--- nfo/perl/scripts/fluscate/bin/fluscate.pl 2004/07/23 12:13:14 1.1 +++ nfo/perl/scripts/fluscate/bin/fluscate.pl 2004/07/26 13:51:54 1.4 @@ -2,29 +2,40 @@ # fluscate.pl 0.03 - The Flash Obfuscator -# $Id: fluscate.pl,v 1.1 2004/07/23 12:13:14 joko Exp $ +# $Id: fluscate.pl,v 1.4 2004/07/26 13:51:54 joko Exp $ # $Log: fluscate.pl,v $ +# Revision 1.4 2004/07/26 13:51:54 joko +# updated pod +# +# Revision 1.3 2004/07/23 12:56:07 joko +# updated pod +# +# Revision 1.2 2004/07/23 12:24:52 joko +# pod +# # Revision 1.1 2004/07/23 12:13:14 joko # initial commit # =pod -This software is Copyright (C) 2004 Andreas Motl -Ideas and future AppleScript integration by Holger Marseille. -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + This software is Copyright (C) 2004 Andreas Motl + Ideas and future AppleScript integration by Holger Marseille. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + =cut @@ -32,20 +43,15 @@ =head1 Features -=head2 Requests - - komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach - zufallsprinip (-21,-3,-89)? (->random) - - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask) - - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo) - - " push 0 - ls: - dup - trace - branchIfTrue ls" - ... after each "constants" declaration (->pollute) + +=head2 Obfuscation + + See ASO Pro: http://www.genable.com/aso/preview.html + =head2 Functions -fluscate handles two different styles of function declarations: + + fluscate handles two different styles of function declarations: 1. "Normal" ones function mp3Player ('arg1', 'arg2') @@ -55,8 +61,49 @@ function () +=head1 Dependencies + + "flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html + ACKs go to Igor Kogan. + + +=head1 Usage + +=head2 win32 + + #> flasm.exe -d puzzle.swf > puzzle.flm + #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm + #> flasm.exe -a puzzle_fusc.flm + +=head2 *nix + + #> ./flasm -d puzzle.swf > puzzle.flm + #> cat puzzle.flm | ./fluscate.pl > puzzle_fusc.flm + #> ./flasm -a puzzle_fusc.flm + + +=head1 Development + +=head2 Todo + + - provide list of flash event handler names to exclude from symbol replacement + +=head2 Wishlist + + - komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach + zufallsprinip (-21,-3,-89)? (->random) + - evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask) + - rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo) + - " push 0 + ls: + dup + trace + branchIfTrue ls" + ... after each "constants" declaration (->pollute) + - what about other symbols beside "function"s? (e.g. variables) (->mode) + +=head2 Notes -=head1 Notes - no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise (doesn't matter when obfuscating since function names will be replaced of course) - function names seem to be/work case insensitive (shuffle <-> Shuffle) @@ -66,20 +113,49 @@ - "getMember" and "getVariable" also do function calls! - there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress") -=head1 Todo / Review - - what about other symbols beside "function"s? -=head1 Usage +=head1 Links -=head2 Usage (win32): - #> flasm.exe -d puzzle.swf > puzzle.flm - #> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm - #> flasm.exe -a puzzle_fusc.flm +=head2 ActionScript Decompilers / Disassemblers -=head2 Usage (*nix): - #> flasm -d puzzle.swf > puzzle.flm - #> cat puzzle.flm | fluscate.pl > puzzle_fusc.flm - #> flasm -a puzzle_fusc.flm + Flasm: + http://www.nowrap.de/flasm.html + http://www.opaque.net/~dave/flasm/ + Flare: http://www.nowrap.de/flare.html + Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/ + Imperator FLA: http://www.ave-imperator.com/ + SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php + Gordon: http://www.futurecandy.com/ + +=head2 ActionScript Editors & Co. + + URL Action Editor and Actionscript Viewer: + http://www.buraks.com/ + http://voisen.org/archives/2003/02/uae_303_and_asv_309.php + SE|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php + +=head2 Obfuscators + + ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html + SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm + OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/ + +=head2 Misc + + ActionScript Protection: + http://www.as-protect.com/ + http://www.quasimondo.com/archives/000377.php + Developer's SWF Guardian: http://anyrd.anyorganization.com/ + Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm + +=head2 Off-Topic + + XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/ + SerializerClass: http://sourceforge.net/projects/serializerclass/ + AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF): + http://simonf.com/amfperl/ + PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/ + AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/ =cut