fluscate/bin/fluscate.pl

#!/usr/bin/perl

# fluscate.pl 0.03 - The Flash Obfuscator

# $Id: fluscate.pl,v 1.3 2004/07/23 12:56:07 joko Exp $
# $Log: fluscate.pl,v $
# Revision 1.3  2004/07/23 12:56:07  joko
# updated pod
#
# Revision 1.2  2004/07/23 12:24:52  joko
# pod
#
# Revision 1.1  2004/07/23 12:13:14  joko
# initial commit
#

=pod

  This software is Copyright (C) 2004 Andreas Motl
  Ideas and future AppleScript integration by Holger Marseille.
  
  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License
  as published by the Free Software Foundation; either version 2
  of the License, or (at your option) any later version.
  
  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

=cut


=pod

=head1 Features


=head2 Obfuscation

  See ASO Pro: http://www.genable.com/aso/preview.html
  

=head2 Functions

  fluscate handles two different styles of function declarations:

  1. "Normal" ones
      function mp3Player ('arg1', 'arg2')

  2. There may be "stacked" function declarations
      push 'mp3Player'
      function  ()


=head1 Dependencies

  "flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html
  ACKs go to Igor Kogan.


=head1 Usage

=head2 win32

  #> flasm.exe -d puzzle.swf > puzzle.flm
  #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm
  #> flasm.exe -a puzzle_fusc.flm

=head2 *nix

  #> ./flasm -d puzzle.swf > puzzle.flm
  #> cat puzzle.flm | ./fluscate.pl > puzzle_fusc.flm
  #> ./flasm -a puzzle_fusc.flm


=head1 Development

=head2 Todo

  - provide list of flash event handler names to exclude from symbol replacement

=head2 Wishlist

  - komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach 
    zufallsprinip (-21,-3,-89)? (->random)
  - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
  - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo)
  -  "    push 0
         ls:
         dup
         trace
         branchIfTrue ls" 
    ... after each "constants" declaration (->pollute)
  - what about other symbols beside "function"s? (e.g. variables) (->mode)

=head2 Notes

  - no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise
    (doesn't matter when obfuscating since function names will be replaced of course)
  - function names seem to be/work case insensitive (shuffle <-> Shuffle)
  - successfully tested with http://download.macromedia.com/pub/flash/showme/win/puzzle.zip
  - make sure -1, -2, -3, .... gets replaced with '-1', '-2', '-3', ...
  - there are multiple caller lines: callFunction, callMethod; do we have to take special care to methods?
  - "getMember" and "getVariable" also do function calls!
  - there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress")


=head1 Links

=head2 ActionScript Decompilers / Disassemblers

  Flasm:
    http://www.nowrap.de/flasm.html
    http://www.opaque.net/~dave/flasm/
  Flare: http://www.nowrap.de/flare.html
  Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/
  Imperator FLA: http://www.ave-imperator.com/
  SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php
  Gordon: http://www.futurecandy.com/

=head2 ActionScript Editors & Co.

  URL Action Editor and Actionscript Viewer:
    http://www.buraks.com/
    http://voisen.org/archives/2003/02/uae_303_and_asv_309.php
  SE|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php

=head2 Obfuscators

  ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html
  SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm
  OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/

=head2 Misc

  ActionScript Protection:
    http://www.as-protect.com/
    http://www.quasimondo.com/archives/000377.php
  Developer's SWF Guardian: http://anyrd.anyorganization.com/
  Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm

=head2 Off-Topic
  
  XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/
  SerializerClass: http://sourceforge.net/projects/serializerclass/
  AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF):
    http://simonf.com/amfperl/
  PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/
  AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/

=cut


use strict;
use warnings;

my $regex = {
  'function' => 'function(?:2|)\s(.+?)\s\(.*?\)',
  'constants' => 'constants',
  'call' => '(?:callFunction|callMethod|getMember|getVariable)',
  'function_stacked' => 'function(?:2|)\s\s\(.*?\)',
  'push' => 'push\s\'(.+?)\'',
};
my @symbols_events = qw( onPress onReleaseOutside onRelease onMouseDown onEnterFrame );
my @symbols;

