/[cvs]/nfo/perl/scripts/fluscate/bin/fluscate.pl

Diff of /nfo/perl/scripts/fluscate/bin/fluscate.pl

Parent Directory | Revision Log | View Patch Patch

-revision 1.1 by joko,
Fri Jul 23 12:13:14 2004 UTC
+revision 1.6 by joko,
Tue Aug  3 00:24:15 2004 UTC
 Line 1
  #!/usr/bin/perl
- # fluscate.pl 0.03 - The Flash Obfuscator
+ # fluscate - The Flash Obfuscator
  # $Id$
  # $Log$
+ # Revision 1.6  2004/08/03 00:24:15  joko
+ # restructured code (procedures)
+ # command-line arguments
+ # new feature: pollute
+ #
+ # Revision 1.5  2004/07/26 16:11:58  joko
+ # updated pod
+ # included more complete list of flash event-handlers
+ # fixed substitution regex #1: now using spaces around function names
+ #
+ # Revision 1.4  2004/07/26 13:51:54  joko
+ # updated pod
+ #
+ # Revision 1.3  2004/07/23 12:56:07  joko
+ # updated pod
+ #
+ # Revision 1.2  2004/07/23 12:24:52  joko
+ # pod
+ #
  # Revision 1.1  2004/07/23 12:13:14  joko
  # initial commit
  #
  =pod
- This software is Copyright (C) 2004 Andreas Motl
- Ideas and future AppleScript integration by Holger Marseille.
- This program is free software; you can redistribute it and/or
+   fluscate - The Flash Obfuscator
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
+   This software is Copyright (C) 2004 Andreas Motl
- of the License, or (at your option) any later version.
+   Ideas and MacOS X Application by Holger Marseille
- This program is distributed in the hope that it will be useful,
+   This program is free software; you can redistribute it and/or
- but WITHOUT ANY WARRANTY; without even the implied warranty of
+   modify it under the terms of the GNU General Public License
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   as published by the Free Software Foundation; either version 2
- GNU General Public License for more details.
+   of the License, or (at your option) any later version.
- You should have received a copy of the GNU General Public License
+   This program is distributed in the hope that it will be useful,
- along with this program; if not, write to the Free Software
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  =cut
-Line 32 
 Foundation, Inc., 59 Temple Place - Suit
+Line 55 
 Foundation, Inc., 59 Temple Place - Suit
  =head1 Features
- =head2 Requests
-   - komplexere verschl�sselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach
+ =head2 Obfuscation
-     zufallsprinip (-21,-3,-89)? (->random)
-   - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
+   See ASO Pro: http://www.genable.com/aso/preview.html
-   - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation r�ckg�ngig zu machen (->undo)
-   -  "    push 0
-          ls:
-          dup
-          trace
-          branchIfTrue ls"
-     ... after each "constants" declaration (->pollute)
  =head2 Functions
- fluscate handles two different styles of function declarations:
-. "Normal" ones
+   fluscate handles two different styles of function declarations:
+. "Normal" ones, e.g.
        function mp3Player ('arg1', 'arg2')
-. There may be "stacked" function declarations
+. There may be "stacked" function declarations, e.g.
        push 'mp3Player'
        function  ()
+ =head2 Pollute
+   Some flash-disassemblers might croak when inserting the following code
+   after a/each "constants"-declaration:
+     push 0
+     ls:
+       dup
+       trace
+       branchIfTrue ls"
+ =head1 Dependencies
+   "flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html
+   ACKs go to Igor Kogan.
+ =head1 Usage
+ =head2 General
+   Please type "fluscate --help" to get more information about command-line parameters.
+ =head2 win32
+   #> flasm.exe -d puzzle.swf > puzzle.flm
+   #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm
+   #> flasm.exe -a puzzle_fusc.flm
+ =head2 *nix
+   #> ./flasm -d puzzle.swf > puzzle.flm
+   #> cat puzzle.flm | ./fluscate.pl > puzzle_fusc.flm
+   #> ./flasm -a puzzle_fusc.flm
+ =head1 Development
+ =head2 Todo
+   - provide list of flash event handler names to exclude from symbol replacement
+ =head2 Wishlist
+   - komplexere verschl�sselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach
+     zufallsprinip (-21,-3,-89)? (->random)
+   - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
