fluscate/bin/fluscate.pl

#!/usr/bin/perl

# fluscate.pl 0.03 - The Flash Obfuscator

# $Id: fluscate.pl,v 1.3 2004/07/23 12:56:07 joko Exp $
# $Log: fluscate.pl,v $
# Revision 1.3  2004/07/23 12:56:07  joko
# updated pod
#
# Revision 1.2  2004/07/23 12:24:52  joko
# pod
#
# Revision 1.1  2004/07/23 12:13:14  joko
# initial commit
#

=pod

  This software is Copyright (C) 2004 Andreas Motl
  Ideas and future AppleScript integration by Holger Marseille.
  
  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License
  as published by the Free Software Foundation; either version 2
  of the License, or (at your option) any later version.
  
  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

=cut


=pod

=head1 Features


=head2 Obfuscation

  See ASO Pro: http://www.genable.com/aso/preview.html
  

=head2 Functions

  fluscate handles two different styles of function declarations:

  1. "Normal" ones
      function mp3Player ('arg1', 'arg2')

  2. There may be "stacked" function declarations
      push 'mp3Player'
      function  ()


=head1 Dependencies

  "flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html
  ACKs go to Igor Kogan.


=head1 Usage

=head2 win32

  #> flasm.exe -d puzzle.swf > puzzle.flm
  #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm
  #> flasm.exe -a puzzle_fusc.flm

=head2 *nix

  #> ./flasm -d puzzle.swf > puzzle.flm
  #> cat puzzle.flm | ./fluscate.pl > puzzle_fusc.flm
  #> ./flasm -a puzzle_fusc.flm


=head1 Development

=head2 Todo

  - provide list of flash event handler names to exclude from symbol replacement

=head2 Wishlist

  - komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach 
    zufallsprinip (-21,-3,-89)? (->random)
  - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
  - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo)
  -  "    push 0
         ls:
         dup
         trace
         branchIfTrue ls" 
    ... after each "constants" declaration (->pollute)
  - what about other symbols beside "function"s? (e.g. variables) (->mode)

=head2 Notes

  - no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise
    (doesn't matter when obfuscating since function names will be replaced of course)
  - function names seem to be/work case insensitive (shuffle <-> Shuffle)
  - successfully tested with http://download.macromedia.com/pub/flash/showme/win/puzzle.zip
  - make sure -1, -2, -3, .... gets replaced with '-1', '-2', '-3', ...
  - there are multiple caller lines: callFunction, callMethod; do we have to take special care to methods?
  - "getMember" and "getVariable" also do function calls!
  - there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress")


=head1 Links

=head2 ActionScript Decompilers / Disassemblers

  Flasm:
    http://www.nowrap.de/flasm.html
    http://www.opaque.net/~dave/flasm/
  Flare: http://www.nowrap.de/flare.html
  Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/
  Imperator FLA: http://www.ave-imperator.com/
  SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php
  Gordon: http://www.futurecandy.com/

=head2 ActionScript Editors & Co.

  URL Action Editor and Actionscript Viewer:
    http://www.buraks.com/
    http://voisen.org/archives/2003/02/uae_303_and_asv_309.php
  SE|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php

=head2 Obfuscators

  ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html
  SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm
  OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/

=head2 Misc

  ActionScript Protection:
    http://www.as-protect.com/
    http://www.quasimondo.com/archives/000377.php
  Developer's SWF Guardian: http://anyrd.anyorganization.com/
  Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm

=head2 Off-Topic
  
  XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/
  SerializerClass: http://sourceforge.net/projects/serializerclass/
  AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF):
    http://simonf.com/amfperl/
  PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/
  AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/

=cut


use strict;
use warnings;

my $regex = {
  'function' => 'function(?:2|)\s(.+?)\s\(.*?\)',
  'constants' => 'constants',
  'call' => '(?:callFunction|callMethod|getMember|getVariable)',
  'function_stacked' => 'function(?:2|)\s\s\(.*?\)',
  'push' => 'push\s\'(.+?)\'',
};
my @symbols_events = qw( onPress onReleaseOutside onRelease onMouseDown onEnterFrame );
my @symbols;

# 1. read flasm code from STDIN
my @lines = <STDIN>;

my $counter = 0;
foreach (@lines) {
  
  # trim newlines
  #chomp;
  my $symbol;
  
  # check for all "function" / "function2" symbols and ...
  if (m/$regex->{function}/) {
    # ... remember them
    $symbol = $1;
  