# 1. read flasm code from STDIN
my @lines = <STDIN>;

my $counter = 0;
foreach (@lines) {
  
  # trim newlines
  #chomp;
  my $symbol;
  
  # check for all "function" / "function2" symbols and ...
  if (m/$regex->{function}/) {
    # ... remember them
    $symbol = $1;
  
  
  } elsif (m/$regex->{function_stacked}/) {
    if ($lines[$counter - 1] =~ m/$regex->{push}/) {
      $symbol = $1;
    }
  }
  
  if ($symbol and not grep(/$symbol/, @symbols_events)) {
    push @symbols, $symbol;
  }
  
  $counter++;
  
}

#print join("\n", @symbols); exit;

# 2. step through all symbols found and replace them
my $symbol_counter = -1;
foreach my $symbol (@symbols) {
  my $line_counter = 0;
  foreach (@lines) {
    
    # function declarations; single quotes might not be there!
    if (m/$regex->{function}/) {
      s/'*$symbol'*/'$symbol_counter'/i;
    
    # "constants"-line at begin of each block; single quotes should already be there
    } elsif (m/$regex->{constants}/) {
      s/'$symbol'/'$symbol_counter'/i;
    
    # function calls; replace inside predecessor line of calling-lines
    } elsif (m/$regex->{call}/) {
      $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;

    # function declarations; name of function is pushed on stack one line before!
    } elsif (m/$regex->{function_stacked}/) {
      $lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
    }

    $line_counter++;
    