+   - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation r�ckg�ngig zu machen (->undo)
+   - what about other symbols beside "function"s? (e.g. variables) (->mode)
+   - include list of ->keywords from:
+     http://www.macromedia.com/support/flash/action_scripts/actionscript_dictionary/
+   - replace symbols in multiple files (->multifile)
+ =head2 Notes
- =head1 Notes
    - no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise
      (doesn't matter when obfuscating since function names will be replaced of course)
    - function names seem to be/work case insensitive (shuffle <-> Shuffle)
-Line 66 
 fluscate handles two different styles of
+Line 137 
 fluscate handles two different styles of
    - "getMember" and "getVariable" also do function calls!
    - there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress")
- =head1 Todo / Review
-   - what about other symbols beside "function"s?
- =head1 Usage
+ =head1 Links
- =head2 Usage (win32):
+ =head2 ActionScript Decompilers / Disassemblers
-   #> flasm.exe -d puzzle.swf > puzzle.flm
-   #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm
+   Flasm:
-   #> flasm.exe -a puzzle_fusc.flm
+     http://www.nowrap.de/flasm.html
+     http://www.opaque.net/~dave/flasm/
+   Flare: http://www.nowrap.de/flare.html
+   Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/
+   Imperator FLA: http://www.ave-imperator.com/
+   SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php
+   Gordon: http://www.futurecandy.com/
+ =head2 ActionScript Editors & Co.
- =head2 Usage (*nix):
+   URL Action Editor and Actionscript Viewer:
-   #> flasm -d puzzle.swf > puzzle.flm
+     http://www.buraks.com/
-   #> cat puzzle.flm | fluscate.pl > puzzle_fusc.flm
+     http://voisen.org/archives/2003/02/uae_303_and_asv_309.php
-   #> flasm -a puzzle_fusc.flm
+   SE|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php
+ =head2 Obfuscators
+   ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html
+   SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm
+   OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/
+ =head2 Misc
+   ActionScript Protection:
+     http://www.as-protect.com/
+     http://www.quasimondo.com/archives/000377.php
+   Developer's SWF Guardian: http://anyrd.anyorganization.com/
+   Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm
+ =head2 Off-Topic
+ =head3 XML
+   XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/
+   XMLRPC Flash Libraries for ActionScript 2.0: http://xmlrpcflash.sourceforge.net/
+ =head3 Marshalling / AMF (Flash Remoting protocol)
+   AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/
+   AMF::Perl - Flash Remoting in Perl and Python: http://simonf.com/amfperl/
+   SerializerClass: http://sourceforge.net/projects/serializerclass/
+ =head3 Misc
+   PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/
+   Convert videos to flv:
+     http://ffmpeg.sourceforge.net/
+     http://www.videohelp.com/tools?tool=263
+   Flash-CMS: http://www.lachoseinteractive.net/fr/produits/alahup/
  =cut
-Line 87 
 fluscate handles two different styles of
+Line 199 
 fluscate handles two different styles of
  use strict;
  use warnings;
+ use Getopt::Long;
+ use Storable;
+ use Data::Dumper;
+ my $VERSION = "0.10";
  my $regex = {
    'function' => 'function(?:2|)\s(.+?)\s\(.*?\)',
    'constants' => 'constants',
-Line 94 
 my $regex = {
+Line 212 
 my $regex = {
    'function_stacked' => 'function(?:2|)\s\s\(.*?\)',
    'push' => 'push\s\'(.+?)\'',
  };
- my @symbols_events = qw( onPress onReleaseOutside onRelease onMouseDown onEnterFrame );
  my @symbols;
+ my @lines;
+ my $options;
- # 1. read flasm code from STDIN
+ sub read_options {
- my @lines = <STDIN>;
+   GetOptions(
+     "pollute" => \$options->{pollute},
+     "help" => \$options->{help},
+     "version" => \$options->{version}
+   );
+ }
- my $counter = 0;
+ sub scan_symbols {
- foreach (@lines) {
+   my @symbols_events = qw(
+     onDragOut
-   # trim newlines
+     onDragOver
-   #chomp;
+     onKeyUp
-   my $symbol;
+     onKeyDown
+     onKillFocus
-   # check for all "function" / "function2" symbols and ...
+     onPress
-   if (m/$regex->{function}/) {
+     onRelease
-     # ... remember them
+     onReleaseOutside
-     $symbol = $1;
+     onRollOut
+     onRollOver