  
  } elsif (m/$regex->{function_stacked}/) {
    if ($lines[$counter - 1] =~ m/$regex->{push}/) {
      $symbol = $1;
    }
  }
  
  if ($symbol and not grep(/$symbol/, @symbols_events)) {
    push @symbols, $symbol;
  }
  
  $counter++;
  
}

#print join("\n", @symbols); exit;

# 2. step through all symbols found and replace them
my $symbol_counter = -1;
foreach my $symbol (@symbols) {
  my $line_counter = 0;
  foreach (@lines) {
    
    # function declarations; single quotes might not be there!
    if (m/$regex->{function}/) {
      s/'*$symbol'*/'$symbol_counter'/i;
    
    # "constants"-line at begin of each block; single quotes should already be there
    } elsif (m/$regex->{constants}/) {
      s/'$symbol'/'$symbol_counter'/i;
    
    # function calls; replace inside predecessor line of calling-lines
    } elsif (m/$regex->{call}/) {
      $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;

    # function declarations; name of function is pushed on stack one line before!
    } elsif (m/$regex->{function_stacked}/) {
      $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
    }

    $line_counter++;
    
  }
  $symbol_counter--;
}

# write all stuff to STDOUT
print STDOUT @lines;
1	joko	1.1	#!/usr/bin/perl
2
3			# fluscate.pl 0.03 - The Flash Obfuscator
4
5	joko	1.4	# $Id: fluscate.pl,v 1.3 2004/07/23 12:56:07 joko Exp $
6	joko	1.2	# $Log: fluscate.pl,v $
7	joko	1.4	# Revision 1.3 2004/07/23 12:56:07 joko
8			# updated pod
9			#
10	joko	1.3	# Revision 1.2 2004/07/23 12:24:52 joko
11			# pod
12			#
13	joko	1.2	# Revision 1.1 2004/07/23 12:13:14 joko
14			# initial commit
15			#
16	joko	1.1
17			=pod
18
19	joko	1.2	This software is Copyright (C) 2004 Andreas Motl
20			Ideas and future AppleScript integration by Holger Marseille.
21
22			This program is free software; you can redistribute it and/or
23			modify it under the terms of the GNU General Public License
24			as published by the Free Software Foundation; either version 2
25			of the License, or (at your option) any later version.
26
27			This program is distributed in the hope that it will be useful,
28			but WITHOUT ANY WARRANTY; without even the implied warranty of
29			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30			GNU General Public License for more details.
31
32			You should have received a copy of the GNU General Public License
33			along with this program; if not, write to the Free Software
34			Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35
36	joko	1.1	=cut
37
38
39			=pod
40
41			=head1 Features
42
43	joko	1.4
44			=head2 Obfuscation
45
46			See ASO Pro: http://www.genable.com/aso/preview.html
47
48
49	joko	1.2	=head2 Functions
50
51			fluscate handles two different styles of function declarations:
52
53			1. "Normal" ones
54			function mp3Player ('arg1', 'arg2')
55
56			2. There may be "stacked" function declarations
57			push 'mp3Player'
58			function ()
59
60
61	joko	1.3	=head1 Dependencies
62
63			"flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html
64			ACKs go to Igor Kogan.
65
66
67	joko	1.2	=head1 Usage
68
69			=head2 win32
70
71			#> flasm.exe -d puzzle.swf > puzzle.flm
72			#> cat puzzle.flm \| perl fluscate.pl > puzzle_fusc.flm
73			#> flasm.exe -a puzzle_fusc.flm
74
75			=head2 *nix
76
77	joko	1.3	#> ./flasm -d puzzle.swf > puzzle.flm
78			#> cat puzzle.flm \| ./fluscate.pl > puzzle_fusc.flm
79			#> ./flasm -a puzzle_fusc.flm
80	joko	1.2
81
82			=head1 Development
83
84			=head2 Todo
85
86			- provide list of flash event handler names to exclude from symbol replacement
87
88			=head2 Wishlist
89
90	joko	1.1	- komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach
91			zufallsprinip (-21,-3,-89)? (->random)
92			- evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
93			- rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo)
94			- " push 0
95			ls:
96			dup
97			trace
98			branchIfTrue ls"
99			... after each "constants" declaration (->pollute)
100	joko	1.2	- what about other symbols beside "function"s? (e.g. variables) (->mode)
101	joko	1.1
102	joko	1.2	=head2 Notes
103	joko	1.1
104			- no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise
105			(doesn't matter when obfuscating since function names will be replaced of course)