  }
  $symbol_counter--;
}

# write all stuff to STDOUT
print STDOUT @lines;
1	#!/usr/bin/perl
2
3	# fluscate.pl 0.03 - The Flash Obfuscator
4
5	# $Id: fluscate.pl,v 1.3 2004/07/23 12:56:07 joko Exp $
6	# $Log: fluscate.pl,v $
7	# Revision 1.3 2004/07/23 12:56:07 joko
8	# updated pod
9	#
10	# Revision 1.2 2004/07/23 12:24:52 joko
11	# pod
12	#
13	# Revision 1.1 2004/07/23 12:13:14 joko
14	# initial commit
15	#
16
17	=pod
18
19	This software is Copyright (C) 2004 Andreas Motl
20	Ideas and future AppleScript integration by Holger Marseille.
21
22	This program is free software; you can redistribute it and/or
23	modify it under the terms of the GNU General Public License
24	as published by the Free Software Foundation; either version 2
25	of the License, or (at your option) any later version.
26
27	This program is distributed in the hope that it will be useful,
28	but WITHOUT ANY WARRANTY; without even the implied warranty of
29	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30	GNU General Public License for more details.
31
32	You should have received a copy of the GNU General Public License
33	along with this program; if not, write to the Free Software
34	Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35
36	=cut
37
38
39	=pod
40
41	=head1 Features
42
43
44	=head2 Obfuscation
45
46	See ASO Pro: http://www.genable.com/aso/preview.html
47
48
49	=head2 Functions
50
51	fluscate handles two different styles of function declarations:
52
53	1. "Normal" ones
54	function mp3Player ('arg1', 'arg2')
55
56	2. There may be "stacked" function declarations
57	push 'mp3Player'
58	function ()
59
60
61	=head1 Dependencies
62
63	"flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html
64	ACKs go to Igor Kogan.
65
66
67	=head1 Usage
68
69	=head2 win32
70
71	#> flasm.exe -d puzzle.swf > puzzle.flm
72	#> cat puzzle.flm \| perl fluscate.pl > puzzle_fusc.flm
73	#> flasm.exe -a puzzle_fusc.flm
74
75	=head2 *nix
76
77	#> ./flasm -d puzzle.swf > puzzle.flm
78	#> cat puzzle.flm \| ./fluscate.pl > puzzle_fusc.flm
79	#> ./flasm -a puzzle_fusc.flm
80
81
82	=head1 Development
83
84	=head2 Todo
85
86	- provide list of flash event handler names to exclude from symbol replacement
87
88	=head2 Wishlist
89
90	- komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach
91	zufallsprinip (-21,-3,-89)? (->random)
92	- evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask)
93	- rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo)
94	- " push 0
95	ls:
96	dup
97	trace
98	branchIfTrue ls"
99	... after each "constants" declaration (->pollute)
100	- what about other symbols beside "function"s? (e.g. variables) (->mode)
101
102	=head2 Notes
103
104	- no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise
105	(doesn't matter when obfuscating since function names will be replaced of course)
106	- function names seem to be/work case insensitive (shuffle <-> Shuffle)
107	- successfully tested with http://download.macromedia.com/pub/flash/showme/win/puzzle.zip
108	- make sure -1, -2, -3, .... gets replaced with '-1', '-2', '-3', ...
109	- there are multiple caller lines: callFunction, callMethod; do we have to take special care to methods?
110	- "getMember" and "getVariable" also do function calls!
111	- there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress")
112
113
114	=head1 Links
115
116	=head2 ActionScript Decompilers / Disassemblers
117
118	Flasm:
119	http://www.nowrap.de/flasm.html
120	http://www.opaque.net/~dave/flasm/
121	Flare: http://www.nowrap.de/flare.html
122	Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/
123	Imperator FLA: http://www.ave-imperator.com/
124	SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php
125	Gordon: http://www.futurecandy.com/
126
127	=head2 ActionScript Editors & Co.
128
129	URL Action Editor and Actionscript Viewer:
130	http://www.buraks.com/
131	http://voisen.org/archives/2003/02/uae_303_and_asv_309.php
132	SE\|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php
133
134	=head2 Obfuscators
135
136	ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html
137	SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm
138	OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/
139
140	=head2 Misc
141
142	ActionScript Protection:
143	http://www.as-protect.com/
144	http://www.quasimondo.com/archives/000377.php
145	Developer's SWF Guardian: http://anyrd.anyorganization.com/
146	Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm
147
148	=head2 Off-Topic
149
150	XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/
151	SerializerClass: http://sourceforge.net/projects/serializerclass/
152	AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF):
153	http://simonf.com/amfperl/
154	PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/
155	AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/
156
157	=cut
158
159
160	use strict;
161	use warnings;
162
163	my $regex = {
164	'function' => 'function(?:2\|)\s(.+?)\s\(.*?\)',
165	'constants' => 'constants',
166	'call' => '(?:callFunction\|callMethod\|getMember\|getVariable)',
167	'function_stacked' => 'function(?:2\|)\s\s\(.*?\)',
168	'push' => 'push\s\'(.+?)\'',
169	};
170	my @symbols_events = qw( onPress onReleaseOutside onRelease onMouseDown onEnterFrame );
171	my @symbols;
172
173	# 1. read flasm code from STDIN
174	my @lines = <STDIN>;
175
176	my $counter = 0;
177	foreach (@lines) {
178
179	# trim newlines
180	#chomp;
181	my $symbol;
182
183	# check for all "function" / "function2" symbols and ...
184	if (m/$regex->{function}/) {
185	# ... remember them
186	$symbol = $1;
187
188
189	} elsif (m/$regex->{function_stacked}/) {
190	if ($lines[$counter - 1] =~ m/$regex->{push}/) {
191	$symbol = $1;
192	}
193	}
194
195	if ($symbol and not grep(/$symbol/, @symbols_events)) {
196	push @symbols, $symbol;
197	}
198
199	$counter++;
200
201	}
202
203	#print join("\n", @symbols); exit;
204
205	# 2. step through all symbols found and replace them
206	my $symbol_counter = -1;
207	foreach my $symbol (@symbols) {
208	my $line_counter = 0;
209	foreach (@lines) {
210
211	# function declarations; single quotes might not be there!
212	if (m/$regex->{function}/) {
213	s/'$symbol'/'$symbol_counter'/i;
214
215	# "constants"-line at begin of each block; single quotes should already be there
216	} elsif (m/$regex->{constants}/) {
217	s/'$symbol'/'$symbol_counter'/i;
218
219	# function calls; replace inside predecessor line of calling-lines
220	} elsif (m/$regex->{call}/) {
221	$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
222
223	# function declarations; name of function is pushed on stack one line before!
224	} elsif (m/$regex->{function_stacked}/) {
225	$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i;
226	}
227
228	$line_counter++;
229
230	}
231	$symbol_counter--;
232	}
233
234	# write all stuff to STDOUT
235	print STDOUT @lines;
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26