+     onSetFocus
+     onActivity
+     onStatus
+     onSelect
+     onData
+     onLoad
+     allowDomain
+     allowInsecureDomain
+     onMouseDown
+     onMouseMove
+     onMouseUp
+     onMouseWheel
+     onEnterFrame
+     onUnload
+     onLoadComplete
+     onLoadError
+     onLoadInit
+     onLoadProgress
+     onLoadStart
+     onID3
+     onSoundComplete
+     onResize
+     onChanged
+     onScroller
+   );
+   my $counter = 0;
-   } elsif (m/$regex->{function_stacked}/) {
+   foreach (@lines) {
-     if ($lines[$counter - 1] =~ m/$regex->{push}/) {
+     # trim newlines
+     #chomp;
+     my $symbol;
+     # check for all "function" / "function2" symbols and ...
+     if (m/$regex->{function}/) {
+       # ... remember them
        $symbol = $1;
+     } elsif (m/$regex->{function_stacked}/) {
+       if ($lines[$counter - 1] =~ m/$regex->{push}/) {
+         $symbol = $1;
+       }
      }
+     if ($symbol and not grep(/$symbol/, @symbols_events)) {
+       push @symbols, $symbol;
+     }
+     $counter++;
    }
-   if ($symbol and not grep(/$symbol/, @symbols_events)) {
-     push @symbols, $symbol;
-   }
-   $counter++;
  }
  #print join("\n", @symbols); exit;
  # 2. step through all symbols found and replace them
- my $symbol_counter = -1;
+ sub obfuscate {
- foreach my $symbol (@symbols) {
-   my $line_counter = 0;
-   foreach (@lines) {
-     # function declarations; single quotes might not be there!
-     if (m/$regex->{function}/) {
-       s/'*$symbol'*/'$symbol_counter'/i;
-     # "constants"-line at begin of each block; single quotes should already be there
-     } elsif (m/$regex->{constants}/) {
-       s/'$symbol'/'$symbol_counter'/i;
-     # function calls; replace inside predecessor line of calling-lines
-     } elsif (m/$regex->{call}/) {
-       $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
-     # function declarations; name of function is pushed on stack one line before!
+   # 1st stage: symbol replacement
-     } elsif (m/$regex->{function_stacked}/) {
+   my $symbol_counter = -1;
-       $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
+   foreach my $symbol (@symbols) {
+     my $line_counter = 0;
+     foreach (@lines) {
+       # function declarations; single quotes might not be there!
+       if (m/$regex->{function}/) {
+         s/\s'*$symbol'*\s/ '$symbol_counter' /i;
+       # "constants"-line at begin of each block; single quotes should already be there
+       } elsif (m/$regex->{constants}/) {
+         s/'$symbol'/'$symbol_counter'/i;
+       # function calls; replace inside predecessor line of calling-lines
+       } elsif (m/$regex->{call}/) {
+         $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
+       # function declarations; name of function is pushed on stack one line before!
+       } elsif (m/$regex->{function_stacked}/) {
+         $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
+       }
+       $line_counter++;
      }
+     $symbol_counter--;
+   }
-     $line_counter++;
+   # 2nd stage: pollute & Co.
+   if ($options->{pollute}) {
+     foreach (@lines) {
+       if (m/$regex->{constants}/) {
+         my $inject = qq(
+       push 0
+       ls:
+         dup
+         trace
+         branchIfTrue ls
+ );
+         $_ .= $inject;
+       }
+     }
+   }
+ }
+ sub usage {
+   print "fluscate - The Flash Obfuscator (v$VERSION)", "\n";
+   if (not $options->{version}) {
+   print <<USAGE;
+     [-p|--pollute]      Pollute code by inserting snippet making life harder for disassemblers
+     [-h|--help]         This text
+     [-v|--version]      Show version information only
+ USAGE
+   };
+ }
+ sub main {
+   read_options();
+   #print Dumper($options);
+   if ($options->{help} || $options->{version}) {
+     usage();
+     exit;
    }
-   $symbol_counter--;
+   # read flasm code from STDIN
+   @lines = <STDIN>;
+   scan_symbols();
+   obfuscate();
+   # write all stuff to STDOUT
+   print STDOUT @lines;
  }
- # write all stuff to STDOUT
+ main();
- print STDOUT @lines;
+;
+ __END__

 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.6
 Legend:



Removed from v.1.1
 


changed lines


 
Added in v.1.6
-Removed from v.1.1
+Added in v.1.6

MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26