106			- function names seem to be/work case insensitive (shuffle <-> Shuffle)
107			- successfully tested with http://download.macromedia.com/pub/flash/showme/win/puzzle.zip
108			- make sure -1, -2, -3, .... gets replaced with '-1', '-2', '-3', ...
109			- there are multiple caller lines: callFunction, callMethod; do we have to take special care to methods?
110			- "getMember" and "getVariable" also do function calls!
111			- there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress")
112	joko	1.4
113
114			=head1 Links
115
116			=head2 ActionScript Decompilers / Disassemblers
117
118			Flasm:
119			http://www.nowrap.de/flasm.html
120			http://www.opaque.net/~dave/flasm/
121			Flare: http://www.nowrap.de/flare.html
122			Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/
123			Imperator FLA: http://www.ave-imperator.com/
124			SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php
125			Gordon: http://www.futurecandy.com/
126
127			=head2 ActionScript Editors & Co.
128
129			URL Action Editor and Actionscript Viewer:
130			http://www.buraks.com/
131			http://voisen.org/archives/2003/02/uae_303_and_asv_309.php
132			SE\|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php
133
134			=head2 Obfuscators
135
136			ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html
137			SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm
138			OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/
139
140			=head2 Misc
141
142			ActionScript Protection:
143			http://www.as-protect.com/
144			http://www.quasimondo.com/archives/000377.php
145			Developer's SWF Guardian: http://anyrd.anyorganization.com/
146			Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm
147
148			=head2 Off-Topic
149
150			XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/
151			SerializerClass: http://sourceforge.net/projects/serializerclass/
152			AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF):
153			http://simonf.com/amfperl/
154			PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/
155			AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/
156	joko	1.1
157			=cut
158
159
160			use strict;
161			use warnings;
162
163			my $regex = {
164			'function' => 'function(?:2\|)\s(.+?)\s\(.*?\)',
165			'constants' => 'constants',
166			'call' => '(?:callFunction\|callMethod\|getMember\|getVariable)',
167			'function_stacked' => 'function(?:2\|)\s\s\(.*?\)',
168			'push' => 'push\s\'(.+?)\'',
169			};
170			my @symbols_events = qw( onPress onReleaseOutside onRelease onMouseDown onEnterFrame );
171			my @symbols;
172
173			# 1. read flasm code from STDIN
174			my @lines = <STDIN>;
175
176			my $counter = 0;
177			foreach (@lines) {
178
179			# trim newlines
180			#chomp;
181			my $symbol;
182
183			# check for all "function" / "function2" symbols and ...
184			if (m/$regex->{function}/) {
185			# ... remember them
186			$symbol = $1;
187
188
189			} elsif (m/$regex->{function_stacked}/) {
190			if ($lines[$counter - 1] =~ m/$regex->{push}/) {
191			$symbol = $1;
192			}
193			}
194
195			if ($symbol and not grep(/$symbol/, @symbols_events)) {
196			push @symbols, $symbol;
197			}
198
199			$counter++;
200
201			}
202
203			#print join("\n", @symbols); exit;
204
205			# 2. step through all symbols found and replace them
206			my $symbol_counter = -1;
207			foreach my $symbol (@symbols) {
208			my $line_counter = 0;
209			foreach (@lines) {
210
211			# function declarations; single quotes might not be there!
212			if (m/$regex->{function}/) {
213			s/'$symbol'/'$symbol_counter'/i;
214
215			# "constants"-line at begin of each block; single quotes should already be there
216			} elsif (m/$regex->{constants}/) {
217			s/'$symbol'/'$symbol_counter'/i;
218
219			# function calls; replace inside predecessor line of calling-lines
220			} elsif (m/$regex->{call}/) {
221			$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
222
223			# function declarations; name of function is pushed on stack one line before!
224			} elsif (m/$regex->{function_stacked}/) {
225			$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
226			}
227
228			$line_counter++;
229
230			}
231			$symbol_counter--;
232			}
233
234			# write all stuff to STDOUT
235			print STDOUT @lines;
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26