
        
        public class 
    SafeDocument extends flash.display.MovieClip
        
    {
            public function 
    SafeDocument()
            {
                
    super();
                
    addChild(new fckoff());
                return;
            }
        }
    }

    import flash.display.*;
    import flash.events.*;
    import flash.net.*;
    import flash.system.*;


    class 
    fckoff extends flash.display.MovieClip
    {
        public function 
    fckoff()
        {
            var 
    loc1:*;
            var 
    loc2:*;
            var 
    r:flash.net.URLRequest;

            
    null;
            
    = new Loader();
            
    = new LoaderContext();
            
    = new Sprite();
            
    vx 10;
            
    vy 10;
            
    super();
            try
            {
                
    = new URLRequest("http://www.joshstrike.com/images/web/savela1.jpg");
                
    cc c;
                
    cc.securityDomain SecurityDomain.currentDomain;
                
    l.load(rcc);
            }
            catch (
    err:Error)
            {
                
    noImg();
            }
            
    init();
            return;
        }

        private function 
    init(arg1:flash.events.Event=null):void
        
    {
            var 
    evt:flash.events.Event=null;
            var 
    loc2:*;
            var 
    loc3:*;

            
    evt arg1;
            
    with (loc3 s)
            {
                
    graphics.beginFill(167116801);
                
    graphics.drawCircle(0, (0), 20);
                
    graphics.endFill();
            }
            
    s.loc3 100;
            
    s.loc3;
            
    addChild(s);
            
    s.addEventListener(Event.ENTER_FRAMEthis.doLoopfalse0true);
            return;
        }

        private function 
    noImg():void
        
    {
            var 
    loc1:*;
            var 
    loc2:*;
            var 
    loc3:*;

            try
            {
                
    boogie();
            }
            catch (
    err:Error)
            {
                
    noImg();
            }
            finally
            {
                
    noImg();
            }
            return;
        }

        private function 
    boogie():void
        
    {
            var 
    loc1:*;

            
    loc1 NaN;
            for (;;) 
            {
                
    loc1 0;
                while (
    loc1 Infinity
                {
                    
    trace("hah");
                    
    loc1 = (loc1 1);
                    
    loc1 = (loc1 1);
                }
                
    noImg();
            }
            return;
        }

        private function 
    doLoop(arg1:flash.events.Event):void
        
    {
            if (
    s.550 || s.0)
            {
                
    vx vx * -1;
            }
            if (
    s.|| s.400)
            {
                
    vy vy * -1;
            }
            
    s.s.vx;
            
    s.s.vy;
            return;
        }

        private var 
    c:flash.system.LoaderContext;

        private var 
    l:flash.display.Loader;

        private var 
    s:flash.display.Sprite;

        private var 
    cc:*;

        private var 
    vx:Number=10;

        private var 
    vy:Number=10;


  11. #31
    Ө_ө sleepy mod
    Join Date
    Mar 2003
    Location
    Oregon, USA
    Posts
    2,441
    Also on the client-side compiling issue does anyone know how wonderfl compiles? I suspect it's serverside from how fast things load up but I've never really dug into it.

  12. #32
    a.k.a gltovar deadlock32's Avatar
    Join Date
    May 2001
    Location
    Naperville,IL
    Posts
    489
    Quote Originally Posted by neznein9 View Post
    Also on the client-side compiling issue does anyone know how wonderfl compiles? I suspect it's serverside from how fast things load up but I've never really dug into it.
    wow super cool, thanks for showing me that

  13. #33
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    wonderfl almost certainly isn't doing anything with the strings to evaluate them... the time it takes to compile, it's gotta be running it against the Flex SDK (does that violate the Adobe terms? ...not sure why it would... the SDK is open source, right?)

    Even if you could pass strings in to compile at runtime within the code, how would it help? Someone could pick off the strings, and whatever encryption method and key you were using would have to be residing in the client-side script...

    What would be cool, and useful, would be a sort of remote access for flash. Something that would copy all the textfields, bitmaps, etc. -- everything on the display chain -- off a file running on a server, show them in a local .swf, and send the whole event flow from those objects, plus the mouse, keys, and other environmental vars back to the server for processing. That would be a radical rewrite of the entire way the VM works, and I doubt we'll ever see anything like it, because protecting .fla source isn't really a priority compared with other security issues... but that would protect the code. It would have a lot of other really nice security-positive results too; for instance, forever removing the need to add wildcards to crossdomain files; being able to write only local paths and remove the possibility of XSS attacks; totally sealing back-end services... yeah. In a perfect world, more than 1% would have the bandwidth to deal with it at 30fps, too.

  14. #34
    a.k.a gltovar deadlock32's Avatar
    Join Date
    May 2001
    Location
    Naperville,IL
    Posts
    489
    heh, maybe onlive could have support for swfs or air ^_^

  15. #35
    a.k.a gltovar deadlock32's Avatar
    Join Date
    May 2001
    Location
    Naperville,IL
    Posts
    489
    hey guys, what about this eval function:

    http://eval.hurlant.com/

    looking though the source, it looks like its converting the code, to byte code and wrapping it with swf bytecode headers and such, and its running functions live.

  16. #36
    Ө_ө sleepy mod
    Join Date
    Mar 2003
    Location
    Oregon, USA
    Posts
    2,441
    Quote Originally Posted by joshstrike View Post
    ...copy all the textfields, bitmaps, etc. -- everything on the display chain -- off a file running on a server, show them in a local .swf, and send the whole event flow from those objects, plus the mouse, keys, and other environmental vars back to the server for processing.
    Most of that could be done with some clever recursion in the dom and careful management of your events...then you could pipe it all up to the server and have some server-side AS3 or even some other language do all your controlling and just pipe back the results...essentially moving the controller outside and dropping a communication bridge in the middle.

  17. #37
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    @deadlock
    that is freakin' AWESOME!
    That library is gonna radically alter or revolutionize the way I write joint AS3 / PHP code...
    it still has the problem of sending all the code into the front-end, where it can be read, but the possibilities for obfuscation and self-modification become pretty much endless when you can eval blocks like that... Thanks!!!

  18. #38
    Senior Member joshstrike's Avatar
    Join Date
    Jan 2001
    Location
    Alhama de Granada, España
    Posts
    1,131
    Alright, I'm ready to revive this thread.

    Go check out my site at strikesapphire.com ...the core of it is loaded up in a file called Hotwire.swf ...basically if you decompile it, you should get nothing more than the the crypto package and a document class plus a couple of internal classes.

    This is about as far as I think the bytearray + obfuscation concept can be pushed. So, I dare anyone to decompile the actual source. I double-dare ya =)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center